The Cisco AnyConnect client fails to connect via IKEv2 but works with SSL. The following error message is displayed:
“Login Denied, unauthorized connection mechanism, contact your administrator”
What is the most possible cause of this problem?
A.
DAP is terminating the connection because IKEv2 is the protocol that is being used.
B.
The client endpoint does not have the correct user profile to initiate an IKEv2 connection.
C.
The AAA server that is being used does not authorize IKEv2 as the connection mechanism.
D.
The administrator is restricting access to this specific user.
E.
The IKEv2 protocol is not enabled in the group policy of the VPN headend.
More new 300-209 Questions:
QUESTION 71
In the Cisco ASDM interface, where do you enable the DTLS protocol setting?
A. Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit >
Add or Edit Internal Group Policy
B. Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit
C. Device Management > Users/AAA > User Accounts > Add or Edit > Add or Edit User Account >
VPN Policy > SSL VPN Client
D. Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit
Answer: D
QUESTION 72
What are two forms of SSL VPN? (Choose two.)
A. port forwarding
B. Full Tunnel Mode
C. Cisco IOS WebVPN
D. Cisco AnyConnect
Answer: AB
QUESTION 73
When Cisco ASA applies VPN permissions, what is the first set of attributes that it applies?
A. dynamic access policy attributes
B. group policy attributes
C. connection profile attributes
D. user attributes
Answer: A
QUESTION 74
What are two variables for configuring clientless SSL VPN single sign-on? (Choose two.)
A. CSCO_WEBVPN_OTP_PASSWORD
B. CSCO_WEBVPN_INTERNAL_PASSWORD
C. CSCO_WEBVPN_USERNAME
D. CSCO_WEBVPN_RADIUS_USER
Answer: BC
QUESTION 75
Refer to the exhibit. Based on the partial configuration shown, which the GET VPN group member GDOI configuration?
A. key server IP address
B. local priority
C. mapping of the IPsec profile to the IPsec SA
D. mapping of the IPsec transform set to the GDOI group
Answer: A
QUESTION 76
An internet-based VPN solution is being considered to replace anexisting private WAN connectingremote offices. A multimedia application is used that relies on multicast for communication. Which two VPN solutions meet the application’s network requirement? (Choose two.)
A. FlexVPN
B. DMVPN
C. Group Encrypted Transport VPN
D. Crypto-map based Site-to-Site IPsec VPNs
E. AnyConnect VPN
Answer: AB
QUESTION 77
In a GET VPN solution, which two ways can the key server distribute the new keys to the group members during the rekey process? (Choose two.)
A. multicast UDP transmission
B. multicast TCP transmission
C. unicast UDP transmission
D. unicast TCP transmission
Answer: AC
QUESTION 78
An IOS SSL VPN is configured to forward TCP ports. A remote user cannot access the corporate FTP site with a Web browser. What is a possible reason for the failure?
A. The user’s FTP application is not supported.
B. The user is connecting to an IOS VPN gateway configured in Thin Client Mode.
C. The user is connecting to an IOS VPN gateway configured in Tunnel Mode.
D. The user’s operating system is not supported.
Answer: B
QUESTION 79
When implementing GET VPN, which of these is a characteristic of GDOI IKE?
A. GDOI IKE sessions are established between all peers in the network
B. GDOI IKE uses UDP port 500
C. Security associations do not need to linger between members once a group member has authenticated
to the key server and obtained the group policy
D. Each pair of peers has a private set of IPsec security associations that is only shared between the
two peers
Answer: C
QUESTION 80
Which two features are required when configuring a DMVPN network? (Choose two.)
A. Dynamic routing protocol
B. GRE tunnel interface
C. Next Hop Resolution Protocol
D. Dynamic crypto map
E. IPsec encryption
Answer: BC
300-209 Practice tests Full Version: https://www.braindump2go.com/300-209.html