Cause all that matters here is passing the Cisco 300-209 exam. Cause all that you need is a high score of 300-209 Implementing Cisco Secure Mobility Solutions (SIMOS) exam. The only one thing you need to do is downloading Pass4sure 300-209 exam study guides now. We will not let you down with our money-back guarantee.

Q81. Which two parameters help to map a VPN session to a tunnel group without using the tunnel-group list? (Choose two.) 

A. group-alias 

B. certificate map 

C. use gateway command 

D. group-url 

E. AnyConnect client version 

Answer: B,D 


Q82. Which feature is enabled by the use of NHRP in a DMVPN network? 

A. host routing with Reverse Route Injection 

B. BGP multiaccess 

C. host to NBMA resolution 

D. EIGRP redistribution 

Answer:


Q83. What is the Cisco recommended TCP maximum segment on a DMVPN tunnel interface when the MTU is set to 1400 bytes? 

A. 1160 bytes 

B. 1260 bytes 

C. 1360 bytes 

D. 1240 bytes 

Answer:


Q84. Which transform set is contained in the IKEv2 default proposal? 

A. aes-cbc-192, sha256, group 14 

B. 3des, md5, group 7 

C. 3des, sha1, group 1 

D. aes-cbc-128, sha, group 5 

Answer:


Q85. Which four activities does the Key Server perform in a GETVPN deployment? (Choose four.) 

A. authenticates group members 

B. manages security policy 

C. creates group keys 

D. distributes policy/keys 

E. encrypts endpoint traffic 

F. receives policy/keys 

G. defines group members 

Answer: A,B,C,D 


Q86. After completing a site-to-site VPN setup between two routers, application performance over the tunnel is slow. You issue the show crypto ipsec sa command and see the following output. What does this output suggest? 

interfacE. Tunnel100 

Crypto map tag: Tunnel100-head-0, local addr 10.10.10.10 

protected vrF. (none) 

local ident (addr/mask/prot/port): (10.10.10.10/255.255.255.255/47/0) 

remote ident (addr/mask/prot/port): (10.20.20.20/255.255.255.255/47/0) 

current_peer 209.165.200.230 port 500 

PERMIT, flags={origin_is_acl,} 

#pkts encaps: 34836, #pkts encrypt: 34836, #pkts digest: 34836 

#pkts decaps: 26922, #pkts decrypt: 19211, #pkts verify: 19211 

#pkts compresseD. 0, #pkts decompresseD. 0 

#pkts not compresseD. 0, #pkts compr. faileD. 0 

#pkts not decompresseD. 0, #pkts decompress faileD. 0 

#send errors 0, #recv errors 0 

A. The VPN has established and is functioning normally. 

B. There is an asymmetric routing issue. 

C. The remote peer is not receiving encrypted traffic. 

D. The remote peer is not able to decrypt traffic. 

E. Packet corruption is occurring on the path between the two peers. 

Answer:


Q87. Refer to the exhibit. 

Which technology does this configuration demonstrate? 

A. AnyConnect SSL over IPv4+IPv6 

B. AnyConnect FlexVPN over IPv4+IPv6 

C. AnyConnect FlexVPN IPv6 over IPv4 

D. AnyConnect SSL IPv6 over IPv4 

Answer:


Q88. After implementing the IKEv2 tunnel, it was observed that remote users on the 192.168.33.0/24 network are unable to access the internet. Which of the following can be done to resolve this problem? 

A. Change the Diffie-Hellman group on the headquarter ASA to group5forthe dynamic crypto map 

B. Change the remote traffic selector on the remote ASA to 192.168.22.0/24 

C. Change to an IKEvI configuration since IKEv2 does not support a full tunnel with static peers 

D. Change the local traffic selector on the headquarter ASA to 0.0.0.0/0 

E. Change the remote traffic selector on the headquarter ASA to 0.0.0.0/0 

Answer:

Explanation: 

The traffic selector is used to determine which traffic should be protected (encrypted over the IPSec tunnel). We want this to be specific, otherwise Internet traffic will also be sent over the tunnel and most likely dropped on the remote side. Here, we just want to protect traffic from 192.168.33.0/24 to 192.168.22.0/24. 


Q89. Refer to the exhibit. 

Which VPN solution does this configuration represent? 

A. Cisco AnyConnect (IKEv2) 

B. site-to-site 

C. DMVPN 

D. SSL VPN 

Answer:


Q90. Which hash algorithm is required to protect classified information? 

A. MD5 

B. SHA-1 

C. SHA-256 

D. SHA-384 

Answer: