Advanced Guide: cisco ccnp security 300-209 simos

Ucertify older Cisco lecturers as well as experts may approve that Ucertify Cisco 300-209 exam questions and answers are nearly appropriate. The actual move rate regarding Implementing Cisco Secure Mobility Solutions (SIMOS) had been nearly 95 percent. Above al, were able to show how the 300-209 research materials produced useful reference with regard to Cisco prospects. Our 300-209 pdf file well worth the examinees sparing no effort to study. You can wager your boot youll have a good outcome by the Ucertify Implementing Cisco Secure Mobility Solutions (SIMOS) practice assessments.

2016 Jun airaid 300-209:

Q81. Which algorithm provides both encryption and authentication for data plane communication? 

A. SHA-96 

B. SHA-384 

C. 3DES 

D. AES-256 

E. AES-GCM 

F. RC4 

Answer: E 


Q82. In the Diffie-Hellman protocol, which type of key is the shared secret? 

A. a symmetric key 

B. an asymmetric key 

C. a decryption key 

D. an encryption key 

Answer: A 


Q83. Which two technologies are considered to be Suite B cryptography? (Choose two.) 

A. MD5 

B. SHA2 

C. Elliptical Curve Diffie-Hellman 

D. 3DES 

E. DES 

Answer: B,C 


Q84. Refer to the exhibit. 


Which type of VPN is being configured, based on the partial configuration snippet? 

A. DMVPN with dual hub 

B. GET VPN with dual group member 

C. FlexVPN backup gateway 

D. GET VPN with COOP key server 

E. FlexVPN load balancer 

Answer: D 


Q85. Scenario 

Your organization has just implemented a Cisco AnyConnect SSL VPN solution. Using Cisco ASDM, answer the questions regarding the implementation. 

Note: Not all screens or option selections are active for this exercise. 


Topology 


Default_Home 


What two actions will be taken on translated packets when the AnyConnect users connect to the ASA? (Choose two.) 

A. No action will be taken, they will keep their original assigned addresses 

B. The source address will use the outside-nat-pool 

C. The source NAT type will be a static translation 

D. The source NAT type will be a dynamic translation 

E. DNS will be translated on rule matches 

Answer: A,C 

Explanation: 

First, navigate to the Configuration ->NAT Rules tab to see this: 


Here we see that NAT rule 2 applies to the AnyConnect clients, click on this rule for more details to see the following: 


Here we see that it is a static source NAT entry, but that the Source and Destination addresses remain the original IP address so they are not translated. 


300-209  pdf exam

Renovate cisco 300-209 book:

Q86. An IOS SSL VPN is configured to forward TCP ports. A remote user cannot access the corporate FTP site with a Web browser. What is a possible reason for the failure? 

A. The user's FTP application is not supported. 

B. The user is connecting to an IOS VPN gateway configured in Thin Client Mode. 

C. The user is connecting to an IOS VPN gateway configured in Tunnel Mode. 

D. The user's operating system is not supported. 

Answer: B 

Reference: 

http://www.cisco.com/c/en/us/support/docs/security/ssl-vpn-client/70664-IOSthinclient.html 

Thin-Client SSL VPN (Port Forwarding) 

A remote client must download a small, Java-based applet for secure access of TCP applications that use static port numbers. UDP is not supported. Examples include access to POP3, SMTP, IMAP, SSH, and Telnet. The user needs local administrative privileges because changes are made to files on the local machine. This method of SSL VPN does not work with applications that use dynamic port assignments, for example, several FTP applications. 


Q87. Which transform set is contained in the IKEv2 default proposal? 

A. aes-cbc-192, sha256, group 14 

B. 3des, md5, group 7 

C. 3des, sha1, group 1 

D. aes-cbc-128, sha, group 5 

Answer: D 


Q88. What are three benefits of deploying a GET VPN? (Choose three.) 

A. It provides highly scalable point-to-point topologies. 

B. It allows replication of packets after encryption. 

C. It is suited for enterprises running over a DMVPN network. 

D. It preserves original source and destination IP address information. 

E. It simplifies encryption management through use of group keying. 

F. It supports non-IP protocols. 

Answer: B,D,E 


Q89. Refer to the exhibit. 


Which authentication method was used by the remote peer to prove its identity? 

A. Extensible Authentication Protocol 

B. certificate authentication 

C. pre-shared key 

D. XAUTH 

Answer: C 


Q90. Scenario: 

You are the senior network security administrator for your organization. Recently and junior engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA and a remote branch office. 

You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR, verify the IPsec configuration is properly configured between the two sites. 

NOTE: the show running-config command cannot be used for this exercise. 

Topology: 

at is being used as the authentication method on the branch ISR? 

A. Certifcates 

B. Pre-shared keys 

C. RSA public keys 

D. Diffie-Hellman Group 2 

Answer: B 

Explanation: 

The show crypto isakmp key command shows the preshared key of “cisco”. 




see more 300-209 dumps