Pinpoint of 300-209 test preparation materials and courses for Cisco certification for consumer, Real Success Guaranteed with Updated 300-209 pdf dumps vce Materials. 100% PASS Implementing Cisco Secure Mobility Solutions (SIMOS) exam Today!

Q71. Which configuration is used to build a tunnel between a Cisco ASA and ISR? 

A. crypto map 

B. DMVPN 

C. GET VPN 

D. GRE with IPsec 

E. GRE without IPsec 

Answer:


Q72. An administrator wishes to limit the networks reachable over the Anyconnect VPN tunnels. Which configuration on the ASA will correctly limit the networks reachable to 209.165.201.0/27 and 209.165.202.128/27? 

A. access-list splitlist standard permit 209.165.201.0 255.255.255.224 

access-list splitlist standard permit 209.165.202.128 255.255.255.224 

group-policy GroupPolicy1 internal 

group-policy GroupPolicy1 attributes 

split-tunnel-policy tunnelspecified 

split-tunnel-network-list value splitlist 

B. access-list splitlist standard permit 209.165.201.0 255.255.255.224 

access-list splitlist standard permit 209.165.202.128 255.255.255.224 

group-policy GroupPolicy1 internal 

group-policy GroupPolicy1 attributes 

split-tunnel-policy tunnelall 

split-tunnel-network-list value splitlist 

C. group-policy GroupPolicy1 internal 

group-policy GroupPolicy1 attributes 

split-tunnel-policy tunnelspecified 

split-tunnel-network-list ipv4 1 209.165.201.0 255.255.255.224 

split-tunnel-network-list ipv4 2 209.165.202.128 255.255.255.224 

D. access-list splitlist standard permit 209.165.201.0 255.255.255.224 

access-list splitlist standard permit 209.165.202.128 255.255.255.224 

crypto anyconnect vpn-tunnel-policy tunnelspecified 

crypto anyconnect vpn-tunnel-network-list splitlist 

E. crypto anyconnect vpn-tunnel-policy tunnelspecified 

crypto anyconnect split-tunnel-network-list ipv4 1 209.165.201.0 255.255.255.224 

crypto anyconnect split-tunnel-network-list ipv4 2 209.165.202.128 255.255.255.224 

Answer:


Q73. Refer to the exhibit. 

An administrator is adding IPv6 addressing to an already functioning tunnel. The administrator is unable to ping 2001:DB8:100::2 but can ping 209.165.200.226. Which configuration needs to be added or changed? 

A. No configuration change is necessary. Everything is working correctly. 

B. OSPFv3 needs to be configured on the interface. 

C. NHRP needs to be configured to provide NBMA mapping. 

D. Tunnel mode needs to be changed to GRE IPv4. 

E. Tunnel mode needs to be changed to GRE IPv6. 

Answer:


Q74. Which of the following could be used to configure remote access VPN Host-scan and pre-login policies? 

A. ASDM 

B. Connection-profile CLI command 

C. Host-scan CLI command under the VPN group policy 

D. Pre-login-check CLI command 

Answer:


Q75. You are troubleshooting a site-to-site VPN issue where the tunnel is not establishing. After issuing the debug crypto isakmp command on the headend router, you see the following output. What does this output suggest? 

1d00h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 

1d00h: ISAKMP (0:1); no offers accepted! 

1d00h: ISAKMP (0:1): SA not acceptable! 

1d00h: %CRYPTO-6-IKMP_MODE_FAILURE. Processing of Main Mode failed with peer at 10.10.10.10 

A. Phase 1 policy does not match on both sides. 

B. The transform set does not match on both sides. 

C. ISAKMP is not enabled on the remote peer. 

D. There is a mismatch in the ACL that identifies interesting traffic. 

Answer:


Q76. Which VPN feature allows remote access clients to print documents to local network printers? 

A. Reverse Route Injection 

B. split tunneling 

C. loopback addressing 

D. dynamic virtual tunnels 

Answer:


Q77. On which Cisco platform are dynamic virtual template interfaces available? 

A. Cisco Adaptive Security Appliance 5585-X 

B. Cisco Catalyst 3750X 

C. Cisco Integrated Services Router Generation 2 

D. Cisco Nexus 7000 

Answer:


Q78. Which command configures IKEv2 symmetric identity authentication? 

A. match identity remote address 0.0.0.0 

B. authentication local pre-share 

C. authentication pre-share 

D. authentication remote rsa-sig 

Answer:


Q79. Which three configurations are required for both IPsec VTI and crypto map-based VPNs? (Choose three.) 

A. transform set 

B. ISAKMP policy 

C. ACL that defines traffic to encrypt 

D. dynamic routing protocol 

E. tunnel interface 

F. IPsec profile 

G. PSK or PKI trustpoint with certificate 

Answer: A,B,G 


Q80. A company has decided to migrate an existing IKEv1 VPN tunnel to IKEv2. Which two are valid configuration constructs on a Cisco IOS router? (Choose two.) 

A. crypto ikev2 keyring keyring-name 

peer peer1 

address 209.165.201.1 255.255.255.255 

pre-shared-key local key1 

pre-shared-key remote key2 

B. crypto ikev2 transform-set transform-set-name 

esp-3des esp-md5-hmac 

esp-aes esp-sha-hmac 

C. crypto ikev2 map crypto-map-name 

set crypto ikev2 tunnel-group tunnel-group-name 

set crypto ikev2 transform-set transform-set-name 

D. crypto ikev2 tunnel-group tunnel-group-name 

match identity remote address 209.165.201.1 

authentication local pre-share 

authentication remote pre-share 

E. crypto ikev2 profile profile-name 

match identity remote address 209.165.201.1 

authentication local pre-share 

authentication remote pre-share 

Answer: A,E