300-209 Exam Details
-
Exam Code
:300-209 -
Exam Name
:Implementing Cisco Secure Mobility Solutions -
Certification
:Cisco Certifications -
Vendor
:Cisco -
Total Questions
:450 Q&As -
Last Updated
:Dec 15, 2021
Cisco 300-209 Online Questions & Answers
-
Question 241:
An administrator wishes to limit the networks reachable over the Anyconnect VPN tunnels. Which configuration on the ASA will correctly limit the networks reachable to 209.165.201.0/27 and 209.165.202.128/27?
A. access-list splitlist standard permit 209.165.201.0 255.255.255.224 access-list splitlist standard permit 209.165.202.128 255.255.255.224 ! group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes split-tunnel-policy tunnelspecified split-tunnel-network-list value splitlist
B. access-list splitlist standard permit 209.165.201.0 255.255.255.224 access-list splitlist standard permit 209.165.202.128 255.255.255.224 ! group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes split-tunnel-policy tunnelall split-tunnel-network-list value splitlist
C. group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes split-tunnel-policy tunnelspecified split-tunnel-network-list ipv4 1 209.165.201.0 255.255.255.224 split-tunnel-network-list ipv4 2 209.165.202.128 255.255.255.224
D. access-list splitlist standard permit 209.165.201.0 255.255.255.224 access-list splitlist standard permit 209.165.202.128 255.255.255.224 ! crypto anyconnect vpn-tunnel-policy tunnelspecified crypto anyconnect vpn-tunnel-network-list splitlist
E. crypto anyconnect vpn-tunnel-policy tunnelspecified crypto anyconnect split-tunnel-network-list ipv4 1 209.165.201.0 255.255.255.224 crypto anyconnect split-tunnel-network-list ipv4 2 209.165.202.128 255.255.255.224 -
Question 242:
Consider this scenario. When users attempt to connect via a Cisco AnyConnect VPN session, the certificate has changed and the connection fails. What is a possible cause of the connection failure?
A. An invalid modulus was used to generate the initial key.
B. The VPN is using an expired certificate.
C. The Cisco ASA appliance was reloaded.
D. The Trusted Root Store is configured incorrectly. -
Question 243:
Refer to the exhibit. An engineer has configured two new VPN tunnels to 172.18.1.1 and 172.19.1.1. However, communication between 10.1.0.10 and 10.1.11.10 does not function.
What is the reason?
A. overlapping crypto ACL
B. NAT-T is disabled
C. invalid route
D. The remote peer 172.17.1.1 doesn't support AES256 -
Question 244:
Refer to the exhibit. Which VPN solution does this configuration represent?
A. DMVPN
B. GETVPN
C. FlexVPN
D. site-to-site -
Question 245:
Which technology supports tunnel interfaces while remaining compatible with legacy VPN implementations?
A. FlexVPN
B. DMVPN
C. GET VPN
D. SSL VPN -
Question 246:
Which two RADIUS attributes are needed for a VRF-aware FlexVPN hub? (Choose two.)
A. ip:interface-config=ip unnumbered loobackn
B. ip:interface-config=ip vrf forwarding ivrf
C. ip:interface-config=ip src route
D. ip:interface-config=ip next hop
E. ip:interface-config=ip neighbor 0.0.0.0 -
Question 247:
Which cryptographic algorithm is used for data integrity?
A. SHA-256
B. ECDH-384
C. ECDSA-256
D. RSA-3072 -
Question 248:
Which two commands are include in the command show dmvpn detail? (Choose two.)
A. Show ip nhrp
B. Show ip nhrp nhs
C. Show crypto ipsec sa detail D. Show crypto session detail
E. Show crypto sockets -
Question 249:
Which command specifies the path to the Host Scan package in an ASA AnyConnect VPN?
A. csd hostscan path image
B. csd hostscan image path
C. csd hostscan path
D. hostscan image path -
Question 250:
Which two attributes can be matched from the identity of the remote peer when using IKEv2 Name Manager? (Choose two)
A. fqdn
B. hostname
C. IP address
D. kerberos
Related Exams:
-
300-745
Designing Cisco Security Infrastructure (300-745 SDSI) v1.0 -
350-101
Implementing and Operating Cisco Wireless Core Technologies (350-101 WLCOR)v1.0 -
352-011
Cisco Certified Design Expert Practical -
500-052
Cisco Unified Contact Center Express -
500-173
Designing the FlexPod Solution (FPDESIGN) -
500-201
Deploying Cisco Service Provider Mobile Backhaul Solutions -
500-210
SP Optical Technology Field Engineer Representative -
500-220
Engineering Cisco Meraki Solutions (ECMS) v2.2 -
500-230
Cisco Service Provider Routing Field Engineer -
500-240
Cisco Mobile Backhaul for Field Engineers
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-209 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.