The Cisco AnyConnect client is unable to download an updated user profile from the ASA headend using IKEv2. What is the most likely cause of this problem?
A.
User profile updates are not allowed with IKEv2.
B.
IKEv2 is not enabled on the group policy.
C.
A new profile must be created so that the adaptive security appliance can push it to the client on the next connection attempt.
D.
Client Services is not enabled on the adaptive security appliance.
Explanation:
verified answer
The answer is “D”, Client Services is not enabled on the adaptive security appliance.
Hello, passed 300-209 exam today! Come to share some new 300-209 exam questions in my test:
QUESTION
In the Cisco ASDM interface, where do you enable the DTLS protocol setting?
A. Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit >
Add or Edit Internal Group Policy
B. Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit
C. Device Management > Users/AAA > User Accounts > Add or Edit > Add or Edit User Account >
VPN Policy > SSL VPN Client
D. Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit
Answer: D
QUESTION
What are two forms of SSL VPN? (Choose two.)
A. port forwarding
B. Full Tunnel Mode
C. Cisco IOS WebVPN
D. Cisco AnyConnect
Answer: AB
QUESTION
When Cisco ASA applies VPN permissions, what is the first set of attributes that it applies?
A. dynamic access policy attributes
B. group policy attributes
C. connection profile attributes
D. user attributes
Answer: A
QUESTION
What are two variables for configuring clientless SSL VPN single sign-on? (Choose two.)
A. CSCO_WEBVPN_OTP_PASSWORD
B. CSCO_WEBVPN_INTERNAL_PASSWORD
C. CSCO_WEBVPN_USERNAME
D. CSCO_WEBVPN_RADIUS_USER
Answer: BC
QUESTION
Refer to the exhibit. Based on the partial configuration shown, which the GET VPN group member GDOI configuration?
A. key server IP address
B. local priority
C. mapping of the IPsec profile to the IPsec SA
D. mapping of the IPsec transform set to the GDOI group
Answer: A
QUESTION
An internet-based VPN solution is being considered to replace anexisting private WAN connectingremote offices. A multimedia application is used that relies on multicast for communication. Which two VPN solutions meet the application’s network requirement? (Choose two.)
A. FlexVPN
B. DMVPN
C. Group Encrypted Transport VPN
D. Crypto-map based Site-to-Site IPsec VPNs
E. AnyConnect VPN
Answer: AB
QUESTION
In a GET VPN solution, which two ways can the key server distribute the new keys to the group members during the rekey process? (Choose two.)
A. multicast UDP transmission
B. multicast TCP transmission
C. unicast UDP transmission
D. unicast TCP transmission
Answer: AC
QUESTION
An IOS SSL VPN is configured to forward TCP ports. A remote user cannot access the corporate FTP site with a Web browser. What is a possible reason for the failure?
A. The user’s FTP application is not supported.
B. The user is connecting to an IOS VPN gateway configured in Thin Client Mode.
C. The user is connecting to an IOS VPN gateway configured in Tunnel Mode.
D. The user’s operating system is not supported.
Answer: B
QUESTION
When implementing GET VPN, which of these is a characteristic of GDOI IKE?
A. GDOI IKE sessions are established between all peers in the network
B. GDOI IKE uses UDP port 500
C. Security associations do not need to linger between members once a group member has authenticated
to the key server and obtained the group policy
D. Each pair of peers has a private set of IPsec security associations that is only shared between the
two peers
Answer: C
QUESTION
Which two features are required when configuring a DMVPN network? (Choose two.)
A. Dynamic routing protocol
B. GRE tunnel interface
C. Next Hop Resolution Protocol
D. Dynamic crypto map
E. IPsec encryption
Answer: BC
Detailed Answers Explanation and More 300-209 Questions can be viewed at: https://www.braindump2go.com/300-209.html (319q PDF and VCE Dumps), I studied this and successfully passed and wish more of you can pass!