we provide High value Cisco 300-209 exam guide which are the best for clearing 300-209 test, and to get certified by Cisco Implementing Cisco Secure Mobility Solutions (SIMOS). The 300-209 Questions & Answers covers all the knowledge points of the real 300-209 exam. Crack your Cisco 300-209 Exam with latest dumps, guaranteed!
Q51. What are three benefits of deploying a GET VPN? (Choose three.)
A. It provides highly scalable point-to-point topologies.
B. It allows replication of packets after encryption.
C. It is suited for enterprises running over a DMVPN network.
D. It preserves original source and destination IP address information.
E. It simplifies encryption management through use of group keying.
F. It supports non-IP protocols.
Q52. In FlexVPN, what is the role of a NHRP resolution request?
A. It allows these entities to directly communicate without requiring traffic to use an intermediate hop
B. It dynamically assigns VPN users to a group
C. It blocks these entities from to directly communicating with each other
D. It makes sure that each VPN spoke directly communicates with the hub
Q53. Refer to the exhibit.
You have implemented an SSL VPN as shown. Which type of communication takes place between the secure gateway R1 and the Cisco Secure ACS?
A. HTTP proxy
D. port forwarding
Your organization has just implemented a Cisco AnyConnect SSL VPN solution. Using Cisco ASDM, answer the questions regarding the implementation.
Note: Not all screens or option selections are active for this exercise.
Which address range will be assigned to the AnyConnect users?
First Navigate to the Configuration -> Remote Access VPN tab and then choose the “AnyConnect Connection Profile as shown below:
Then, clicking on the AnyConnect Profile at the bottom will bring you to the edit page shown below:
From here, click the Select button on the “VPN_Address_Pool” and you will see the following pools defined:
Here we see that the VPN_Address_Pool contains the IP address range of 10.10.15.20-10.10.15.30/24.
Q55. Which transform set is contained in the IKEv2 default proposal?
A. aes-cbc-192, sha256, group 14
B. 3des, md5, group 7
C. 3des, sha1, group 1
D. aes-cbc-128, sha, group 5
Q56. Which algorithm is replaced by elliptic curve cryptography in Cisco NGE?
Q57. Which three configurations are prerequisites for stateful failover for IPsec? (Choose three.)
A. Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically.
B. Only crypto map configuration that is set up on the active device must be duplicated on the standby device.
C. The IPsec configuration that is set up on the active device must be duplicated on the standby device.
D. The active and standby devices can run different versions of the Cisco IOS software but need to be the same type of device.
E. The active and standby devices must run the same version of the Cisco IOS software and should be the same type of device.
F. Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically.
G. The IKE configuration that is set up on the active device must be duplicated on the standby device.
Q58. Which three types of web resources or protocols are enabled by default on the Cisco ASA Clientless SSL VPN portal? (Choose three.)
F. ICA (Citrix)
Q59. Which three configurations are required for both IPsec VTI and crypto map-based VPNs? (Choose three.)
A. transform set
B. ISAKMP policy
C. ACL that defines traffic to encrypt
D. dynamic routing protocol
E. tunnel interface
F. IPsec profile
G. PSK or PKI trustpoint with certificate
Q60. Refer to the exhibit.
Which type of VPN is being configured, based on the partial configuration snippet?
A. DMVPN with dual hub
B. GET VPN with dual group member
C. FlexVPN backup gateway
D. GET VPN with COOP key server
E. FlexVPN load balancer