Download Cisco.300-209.2017-09-05.1e.398q.vcex

Download Dump

File Info

Exam Implementing Cisco Secure Mobility Solutions
Number 300-209
File Name Cisco.300-209.2017-09-05.1e.398q.vcex
Size 31.51 Mb
Posted September 05, 2017
Downloaded 4



How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Purchase
Coupon: EXAMFILESCOM

Coupon: EXAMFILESCOM
With discount: 20%





Demo Questions

Question 1
The following configuration steps have been completeD.
WebVPN was enabled on the ASA outside interface.
SSL VPN client software was loaded to the ASA.
A DHCP scope was configured and applied to a WebVPN Tunnel Group.
What additional step is required if the client software fails to load when connecting to the ASA SSL page?

  • A: The SSL client must be loaded to the client by an ASA administrator
  • B: The SSL client must be downloaded to the client via FTP
  • C: The SSL VPN client must be enabled on the ASA after loading
  • D: The SSL client must be enabled on the client machine before loading



Question 2
An administrator desires that when work laptops are not connected to the corporate network, they should automatically initiate an AnyConnect VPN tunnel back to headquarters. Where does the administrator configure this?

  • A: Via the svc trusted-network command under the group-policy sub-configuration mode on the ASA
  • B: Under the "Automatic VPN Policy" section inside the Anyconnect Profile Editor within ASDM
  • C: Under the TNDPolicy XML section within the Local Preferences file on the client computer
  • D: Via the svc trusted-network command under the global webvpn sub-configuration mode on the ASA



Question 3
Which Cisco adaptive security appliance command can be used to view the IPsec PSK of a tunnel group in cleartext?

  • A: more system:running-config
  • B: show running-config crypto
  • C: show running-config tunnel-group
  • D: show running-config tunnel-group-map
  • E: clear config tunnel-group
  • F: show ipsec policy



Question 4
Regarding licensing, which option will allow IKEv2 connections on the adaptive security appliance?

  • A: AnyConnect Essentials can be used for Cisco AnyConnect IKEv2 connections.
  • B: IKEv2 sessions are not licensed.
  • C: The Advanced Endpoint Assessment license must be installed to allow Cisco AnyConnect IKEv2 sessions.
  • D: Cisco AnyConnect Mobile must be installed to allow AnyConnect IKEv2 sessions.



Question 5
Which two troubleshooting steps should be taken when Cisco AnyConnect cannot establish an IKEv2 connection, while SSL works fine? (Choose two.)

  • A: Verify that the primary protocol on the client machine is set to IPsec.
  • B: Verify that AnyConnect is enabled on the correct interface.
  • C: Verify that the IKEv2 protocol is enabled on the group policy.
  • D: Verify that ASDM and AnyConnect are not using the same port.
  • E: Verify that SSL and IKEv2 certificates are not referencing the same trustpoint.



Question 6
The Cisco AnyConnect client is unable to download an updated user profile from the ASA headend using IKEv2. What is the most likely cause of this problem?

  • A: User profile updates are not allowed with IKEv2.
  • B: IKEv2 is not enabled on the group policy.
  • C: A new profile must be created so that the adaptive security appliance can push it to the client on the next connection attempt.
  • D: Client Services is not enabled on the adaptive security appliance.



Question 7
The Cisco AnyConnect client fails to connect via IKEv2 but works with SSL. The following error message is displayed:
"Login Denied, unauthorized connection mechanism, contact your administrator"
What is the most possible cause of this problem?

  • A: DAP is terminating the connection because IKEv2 is the protocol that is being used.
  • B: The client endpoint does not have the correct user profile to initiate an IKEv2 connection.
  • C: The AAA server that is being used does not authorize IKEv2 as the connection mechanism.
  • D: The administrator is restricting access to this specific user.
  • E: The IKEv2 protocol is not enabled in the group policy of the VPN headend.



Question 8
Refer to the exhibit.
   
An administrator is adding IPv6 addressing to an already functioning tunnel. The administrator is unable to ping 2001:DB8:100::2 but can ping 209.165.200.226.
Which configuration needs to be added or changed?

  • A: No configuration change is necessary. Everything is working correctly.
  • B: OSPFv3 needs to be configured on the interface.
  • C: NHRP needs to be configured to provide NBMA mapping.
  • D: Tunnel mode needs to be changed to GRE IPv4.
  • E: Tunnel mode needs to be changed to GRE IPv6.



Question 9
Refer to the exhibit.
   
An IPsec peer is exchanging routes using IKEv2, but the routes are not installed in the RIB.
Which configuration error is causing the failure?

  • A: IKEv2 routing requires certificate authentication, not pre-shared keys.
  • B: An invalid administrative distance value was configured.
  • C: The match identity command must refer to an access list of routes.
  • D: The IKEv2 authorization policy is not referenced in the IKEv2 profile.



Question 10
Refer to the exhibit.
   
Which authentication method was used by the remote peer to prove its identity?

  • A: Extensible Authentication Protocol
  • B: certificate authentication
  • C: pre-shared key
  • D: XAUTH









CONNECT US


ProfExam
PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount..

Get Now!


HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen



HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset