It is impossible to pass Cisco 300-209 exam without any help in the short term. Come to Examcollection soon and find the most advanced, correct and guaranteed Cisco 300-209 practice questions. You will get a surprising result by our Avant-garde Implementing Cisco Secure Mobility Solutions (SIMOS) practice guides.

Q111. Refer to the exhibit. 

An IPsec peer is exchanging routes using IKEv2, but the routes are not installed in the RIB. Which configuration error is causing the failure? 

A. IKEv2 routing requires certificate authentication, not pre-shared keys. 

B. An invalid administrative distance value was configured. 

C. The match identity command must refer to an access list of routes. 

D. The IKEv2 authorization policy is not referenced in the IKEv2 profile. 

Answer:


Q112. Which three types of web resources or protocols are enabled by default on the Cisco ASA Clientless SSL VPN portal? (Choose three.) 

A. HTTP 

B. VNC 

C. CIFS 

D. RDP 

E. HTTPS 

F. ICA (Citrix) 

Answer: A,C,E 


Q113. Which equation describes an elliptic curve? 

A. y3 = x3 + ax + b 

B. x3 = y2 + ab + x 

C. y4 = x2 + ax + b 

D. y2 = x3 + ax + b 

E. y2 = x2 + ax + b2 

Answer:


Q114. If the IKEv2 tunnel were to establish successfully, which encryption algorithm would be used to encrypt traffic? 

A. DES 

B. 3DES 

C. AES 

D. AES192 

E. AES256 

Answer:

Explanation: 

Both ASA’s are configured to support AES 256, so during the IPSec negotiation they will use the strongest algorithm that is supported by each peer. 


Q115. Which three changes must be made to migrate from DMVPN Phase 2 to Phase 3 when EIGRP is configured? (Choose three.) 

A. Enable EIGRP next-hop-self on the hub. 

B. Disable EIGRP next-hop-self on the hub. 

C. Enable EIGRP split-horizon on the hub. 

D. Add NHRP redirects on the hub. 

E. Add NHRP shortcuts on the spoke. 

F. Add NHRP shortcuts on the hub. 

Answer: A,D,E 


Q116. In which situation would you enable the Smart Tunnel option with clientless SSL VPN? 

A. when a user is using an outdated version of a web browser 

B. when an application is failing in the rewrite process 

C. when IPsec should be used over SSL VPN 

D. when a user has a nonsupported Java version installed 

E. when cookies are disabled 

Answer:


Q117. Which transform set is contained in the IKEv2 default proposal? 

A. aes-cbc-192, sha256, group 14 

B. 3des, md5, group 7 

C. 3des, sha1, group 1 

D. aes-cbc-128, sha, group 5 

Answer:


Q118. Which two IKEv1 policy options must match on each peer when you configure an IPsec site-to-site VPN? (Choose two.) 

A. priority number 

B. hash algorithm 

C. encryption algorithm 

D. session lifetime 

E. PRF algorithm 

Answer: B,C 


Q119. Scenario 

Your organization has just implemented a Cisco AnyConnect SSL VPN solution. Using 

Cisco ASDM, answer the questions regarding the implementation. Note: Not all screens or option selections are active for this exercise. 

Topology 

Default_Home 

Which address pool is being assigned to the users connecting via the AnyConnect client? 

A. AC_Address_Pool 

B. Remote_Address_Pool 

C. Outside_Address_Pool 

D. VPN_Address_Pool 

Answer:

Explanation: 

First Navigate to the Configuration -> Remote Access VPN tab and then choose the “AnyConnect Connection Profile as shown below: 

Capture 

Then, clicking on the AnyConnect Profile at the bottom will bring you to the edit page shown below: 

Capture 

From here we can see that the Client Address Pools in use is the “VPN_Access_Pool” 


Q120. Refer to the exhibit. 

What is the purpose of the given configuration? 

A. Establishing a GRE tunnel. 

B. Enabling IPSec to decrypt fragmented packets. 

C. Resolving access issues caused by large packet sizes. 

D. Adding the spoke to the routing table. 

Answer: