It is more faster and easier to pass the Cisco 300-209 exam by using Printable Cisco Implementing Cisco Secure Mobility Solutions (SIMOS) questuins and answers. Immediate access to the Down to date 300-209 Exam and find the same core area 300-209 questions with professionally verified answers, then PASS your exam with a high score now.

Q11. Which.DAP endpoint attribute checks for the matching MAC address of a client machine? 

A. device 

B. process 

C. antispyware 

D. BIA 

Answer:


Q12. Which two parameters are configured within an IKEv2 proposal on an IOS router? (Choose two.) 

A. authentication 

B. encryption 

C. integrity 

D. lifetime 

Answer: B,C 


Q13. A user with IP address 10.10.10.10 is unable to access a HTTP website at IP address 

209.165.200.225 through a Cisco ASA. Which two features and commands will help troubleshoot the issue? (Choose two.) 

A. Capture user traffic using command capture capin interface inside match ip host 10.10.10.10 any 

B. After verifying that user traffic reaches the firewall using syslogs or captures, use packet tracer command packet-tracer input inside tcp 10.10.10.10 1234 209.165.200.225 80 

C. Enable logging at level 1 and check the syslogs using commands logging enable, logging buffered 1 and show logging | include 10.10.10.10 

D. Check if an access-list on the firewall is blocking the user by using command show running-config access-list | include 10.10.10.10 

E. Use packet tracer command packet-tracer input inside udp 0.10.10.10 1234192.168.1.3 161 to see what the firewall is doing with the user's traffic 

Answer: A,B 


Q14. When troubleshooting established clientless SSL VPN issues, which three steps should be taken? (Choose three.) 

A. Clear the browser history. 

B. Clear the browser and Java cache. 

C. Collect the information from the computer event log. 

D. Enable and use HTML capture tools. 

E. Gather crypto debugs on the adaptive security appliance. 

F. Use Wireshark to capture network traffic. 

Answer: B,E,F 


Q15. Which hash algorithm is required to protect classified information? 

A. MD5 

B. SHA-1 

C. SHA-256 

D. SHA-384 

Answer:


Q16. In FlexVPN, what command can an administrator use to create a virtual template interface that can be configured and applied dynamically to create virtual access interfaces? 

A. interface virtual-template number type template 

B. interface virtual-template number type tunnel 

C. interface template number type virtual 

D. interface tunnel-template number 

Answer:

Explanation: 

Here is a reference an explanation that can be included with this test. http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/15-2mt/sec-flex-spoke.html#GUID-4A10927D-4C6A-4202-B01C-DA7E462F5D8A 

Configuring the Virtual Tunnel Interface on FlexVPN Spoke 

SUMMARY STEPS 

1. enable 

2. configure terminal 

3. interface virtual-template number type tunnel 

4. ip unnumbered tunnel number 

5. ip nhrp network-id number 

6. ip nhrp shortcut virtual-template-number 

7. ip nhrp redirect [timeout seconds] 

8. exit 


Q17. Which adaptive security appliance command can be used to see a generic framework of the requirements for configuring a VPN tunnel between an adaptive security appliance and 

a Cisco IOS router at a remote office? 

A. vpnsetup site-to-site steps 

B. show running-config crypto 

C. show vpn-sessiondb l2l 

D. vpnsetup ssl-remote-access steps 

Answer:


Q18. Refer to the exhibit. 

After the configuration is performed, which combination of devices can connect? 

A. a device with an identity type of IPv4 address of 209.165.200.225 or 209.165.202.155 or a certificate with subject name of "cisco.com" 

B. a device with an identity type of IPv4 address of both 209.165.200.225 and 209.165.202.155 or a certificate with subject name containing "cisco.com" 

C. a device with an identity type of IPv4 address of both 209.165.200.225 and 209.165.202.155 and a certificate with subject name containing "cisco.com" 

D. a device with an identity type of IPv4 address of 209.165.200.225 or 209.165.202.155 or a certificate with subject name containing "cisco.com" 

Answer:


Q19. In which situation would you enable the Smart Tunnel option with clientless SSL VPN? 

A. when a user is using an outdated version of a web browser 

B. when an application is failing in the rewrite process 

C. when IPsec should be used over SSL VPN 

D. when a user has a nonsupported Java version installed 

E. when cookies are disabled 

Answer:


Q20. Refer to the exhibit. 

An administrator is adding IPv6 addressing to an already functioning tunnel. The administrator is unable to ping 2001:DB8:100::2 but can ping 209.165.200.226. Which configuration needs to be added or changed? 

A. No configuration change is necessary. Everything is working correctly. 

B. OSPFv3 needs to be configured on the interface. 

C. NHRP needs to be configured to provide NBMA mapping. 

D. Tunnel mode needs to be changed to GRE IPv4. 

E. Tunnel mode needs to be changed to GRE IPv6. 

Answer: