Exam Code: 300-209 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Implementing Cisco Secure Mobility Solutions (SIMOS)
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 300-209 Exam.

2021 Jun 300-209 Study Guide Questions:

Q91. Which two parameters help to map a VPN session to a tunnel group without using the tunnel-group list? (Choose two.) 

A. group-alias 

B. certificate map 

C. use gateway command 

D. group-url 

E. AnyConnect client version 

Answer: B,D 


Q92. CORRECT TEXT 


Answer: Here are the steps as below: 

Step 1: configure key ring 

crypto ikev2 keyring mykeys 

peer SiteB.cisco.com 

address 209.161.201.1 

pre-shared-key local $iteA 

pre-shared key remote $iteB 

Step 2: Configure IKEv2 profile 

Crypto ikev2 profile default 

identity local fqdn SiteA.cisco.com 

Match identity remote fqdn SiteB.cisco.com 

Authentication local pre-share 

Authentication remote pre-share 

Keyring local mykeys 

Step 3: Create the GRE Tunnel and apply profile 

crypto ipsec profile default 

set ikev2-profile default 

Interface tunnel 0 

ip address 10.1.1.1 255.255.255.0 

Tunnel source eth 0/0 

Tunnel destination 209.165.201.1 

tunnel protection ipsec profile default 

end 


Q93. Which protocol does DTLS use for its transport? 

A. TCP 

B. UDP 

C. IMAP 

D. DDE 

Answer: B 


2passeasy.com

Update cisco 300-209 book:

Q94. Which option describes what address preservation with IPsec Tunnel Mode allows when GETVPN is used? 

A. stronger encryption methods 

B. Network Address Translation of encrypted traffic 

C. traffic management based on original source and destination addresses 

D. Tunnel Endpoint Discovery 

Answer: C 


Q95. Which algorithm provides both encryption and authentication for data plane communication? 

A. SHA-96 

B. SHA-384 

C. 3DES 

D. AES-256 

E. AES-GCM 

F. RC4 

Answer: E 


Q96. Refer to the exhibit. 


Which two statements about the given configuration are true? (Choose two.) 

A. Defined PSK can be used by any IPSec peer. 

B. Any router defined in group 2 will be allowed to connect. 

C. It can be used in a DMVPN deployment 

D. It is a LAN-to-LAN VPN ISAKMP policy. 

E. It is an AnyConnect ISAKMP policy. 

F. PSK will not work as configured 

Answer: A,C 


2passeasy.com

Validated cisco ccnp security 300-209 simos:

Q97. What is the default storage location of user-level bookmarks in an IOS clientless SSL VPN? 

A. disk0:/webvpn/{context name}/ 

B. disk1:/webvpn/{context name}/ 

C. flash:/webvpn/{context name}/ 

D. nvram:/webvpn/{context name}/ 

Answer: C 


Q98. A company needs to provide secure access to its remote workforce. The end users use public kiosk computers and a wide range of devices. They will be accessing only an internal web application. Which VPN solution satisfies these requirements? 

A. Clientless SSLVPN 

B. AnyConnect Client using SSLVPN 

C. AnyConnect Client using IKEv2 

D. FlexVPN Client 

E. Windows built-in PPTP client 

Answer: A 


Q99. Which two examples of transform sets are contained in the IKEv2 default proposal? (Choose two.) 

A. aes-cbc-192, sha256, 14 

B. 3des, md5, 5 

C. 3des, sha1, 1 

D. aes-cbc-128, sha, 5 

Answer: B,D 


Q100. A user is unable to establish an AnyConnect VPN connection to an ASA. When using the Real-Time Log viewer within ASDM to troubleshoot the issue, which two filter options would the administrator choose to show only syslog messages relevant to the VPN connection? (Choose two.) 

A. Client's public IP address 

B. Client's operating system 

C. Client's default gateway IP address 

D. Client's username 

E. ASA's public IP address 

Answer: A,D