Exam Code: 300-209 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Implementing Cisco Secure Mobility Solutions (SIMOS)
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 300-209 Exam.

2021 Dec 300-209 simos books:

Q21. Scenario 

Your organization has just implemented a Cisco AnyConnect SSL VPN solution. Using Cisco ASDM, answer the questions regarding the implementation. 

Note: Not all screens or option selections are active for this exercise. 

Topology 

Default_Home 

What two actions will be taken on translated packets when the AnyConnect users connect to the ASA? (Choose two.) 

A. No action will be taken, they will keep their original assigned addresses 

B. The source address will use the outside-nat-pool 

C. The source NAT type will be a static translation 

D. The source NAT type will be a dynamic translation 

E. DNS will be translated on rule matches 

Answer: A,C 

Explanation: 

First, navigate to the Configuration ->NAT Rules tab to see this: 

Here we see that NAT rule 2 applies to the AnyConnect clients, click on this rule for more details to see the following: 

Here we see that it is a static source NAT entry, but that the Source and Destination addresses remain the original IP address so they are not translated. 


Q22. Which NGE IKE Diffie-Hellman group identifier has the strongest cryptographic properties? 

A. group 10 

B. group 24 

C. group 5 

D. group 20 

Answer:


Q23. Which protocol can be used for better throughput performance when using.Cisco AnyConnect VPN? 

A. TLSv1 

B. TLSv1.1 

C. TLSv1.2 

D. DTLSv1 

Answer:


Q24. Which three settings are required for crypto map configuration? (Choose three.) 

A. match address 

B. set peer 

C. set transform-set 

D. set security-association lifetime 

E. set security-association level per-host 

F. set pfs 

Answer: A,B,C 


Q25. Scenario: 

You are the senior network security administrator for your organization. Recently and junior engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA and a remote branch office. 

You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR, verify the IPsec configuration is properly configured between the two sites. 

NOTE: the show running-config command cannot be used for this exercise. 

Topology: 

Which transform set is being used on the branch ISR? 

A. Default 

B. ESP-3DES ESP-SHA-HMAC 

C. ESP-AES-256-MD5-TRANS mode transport 

D. TSET 

Answer:

Explanation: 

This can be seen from the “show crypto ipsec sa” command as shown below: 


Renew airaid 300-209:

Q26. In FlexVPN, what command can an administrator use to create a virtual template interface that can be configured and applied dynamically to create virtual access interfaces? 

A. interface virtual-template number type template 

B. interface virtual-template number type tunnel 

C. interface template number type virtual 

D. interface tunnel-template number 

Answer:

Explanation: 

Here is a reference an explanation that can be included with this test. http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/15-2mt/sec-flex-spoke.html#GUID-4A10927D-4C6A-4202-B01C-DA7E462F5D8A 

Configuring the Virtual Tunnel Interface on FlexVPN Spoke 

SUMMARY STEPS 

1. enable 

2. configure terminal 

3. interface virtual-template number type tunnel 

4. ip unnumbered tunnel number 

5. ip nhrp network-id number 

6. ip nhrp shortcut virtual-template-number 

7. ip nhrp redirect [timeout seconds] 

8. exit 


Q27. Which are two main use cases for Clientless SSL VPN? (Choose two.) 

A. In kiosks that are part of a shared environment 

B. When the users do not have admin rights to install a new VPN client 

C. When full tunneling is needed to support applications that use TCP, UDP, and ICMP 

D. To create VPN site-to-site tunnels in combination with remote access 

Answer: A,B 


Q28. Which encryption and authentication algorithms does Cisco recommend when deploying a Cisco NGE supported VPN solution? 

A. AES-GCM and SHA-2 

B. 3DES and DH 

C. AES-CBC and SHA-1 

D. 3DES and SHA-1 

Answer:


Q29. Refer to the exhibit. 

Which technology is represented by this configuration? 

A. AAA for FlexVPN 

B. AAA for EzVPN 

C. TACACS+ command authorization 

D. local command authorization 

Answer:


Q30. When a tunnel is initiated by the headquarter ASA, which one of the following Diffie-Hellman groups is selected by the headquarter ASA during CREATE_CHILD_SA exchange? 

A. 1 

B. 2 

C. 5 

D. 14 

E. 19 

Answer:

Explanation: 

Traffic initiated by the HQ ASA is assigned to the static outside crypto map, which shown below to use DH group 5.