Best Quality of 300-209 free question materials and questions for Cisco certification for client, Real Success Guaranteed with Updated 300-209 pdf dumps vce Materials. 100% PASS Implementing Cisco Secure Mobility Solutions (SIMOS) exam Today!
2016 May 300-209 Study Guide Questions:
Q71. CORRECT TEXT
You are the network security manager for your organization. Your manager has received a request to allow an external user to access to your HQ and DM2 servers. You are given the following connection parameters for this task.
Using ASDM on the ASA, configure the parameters below and test your configuration by accessing the Guest PC. Not all AS DM screens are active for this exercise. Also, for this exercise, all changes are automatically applied to the ASA and you will not have to click APPLY to apply the changes manually.
. Enable Clientless SSL VPN on the outside interface
. Using the Guest PC, open an Internet Explorer window and test and verify the basic connection to the SSL VPN portal using address: https://vpn-secure-x.public
. a. You may notice a certificate error in the status bar, this can be ignored for this exercise
. b. Username: vpnuser
. c. Password: cisco123
. d. Logout of the portal once you have verified connectivity
. Configure two bookmarks with the following parameters:
. a. Bookmark List Name: MY-BOOKMARKS
. b. Use the: URL with GET or POST method
. c. Bookmark Title: HQ-Server
. i. http://10.10.3.20
. d. Bookmark Title: DMZ-Server-FTP
. i. ftp://172.16.1.50
. e. Assign the configured Bookmarks to:
. i. DfltGrpPolicy
. ii. DfltAccessPolicy
. iii. LOCAL User: vpnuser
. From the Guest PC, reconnect to the SSL VPN Portal
. Test both configured Bookmarks to ensure desired connectivity
You have completed this exercise when you have configured and successfully tested Clientless SSL VPN connectivity.
Answer: Please find the solution in below explanation.
First, enable clientless VPN access on the outside interface by checking the box found below:
Then, log in to the given URL using the vpnuser/cisco123 credentials:
Logging in will take you to this page, which means you have now verified basic connectivity:
Now log out by hitting the logout button.
Now, go back to the ASDM and navigate to the Bookmarks portion:
Make the name MY-BOOKMARKS and use the “Add” tab and add the bookmarks per the instructions:
Ensure the “URL with GET of POST method” button is selected and hit OK:
Add the two bookmarks as given in the instructions:
You should now see the two bookmarks listed:
Hit OK and you will see this:
Select the MY-BOOKMARKS Bookmarks and click on the “Assign” button. Then, click on the appropriate check boxes as specified in the instructions and hit OK.
After hitting OK, you will now see this:
Then, go back to the Guest-PC, log back in and you should be able to test out the two new bookmarks.
Q72. What are two variables for configuring clientless SSL VPN single sign-on? (Choose two.)
Q73. Refer to the exhibit.
An administrator is adding IPv6 addressing to an already functioning tunnel. The administrator is unable to ping 2001:DB8:100::2 but can ping 184.108.40.206. Which configuration needs to be added or changed?
A. No configuration change is necessary. Everything is working correctly.
B. OSPFv3 needs to be configured on the interface.
C. NHRP needs to be configured to provide NBMA mapping.
D. Tunnel mode needs to be changed to GRE IPv4.
E. Tunnel mode needs to be changed to GRE IPv6.
Far out cisco ccnp security 300-209 simos:
Q74. Refer to the exhibit.
Which VPN solution does this configuration represent?
Q75. Which two examples of transform sets are contained in the IKEv2 default proposal? (Choose two.)
A. aes-cbc-192, sha256, 14
B. 3des, md5, 5
C. 3des, sha1, 1
D. aes-cbc-128, sha, 5
Q76. A network administrator is configuring AES encryption for the ISAKMP policy on an IOS router. Which two configurations are valid? (Choose two.)
A. crypto isakmp policy 10
encryption aes 254
B. crypto isakmp policy 10
encryption aes 192
C. crypto isakmp policy 10
encryption aes 256
D. crypto isakmp policy 10
encryption aes 196
E. crypto isakmp policy 10
encryption aes 199
F. crypto isakmp policy 10
encryption aes 64
Actual cisco 300-209 book:
Q77. Which feature is enabled by the use of NHRP in a DMVPN network?
A. host routing with Reverse Route Injection
B. BGP multiaccess
C. host to NBMA resolution
D. EIGRP redistribution
Q78. The Cisco AnyConnect client fails to connect via IKEv2 but works with SSL. The following error message is displayed:
"Login Denied, unauthorized connection mechanism, contact your administrator"
What is the most possible cause of this problem?
A. DAP is terminating the connection because IKEv2 is the protocol that is being used.
B. The client endpoint does not have the correct user profile to initiate an IKEv2 connection.
C. The AAA server that is being used does not authorize IKEv2 as the connection mechanism.
D. The administrator is restricting access to this specific user.
E. The IKEv2 protocol is not enabled in the group policy of the VPN headend.
Q79. Which two are features of GETVPN but not DMVPN and FlexVPN?.(Choose two.)
A. one IPsec SA for all encrypted traffic
B. no requirement for an overlay routing protocol
C. design for use over public or private WAN
D. sequence numbers that enable scalable replay checking
E. enabled use of ESP or AH
F. preservation of IP protocol in outer header
Q80. A Cisco IOS SSL VPN gateway is configured to operate in clientless mode so that users can access file shares on a Microsoft Windows 2003 server. Which protocol is used between the Cisco IOS router and the Windows server?
see more Implementing Cisco Secure Mobility Solutions (SIMOS)