Exam Code: 300-209 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Implementing Cisco Secure Mobility Solutions (SIMOS)
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 300-209 Exam.

Q121. Which command clears all Cisco AnyConnect VPN sessions? 

A. vpn-sessiondb logoff anyconnect 

B. vpn-sessiondb logoff webvpn 

C. vpn-sessiondb logoff l2l 

D. clear crypto isakmp sa 


Q122. Refer to the exhibit. 

An IPsec peer is exchanging routes using IKEv2, but the routes are not installed in the RIB. Which configuration error is causing the failure? 

A. IKEv2 routing requires certificate authentication, not pre-shared keys. 

B. An invalid administrative distance value was configured. 

C. The match identity command must refer to an access list of routes. 

D. The IKEv2 authorization policy is not referenced in the IKEv2 profile. 


Q123. Which two IKEv1 policy options must match on each peer when you configure an IPsec site-to-site VPN? (Choose two.) 

A. priority number 

B. hash algorithm 

C. encryption algorithm 

D. session lifetime 

E. PRF algorithm 

Answer: B,C 

Q124. In DMVPN phase 2, which two EIGRP features need to be disabled on the hub to allow spoke-to-spoke communication? (Choose two.) 

A. autosummary 

B. split horizon 

C. metric calculation using bandwidth 

D. EIGRP address family 

E. next-hop-self 

F. default administrative distance 

Answer: B,E 

Q125. Refer to the exhibit. 

The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch might be the problem? 


B. crypto policy 

C. peer identity 

D. transform set 


Q126. When a tunnel is initiated by the headquarter ASA, which one of the following Diffie-Hellman groups is selected by the headquarter ASA during CREATE_CHILD_SA exchange? 

A. 1 

B. 2 

C. 5 

D. 14 

E. 19 



Traffic initiated by the HQ ASA is assigned to the static outside crypto map, which shown below to use DH group 5. 

Q127. Refer to the exhibit. 

The customer can establish an AnyConnect connection on the first attempt only. Subsequent attempts fail. What might be the issue? 

A. IKEv2 is blocked over the path. 

B. UserGroup must be different than the name of the connection profile. 

C. The primary protocol should be SSL. 

D. UserGroup must be the same as the name of the connection profile.