Want to know Pass4sure 300-209 Exam practice test features? Want to lear more about Cisco Implementing Cisco Secure Mobility Solutions (SIMOS) certification experience? Study Certified Cisco 300-209 answers to Avant-garde 300-209 questions at Pass4sure. Gat a success with an absolute guarantee to pass Cisco 300-209 (Implementing Cisco Secure Mobility Solutions (SIMOS)) test on your first attempt.

Q21. Which technology is FlexVPN based on? 

A. OER 

B. VRF 

C. IKEv2 

D. an RSA nonce 

Answer:


Q22. Which three parameters must match on all routers in a DMVPN Phase 3 cloud? (Choose three.) 

A. NHRP network ID 

B. GRE tunnel key 

C. NHRP authentication string 

D. tunnel VRF 

E. EIGRP process name 

F. EIGRP split-horizon setting 

Answer: A,B,C 


Q23. Which three changes must be made to migrate from DMVPN Phase 2 to Phase 3 when EIGRP is configured? (Choose three.) 

A. Enable EIGRP next-hop-self on the hub. 

B. Disable EIGRP next-hop-self on the hub. 

C. Enable EIGRP split-horizon on the hub. 

D. Add NHRP redirects on the hub. 

E. Add NHRP shortcuts on the spoke. 

F. Add NHRP shortcuts on the hub. 

Answer: A,D,E 


Q24. Which two are characteristics of GETVPN? (Choose two.) 

A. The IP header of the encrypted packet is preserved 

B. A key server is elected among all configured Group Members 

C. Unique encryption keys are computed for each Group Member 

D. The same key encryption and traffic encryption keys are distributed to all Group Members 

Answer: A,D 


Q25. Refer to the exhibit. 

The IKEv2 tunnel between Router1 and Router2 is failing during session establishment. Which action will allow the session to establish correctly? 

A. The address command on Router2 must be narrowed down to a /32 mask. 

B. The local and remote keys on Router2 must be switched. 

C. The pre-shared key must be altered to use only lowercase letters. 

D. The local and remote keys on Router2 must be the same. 

Answer:


Q26. In the Cisco ASDM interface, where do you enable the DTLS protocol setting? 

A. Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit > Add or Edit Internal Group Policy 

B. Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit 

C. Device Management > Users/AAA > User Accounts > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client 

D. Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit 

Answer:

Reference: 

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect20/admini strative/guide/admin/admin5.html 

Shows where DTLS can be configured as: 

. Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit > Add or Edit Internal Group Policy > Advanced > SSL VPN Client 

. Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client 

.Device Management > Users/AAA > User Accounts > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client 


Q27. Regarding licensing, which option will allow IKEv2 connections on the adaptive security appliance? 

A. AnyConnect Essentials can be used for Cisco AnyConnect IKEv2 connections. 

B. IKEv2 sessions are not licensed. 

C. The Advanced Endpoint Assessment license must be installed to allow Cisco AnyConnect IKEv2 sessions. 

D. Cisco AnyConnect Mobile must be installed to allow AnyConnect IKEv2 sessions. 

Answer:


Q28. Refer to the exhibit. 

Which type of mismatch is causing the problem with the IPsec VPN tunnel? 

A. PSK 

B. Phase 1 policy 

C. transform set 

D. crypto access list 

Answer:


Q29. Refer to the exhibit. 

An administrator had the above configuration working with SSL protocol, but as soon as the administrator specified IPsec as the primary protocol, the Cisco AnyConnect client was not able to connect. What is the problem? 

A. IPsec will not work in conjunction with a group URL. 

B. The Cisco AnyConnect implementation does not allow the two group URLs to be the same. SSL does allow this. 

C. If you specify the primary protocol as IPsec, the User Group must be the exact name of the connection profile (tunnel group). 

D. A new XML profile should be created instead of modifying the existing profile, so that the clients force the update. 

Answer:


Q30. Which cryptographic algorithms are a part of the Cisco NGE suite? 

A. HIPPA DES 

B. AES-CBC-128 

C. RC4-128 

D. AES-GCM-256 

Answer:

Explanation: Reference: 

https://www.cisco.com/web/learning/le21/le39/docs/tdw166_prezo.pdf