It is impossible to pass Cisco 300-209 exam without any help in the short term. Come to Testking soon and find the most advanced, correct and guaranteed Cisco 300-209 practice questions. You will get a surprising result by our Avant-garde Implementing Cisco Secure Mobility Solutions (SIMOS) practice guides.

Q101. Which three plugins are available for clientless SSL VPN? (Choose three.) 

A. CIFS 

B. RDP2 

C. SSH 

D. VNC 

E. SQLNET 

F. ICMP 

Answer: B,C,D 


Q102. Which are two main use cases for Clientless SSL VPN? (Choose two.) 

A. In kiosks that are part of a shared environment 

B. When the users do not have admin rights to install a new VPN client 

C. When full tunneling is needed to support applications that use TCP, UDP, and ICMP 

D. To create VPN site-to-site tunnels in combination with remote access 

Answer: A,B 


Q103. Which technology can provide high availability for an SSL VPN? 

A. DMVPN 

B. a multiple-tunnel configuration 

C. a Cisco ASA pair in active/passive failover configuration 

D. certificate to tunnel group maps 

Answer:


Q104. Scenario 

Your organization has just implemented a Cisco AnyConnect SSL VPN solution. Using 

Cisco ASDM, answer the questions regarding the implementation. Note: Not all screens or option selections are active for this exercise. 

Topology 

Default_Home 

Which address pool is being assigned to the users connecting via the AnyConnect client? 

A. AC_Address_Pool 

B. Remote_Address_Pool 

C. Outside_Address_Pool 

D. VPN_Address_Pool 

Answer:

Explanation: 

First Navigate to the Configuration -> Remote Access VPN tab and then choose the “AnyConnect Connection Profile as shown below: 

Capture 

Then, clicking on the AnyConnect Profile at the bottom will bring you to the edit page shown below: 

Capture 

From here we can see that the Client Address Pools in use is the “VPN_Access_Pool” 


Q105. Which algorithm provides both encryption and authentication for data plane communication? 

A. SHA-96 

B. SHA-384 

C. 3DES 

D. AES-256 

E. AES-GCM 

F. RC4 

Answer:


Q106. Refer to the exhibit. 

What is the purpose of the given configuration? 

A. Establishing a GRE tunnel. 

B. Enabling IPSec to decrypt fragmented packets. 

C. Resolving access issues caused by large packet sizes. 

D. Adding the spoke to the routing table. 

Answer:


Q107. Which is used by GETVPN, FlexVPN and DMVPN? 

A. NHRP 

B. MPLS 

C. GRE 

D. ESP 

Answer:


Q108. Which two statements are true when designing a SSL VPN solution using Cisco AnyConnect? (Choose two.) 

A. The VPN server must have a self-signed certificate. 

B. A SSL group pre-shared key must be configured on the server. 

C. Server side certificate is optional if using AAA for client authentication. 

D. The VPN IP address pool can overlap with the rest of the LAN networks. 

E. DTLS can be enabled for better performance. 

Answer: D,E 


Q109. Remote users want to access internal servers behind an ASA using Microsoft terminal services. Which option outlines the steps required to allow users access via the ASA clientless VPN portal? 

A. 1. Configure a static pat rule for TCP port 3389 

2. Configure an inbound access-list to allow traffic from remote users to the servers 

3. Assign this access-list rule to the group policy 

B. 1. Configure a bookmark of the type http:// server-IP :3389 

2. Enable Smart tunnel on this bookmark 

3. Assign the bookmark to the desired group policy 

C. 1. Configure a Smart Tunnel application list 

2. Add the rdp.exe process to this list 

3. Assign the Smart Tunnel application list to the desired group policy 

D. 1. Upload an RDP plugin to the ASA 

2. Configure a bookmark of the type rdp:// server-IP 

3. Assign the bookmark list to the desired group policy 

Answer:


Q110. Which option is a possible solution if you cannot access a URL through clientless SSL VPN with Internet Explorer, while other browsers work fine? 

A. Verify the trusted zone and cookies settings in your browser. 

B. Make sure that you specified the URL correctly. 

C. Try the URL from another operating system. 

D. Move to the IPsec client. 

Answer: