Cisco 300-209 Dumps Questions 2021

Master the ccnp security simos 300 209 official cert guide pdf content and be ready for exam day success quickly with this ccnp security simos 300 209 official cert guide pdf. We guarantee it!We make it a reality and give you real ccnp security simos 300 209 official cert guide pdf in our Cisco 300-209 braindumps. Latest 100% VALID ccnp security simos 300 209 official cert guide pdf at below page. You can use our Cisco 300-209 braindumps and pass your exam.

Free demo questions for Cisco 300-209 Exam Dumps Below:

NEW QUESTION 1
Which IKEv2 feature minimizes the configuration of a FlexVPN on Cisco IOS devices?

  • A. IKEv2 Suite-B
  • B. IKEv2 proposals
  • C. IKEv2 profiles
  • D. IKEv2 Smart Defaults

Answer: D

NEW QUESTION 2
From the CLI of a Cisco ASA 5520, which command shows specific information about current clientless and Cisco Anyconnect SSL VPN users only?

  • A. show crypto ikve1 sa detail
  • B. show vpn-sessiondb remote
  • C. show vpn-sessiondb
  • D. show von-sessiondb detail

Answer: D

NEW QUESTION 3
Refer to the exhibit.
300-209 dumps exhibit
Which type of VPN implementation is displayed?

  • A. IKEv2 reconnect
  • B. IKEv1 cluster
  • C. IKEv2 load balancer
  • D. IKEv1 client
  • E. IPsec high availability
  • F. IKEv2 backup gateway

Answer: C

NEW QUESTION 4
An engineer is using DMVPN to provide secure connectivity between a data center and remote sites. Which two routing protocols are recommended for use between the routers? (Choose two.)

  • A. EIGRP
  • B. IS-IS
  • C. RIPv2
  • D. BGP
  • E. OSPF

Answer: AE

NEW QUESTION 5
A temporary worker must use clientless SSL VPN with an SSH plug-in, in order to access the console of an internal corporate server, the projects.xyz.com server. For security reasons, the network security auditor insists that the temporary user is restricted to the one internal corporate server, 10.0.4.18. You are the network engineer who is responsible for the network access of the temporary user.
What should you do to restrict SSH access to the one projects.xyz.com server?

  • A. Configure access-list temp_user_acl extended permit TCP any host 10.0.4.18 eq 22.
  • B. Configure access-list temp_user_acl standard permit host 10.0.4.18 eq 22.
  • C. Configure access-list temp_acl webtype permit url ssh://10.0.4.18.
  • D. Configure a plug-in SSH bookmark for host 10.0.4.18, and disable network browsing on the clientless SSL VPN portal of the temporary worker.

Answer: C

Explanation: Web ACLs
The Web ACLs table displays the filters configured on the security appliance applicable to Clientless SSL VPN traffic. The table shows the name of each access control list (ACL), and below and indented to the right of the ACL name, the access control entries (ACEs) assigned to the ACL. Each ACL permits or denies access permits or denies access to specific networks, subnets, hosts, and web servers. Each ACE specifies one rule that serves the function of the ACL. You can
configure ACLs to apply to Clientless SSL VPN traffic. The following rules apply: • If you do not configure any filters, all connections are permitted. • The security appliance supports only an inbound ACL on an interface. • At the end of each ACL, an implicit, unwritten rule denies all traffic that is not explicitly permitted. You can use the following wildcard characters to define more than one wildcard in the Webtype access list entry: • Enter an asterisk “*” to match no characters or any number of characters. • Enter a question mark “?” to match any one character exactly. • Enter square brackets “[]” to create a range operator that matches any one character in a range. The following examples show how to use wildcards in Webtype access lists. • The following example matches URLs such as http://www.cisco.com/ and http://wwz.caco.com/: access-list test webtype permit url
http://ww?.c*co*/

NEW QUESTION 6
300-209 dumps exhibit
300-209 dumps exhibit
300-209 dumps exhibit

    Answer:

    Explanation: Here are the steps as below:
    Step 1: configure key ring crypto ikev2 keyring mykeys peer SiteB.cisco.com
    address 209.161.201.1
    pre-shared-key local $iteA pre-shared key remote $iteB Step 2: Configure IKEv2 profile Crypto ikev2 profile default
    identity local fqdn SiteA.cisco.com
    Match identity remote fqdn SiteB.cisco.com Authentication local pre-share Authentication remote pre-share
    Keyring local mykeys
    Step 3: Create the GRE Tunnel and apply profile
    crypto ipsec profile default set ikev2-profile default Interface tunnel 0
    ip address 10.1.1.1 255.255.255.0 Tunnel source eth 0/0
    Tunnel destination 209.165.201.1 tunnel protection ipsec profile default end

    NEW QUESTION 7
    Which three types of web resources or protocols are enabled by default on the Cisco ASAClientless SSL VPN portal? (Choose three.)

    • A. HTTP
    • B. VNC
    • C. CIFS
    • D. RDP
    • E. HTTPS
    • F. ICA (Citrix)

    Answer: ACE

    NEW QUESTION 8
    Which three parameters are specified in the isakmp (IKEv1) policy? (Choose three.)

    • A. the hashing algorithm
    • B. the authentication method
    • C. the lifetime
    • D. the session key
    • E. the transform-set
    • F. the peer

    Answer: ABC

    NEW QUESTION 9
    What are the three primary components of a GET VPN network? (Choose three.)

    • A. Group Domain of Interpretation protocol
    • B. Simple Network Management Protocol
    • C. server load balancer
    • D. accounting server
    • E. group member
    • F. key server

    Answer: AEF

    NEW QUESTION 10
    Refer to the exhibit.
    300-209 dumps exhibit
    Which technology does this configuration demonstrate?

