[2016-Mar.-NEW][Braindump2go] Free 300-209 SIMOS Questions & Answers
2016 NEW Cisco CCNP Security 300-209 SIMOS Exam Questions Released Today!
Introduction:
The Implementing Cisco Secure Mobility Solutions (SIMOS) (300-209) exam tests a network security engineer on the variety of Virtual Private Network (VPN) solutions that Cisco has available on the Cisco ASA firewall and Cisco IOS software platforms. This 90-minute exam consists of 65–75 questions and assesses the knowledge necessary to properly implement highly secure remote communications through VPN technology, such as remote access SSL VPN and site-to-site VPN (DMVPN, FlexVPN).
Exam Code: 300-209
Exam Name: Implementing Cisco Secure Mobility Solutions (SIMOS)
Certification Provider: Cisco
Corresponding Certification: CCNP Security
2016 NEW Cisco CCNP Security 300-209 SIMOS Study Guides:
1. Secure Communications
2. Troubleshooting, Monitoring and Reporting Tools
3. Secure Communications Architectures
QUESTION 198
Which three types of SSO functionality are available on the Cisco ASA without any external SSO servers? (Choose three.)
A. SAML
B. HTTP POST
C. HTTP Basic
D. NTLM
E. Kerberos
F. OAuth 2.0
Answer: BCD
QUESTION 199
Which two statements about the Cisco ASA Clientless SSL VPN smart tunnels feature are true? (Choose two.)
A. Smart tunnels are enabled on the secure gateway (Cisco ASA) for specific applications that run on the end client and work irrespective of which transport protocol the application uses.
B. Smart tunnels require Administrative privileges to run on the client machine.
C. A smart tunnel is a DLL that is pushed from the headend to the client machine after SSL VPN portal authentication and that is attached to smart-tunneled processes to route traffic through the SSL VPN session with the gateway.
D. Smart tunnels offer better performance than the client-server plugins.
E. Smart tunnels are supported on Windows, Mac, and Linux.
Answer: CD
QUESTION 200
As network security architect, you must implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity.
Which technology should you use?
A. IPsec DVTI
B. FlexVPN
C. DMVPN
D. IPsec SVTI
E. GET VPN
Answer: E
QUESTION 201
Which three configurations are required for both IPsec VTI and crypto map-based VPNs? (Choose three.)
A. transform set
B. ISAKMP policy
C. ACL that defines traffic to encrypt
D. dynamic routing protocol
E. tunnel interface
F. IPsec profile
G. PSK or PKI trustpoint with certificate
Answer: ABG
QUESTION 202
Which statement regarding GET VPN is true?
A. TEK rekeys can be load-balanced between two key servers operating in COOP.
B. When you implement GET VPN with VRFs, all VRFs must be defined in the GDOI group configuration on the key server.
C. Group members must acknowledge all KEK and TEK rekeys, regardless of configuration.
D. The configuration that defines which traffic to encrypt is present only on the key server.
E. The pseudotime that is used for replay checking is synchronized via NTP.
Answer: D
QUESTION 203
Refer to the exhibit. Which type of mismatch is causing the problem with the IPsec VPN tunnel?
A. PSK
B. Phase 1 policy
C. transform set
D. crypto access list
Answer: A
QUESTION 204
Which three changes must be made to migrate from DMVPN Phase 2 to Phase 3 when EIGRP is configured? (Choose three.)
A. Enable EIGRP next-hop-self on the hub.
B. Disable EIGRP next-hop-self on the hub.
C. Enable EIGRP split-horizon on the hub.
D. Add NHRP redirects on the hub.
E. Add NHRP shortcuts on the spoke.
F. Add NHRP shortcuts on the hub.
Answer: ADE
QUESTION 205
Which algorithm provides both encryption and authentication for data plane communication?
A. SHA-96
B. SHA-384
C. 3DES
D. AES-256
E. AES-GCM
F. RC4
Answer: E
QUESTION 206
Which three configurations are prerequisites for stateful failover for IPsec? (Choose three.)
A. Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically.
B. Only crypto map configuration that is set up on the active device must be duplicated on the standby device.
C. The IPsec configuration that is set up on the active device must be duplicated on the standby device.
D. The active and standby devices can run different versions of the Cisco IOS software but need to be the same type of device.
E. The active and standby devices must run the same version of the Cisco IOS software and should be the same type of device.
F. Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically.
G. The IKE configuration that is set up on the active device must be duplicated on the standby device.
Answer: CEG
QUESTION 207
Which two statements comparing ECC and RSA are true? (Choose two.)
A. ECC can have the same security as RSA but with a shorter key size.
B. ECC lags in performance when compared with RSA.
C. Key generation in ECC is slower and less CPU intensive.
D. ECC cannot have the same security as RSA, even with an increased key size.
E. Key generation in ECC is faster and less CPU intensive.
Answer: AE
QUESTION 208
Which two are features of GETVPN but not DMVPN and FlexVPN? (Choose two.)
A. one IPsec SA for all encrypted traffic
B. no requirement for an overlay routing protocol
C. design for use over public or private WAN
D. sequence numbers that enable scalable replay checking
E. enabled use of ESP or AH
F. preservation of IP protocol in outer header
Answer: AB
QUESTION 209
A customer requires all traffic to go through a VPN. However, access to the local network is also required. Which two options can enable this configuration? (Choose two.)
A. split exclude
B. use of an XML profile
C. full tunnel by default
D. split tunnel
E. split include
Answer: AB
2016 NEW 300-209 Dumps & 300-209 PDF & 300-209 VCE 237Q Full Version:http://www.braindump2go.com/300-209.html
Post Author: mavis
