Download Cisco.300-209.2017-09-05.1e.398q.vcex

Download Exam

File Info

Exam Implementing Cisco Secure Mobility Solutions
Number 300-209
File Name Cisco.300-209.2017-09-05.1e.398q.vcex
Size 31.51 Mb
Posted September 05, 2017
Downloads 73

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.


With discount: 20%


Demo Questions

Question 1
The following configuration steps have been completeD.
WebVPN was enabled on the ASA outside interface.
SSL VPN client software was loaded to the ASA.
A DHCP scope was configured and applied to a WebVPN Tunnel Group.
What additional step is required if the client software fails to load when connecting to the ASA SSL page?

  • A: The SSL client must be loaded to the client by an ASA administrator
  • B: The SSL client must be downloaded to the client via FTP
  • C: The SSL VPN client must be enabled on the ASA after loading
  • D: The SSL client must be enabled on the client machine before loading

Question 2
An administrator desires that when work laptops are not connected to the corporate network, they should automatically initiate an AnyConnect VPN tunnel back to headquarters. Where does the administrator configure this?

  • A: Via the svc trusted-network command under the group-policy sub-configuration mode on the ASA
  • B: Under the "Automatic VPN Policy" section inside the Anyconnect Profile Editor within ASDM
  • C: Under the TNDPolicy XML section within the Local Preferences file on the client computer
  • D: Via the svc trusted-network command under the global webvpn sub-configuration mode on the ASA

Question 3
Which Cisco adaptive security appliance command can be used to view the IPsec PSK of a tunnel group in cleartext?

  • A: more system:running-config
  • B: show running-config crypto
  • C: show running-config tunnel-group
  • D: show running-config tunnel-group-map
  • E: clear config tunnel-group
  • F: show ipsec policy

Question 4
Regarding licensing, which option will allow IKEv2 connections on the adaptive security appliance?

  • A: AnyConnect Essentials can be used for Cisco AnyConnect IKEv2 connections.
  • B: IKEv2 sessions are not licensed.
  • C: The Advanced Endpoint Assessment license must be installed to allow Cisco AnyConnect IKEv2 sessions.
  • D: Cisco AnyConnect Mobile must be installed to allow AnyConnect IKEv2 sessions.

Question 5
Which two troubleshooting steps should be taken when Cisco AnyConnect cannot establish an IKEv2 connection, while SSL works fine? (Choose two.)

  • A: Verify that the primary protocol on the client machine is set to IPsec.
  • B: Verify that AnyConnect is enabled on the correct interface.
  • C: Verify that the IKEv2 protocol is enabled on the group policy.
  • D: Verify that ASDM and AnyConnect are not using the same port.
  • E: Verify that SSL and IKEv2 certificates are not referencing the same trustpoint.

Question 6
The Cisco AnyConnect client is unable to download an updated user profile from the ASA headend using IKEv2. What is the most likely cause of this problem?

  • A: User profile updates are not allowed with IKEv2.
  • B: IKEv2 is not enabled on the group policy.
  • C: A new profile must be created so that the adaptive security appliance can push it to the client on the next connection attempt.
  • D: Client Services is not enabled on the adaptive security appliance.

Question 7
The Cisco AnyConnect client fails to connect via IKEv2 but works with SSL. The following error message is displayed:
"Login Denied, unauthorized connection mechanism, contact your administrator"
What is the most possible cause of this problem?

  • A: DAP is terminating the connection because IKEv2 is the protocol that is being used.
  • B: The client endpoint does not have the correct user profile to initiate an IKEv2 connection.
  • C: The AAA server that is being used does not authorize IKEv2 as the connection mechanism.
  • D: The administrator is restricting access to this specific user.
  • E: The IKEv2 protocol is not enabled in the group policy of the VPN headend.

Question 8
Refer to the exhibit.
An administrator is adding IPv6 addressing to an already functioning tunnel. The administrator is unable to ping 2001:DB8:100::2 but can ping
Which configuration needs to be added or changed?

  • A: No configuration change is necessary. Everything is working correctly.
  • B: OSPFv3 needs to be configured on the interface.
  • C: NHRP needs to be configured to provide NBMA mapping.
  • D: Tunnel mode needs to be changed to GRE IPv4.
  • E: Tunnel mode needs to be changed to GRE IPv6.

Question 9
Refer to the exhibit.
An IPsec peer is exchanging routes using IKEv2, but the routes are not installed in the RIB.
Which configuration error is causing the failure?

  • A: IKEv2 routing requires certificate authentication, not pre-shared keys.
  • B: An invalid administrative distance value was configured.
  • C: The match identity command must refer to an access list of routes.
  • D: The IKEv2 authorization policy is not referenced in the IKEv2 profile.

Question 10
Refer to the exhibit.
Which authentication method was used by the remote peer to prove its identity?

  • A: Extensible Authentication Protocol
  • B: certificate authentication
  • C: pre-shared key
  • D: XAUTH


You can buy ProfExam with a 20% discount..

Get Now!


Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen


Use VCE Exam Simulator to open VCE files