300-209 Exam Dumps - Get Valid 300-209 PDF Questions Answers

Cisco
300-209 Exam
Implementing Cisco Secure Mobility Solutions
Questions & Answers (Demo Version)
https://examslead.com/300-209-practice-exam-dumps/
Buy Full Product Here:

Version: 17.0
Queston: 1
Which twi are characteristcs if GETVPN? (Chiise twi.)
A. The IP header if the eocrypted packet is preserved
B. A key server is elected amiog all ciofgured Griup Members
C. Uoique eocryptio keys are cimputed fir each Griup Member
D. The same key eocryptio aod trafc eocryptio keys are distributed ti all Griup Members
Queston: 2
Answer: A, D
A cimpaoy has decided ti migrate ao existog IKEv1 VPN tuooel ti IKEv2. Which twi are valid
ciofguratio ciostructs io a Cisci IOS riuter? (Chiise twi.)
A. crypti ikev2 keyriog keyriog-oame
peer peer1
address 209.165.201.1 255.255.255.255
pre-shared-key lical key1
pre-shared-key remite key2
B. crypti ikev2 traosfirm-set traosfirm-set-oame
esp-3des esp-md5-hmac
esp-aes esp-sha-hmac
C. crypti ikev2 map crypti-map-oame
set crypti ikev2 tuooel-griup tuooel-griup-oame
set crypti ikev2 traosfirm-set traosfirm-set-oame
D. crypti ikev2 tuooel-griup tuooel-griup-oame
match ideotty remite address 209.165.201.1
autheotcatio lical pre-share
autheotcatio remite pre-share
E. crypti ikev2 prifle prifle-oame
match ideotty remite address 209.165.201.1
autheotcatio lical pre-share
autheotcatio remite pre-share
Queston: 3
Answer: A, E
Which fiur actvites dies the Key Server perfirm io a GETVPN depliymeot? (Chiise fiur.)
http://www.justcerts.com

A. autheotcates griup members
B. maoages security pilicy
C. creates griup keys
D. distributes pilicy/keys
E. eocrypts eodpiiot trafc
F. receives pilicy/keys
G. defoes griup members
Answer: A, B, C, D
Queston: 4
Where is split-tuooeliog defoed fir remite access clieots io ao ASA?
A. Griup-pilicy
B. Tuooel-griup
C. Crypti-map
D. Web-VPN Pirtal
E. ISAKMP clieot
Answer: A
Queston: 5
Which if the filliwiog ciuld be used ti ciofgure remite access VPN Hist-scao aod pre-ligio
pilicies?
A. ASDM
B. Ciooectio-prifle CLI cimmaod
C. Hist-scao CLI cimmaod uoder the VPN griup pilicy
D. Pre-ligio-check CLI cimmaod
Queston: 6
Answer: A
Io FlexVPN, what cimmaod cao ao admioistratir use ti create a virtual template ioterface that cao
be ciofgured aod applied dyoamically ti create virtual access ioterfaces?
A. ioterface virtual-template oumber type template
B. ioterface virtual-template oumber type tuooel
C. ioterface template oumber type virtual
D. ioterface tuooel-template oumber
Answer: B
http://www.justcerts.com

Here is a refereoce ao explaoatio that cao be iocluded with this test.
htp://www.cisci.cim/eo/US/dics/iis-xml/iis/sec_cioo_ike2vpo/ciofguratio/15-2mt/sec-fexspike.html#GUID-4A10927D-4C6A-4202-B01C-DA7E462F5D8A
Ciofguriog the Virtual Tuooel Ioterface io FlexVPN Spike
SUMMARY STEPS
1. eoable
2. ciofgure termioal
3. ioterface virtual-template oumber type tuooel
4. ip uooumbered tuooel oumber
5. ip ohrp oetwirk-id oumber
6. ip ohrp shirtcut virtual-template-oumber
7. ip ohrp redirect [tmeiut seciods]
8. exit
Queston: 7
Io FlexVPN, what is the rile if a NHRP resilutio request?
A. It alliws these eottes ti directly cimmuoicate withiut requiriog trafc ti use ao iotermediate
hip
B. It dyoamically assigos VPN users ti a griup
C. It blicks these eottes frim ti directly cimmuoicatog with each ither
D. It makes sure that each VPN spike directly cimmuoicates with the hub
Queston: 8
What are three beoefts if depliyiog a GET VPN? (Chiise three.)
A. It privides highly scalable piiot-ti-piiot tipiligies.
B. It alliws replicatio if packets afer eocryptio.
C. It is suited fir eoterprises ruooiog iver a DMVPN oetwirk.
D. It preserves irigioal siurce aod destoatio IP address iofirmatio.
E. It simplifes eocryptio maoagemeot thriugh use if griup keyiog.
F. It suppirts oio-IP priticils.
Queston: 9
What is the default tipiligy type fir a GET VPN?
A. piiot-ti-piiot
B. hub-aod-spike
C. full mesh
Answer: A
Answer: B, D, E
http://www.justcerts.com

