It is impossible to pass Cisco 300-209 exam without any help in the short term. Come to Exambible soon and find the most advanced, correct and guaranteed Cisco 300-209 practice questions. You will get a surprising result by our Replace Implementing Cisco Secure Mobility Solutions (SIMOS) practice guides.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Cisco 300-209 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 300-209 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/300-209-exam-dumps.html
Q41. Refer to the exhibit.
An IPsec peer is exchanging routes using IKEv2, but the routes are not installed in the RIB. Which configuration error is causing the failure?
A. IKEv2 routing requires certificate authentication, not pre-shared keys.
B. An invalid administrative distance value was configured.
C. The match identity command must refer to an access list of routes.
D. The IKEv2 authorization policy is not referenced in the IKEv2 profile.
Answer: B
Q42. Refer to the exhibit.
The network administrator is adding a new spoke, but the tunnel is not passing traffic. What
could cause this issue?
A. DMVPN is a point-to-point tunnel, so there can be only one spoke.
B. There is no EIGRP configuration, and therefore the second tunnel is not working.
C. The NHRP authentication is failing.
D. The transform set must be in transport mode, which is a requirement for DMVPN.
E. The NHRP network ID is incorrect.
Answer: C
Reference:
http://www.cisco.com/c/en/us/td/docs/ios/12_4/ip_addr/configuration/guide/hadnhrp.html#w p1055049
Q43. Refer to the exhibit.
The customer can establish an AnyConnect connection on the first attempt only. Subsequent attempts fail. What might be the issue?
A. IKEv2 is blocked over the path.
B. UserGroup must be different than the name of the connection profile.
C. The primary protocol should be SSL.
D. UserGroup must be the same as the name of the connection profile.
Answer: D
Q44. Which two troubleshooting steps should be taken when Cisco AnyConnect cannot establish an IKEv2 connection, while SSL works fine? (Choose two.)
A. Verify that the primary protocol on the client machine is set to IPsec.
B. Verify that AnyConnect is enabled on the correct interface.
C. Verify that the IKEv2 protocol is enabled on the group policy.
D. Verify that ASDM and AnyConnect are not using the same port.
E. Verify that SSL and IKEv2 certificates are not referencing the same trustpoint.
Answer: A,C
Q45. A customer requires all traffic to go through a VPN. However, access to the local network is also required. Which two options can enable this configuration? (Choose two.)
A. split exclude
B. use of an XML profile
C. full tunnel by default
D. split tunnel
E. split include
Answer: A,B
Q46. An IOS SSL VPN is configured to forward TCP ports. A remote user cannot access the corporate FTP site with a Web browser. What is a possible reason for the failure?
A. The user's FTP application is not supported.
B. The user is connecting to an IOS VPN gateway configured in Thin Client Mode.
C. The user is connecting to an IOS VPN gateway configured in Tunnel Mode.
D. The user's operating system is not supported.
Answer: B
Reference:
http://www.cisco.com/c/en/us/support/docs/security/ssl-vpn-client/70664-IOSthinclient.html
Thin-Client SSL VPN (Port Forwarding)
A remote client must download a small, Java-based applet for secure access of TCP applications that use static port numbers. UDP is not supported. Examples include access to POP3, SMTP, IMAP, SSH, and Telnet. The user needs local administrative privileges because changes are made to files on the local machine. This method of SSL VPN does not work with applications that use dynamic port assignments, for example, several FTP applications.
Q47. A rogue static route is installed in the routing table of a Cisco FlexVPN and is causing
traffic to be blackholed. Which command should be used to identify the peer from which that route originated?
A. show crypto ikev2 sa detail
B. show crypto route
C. show crypto ikev2 client flexvpn
D. show ip route eigrp
E. show crypto isakmp sa detail
Answer: B
Q48. When you configure IPsec VPN High Availability Enhancements, which technology does Cisco recommend that you enable to make reconvergence faster?
A. EOT
B. IP SLAs
C. periodic IKE keepalives
D. VPN fast detection
Answer: C
Q49. Which three types of SSO functionality are available on the Cisco ASA without any external SSO servers? (Choose three.)
A. SAML
B. HTTP POST
C. HTTP Basic
D. NTLM
E. Kerberos
F. OAuth 2.0
Answer: B,C,D
Q50. Which type of NHRP packet is unique to Phase 3 DMVPN topologies?
A. resolution request
B. resolution reply
C. redirect
D. registration request
E. registration reply
F. error indication
Answer: C
