getcertified4sure.com

300-209 Exam

All About 300-209 test questions Aug 2021




Proper study guides for Refresh Cisco Implementing Cisco Secure Mobility Solutions (SIMOS) certified begins with Cisco 300-209 preparation products which designed to deliver the Simulation 300-209 questions by making you pass the 300-209 test at your first time. Try the free 300-209 demo right now.

Q1. What are two forms of SSL VPN? (Choose two.) 

A. port forwarding 

B. Full Tunnel Mode 

C. Cisco IOS WebVPN 

D. Cisco AnyConnect 

Answer: C,D 


Q2. Which command clears all Cisco AnyConnect VPN sessions? 

A. vpn-sessiondb logoff anyconnect 

B. vpn-sessiondb logoff webvpn 

C. vpn-sessiondb logoff l2l 

D. clear crypto isakmp sa 

Answer:


Q3. Which hash algorithm is required to protect classified information? 

A. MD5 

B. SHA-1 

C. SHA-256 

D. SHA-384 

Answer:


Q4. Which technology can provide high availability for an SSL VPN? 

A. DMVPN 

B. a multiple-tunnel configuration 

C. a Cisco ASA pair in active/passive failover configuration 

D. certificate to tunnel group maps 

Answer:


Q5. Refer to the exhibit. 

You executed the show crypto ipsec sa command to troubleshoot an IPSec issue. What problem does the given output indicate? 

A. IKEv2 failed to establish a phase 2 negotiation. 

B. The Crypto ACL is different on the peer device. 

C. ISAKMP was unable to find a matching SA. 

D. IKEv2 was used in aggressive mode. 

Answer:


Q6. Which option describes what address preservation with IPsec Tunnel Mode allows when GETVPN is used? 

A. stronger encryption methods 

B. Network Address Translation of encrypted traffic 

C. traffic management based on original source and destination addresses 

D. Tunnel Endpoint Discovery 

Answer:


Q7. A private wan connection is suspected of intermittently corrupting data. Which technology can a network administrator use to detect and drop the altered data traffic? 

A. AES-128 

B. RSA Certificates 

C. SHA2-HMAC 

D. 3DES 

E. Diffie-Helman Key Generation 

Answer:


Q8. CORRECT TEXT 

Scenario: 

You are the network security manager for your organization. Your manager has received a request to allow an external user to access to your HQ and DM2 servers. You are given the following connection parameters for this task. 

Using ASDM on the ASA, configure the parameters below and test your configuration by accessing the Guest PC. Not all AS DM screens are active for this exercise. Also, for this exercise, all changes are automatically applied to the ASA and you will not have to click APPLY to apply the changes manually. 

. Enable Clientless SSL VPN on the outside interface 

. Using the Guest PC, open an Internet Explorer window and test and verify the basic connection to the SSL VPN portal using address: https://vpn-secure-x.public 

. a. You may notice a certificate error in the status bar, this can be ignored for this exercise 

. b. Username: vpnuser 

. c. Password: cisco123 

. d. Logout of the portal once you have verified connectivity 

. Configure two bookmarks with the following parameters: 

. a. Bookmark List Name: MY-BOOKMARKS 

. b. Use the: URL with GET or POST method 

. c. Bookmark Title: HQ-Server 

. i. http://10.10.3.20 

. d. Bookmark Title: DMZ-Server-FTP 

. i. ftp://172.16.1.50 

. e. Assign the configured Bookmarks to: 

. i. DfltGrpPolicy 

. ii. DfltAccessPolicy 

. iii. LOCAL User: vpnuser 

. From the Guest PC, reconnect to the SSL VPN Portal 

. Test both configured Bookmarks to ensure desired connectivity 

You have completed this exercise when you have configured and successfully tested Clientless SSL VPN connectivity. 

Topology: 

Answer: Please find the solution in below explanation. 

Explanation: 

First, enable clientless VPN access on the outside interface by checking the box found below: 

Then, log in to the given URL using the vpnuser/cisco123 credentials: 

Logging in will take you to this page, which means you have now verified basic connectivity: 

Now log out by hitting the logout button. 

Now, go back to the ASDM and navigate to the Bookmarks portion: 

Make the name MY-BOOKMARKS and use the “Add” tab and add the bookmarks per the instructions: 

Ensure the “URL with GET of POST method” button is selected and hit OK: 

Add the two bookmarks as given in the instructions: 

You should now see the two bookmarks listed: 

Hit OK and you will see this: 

Select the MY-BOOKMARKS Bookmarks and click on the “Assign” button. Then, click on the appropriate check boxes as specified in the instructions and hit OK. 

After hitting OK, you will now see this: 

Then, go back to the Guest-PC, log back in and you should be able to test out the two new bookmarks. 


Q9. Which protocols does the Cisco AnyConnect client use to build multiple connections to the security appliance? 

A. TLS and DTLS 

B. IKEv1 

C. L2TP over IPsec 

D. SSH over TCP 

Answer:


Q10. On which Cisco platform are dynamic virtual template interfaces available? 

A. Cisco Adaptive Security Appliance 5585-X 

B. Cisco Catalyst 3750X 

C. Cisco Integrated Services Router Generation 2 

D. Cisco Nexus 7000 

Answer: