300-209 Cisco Real Exam Questions & Practice Test

Vendor Name: Cisco
 

Exam code: 300-209
 

Exam Name: Implementing Cisco Secure Mobility Solutions (SIMOS)
 

Click the link below to get full version
http://www.certifyguide.com/exam/300-209/

Question: 1

 

Which two are characteristics of GETVPN? (Choose two.)

A. The IP header of the encrypted packet is preserved

B. A key server is elected among all configured Group Members

C. Unique encryption keys are computed for each Group Member

D. The same key encryption and traffic encryption keys are distributed to all Group Members

Answer: A, D

Question: 2

 

A company has decided to migrate an existing IKEv1 VPN tunnel to IKEv2. Which two are valid configuration constructs on a Cisco IOS router? (Choose two.)

A. crypto ikev2 keyring keyring-name

 peer peer1

  address 209.165.201.1 255.255.255.255

  pre-shared-key local key1

  pre-shared-key remote key2

B. crypto ikev2 transform-set transform-set-name

  esp-3des esp-md5-hmac

  esp-aes esp-sha-hmac

C. crypto ikev2 map crypto-map-name

 set crypto ikev2 tunnel-group tunnel-group-name    

 set crypto ikev2 transform-set transform-set-name

D. crypto ikev2 tunnel-group tunnel-group-name

 match identity remote address 209.165.201.1

 authentication local pre-share

 authentication remote pre-share

E. crypto ikev2 profile profile-name

 match identity remote address 209.165.201.1

 authentication local pre-share

 authentication remote pre-share

Answer: A, E

Question: 3

 

Which four activities does the Key Server perform in a GETVPN deployment? (Choose four.)

A. authenticates group members

B. manages security policy

C. creates group keys

D. distributes policy/keys

E. encrypts endpoint traffic

F. receives policy/keys

G. defines group members

Answer: A, B, C, D

Question: 4

 

Where is split-tunneling defined for remote access clients on an ASA?

A. Group-policy

B. Tunnel-group

C. Crypto-map

D. Web-VPN Portal

E. ISAKMP client

Answer: A

Question: 5

 

Which of the following could be used to configure remote access VPN Host-scan and pre-login policies?

A. ASDM

B. Connection-profile CLI command

C. Host-scan CLI command under the VPN group policy

D. Pre-login-check CLI command

Answer: A

Question: 6

 

In FlexVPN, what command can an administrator use to create a virtual template interface that can be configured and applied dynamically to create virtual access interfaces?

A. interface virtual-template number type template

B. interface virtual-template number type tunnel

C. interface template number type virtual

D. interface tunnel-template number

Answer: B

Vendor Name: Cisco
 

Exam code: 300-209
 

Exam Name: Implementing Cisco Secure Mobility Solutions (SIMOS)
 

Click the link below to get full version

http://www.certifyguide.com/exam/300-209/

300-208 Cisco Test Questions & Answers & Free PDF Demo

Vendor Name: Cisco
 

Exam code: 300-208
 

Exam Name: Implementing Cisco Secure Access Solutions (SISAS)
 

Click the link below to get full version
http://www.certifyguide.com/exam/300-208/

Question: 1

A network administrator needs to implement a service that enables granular control of IOS commands that can be executed. Which AAA authentication method should be selected?

A. TACACS+

B. RADIUS

C. Windows Active Directory

D. Generic LDAP

Answer: A

Question: 2

An administrator can leverage which attribute to assign privileges based on Microsoft Active Directory user groups?

A. member of

B. group

C. class

D. person

Answer: A

Question: 3

Cisco 802.1X phasing enables flexible deployments through the use of open, low-impact, and closed modes. What is a unique characteristic of the most secure mode?

A. Granular ACLs applied prior to authentication

B. Per user dACLs applied after successful authentication

C. Only EAPoL traffic allowed prior to authentication

D. Adjustable 802.1X timers to enable successful authentication

Answer: C

Question: 4

A network administrator must enable which protocol extension to utilize EAP-Chaining?

A. EAP-FAST

B. EAP-TLS

C. MSCHAPv2

D. PEAP

Answer: A

Question: 5

In the command 'aaa authentication default group tacacs local', how is the word 'default' defined?

A. Command set

B. Group name

C. Method list

D. Login type

Answer: C

Question: 6

Changes were made to the ISE server while troubleshooting, and now all wireless certificate authentications are failing. Logs indicate an EAP failure. What is the most likely cause of the problem?

A. EAP-TLS is not checked in the Allowed Protocols list

B. Certificate authentication profile is not configured in the Identity Store

C. MS-CHAPv2-is not checked in the Allowed Protocols list

D. Default rule denies all traffic

E. Client root certificate is not included in the Certificate Store

Answer: A

Vendor Name: Cisco
 

Exam code: 300-208
 

Exam Name: Implementing Cisco Secure Access Solutions (SISAS)
 

Click the link below to get full version

http://www.certifyguide.com/exam/300-208/

300-207 Free Exam & Practice Test

Vendor Name: Cisco
 

Exam code: 300-207
 

Exam Name: Implementing Cisco Threat Control Solutions (SITCS)
 

Click the link below to get full version
http://www.certifyguide.com/exam/300-207/

Question: 1

During initial configuration, the Cisco ASA can be configured to drop all traffic if the ASA CX SSP fails by using which command in a policy-map?

A. cxsc fail

B. cxsc fail-close

C. cxsc fail-open

D. cxssp fail-close

Answer: B

Question: 2

A network engineer may use which three types of certificates when implementing HTTPS decryption services on the ASA CX? (Choose three.)

A. Self Signed Server Certificate

B. Self Signed Root Certificate

C. Microsoft CA Server Certificate

D. Microsoft CA Subordinate Root Certificate

E. LDAP CA Server Certificate

F. LDAP CA Root Certificate

G. Public Certificate Authority Server Certificate

H. Public Certificate Authority Root Certificate

Answer: B, D, F

Question: 3

Cisco’s ASA CX includes which two URL categories? (Choose two.)

A. Proxy Avoidance

B. Dropbox

C. Hate Speech

D. Facebook

E. Social Networking

F. Instant Messaging and Video Messaging

Answer: C, E

Question: 4

A Cisco Web Security Appliance's policy can provide visibility and control of which two elements? (Choose two.)

A. Voice and Video Applications

B. Websites with a reputation between -100 and -60

C. Secure websites with certificates signed under an unknown CA

D. High bandwidth websites during business hours

Answer: C, D

Question: 5

Which Cisco Web Security Appliance design requires minimal change to endpoint devices?

A. Transparent Mode

B. Explicit Forward Mode

C. Promiscuous Mode

D. Inline Mode

Answer: A

Question: 6

What step is required to enable HTTPS Proxy on the Cisco Web Security Appliance?

A. Web Security Manager HTTPS Proxy click Enable

B. Security Services HTTPS Proxy click Enable

C. HTTPS Proxy is enabled by default

D. System Administration HTTPS Proxy click Enable

Answer: B

Vendor Name: Cisco
 

Exam code: 300-207
 

Exam Name: Implementing Cisco Threat Control Solutions (SITCS)
 

Click the link below to get full version

http://www.certifyguide.com/exam/300-207/