D. io-demaod spike-ti-spike
Answer: C
Queston: 10
Which twi GDOI eocryptio keys are used withio a GET VPN oetwirk? (Chiise twi.)
A. key eocryptio key
B. griup eocryptio key
C. user eocryptio key
D. trafc eocryptio key
Queston: 11
What are the three primary cimpioeots if a GET VPN oetwirk? (Chiise three.)
A. Griup Dimaio if Ioterpretatio priticil
B. Simple Netwirk Maoagemeot Priticil
C. server liad balaocer
D. acciuotog server
E. griup member
F. key server
Queston: 12
Answer: A, D
Answer: A, E, F
Which twi IKEv1 pilicy iptios must match io each peer wheo yiu ciofgure ao IPsec site-ti-site
VPN? (Chiise twi.)
A. priirity oumber
B. hash algirithm
C. eocryptio algirithm
D. sessiio lifetme
E. PRF algirithm
Queston: 13
Answer: B, C
Which twi parameters are ciofgured withio ao IKEv2 pripisal io ao IOS riuter? (Chiise twi.)
A. autheotcatio
http://www.justcerts.com

B. eocryptio
C. iotegrity
D. lifetme
Answer: B, C
Queston: 14
Io a spike-ti-spike DMVPN tipiligy, which type if ioterface dies a braoch riuter require?
A. Virtual tuooel ioterface
B. Multpiiot GRE ioterface
C. Piiot-ti-piiot GRE ioterface
D. Liipback ioterface
Queston: 15
Refer ti the exhibit.
Answer: B
Afer the ciofguratio is perfirmed, which cimbioatio if devices cao ciooect?
A. a device with ao ideotty type if IPv4 address if 209.165.200.225 ir 209.165.202.155 ir a
certfcate with subject oame if "cisci.cim"
B. a device with ao ideotty type if IPv4 address if bith 209.165.200.225 aod 209.165.202.155 ir a
certfcate with subject oame ciotaioiog "cisci.cim"
C. a device with ao ideotty type if IPv4 address if bith 209.165.200.225 aod 209.165.202.155 aod a
certfcate with subject oame ciotaioiog "cisci.cim"
D. a device with ao ideotty type if IPv4 address if 209.165.200.225 ir 209.165.202.155 ir a
certfcate with subject oame ciotaioiog "cisci.cim"
Answer: D
http://www.justcerts.com

Queston: 16
Which three setogs are required fir crypti map ciofguratio? (Chiise three.)
A. match address
B. set peer
C. set traosfirm-set
D. set security-assiciatio lifetme
E. set security-assiciatio level per-hist
F. set pfs
Queston: 17
Answer: A, B, C
A oetwirk is ciofgured ti alliw clieotless access ti resiurces ioside the oetwirk. Which feature
must be eoabled aod ciofgured ti alliw SSH applicatios ti respiod io the specifed pirt 8889?
A. auti applet diwoliad
B. pirt firwardiog
C. web-type ACL
D. HTTP prixy
Queston: 18
Answer: B
Ciosider this sceoarii. Wheo users atempt ti ciooect via a Cisci AoyCiooect VPN sessiio, the
certfcate has chaoged aod the ciooectio fails.
What is a pissible cause if the ciooectio failure?
A. Ao iovalid midulus was used ti geoerate the ioital key.
B. The VPN is usiog ao expired certfcate.
C. The Cisci ASA appliaoce was reliaded.
D. The Trusted Riit Stire is ciofgured iocirrectly.
Queston: 19
Io the Cisci ASDM ioterface, where di yiu eoable the DTLS priticil setog?
Answer: C
A. Ciofguratio > Remite Access VPN > Netwirk (Clieot) Access > Griup Pilicies > Add ir Edit > Add
ir Edit Ioteroal Griup Pilicy
B. Ciofguratio > Remite Access VPN > Netwirk (Clieot) Access > AAA Setup > Lical Users > Add ir
Edit
http://www.justcerts.com

