It is more faster and easier to pass the Cisco 300-209 exam by using Downloadable Cisco Implementing Cisco Secure Mobility Solutions (SIMOS) questuins and answers. Immediate access to the Up to date 300-209 Exam and find the same core area 300-209 questions with professionally verified answers, then PASS your exam with a high score now.
2021 Mar 300-209 exam cram
Q111. Which interface is managed by the VPN Access Interface field in the Cisco ASDM IPsec Site-to-Site VPN Wizard?
A. the local interface named "VPN_access"
B. the local interface configured with crypto enable
C. the local interface from which traffic originates
D. the remote interface with security level 0
Answer: B
Q112. Which technology can you implement to reduce latency issues associated with a Cisco AnyConnect VPN?
A. DTLS
B. SCTP
C. DCCP
D. SRTP
Answer: A
Q113. Which two statements about the Cisco ASA Clientless SSL VPN solution are true? (Choose two.)
A. When a client connects to the Cisco ASA WebVPN portal and tries to access HTTP resources through the URL bar, the client uses the local DNS to perform FQDN resolution.
B. The rewriter enable command under the global webvpn configuration enables the rewriter functionality because that feature is disabled by default.
C. A Cisco ASA with an AnyConnect Premium Peers license can simultaneously allow Clientless SSL VPN sessions and AnyConnect client sessions.
D. Content rewriter functionality in the Clientless SSL VPN portal is not supported on Apple mobile devices.
E. Clientless SSLVPN provides Layer 3 connectivity into the secured network.
Answer: C,D
Q114. Refer to the exhibit.
Which authentication method was used by the remote peer to prove its identity?
A. Extensible Authentication Protocol
B. certificate authentication
C. pre-shared key
D. XAUTH
Answer: C
Q115. What action does the hub take when it receives a NHRP resolution request from a spoke for a network that exists behind another spoke?
A. The hub sends back a resolution reply to the requesting spoke.
B. The hub updates its own NHRP mapping.
C. The hub forwards the request to the destination spoke.
D. The hub waits for the second spoke to send a request so that it can respond to both spokes.
Answer: C
Update 300-209 latest exam:
Q116. You are troubleshooting a site-to-site VPN issue where the tunnel is not establishing. After issuing the debug crypto isakmp command on the headend router, you see the following output. What does this output suggest?
1d00h: ISAKMP (0:1): atts are not acceptable. Next payload is 0
1d00h: ISAKMP (0:1); no offers accepted!
1d00h: ISAKMP (0:1): SA not acceptable!
1d00h: %CRYPTO-6-IKMP_MODE_FAILURE. Processing of Main Mode failed with peer at 10.10.10.10
A. Phase 1 policy does not match on both sides.
B. The transform set does not match on both sides.
C. ISAKMP is not enabled on the remote peer.
D. There is a mismatch in the ACL that identifies interesting traffic.
Answer: A
Q117. Which two parameters are configured within an IKEv2 proposal on an IOS router? (Choose two.)
A. authentication
B. encryption
C. integrity
D. lifetime
Answer: B,C
Q118. Which VPN type can be used to provide secure remote access from public internet cafes and airport kiosks?
A. site-to-site
B. business-to-business
C. Clientless SSL
D. DMVPN
Answer: C
Q119. Which configuration construct must be used in a FlexVPN tunnel?
A. multipoint GRE tunnel interface
B. IKEv1 policy
C. IKEv2 profile
D. EAP configuration
Answer: C
Q120. CORRECT TEXT
Scenario
You are the network security administrator for your organization. Your company is growing and a remote branch office is being created. You are tasked with configuring your headquarters Cisco ASA to create a site-to-site IPsec VPN connection to the branch office Cisco ISR. The branch office ISR has already been deployed and configured and you need to complete the IPsec connectivity configurations on the HQ ASA to bring the new office online.
Use the following parameters to complete your configuration using ASDM. For this exercise, not all ASDM screens are active.
. Enable IKEv1 on outside I/F for Site-to-site VPN
. Add a Connection Profile with the following parameters:
. Peer IP: 203.0.113.1
. Connection name: 203.0.113.1
. Local protected network: 10.10.9.0/24
. Remote protected network: 10.11.11.0/24
. Group Policy Name: use the default policy name supplied
. Preshared key: cisco
. Disable IKEv2
. Encryption Algorithms: use the ASA defaults
. Disable pre-configured NAT for testing of the IPsec tunnel
. Disable the outside NAT pool rule
. Establish the IPsec tunnel by sending ICMP pings from the Employee PC to the Branch Server at IP address 10.11.11.20
. Verify tunnel establishment in ASDM VPN Statistics> Sessions window pane
You have completed this exercise when you have successfully configured, established, and verified site-to-site IPsec connectivity between the ASA and the Branch ISR.
Topology
Answer: Review the explanation for detailed answer steps.
Explanation:
First, click on Configuration ->Site-to-Site VPN to bring up this screen:
Click on “allow IKE v1 Access” for the outside per the instructions as shown below:
Then click apply at the bottom of the page. This will bring up the following pop up message:
Click on Send.
Next, we need to set up the connection profile. From the connection profile tab, click on “Add”
Then, fill in the information per the instructions as shown below:
Hit OK and you should see this:
To test this, we need to disable NAT. Go to Configuration -> Firewall -> NAT rules and you should see this:
Click on Rule 1 to get the details and you will see this:
We need to uncheck the “Enable rule” button on the bottom. It might also be a good idea to uncheck the “Translate DNS replies that match the rule” but it should not be needed. Then, go back to the topology:
Click on Employee PC, and you will see a desktop with a command prompt shortcut. Use this to ping the IP address of 10.11.11.20 and you should see replies:
We can also verify by viewing the VPN Statistics -> Sessions and see the bytes in/out incrementing as shown below: