300-209 testing material(91 to 100) for consumer: Jun 2017 Edition

Exam Code: 300-209 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Implementing Cisco Secure Mobility Solutions (SIMOS)
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 300-209 Exam.

2017 NEW RECOMMEND

Free VCE & PDF File for Cisco 300-209 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW 300-209 Exam Dumps (PDF & VCE):
Available on:
http://www.certleader.com/300-209-dumps.html

Q91. Which option shows the correct traffic selectors for the child SA on the remote ASA, when the headquarter ASA initiates the tunnel? 

A. Local selector 192.168.33.0/0-192.168.33.255/65535 Remote selector 192.168.20.0/0-192.168.20.255/65535 

B. Local selector 192.168.33.0/0-192.168.33.255/65535 Remote selector 192.168.22.0/0-192.168.22.255/65535 

C. Local selector 192.168.22.0/0-192.168.22.255/65535 Remote selector 192.168.33.0/0-192.168.33.255/65535 

D. Local selector 192.168.33.0/0-192.168.33.255/65535 Remote selector 0.0.0.0/0 -0.0.0.0/65535 

E. Local selector 0.0.0.0/0 – 0.0.0.0/65535 Remote selector 192.168.22.0/0 -192.168.22.255/65535 

Answer:

Explanation: 

The traffic selector is used to determine which traffic should be protected (encrypted over the IPSec tunnel). We want this to be specific, otherwise Internet traffic will also be sent over the tunnel and most likely dropped on the remote side. Here, we just want to protect traffic from 192.168.33.0/24 (THE LOCAL SIDE) to 192.168.22.0/24 (THE REMOTE SIDE). 

Q92. Refer to the exhibit. 

Which VPN solution does this configuration represent? 

A. DMVPN 

B. GETVPN 

C. FlexVPN 

D. site-to-site 

Answer:

Q93. Which command enables IOS SSL VPN Smart Tunnel support for PuTTY? 

A. appl ssh putty.exe win 

B. appl ssh putty.exe windows 

C. appl ssh putty 

D. appl ssh putty.exe 

Answer:

Q94. Refer to the exhibit. 

Which technology does this configuration demonstrate? 

A. AnyConnect SSL over IPv4+IPv6 

B. AnyConnect FlexVPN over IPv4+IPv6 

C. AnyConnect FlexVPN IPv6 over IPv4 

D. AnyConnect SSL IPv6 over IPv4 

Answer:

Q95. You are configuring a Cisco IOS SSL VPN gateway to operate with DVTI support. Which command must you configure on the virtual template? 

A. tunnel protection ipsec 

B. ip virtual-reassembly 

C. tunnel mode ipsec 

D. ip unnumbered 

Answer:

Q96. Which.protocol must be enabled on the inside interface to use cluster encryption in SSL VPN load balancing? 

A. TLS 

B. DTLS 

C. IKEv2 

D. ISAKMP 

Answer:

Q97. Scenario: 

You are the senior network security administrator for your organization. Recently and junior engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA and a remote branch office. 

You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR, verify the IPsec configuration is properly configured between the two sites. 

NOTE: the show running-config command cannot be used for this exercise. 

Topology: 

Which transform set is being used on the branch ISR? 

A. Default 

B. ESP-3DES ESP-SHA-HMAC 

C. ESP-AES-256-MD5-TRANS mode transport 

D. TSET 

Answer:

Explanation: 

This can be seen from the “show crypto ipsec sa” command as shown below: 

Q98. If Web VPN bookmarks are grayed out on the home screen, which action should you take to begin troubleshooting? 

A. Determine whether the Cisco ASA can resolve the DNS names. 

B. Determine whether the Cisco ASA has DNS forwarders set up. 

C. Determine whether an ACL is present to permit DNS forwarding. 

D. Replace the DNS name with an IP address. 

Answer:

Q99. Refer to the exhibit. 

The IKEv2 tunnel between Router1 and Router2 is failing during session establishment. Which action will allow the session to establish correctly? 

A. The address command on Router2 must be narrowed down to a /32 mask. 

B. The local and remote keys on Router2 must be switched. 

C. The pre-shared key must be altered to use only lowercase letters. 

D. The local and remote keys on Router2 must be the same. 

Answer:

Q100. Refer to the exhibit. 

After the configuration is performed, which combination of devices can connect? 

A. a device with an identity type of IPv4 address of 209.165.200.225 or 209.165.202.155 or a certificate with subject name of "cisco.com" 

B. a device with an identity type of IPv4 address of both 209.165.200.225 and 209.165.202.155 or a certificate with subject name containing "cisco.com" 

C. a device with an identity type of IPv4 address of both 209.165.200.225 and 209.165.202.155 and a certificate with subject name containing "cisco.com" 

D. a device with an identity type of IPv4 address of 209.165.200.225 or 209.165.202.155 or a certificate with subject name containing "cisco.com" 

Answer:

Certleader Dumps
Certleader is a company specialized on providing high quality IT exam materials and fully committed to assist our respected clients crack any IT certification tests on their 1st efforts.