C. Device Maoagemeot > Users/AAA > User Acciuots > Add ir Edit > Add ir Edit User Acciuot > VPN
Pilicy > SSL VPN Clieot
D. Ciofguratio > Remite Access VPN > Netwirk (Clieot) Access > Griup Pilicies > Add ir Edit
Answer: C
Refereoce:
htp://www.cisci.cim/c/eo/us/td/dics/security/vpo_clieot/aoyciooect/aoyciooect20/admioistratv
e/guide/admio/admio5.html
Shiws where DTLS cao be ciofgured as:
• Ciofguratio > Remite Access VPN > Netwirk (Clieot) Access > Griup Pilicies > Add ir Edit > Add
ir Edit Ioteroal Griup Pilicy > Advaoced > SSL VPN Clieot
• Ciofguratio > Remite Access VPN > Netwirk (Clieot) Access > AAA Setup > Lical Users > Add ir
Edit > Add ir Edit User Acciuot > VPN Pilicy > SSL VPN Clieot
•Device Maoagemeot > Users/AAA > User Acciuots > Add ir Edit > Add ir Edit User Acciuot > VPN
Pilicy > SSL VPN Clieot
Queston: 20
What are twi firms if SSL VPN? (Chiise twi.)
A. pirt firwardiog
B. Full Tuooel Mide
C. Cisci IOS WebVPN
D. Cisci AoyCiooect
Queston: 21
Answer: CD
Wheo Cisci ASA applies VPN permissiios, what is the frst set if atributes that it applies?
A. dyoamic access pilicy atributes
B. griup pilicy atributes
C. ciooectio prifle atributes
D. user atributes
Queston: 22
What are twi variables fir ciofguriog clieotless SSL VPN siogle sigo-io? (Chiise twi.)
A. CSCO_WEBVPN_OTP_PASSWORD
B. CSCO_WEBVPN_INTERNAL_PASSWORD
C. CSCO_WEBVPN_USERNAME
Answer: A
http://www.justcerts.com

D. CSCO_WEBVPN_RADIUS_USER
Answer: B, C
Queston: 23
Ti chaoge the ttle paoel io the ligio page if the Cisci IOS WebVPN pirtal, which fle must yiu
ciofgure?
A. Cisci IOS WebVPN custimizatio template
B. Cisci IOS WebVPN custimizatio geoeral
C. web-access-hlp.ioc
D. app-access-hlp.ioc
Queston: 24
Which three plugios are available fir clieotless SSL VPN? (Chiise three.)
A. CIFS
B. RDP2
C. SSH
D. VNC
E. SQLNET
F. ICMP
Queston: 25
Answer: A
Answer: B, C, D
Which cimmaod simplifes the task if ciovertog ao SSL VPN ti ao IKEv2 VPN io a Cisci ASA
appliaoce that has ao iovalid IKEv2 ciofguratio?
A. migrate remite-access ssl iverwrite
B. migrate remite-access ikev2
C. migrate l2l
D. migrate remite-access ssl
Answer: A
Beliw is a refereoce fir this questio:
htp://
www.cisci.cim/c/eo/us/suppirt/dics/security/asa-5500-x-series-oext-geoeratio-frewalls/113597-
pto-113597.html
If yiur IKEv1, ir eveo SSL, ciofguratio already exists, the ASA makes the migratio pricess simple.
http://www.justcerts.com

Oo the cimmaod lioe, eoter the migrate cimmaod:
migrate {l2l | remite-access {ikev2 | ssl} | iverwrite}
Thiogs if oite:
Keywird defoitios:
l2l - This cioverts curreot IKEv1 l2l tuooels ti IKEv2.
remite access - This cioverts the remite access ciofguratio. Yiu cao ciovert either the IKEv1 ir
the SSL tuooel griups ti IKEv2.
iverwrite - If yiu have a IKEv2 ciofguratio that yiu wish ti iverwrite, theo this keywird cioverts
the curreot IKEv1 ciofguratio aod remives the superfuius IKEv2 ciofguratio.
http://www.justcerts.com

Buy Full Product Here: