Proper study guides for Renew Cisco Implementing Cisco Secure Mobility Solutions (SIMOS) certified begins with Cisco 300-209 preparation products which designed to deliver the Realistic 300-209 questions by making you pass the 300-209 test at your first time. Try the free 300-209 demo right now.

2021 Mar 300-209 exam question

Q101. Refer to the exhibit. 

Which technology does this configuration demonstrate? 

A. AnyConnect SSL over IPv4+IPv6 

B. AnyConnect FlexVPN over IPv4+IPv6 

C. AnyConnect FlexVPN IPv6 over IPv4 

D. AnyConnect SSL IPv6 over IPv4 

Answer:


Q102. Refer to the exhibit. 

You executed the show crypto ipsec sa command to troubleshoot an IPSec issue. What problem does the given output indicate? 

A. IKEv2 failed to establish a phase 2 negotiation. 

B. The Crypto ACL is different on the peer device. 

C. ISAKMP was unable to find a matching SA. 

D. IKEv2 was used in aggressive mode. 

Answer:


Q103. Which type of NHRP packet is unique to Phase 3 DMVPN topologies? 

A. resolution request 

B. resolution reply 

C. redirect 

D. registration request 

E. registration reply 

F. error indication 

Answer:


Q104. On which Cisco platform are dynamic virtual template interfaces available? 

A. Cisco Adaptive Security Appliance 5585-X 

B. Cisco Catalyst 3750X 

C. Cisco Integrated Services Router Generation 2 

D. Cisco Nexus 7000 

Answer:


Q105. Refer to the exhibit. 

Which VPN solution does this configuration represent? 

A. DMVPN 

B. GETVPN 

C. FlexVPN 

D. site-to-site 

Answer:


Up to the minute 300-209 practice test:

Q106. Which two RADIUS attributes are needed for a VRF-aware FlexVPN hub? (Choose two.) 

A. ip:interface-config=ip unnumbered loobackn 

B. ip:interface-config=ip vrf forwarding ivrf 

C. ip:interface-config=ip src route 

D. ip:interface-config=ip next hop 

E. ip:interface-config=ip neighbor 0.0.0.0 

Answer: A,B 


Q107. Which encryption and authentication algorithms does Cisco recommend when deploying a Cisco NGE supported VPN solution? 

A. AES-GCM and SHA-2 

B. 3DES and DH 

C. AES-CBC and SHA-1 

D. 3DES and SHA-1 

Answer:


Q108. Which.protocol must be enabled on the inside interface to use cluster encryption in SSL VPN load balancing? 

A. TLS 

B. DTLS 

C. IKEv2 

D. ISAKMP 

Answer:


Q109. A company has decided to migrate an existing IKEv1 VPN tunnel to IKEv2. Which two are valid configuration constructs on a Cisco IOS router? (Choose two.) 

A. crypto ikev2 keyring keyring-name 

peer peer1 

address 209.165.201.1 255.255.255.255 

pre-shared-key local key1 

pre-shared-key remote key2 

B. crypto ikev2 transform-set transform-set-name 

esp-3des esp-md5-hmac 

esp-aes esp-sha-hmac 

C. crypto ikev2 map crypto-map-name 

set crypto ikev2 tunnel-group tunnel-group-name 

set crypto ikev2 transform-set transform-set-name 

D. crypto ikev2 tunnel-group tunnel-group-name 

match identity remote address 209.165.201.1 

authentication local pre-share 

authentication remote pre-share 

E. crypto ikev2 profile profile-name 

match identity remote address 209.165.201.1 

authentication local pre-share 

authentication remote pre-share 

Answer: A,E 


Q110. Which protocol can be used for better throughput performance when using.Cisco AnyConnect VPN? 

A. TLSv1 

B. TLSv1.1 

C. TLSv1.2 

D. DTLSv1 

Answer: