★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 300-209 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/300-209-dumps.html


Exam Code: 300-209 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Implementing Cisco Secure Mobility Solutions (SIMOS)
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 300-209 Exam.

2021 Mar 300-209 exam answers

Q91. Which two troubleshooting steps should be taken when Cisco AnyConnect cannot establish an IKEv2 connection, while SSL works fine? (Choose two.) 

A. Verify that the primary protocol on the client machine is set to IPsec. 

B. Verify that AnyConnect is enabled on the correct interface. 

C. Verify that the IKEv2 protocol is enabled on the group policy. 

D. Verify that ASDM and AnyConnect are not using the same port. 

E. Verify that SSL and IKEv2 certificates are not referencing the same trustpoint. 

Answer: A,C 


Q92. A customer requires all traffic to go through a VPN. However, access to the local network is also required. Which two options can enable this configuration? (Choose two.) 

A. split exclude 

B. use of an XML profile 

C. full tunnel by default 

D. split tunnel 

E. split include 

Answer: A,B 


Q93. Refer to the exhibit. 

Which VPN solution does this configuration represent? 

A. Cisco AnyConnect (IKEv2) 

B. site-to-site 

C. DMVPN 

D. SSL VPN 

Answer:


Q94. Which two technologies are considered to be Suite B cryptography? (Choose two.) 

A. MD5 

B. SHA2 

C. Elliptical Curve Diffie-Hellman 

D. 3DES 

E. DES 

Answer: B,C 


Q95. Which three changes must be made to migrate from DMVPN Phase 2 to Phase 3 when EIGRP is configured? (Choose three.) 

A. Enable EIGRP next-hop-self on the hub. 

B. Disable EIGRP next-hop-self on the hub. 

C. Enable EIGRP split-horizon on the hub. 

D. Add NHRP redirects on the hub. 

E. Add NHRP shortcuts on the spoke. 

F. Add NHRP shortcuts on the hub. 

Answer: A,D,E 


Update 300-209 practice question:

Q96. Which two statements describe effects of the DoNothing option within the untrusted network policy on a Cisco AnyConnect profile? (Choose two.) 

A. The client initiates a VPN connection upon detection of an untrusted network. 

B. The client initiates a VPN connection upon detection of a trusted network. 

C. The always-on feature is enabled. 

D. The always-on feature is disabled. 

E. The client does not automatically initiate any VPN connection. 

Answer: A,D 


Q97. A user with IP address 10.10.10.10 is unable to access a HTTP website at IP address 

209.165.200.225 through a Cisco ASA. Which two features and commands will help troubleshoot the issue? (Choose two.) 

A. Capture user traffic using command capture capin interface inside match ip host 10.10.10.10 any 

B. After verifying that user traffic reaches the firewall using syslogs or captures, use packet tracer command packet-tracer input inside tcp 10.10.10.10 1234 209.165.200.225 80 

C. Enable logging at level 1 and check the syslogs using commands logging enable, logging buffered 1 and show logging | include 10.10.10.10 

D. Check if an access-list on the firewall is blocking the user by using command show running-config access-list | include 10.10.10.10 

E. Use packet tracer command packet-tracer input inside udp 0.10.10.10 1234192.168.1.3 161 to see what the firewall is doing with the user's traffic 

Answer: A,B 


Q98. In which situation would you enable the Smart Tunnel option with clientless SSL VPN? 

A. when a user is using an outdated version of a web browser 

B. when an application is failing in the rewrite process 

C. when IPsec should be used over SSL VPN 

D. when a user has a nonsupported Java version installed 

E. when cookies are disabled 

Answer:


Q99. You are troubleshooting a site-to-site VPN issue where the tunnel is not establishing. After issuing the debug crypto isakmp command on the headend router, you see the following output. What does this output suggest? 

1d00h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 

1d00h: ISAKMP (0:1); no offers accepted! 

1d00h: ISAKMP (0:1): SA not acceptable! 

1d00h: %CRYPTO-6-IKMP_MODE_FAILURE. Processing of Main Mode failed with peer at 10.10.10.10 

A. Phase 1 policy does not match on both sides. 

B. The transform set does not match on both sides. 

C. ISAKMP is not enabled on the remote peer. 

D. There is a mismatch in the ACL that identifies interesting traffic. 

Answer:


Q100. Which command clears all Cisco AnyConnect VPN sessions? 

A. vpn-sessiondb logoff anyconnect 

B. vpn-sessiondb logoff webvpn 

C. vpn-sessiondb logoff l2l 

D. clear crypto isakmp sa 

Answer: