It is more faster and easier to pass the Cisco 300-209 exam by using Validated Cisco Implementing Cisco Secure Mobility Solutions (SIMOS) questuins and answers. Immediate access to the Update 300-209 Exam and find the same core area 300-209 questions with professionally verified answers, then PASS your exam with a high score now.

Q111. Which two examples of transform sets are contained in the IKEv2 default proposal? (Choose two.) 

A. aes-cbc-192, sha256, 14 

B. 3des, md5, 5 

C. 3des, sha1, 1 

D. aes-cbc-128, sha, 5 

Answer: B,D 


Q112. When Cisco ASA applies VPN permissions, what is the first set of attributes that it applies? 

A. dynamic access policy attributes 

B. group policy attributes 

C. connection profile attributes 

D. user attributes 

Answer:


Q113. Which type of communication in a FlexVPN implementation uses an NHRP shortcut? 

A. spoke to hub 

B. spoke to spoke 

C. hub to spoke 

D. hub to hub 

Answer:


Q114. Which three commands are included in the command show dmvpn detail? (Choose three.) 

A. show ip nhrp nhs 

B. show dmvpn 

C. show crypto session detail 

D. show crypto ipsec sa detail 

E. show crypto sockets 

F. show ip nhrp 

Answer: A,B,C 


Q115. Refer to the exhibit. 

Which two characteristics of the VPN implementation are evident? (Choose two.) 

A. dual DMVPN cloud setup with dual hub 

B. DMVPN Phase 3 implementation 

C. single DMVPN cloud setup with dual hub 

D. DMVPN Phase 1 implementation 

E. quad DMVPN cloud with quadra hub 

F. DMVPN Phase 2 implementation 

Answer: B,C 


Q116. Refer to the exhibit. 

Which technology does this configuration demonstrate? 

A. AnyConnect SSL over IPv4+IPv6 

B. AnyConnect FlexVPN over IPv4+IPv6 

C. AnyConnect FlexVPN IPv6 over IPv4 

D. AnyConnect SSL IPv6 over IPv4 

Answer:


Q117. Which three settings are required for crypto map configuration? (Choose three.) 

A. match address 

B. set peer 

C. set transform-set 

D. set security-association lifetime 

E. set security-association level per-host 

F. set pfs 

Answer: A,B,C 


Q118. Which configuration is used to build a tunnel between a Cisco ASA and ISR? 

A. crypto map 

B. DMVPN 

C. GET VPN 

D. GRE with IPsec 

E. GRE without IPsec 

Answer:


Q119. When you troubleshoot Cisco AnyConnect, which step does Cisco recommend before you open a TAC case? 

A. Show applet Lifecycle exceptions. 

B. Disable cookies. 

C. Enable the WebVPN cache. 

D. Collect a DART bundle. 

Answer:


Q120. A user with IP address 10.10.10.10 is unable to access a HTTP website at IP address 

209.165.200.225 through a Cisco ASA. Which two features and commands will help troubleshoot the issue? (Choose two.) 

A. Capture user traffic using command capture capin interface inside match ip host 10.10.10.10 any 

B. After verifying that user traffic reaches the firewall using syslogs or captures, use packet tracer command packet-tracer input inside tcp 10.10.10.10 1234 209.165.200.225 80 

C. Enable logging at level 1 and check the syslogs using commands logging enable, logging buffered 1 and show logging | include 10.10.10.10 

D. Check if an access-list on the firewall is blocking the user by using command show running-config access-list | include 10.10.10.10 

E. Use packet tracer command packet-tracer input inside udp 0.10.10.10 1234192.168.1.3 161 to see what the firewall is doing with the user's traffic 

Answer: A,B