A Review Of High quality 300-209 testing software

Actual of 300-209 test engine materials and courses for Cisco certification for IT specialist, Real Success Guaranteed with Updated 300-209 pdf dumps vce Materials. 100% PASS Implementing Cisco Secure Mobility Solutions (SIMOS) exam Today!

Q51. Which three configurations are required for both IPsec VTI and crypto map-based VPNs? (Choose three.) 

A. transform set 

B. ISAKMP policy 

C. ACL that defines traffic to encrypt 

D. dynamic routing protocol 

E. tunnel interface 

F. IPsec profile 

G. PSK or PKI trustpoint with certificate 

Answer: A,B,G 

Q52. Which command simplifies the task of converting an SSL VPN to an IKEv2 VPN on a Cisco ASA appliance that has an invalid IKEv2 configuration? 

A. migrate remote-access ssl overwrite 

B. migrate remote-access ikev2 

C. migrate l2l 

D. migrate remote-access ssl 

Answer: A 

Explanation: 

Below is a reference for this question: 

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113597-ptn-113597.html 

If your IKEv1, or even SSL, configuration already exists, the ASA makes the migration process simple. On the command line, enter the migrate command: 

migrate {l2l | remote-access {ikev2 | ssl} | overwrite} 

Things of note: 

Keyword definitions: 

l2l - This converts current IKEv1 l2l tunnels to IKEv2. 

remote access - This converts the remote access configuration. You can convert either the IKEv1 or the SSL tunnel groups to IKEv2. 

overwrite - If you have a IKEv2 configuration that you wish to overwrite, then this keyword converts the current IKEv1 configuration and removes the superfluous IKEv2 configuration. 

Q53. Which VPN feature allows remote access clients to print documents to local network printers? 

A. Reverse Route Injection 

B. split tunneling 

C. loopback addressing 

D. dynamic virtual tunnels 

Answer: B 

Q54. Which two IKEv1 policy options must match on each peer when you configure an IPsec site-to-site VPN? (Choose two.) 

A. priority number 

B. hash algorithm 

C. encryption algorithm 

D. session lifetime 

E. PRF algorithm 

Answer: B,C 

Q55. Which Cisco adaptive security appliance command can be used to view the count of all active VPN sessions? 

A. show vpn-sessiondb summary 

B. show crypto ikev1 sa 

C. show vpn-sessiondb ratio encryption 

D. show iskamp sa detail 

E. show crypto protocol statistics all 

Answer: A 

Q56. When you troubleshoot Cisco AnyConnect, which step does Cisco recommend before you open a TAC case? 

A. Show applet Lifecycle exceptions. 

B. Disable cookies. 

C. Enable the WebVPN cache. 

D. Collect a DART bundle. 

Answer: D 

Q57. Refer to the exhibit. 

An administrator is adding IPv6 addressing to an already functioning tunnel. The administrator is unable to ping 2001:DB8:100::2 but can ping 209.165.200.226. Which configuration needs to be added or changed? 

A. No configuration change is necessary. Everything is working correctly. 

B. OSPFv3 needs to be configured on the interface. 

C. NHRP needs to be configured to provide NBMA mapping. 

D. Tunnel mode needs to be changed to GRE IPv4. 

E. Tunnel mode needs to be changed to GRE IPv6. 

Answer: E 

Q58. Which.protocol must be enabled on the inside interface to use cluster encryption in SSL VPN load balancing? 

A. TLS 

B. DTLS 

C. IKEv2 

D. ISAKMP 

Answer: D 

Q59. Which technology can rate-limit the number of tunnels on a DMVPN hub when system utilization is above a specified percentage? 

A. NHRP Event Publisher 

B. interface state control 

C. CAC 

D. NHRP Authentication 

E. ip nhrp connect 

Answer: C 

Q60. Which feature is available in IKEv1 but not IKEv2? 

A. Layer 3 roaming 

B. aggressive mode 

C. EAP variants 

D. sequencing 

Answer: B