    • A. AnyConnect SSL over IPv4+IPv6
    • B. AnyConnect FlexVPN over IPv4+IPv6
    • C. AnyConnect FlexVPN IPv6 over IPv4
    • D. AnyConnect SSL IPv6 over IPv4

    Answer: A

    NEW QUESTION 11
    Refer to the exhibit.
    300-209 dumps exhibit
    After the configuration is performed, which combination of devices can connect?

    • A. a device with an identity type of IPv4 address of 209.165.200.225 or 209.165.202.155 or a certificate with subject name of "cisco.com"
    • B. a device with an identity type of IPv4 address of both 209.165.200.225 and 209.165.202.155 or a certificate with subject name containing "cisco.com"
    • C. a device with an identity type of IPv4 address of both 209.165.200.225 and 209.165.202.155 and a certificate with subject name containing "cisco.com"
    • D. a device with an identity type of IPv4 address of 209.165.200.225 or 209.165.202.155 or a certificate with subject name containing "cisco.com"

    Answer: D

    NEW QUESTION 12
    On which Cisco platform are dynamic virtual template interfaces available?

    • A. Cisco Adaptive Security Appliance 5585-X
    • B. Cisco Catalyst 3750X
    • C. Cisco Integrated Services Router Generation 2
    • D. Cisco Nexus 7000

    Answer: C

    NEW QUESTION 13
    Refer to the exhibit.
    300-209 dumps exhibit
    You have implemented an SSL VPN as shown. Which type of communication takes place between the secure gateway R1 and the Cisco Secure ACS?

    • A. HTTP proxy
    • B. AAA
    • C. policy
    • D. port forwarding

    Answer: B

    NEW QUESTION 14
    Refer to the exhibit.
    300-209 dumps exhibit
    Which statement about the given IKE policy is true?

    • A. The tunnel will be valid for 2 days, 88 minutes, and 00 seconds.
    • B. It will use encrypted nonces for authentication.
    • C. It has a keepalive of 60 minutes, checking every 5 minutes.
    • D. It uses a 56-bit encryption algorithm.

    Answer: B

    NEW QUESTION 15
    An engineer has configured Cisco AnyConnect VPN using IKEv2 on a Cisco ISO router. The user cannot connect in the Cisco AnyConnect client, but receives an alert message “Use a browser to gain access.” Which action does the engineer take to eliminate this issue?

    • A. Reset user login credentials.
    • B. Disable the HTTP server.
    • C. Correct the URL address.
    • D. Connect using HTTPS.

    Answer: B

    NEW QUESTION 16
    A customer has two ASAs configured in high availability and is experiencing connection drops that require re-establishment each time failover occurs.
    Which type of failover has been implemented?

    • A. Stateless
    • B. routed
    • C. trans parent
    • D. stateful

    Answer: D

    NEW QUESTION 17
    Why must a network engineer avoid usage of the default X509 certificate when implementing clientless SSLVPN on an ASA?

    • A. The certificate is too weak to provide adequate security.
    • B. The certificate is regenerated at each reboot.
    • C. The certificate must be managed by the local CA.
    • D. The default X.509 certificate is not supported for SSLVPN.

    Answer: C

    NEW QUESTION 18
    An administrator wishes to limit the networks reachable over the Anyconnect VPN tunnels. Which configuration on the ASA will correctly limit the networks reachable to 209.165.201.0/27 and 209.165.202.128/27?

    • A. access-list splitlist standard permit 209.165.201.0 255.255.255.224 access-list splitlist standard permit 209.165.202.128 255.255.255.224!group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes split-tunnel-policy tunnelspecifiedsplit-tunnel-network-list value splitlist
    • B. access-list splitlist standard permit 209.165.201.0 255.255.255.224 access-list splitlist standard permit 209.165.202.128 255.255.255.224!group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes split-tunnel-policy tunnelallsplit-tunnel-network-list value splitlist
    • C. group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes split-tunnel-policy tunnelspecifiedsplit-tunnel-network-list ipv4 1 209.165.201.0 255.255.255.224split-tunnel-network-list ipv4 2 209.165.202.128 255.255.255.224
    • D. access-list splitlist standard permit 209.165.201.0 255.255.255.224 access-list splitlist standard permit 209.165.202.128 255.255.255.224!crypto anyconnect vpn-tunnel-policy tunnelspecified crypto anyconnect vpn-tunnel-network-list splitlist
    • E. crypto anyconnect vpn-tunnel-policy tunnelspecifiedcrypto anyconnect split-tunnel-network-list ipv4 1 209.165.201.0 255.255.255.224crypto anyconnect split-tunnel-network-list ipv4 2 209.165.202.128 255.255.255.224

    Answer: A

    NEW QUESTION 19
    Refer to the exhibit.
    300-209 dumps exhibit
    Which VPN solution does this configuration represent?

    • A. DMVPN
    • B. GETVPN
    • C. FlexVPN
    • D. site-to-site

    Answer: B

    NEW QUESTION 20
    An engineer is troubleshooting network issues and wants to check the Layer 2 connectivity between routers. Which command must be run?

    • A. show ip eigrp neighbors
    • B. show cdp neighbor
    • C. show crypto isakmp sa.
    • D. show crypto issec sa.

    Answer: B

    P.S. 2passeasy now are offering 100% pass ensure 300-209 dumps! All 300-209 exam questions have been updated with correct answers: https://www.2passeasy.com/dumps/300-209/ (333 New Questions)