Pinpoint of 300-209 test materials and forum for Cisco certification for client, Real Success Guaranteed with Updated 300-209 pdf dumps vce Materials. 100% PASS Implementing Cisco Secure Mobility Solutions (SIMOS) exam Today!

2021 Mar 300-209 test questions

Q71. Which three types of web resources or protocols are enabled by default on the Cisco ASA Clientless SSL VPN portal? (Choose three.) 






F. ICA (Citrix) 

Answer: A,C,E 

Q72. You are troubleshooting a site-to-site VPN issue where the tunnel is not establishing. After issuing the debug crypto ipsec command on the headend router, you see the following output. What does this output suggest? 

1d00h: IPSec (validate_proposal): transform proposal 

(port 3, trans 2, hmac_alg 2) not supported 

1d00h: ISAKMP (0:2) : atts not acceptable. Next payload is 0 

1d00h: ISAKMP (0:2) SA not acceptable 

A. Phase 1 policy does not match on both sides. 

B. The Phase 2 transform set does not match on both sides. 

C. ISAKMP is not enabled on the remote peer. 

D. The crypto map is not applied on the remote peer. 

E. The Phase 1 transform set does not match on both sides. 


Q73. Which two statements regarding IKEv2 are true per RFC 4306? (Choose two.) 

A. It is compatible with IKEv1. 

B. It has at minimum a nine-packet exchange. 

C. It uses aggressive mode. 

D. NAT traversal is included in the RFC. 

E. It uses main mode. 

F. DPD is defined in RFC 4309. 

G. It allows for EAP authentication. 

Answer: D,G 

Q74. Refer to the exhibit. 

An administrator is adding IPv6 addressing to an already functioning tunnel. The administrator is unable to ping 2001:DB8:100::2 but can ping Which configuration needs to be added or changed? 

A. No configuration change is necessary. Everything is working correctly. 

B. OSPFv3 needs to be configured on the interface. 

C. NHRP needs to be configured to provide NBMA mapping. 

D. Tunnel mode needs to be changed to GRE IPv4. 

E. Tunnel mode needs to be changed to GRE IPv6. 


Q75. Refer to the exhibit. 

Which VPN solution does this configuration represent? 

A. Cisco AnyConnect 

B. IPsec 

C. L2TP 



Leading 300-209 exam:

Q76. Which command identifies an AnyConnect profile that was uploaded to the router flash? 

A. crypto vpn anyconnect profile SSL_profile flash:simos-profile.xml 

B. svc import profile SSL_profile flash:simos-profile.xml 

C. anyconnect profile SSL_profile flash:simos-profile.xml 

D. webvpn import profile SSL_profile flash:simos-profile.xml 


Q77. Which VPN solution is best for a collection of branch offices connected by MPLS that frequenty make VoIP calls between branches? 


B. Cisco AnyConnect 

C. site-to-site 



Q78. Which statement about the hub in a DMVPN configuration with iBGP is true? 

A. It must be a route reflector client. 

B. It must redistribute EIGRP from the spokes. 

C. It must be in a different AS. 

D. It must be a route reflector. 


Q79. You are troubleshooting a DMVPN NHRP registration failure. Which command can you use to view request counters? 

A. show ip nhrp nhs detail 

B. show ip nhrp tunnel 

C. show ip nhrp incomplete 

D. show ip nhrp incomplete tunnel tunnel_interface_number 


Q80. Which two troubleshooting steps should be taken when Cisco AnyConnect cannot establish an IKEv2 connection, while SSL works fine? (Choose two.) 

A. Verify that the primary protocol on the client machine is set to IPsec. 

B. Verify that AnyConnect is enabled on the correct interface. 

C. Verify that the IKEv2 protocol is enabled on the group policy. 

D. Verify that ASDM and AnyConnect are not using the same port. 

E. Verify that SSL and IKEv2 certificates are not referencing the same trustpoint. 

Answer: A,C