Exam Code: 300-209 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Implementing Cisco Secure Mobility Solutions (SIMOS)
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 300-209 Exam.
2017 NEW RECOMMEND
Free VCE & PDF File for Cisco 300-209 Real Exam
Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions
Q91. Which option shows the correct traffic selectors for the child SA on the remote ASA, when the headquarter ASA initiates the tunnel?
A. Local selector 192.168.33.0/0-192.168.33.255/65535 Remote selector 192.168.20.0/0-192.168.20.255/65535
B. Local selector 192.168.33.0/0-192.168.33.255/65535 Remote selector 192.168.22.0/0-192.168.22.255/65535
C. Local selector 192.168.22.0/0-192.168.22.255/65535 Remote selector 192.168.33.0/0-192.168.33.255/65535
D. Local selector 192.168.33.0/0-192.168.33.255/65535 Remote selector 0.0.0.0/0 -0.0.0.0/65535
E. Local selector 0.0.0.0/0 – 0.0.0.0/65535 Remote selector 192.168.22.0/0 -192.168.22.255/65535
The traffic selector is used to determine which traffic should be protected (encrypted over the IPSec tunnel). We want this to be specific, otherwise Internet traffic will also be sent over the tunnel and most likely dropped on the remote side. Here, we just want to protect traffic from 192.168.33.0/24 (THE LOCAL SIDE) to 192.168.22.0/24 (THE REMOTE SIDE).
Q92. Refer to the exhibit.
Which VPN solution does this configuration represent?
Q93. Which command enables IOS SSL VPN Smart Tunnel support for PuTTY?
A. appl ssh putty.exe win
B. appl ssh putty.exe windows
C. appl ssh putty
D. appl ssh putty.exe
Q94. Refer to the exhibit.
Which technology does this configuration demonstrate?
A. AnyConnect SSL over IPv4+IPv6
B. AnyConnect FlexVPN over IPv4+IPv6
C. AnyConnect FlexVPN IPv6 over IPv4
D. AnyConnect SSL IPv6 over IPv4
Q95. You are configuring a Cisco IOS SSL VPN gateway to operate with DVTI support. Which command must you configure on the virtual template?
A. tunnel protection ipsec
B. ip virtual-reassembly
C. tunnel mode ipsec
D. ip unnumbered
Q96. Which.protocol must be enabled on the inside interface to use cluster encryption in SSL VPN load balancing?
You are the senior network security administrator for your organization. Recently and junior engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA and a remote branch office.
You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR, verify the IPsec configuration is properly configured between the two sites.
NOTE: the show running-config command cannot be used for this exercise.
Which transform set is being used on the branch ISR?
B. ESP-3DES ESP-SHA-HMAC
C. ESP-AES-256-MD5-TRANS mode transport
This can be seen from the âshow crypto ipsec saâ command as shown below:
Q98. If Web VPN bookmarks are grayed out on the home screen, which action should you take to begin troubleshooting?
A. Determine whether the Cisco ASA can resolve the DNS names.
B. Determine whether the Cisco ASA has DNS forwarders set up.
C. Determine whether an ACL is present to permit DNS forwarding.
D. Replace the DNS name with an IP address.
Q99. Refer to the exhibit.
The IKEv2 tunnel between Router1 and Router2 is failing during session establishment. Which action will allow the session to establish correctly?
A. The address command on Router2 must be narrowed down to a /32 mask.
B. The local and remote keys on Router2 must be switched.
C. The pre-shared key must be altered to use only lowercase letters.
D. The local and remote keys on Router2 must be the same.
Q100. Refer to the exhibit.
After the configuration is performed, which combination of devices can connect?
A. a device with an identity type of IPv4 address of 184.108.40.206 or 220.127.116.11 or a certificate with subject name of "cisco.com"
B. a device with an identity type of IPv4 address of both 18.104.22.168 and 22.214.171.124 or a certificate with subject name containing "cisco.com"
C. a device with an identity type of IPv4 address of both 126.96.36.199 and 188.8.131.52 and a certificate with subject name containing "cisco.com"
D. a device with an identity type of IPv4 address of 184.108.40.206 or 220.127.116.11 or a certificate with subject name containing "cisco.com"