We enjoy the highest reputation for a number of years in that all of us offer probably the most up-to-date and correct Cisco Cisco 300-209 exam questions and answers. Youll be able to easily move through the Cisco 300-209 actual test with our precise as well as logical Cisco 300-209 practice questions. Trust in our Cisco goods and pass the Cisco exam with ease. You are going to get 100% good results assurance on your first try in the event you preview and review our Cisco 300-209 research materials.
2021 Jan 300-209 simos books:
Q31. Which three configurations are required for both IPsec VTI and crypto map-based VPNs? (Choose three.)
A. transform set
B. ISAKMP policy
C. ACL that defines traffic to encrypt
D. dynamic routing protocol
E. tunnel interface
F. IPsec profile
G. PSK or PKI trustpoint with certificate
Answer: A,B,G
Q32. Which option is one component of a Public Key Infrastructure?
A. the Registration Authority
B. Active Directory
C. RADIUS
D. TACACS+
Answer: A
Q33. An administrator desires that when work laptops are not connected to the corporate network, they should automatically initiate an AnyConnect VPN tunnel back to headquarters. Where does the administrator configure this?
A. Via the svc trusted-network command under the group-policy sub-configuration mode on the ASA
B. Under the "Automatic VPN Policy" section inside the Anyconnect Profile Editor within ASDM
C. Under the TNDPolicy XML section within the Local Preferences file on the client computer
D. Via the svc trusted-network command under the global webvpn sub-configuration mode on the ASA
Answer: C
Q34. Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?
A. enrollment profile
B. enrollment terminal
C. enrollment url
D. enrollment selfsigned
Answer: A
Q35. Which three parameters must match on all routers in a DMVPN Phase 3 cloud? (Choose three.)
A. NHRP network ID
B. GRE tunnel key
C. NHRP authentication string
D. tunnel VRF
E. EIGRP process name
F. EIGRP split-horizon setting
Answer: A,B,C
Refresh 300-209 simos books:
Q36. Which two statements regarding IKEv2 are true per RFC 4306? (Choose two.)
A. It is compatible with IKEv1.
B. It has at minimum a nine-packet exchange.
C. It uses aggressive mode.
D. NAT traversal is included in the RFC.
E. It uses main mode.
F. DPD is defined in RFC 4309.
G. It allows for EAP authentication.
Answer: D,G
Q37. Refer to the exhibit.
The customer needs to launch AnyConnect in the RDP machine. Which configuration is correct?
A. crypto vpn anyconnect profile test flash:RDP.xml
policy group default
svc profile test
B. crypto vpn anyconnect profile test flash:RDP.xml
webvpn context GW_1
browser-attribute import flash:/swj.xml
C. crypto vpn anyconnect profile test flash:RDP.xml
policy group default
svc profile flash:RDP.xml
D. crypto vpn anyconnect profile test flash:RDP.xml
webvpn context GW_1
browser-attribute import test
Answer: A
Q38. A spoke has two Internet connections for failover. How can you achieve optimum failover without affecting any other router in the DMVPN cloud?
A. Create another DMVPN cloud by configuring another tunnel interface that is sourced from the second ISP link.
B. Use another router at the spoke site, because two ISP connections on the same router for the same hub is not allowed.
C. Configure SLA tracking, and when the primary interface goes down, manually change the tunnel source of the tunnel interface.
D. Create another tunnel interface with same configuration except the tunnel source, and configure the if-state nhrp and backup interface commands on the primary tunnel interface.
Answer: C
Q39. Which two troubleshooting steps should be taken when Cisco AnyConnect cannot establish an IKEv2 connection, while SSL works fine? (Choose two.)
A. Verify that the primary protocol on the client machine is set to IPsec.
B. Verify that AnyConnect is enabled on the correct interface.
C. Verify that the IKEv2 protocol is enabled on the group policy.
D. Verify that ASDM and AnyConnect are not using the same port.
E. Verify that SSL and IKEv2 certificates are not referencing the same trustpoint.
Answer: A,C
Q40. As network security architect, you must implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity. Which.technology should you use?
A. IPsec DVTI
B. FlexVPN
C. DMVPN
D. IPsec SVTI
E. GET VPN
Answer: E