It is more faster and easier to pass the Cisco 300-209 exam by using Validated Cisco Implementing Cisco Secure Mobility Solutions (SIMOS) questuins and answers. Immediate access to the Update 300-209 Exam and find the same core area 300-209 questions with professionally verified answers, then PASS your exam with a high score now.

Q111. Which two examples of transform sets are contained in the IKEv2 default proposal? (Choose two.) 

A. aes-cbc-192, sha256, 14 

B. 3des, md5, 5 

C. 3des, sha1, 1 

D. aes-cbc-128, sha, 5 

Answer: B,D 

Q112. When Cisco ASA applies VPN permissions, what is the first set of attributes that it applies? 

A. dynamic access policy attributes 

B. group policy attributes 

C. connection profile attributes 

D. user attributes 


Q113. Which type of communication in a FlexVPN implementation uses an NHRP shortcut? 

A. spoke to hub 

B. spoke to spoke 

C. hub to spoke 

D. hub to hub 


Q114. Which three commands are included in the command show dmvpn detail? (Choose three.) 

A. show ip nhrp nhs 

B. show dmvpn 

C. show crypto session detail 

D. show crypto ipsec sa detail 

E. show crypto sockets 

F. show ip nhrp 

Answer: A,B,C 

Q115. Refer to the exhibit. 

Which two characteristics of the VPN implementation are evident? (Choose two.) 

A. dual DMVPN cloud setup with dual hub 

B. DMVPN Phase 3 implementation 

C. single DMVPN cloud setup with dual hub 

D. DMVPN Phase 1 implementation 

E. quad DMVPN cloud with quadra hub 

F. DMVPN Phase 2 implementation 

Answer: B,C 

Q116. Refer to the exhibit. 

Which technology does this configuration demonstrate? 

A. AnyConnect SSL over IPv4+IPv6 

B. AnyConnect FlexVPN over IPv4+IPv6 

C. AnyConnect FlexVPN IPv6 over IPv4 

D. AnyConnect SSL IPv6 over IPv4 


Q117. Which three settings are required for crypto map configuration? (Choose three.) 

A. match address 

B. set peer 

C. set transform-set 

D. set security-association lifetime 

E. set security-association level per-host 

F. set pfs 

Answer: A,B,C 

Q118. Which configuration is used to build a tunnel between a Cisco ASA and ISR? 

A. crypto map 



D. GRE with IPsec 

E. GRE without IPsec 


Q119. When you troubleshoot Cisco AnyConnect, which step does Cisco recommend before you open a TAC case? 

A. Show applet Lifecycle exceptions. 

B. Disable cookies. 

C. Enable the WebVPN cache. 

D. Collect a DART bundle. 


Q120. A user with IP address is unable to access a HTTP website at IP address through a Cisco ASA. Which two features and commands will help troubleshoot the issue? (Choose two.) 

A. Capture user traffic using command capture capin interface inside match ip host any 

B. After verifying that user traffic reaches the firewall using syslogs or captures, use packet tracer command packet-tracer input inside tcp 1234 80 

C. Enable logging at level 1 and check the syslogs using commands logging enable, logging buffered 1 and show logging | include 

D. Check if an access-list on the firewall is blocking the user by using command show running-config access-list | include 

E. Use packet tracer command packet-tracer input inside udp 1234192.168.1.3 161 to see what the firewall is doing with the user's traffic 

Answer: A,B