Cause all that matters here is passing the Cisco 300-209 exam. Cause all that you need is a high score of 300-209 Implementing Cisco Secure Mobility Solutions (SIMOS) exam. The only one thing you need to do is downloading Pass4sure 300-209 exam study guides now. We will not let you down with our money-back guarantee.

Q81. Which two parameters help to map a VPN session to a tunnel group without using the tunnel-group list? (Choose two.) 

A. group-alias 

B. certificate map 

C. use gateway command 

D. group-url 

E. AnyConnect client version 

Answer: B,D 

Q82. Which feature is enabled by the use of NHRP in a DMVPN network? 

A. host routing with Reverse Route Injection 

B. BGP multiaccess 

C. host to NBMA resolution 

D. EIGRP redistribution 


Q83. What is the Cisco recommended TCP maximum segment on a DMVPN tunnel interface when the MTU is set to 1400 bytes? 

A. 1160 bytes 

B. 1260 bytes 

C. 1360 bytes 

D. 1240 bytes 


Q84. Which transform set is contained in the IKEv2 default proposal? 

A. aes-cbc-192, sha256, group 14 

B. 3des, md5, group 7 

C. 3des, sha1, group 1 

D. aes-cbc-128, sha, group 5 


Q85. Which four activities does the Key Server perform in a GETVPN deployment? (Choose four.) 

A. authenticates group members 

B. manages security policy 

C. creates group keys 

D. distributes policy/keys 

E. encrypts endpoint traffic 

F. receives policy/keys 

G. defines group members 

Answer: A,B,C,D 

Q86. After completing a site-to-site VPN setup between two routers, application performance over the tunnel is slow. You issue the show crypto ipsec sa command and see the following output. What does this output suggest? 

interfacE. Tunnel100 

Crypto map tag: Tunnel100-head-0, local addr 

protected vrF. (none) 

local ident (addr/mask/prot/port): ( 

remote ident (addr/mask/prot/port): ( 

current_peer port 500 

PERMIT, flags={origin_is_acl,} 

#pkts encaps: 34836, #pkts encrypt: 34836, #pkts digest: 34836 

#pkts decaps: 26922, #pkts decrypt: 19211, #pkts verify: 19211 

#pkts compresseD. 0, #pkts decompresseD. 0 

#pkts not compresseD. 0, #pkts compr. faileD. 0 

#pkts not decompresseD. 0, #pkts decompress faileD. 0 

#send errors 0, #recv errors 0 

A. The VPN has established and is functioning normally. 

B. There is an asymmetric routing issue. 

C. The remote peer is not receiving encrypted traffic. 

D. The remote peer is not able to decrypt traffic. 

E. Packet corruption is occurring on the path between the two peers. 


Q87. Refer to the exhibit. 

Which technology does this configuration demonstrate? 

A. AnyConnect SSL over IPv4+IPv6 

B. AnyConnect FlexVPN over IPv4+IPv6 

C. AnyConnect FlexVPN IPv6 over IPv4 

D. AnyConnect SSL IPv6 over IPv4 


Q88. After implementing the IKEv2 tunnel, it was observed that remote users on the network are unable to access the internet. Which of the following can be done to resolve this problem? 

A. Change the Diffie-Hellman group on the headquarter ASA to group5forthe dynamic crypto map 

B. Change the remote traffic selector on the remote ASA to 

C. Change to an IKEvI configuration since IKEv2 does not support a full tunnel with static peers 

D. Change the local traffic selector on the headquarter ASA to 

E. Change the remote traffic selector on the headquarter ASA to 



The traffic selector is used to determine which traffic should be protected (encrypted over the IPSec tunnel). We want this to be specific, otherwise Internet traffic will also be sent over the tunnel and most likely dropped on the remote side. Here, we just want to protect traffic from to 

Q89. Refer to the exhibit. 

Which VPN solution does this configuration represent? 

A. Cisco AnyConnect (IKEv2) 

B. site-to-site 




Q90. Which hash algorithm is required to protect classified information? 

A. MD5 

B. SHA-1 

C. SHA-256 

D. SHA-384