Exam Code: 300-209 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Implementing Cisco Secure Mobility Solutions (SIMOS)
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 300-209 Exam.

2021 Jun 300-209 Study Guide Questions:

Q81. Refer to the exhibit. 

An administrator is adding IPv6 addressing to an already functioning tunnel. The administrator is unable to ping 2001:DB8:100::2 but can ping Which configuration needs to be added or changed? 

A. No configuration change is necessary. Everything is working correctly. 

B. OSPFv3 needs to be configured on the interface. 

C. NHRP needs to be configured to provide NBMA mapping. 

D. Tunnel mode needs to be changed to GRE IPv4. 

E. Tunnel mode needs to be changed to GRE IPv6. 

Answer: E 

Q82. Which two troubleshooting steps should be taken when Cisco AnyConnect cannot establish an IKEv2 connection, while SSL works fine? (Choose two.) 

A. Verify that the primary protocol on the client machine is set to IPsec. 

B. Verify that AnyConnect is enabled on the correct interface. 

C. Verify that the IKEv2 protocol is enabled on the group policy. 

D. Verify that ASDM and AnyConnect are not using the same port. 

E. Verify that SSL and IKEv2 certificates are not referencing the same trustpoint. 

Answer: A,C 

Q83. Which two qualify as Next Generation Encryption integrity algorithms? (Choose two.) 

A. SHA-512 

B. SHA-256 

C. SHA-192 

D. SHA-380 

E. SHA-192 

F. SHA-196 

Answer: A,B 

300-209  free practice questions

Up to date airaid 300-209:

Q84. Which VPN type can be used to provide secure remote access from public internet cafes and airport kiosks? 

A. site-to-site 

B. business-to-business 

C. Clientless SSL 


Answer: C 

Q85. Refer to the exhibit. 

What technology does the given configuration demonstrate? 

A. Keyring used to encrypt IPSec traffic 

B. FlexVPN with IPV6 

C. FlexVPN with AnyConnect 

D. Crypto Policy to enable IKEv2 

Answer: B 

Q86. What are two forms of SSL VPN? (Choose two.) 

A. port forwarding 

B. Full Tunnel Mode 

C. Cisco IOS WebVPN 

D. Cisco AnyConnect 

Answer: C,D 


Tested 300-209 vce:

Q87. Which protocol can be used for better throughput performance when using.Cisco AnyConnect VPN? 

A. TLSv1 

B. TLSv1.1 

C. TLSv1.2 

D. DTLSv1 

Answer: D 

Q88. After implementing the IKEv2 tunnel, it was observed that remote users on the network are unable to access the internet. Which of the following can be done to resolve this problem? 

A. Change the Diffie-Hellman group on the headquarter ASA to group5forthe dynamic crypto map 

B. Change the remote traffic selector on the remote ASA to 

C. Change to an IKEvI configuration since IKEv2 does not support a full tunnel with static peers 

D. Change the local traffic selector on the headquarter ASA to 

E. Change the remote traffic selector on the headquarter ASA to 

Answer: B 


The traffic selector is used to determine which traffic should be protected (encrypted over the IPSec tunnel). We want this to be specific, otherwise Internet traffic will also be sent over the tunnel and most likely dropped on the remote side. Here, we just want to protect traffic from to 

Q89. Refer to the exhibit. 

The IKEv2 tunnel between Router1 and Router2 is failing during session establishment. Which action will allow the session to establish correctly? 

A. The address command on Router2 must be narrowed down to a /32 mask. 

B. The local and remote keys on Router2 must be switched. 

C. The pre-shared key must be altered to use only lowercase letters. 

D. The local and remote keys on Router2 must be the same. 

Answer: B 

Q90. If the IKEv2 tunnel were to establish successfully, which encryption algorithm would be used to encrypt traffic? 


B. 3DES 


D. AES192 

E. AES256 

Answer: E 


Both ASA’s are configured to support AES 256, so during the IPSec negotiation they will use the strongest algorithm that is supported by each peer.