High value of 300-209 exam topics materials and Q&A for Cisco certification for candidates, Real Success Guaranteed with Updated 300-209 pdf dumps vce Materials. 100% PASS Implementing Cisco Secure Mobility Solutions (SIMOS) exam Today!

Q51. Scenario 

Your organization has just implemented a Cisco AnyConnect SSL VPN solution. Using Cisco ASDM, answer the questions regarding the implementation. 

Note: Not all screens or option selections are active for this exercise. 

Topology 

Default_Home 

What two actions will be taken on translated packets when the AnyConnect users connect to the ASA? (Choose two.) 

A. No action will be taken, they will keep their original assigned addresses 

B. The source address will use the outside-nat-pool 

C. The source NAT type will be a static translation 

D. The source NAT type will be a dynamic translation 

E. DNS will be translated on rule matches 

Answer: A,C 

Explanation: 

First, navigate to the Configuration ->NAT Rules tab to see this: 

Here we see that NAT rule 2 applies to the AnyConnect clients, click on this rule for more details to see the following: 

Here we see that it is a static source NAT entry, but that the Source and Destination addresses remain the original IP address so they are not translated. 


Q52. Which three configurations are prerequisites for stateful failover for IPsec? (Choose three.) 

A. Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically. 

B. Only crypto map configuration that is set up on the active device must be duplicated on the standby device. 

C. The IPsec configuration that is set up on the active device must be duplicated on the standby device. 

D. The active and standby devices can run different versions of the Cisco IOS software but need to be the same type of device. 

E. The active and standby devices must run the same version of the Cisco IOS software and should be the same type of device. 

F. Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically. 

G. The IKE configuration that is set up on the active device must be duplicated on the standby device. 

Answer: C,E,G 


Q53. What are two variables for configuring clientless SSL VPN single sign-on? (Choose two.) 

A. CSCO_WEBVPN_OTP_PASSWORD 

B. CSCO_WEBVPN_INTERNAL_PASSWORD 

C. CSCO_WEBVPN_USERNAME 

D. CSCO_WEBVPN_RADIUS_USER 

Answer: B,C 


Q54. Which application does the Application Access feature of Clientless VPN support? 

A. TFTP 

B. VoIP 

C. Telnet 

D. active FTP 

Answer:


Q55. Based on the provided ASDM configuration for the remote ASA, which one of the following is correct?

A. An access-list must be configured on the outside interface to permit inbound VPN traffic 

B. A route to 192.168.22.0/24 will not be automatically installed in the routing table 

C. The ASA will use a window of 128 packets (64x2) to perform the anti-replay check _ 

D. The tunnel can also be established on TCP port 10000 

Answer:

Explanation: 

Cisco IP security (IPsec) authentication provides anti-replay protection against an attacker duplicating encrypted packets by assigning a unique sequence number to each encrypted packet. The decryptor keeps track of which packets it has seen on the basis of these numbers. Currently, the default window size is 64 packets. Generally, this number (window size) is sufficient, but there are times when you may want to expand this window size. The IPsec Anti-Replay Window: Expanding and Disabling feature allows you to expand the window size, allowing the decryptor to keep track of more than 64 packets. 


Q56. Refer to the exhibit. 

You have implemented an SSL VPN as shown. Which type of communication takes place between the secure gateway R1 and the Cisco Secure ACS? 

A. HTTP proxy 

B. AAA 

C. policy 

D. port forwarding 

Answer:


Q57. Which VPN feature allows remote access clients to print documents to local network printers? 

A. Reverse Route Injection 

B. split tunneling 

C. loopback addressing 

D. dynamic virtual tunnels 

Answer:


Q58. Which three settings are required for crypto map configuration? (Choose three.) 

A. match address 

B. set peer 

C. set transform-set 

D. set security-association lifetime 

E. set security-association level per-host 

F. set pfs 

Answer: A,B,C 


Q59. Which feature is available in IKEv1 but not IKEv2? 

A. Layer 3 roaming 

B. aggressive mode 

C. EAP variants 

D. sequencing 

Answer:


Q60. Refer to the exhibit. 

Which type of VPN is being configured, based on the partial configuration snippet? 

A. DMVPN with dual hub 

B. GET VPN with dual group member 

C. FlexVPN backup gateway 

D. GET VPN with COOP key server 

E. FlexVPN load balancer 

Answer: