300-209 Premium Bundle

300-209 Premium Bundle

Implementing Cisco Secure Mobility Solutions (SIMOS) Certification Exam

4.5 
(3090 ratings)
0 QuestionsPractice Tests
0 PDFPrint version
November 21, 2024Last update

Introducing The New!

Surepassexam Collection

Get Unlimited Access to all
Surepassexam's PREMIUM files

DOWNLOAD NOW
Download Quality. Itexamlabs.com Certified
  1. Home
  2. Cisco
  3. 300-209 Exam

Cisco 300-209 Free Practice Questions

Q1. Refer to the exhibit. 

Which VPN solution does this configuration represent? 

A. Cisco AnyConnect (IKEv2) 

B. site-to-site 

C. DMVPN 

D. SSL VPN 

Answer:

Q2. What are three benefits of deploying a GET VPN? (Choose three.) 

A. It provides highly scalable point-to-point topologies. 

B. It allows replication of packets after encryption. 

C. It is suited for enterprises running over a DMVPN network. 

D. It preserves original source and destination IP address information. 

E. It simplifies encryption management through use of group keying. 

F. It supports non-IP protocols. 

Answer: B,D,E 

Q3. Which configuration construct must be used in a FlexVPN tunnel? 

A. multipoint GRE tunnel interface 

B. IKEv1 policy 

C. IKEv2 profile 

D. EAP configuration 

Answer:

Q4. Refer to the exhibit. 

After the configuration is performed, which combination of devices can connect? 

A. a device with an identity type of IPv4 address of 209.165.200.225 or 209.165.202.155 or a certificate with subject name of "cisco.com" 

B. a device with an identity type of IPv4 address of both 209.165.200.225 and 209.165.202.155 or a certificate with subject name containing "cisco.com" 

C. a device with an identity type of IPv4 address of both 209.165.200.225 and 209.165.202.155 and a certificate with subject name containing "cisco.com" 

D. a device with an identity type of IPv4 address of 209.165.200.225 or 209.165.202.155 or a certificate with subject name containing "cisco.com" 

Answer:

Q5. Which cryptographic algorithms are approved to protect Top Secret information? 

A. HIPPA DES 

B. AES-128 

C. RC4-128 

D. AES-256 

Answer:

Q6. You are troubleshooting a site-to-site VPN issue where the tunnel is not establishing. After issuing the debug crypto ipsec command on the headend router, you see the following output. What does this output suggest? 

1d00h: IPSec (validate_proposal): transform proposal 

(port 3, trans 2, hmac_alg 2) not supported 

1d00h: ISAKMP (0:2) : atts not acceptable. Next payload is 0 

1d00h: ISAKMP (0:2) SA not acceptable 

A. Phase 1 policy does not match on both sides. 

B. The Phase 2 transform set does not match on both sides. 

C. ISAKMP is not enabled on the remote peer. 

D. The crypto map is not applied on the remote peer. 

E. The Phase 1 transform set does not match on both sides. 

Answer:

Q7. Which command can you use to monitor the phase 1 establishment of a FlexVPN tunnel? 

A. show crypto ipsec sa 

B. show crypto isakmp sa 

C. show crypto ikev2 sa 

D. show ip nhrp 

Answer:

Q8. Which algorithm is replaced by elliptic curve cryptography in Cisco NGE? 

A. 3DES 

B. AES 

C. DES 

D. RSA 

Answer:

Q9. Which hash algorithm is required to protect classified information? 

A. MD5 

B. SHA-1 

C. SHA-256 

D. SHA-384 

Answer:

Q10. Which feature do you include in a highly available system to account for potential site failures? 

A. geographical separation of redundant devices 

B. hot/standby failover pairs 

C. Cisco ACE load-balancing with VIP 

D. dual power supplies 

Answer:

Q11. Which option describes the purpose of the command show derived-config interface virtual-access 1? 

A. It verifies that the virtual access interface is cloned correctly with per-user attributes. 

B. It verifies that the virtual template created the tunnel interface. 

C. It verifies that the virtual access interface is of type Ethernet. 

D. It verifies that the virtual access interface is used to create the tunnel interface. 

Answer:

Q12. Refer to the exhibit. 

Which two statements about the given configuration are true? (Choose two.) 

A. Defined PSK can be used by any IPSec peer. 

B. Any router defined in group 2 will be allowed to connect. 

C. It can be used in a DMVPN deployment 

D. It is a LAN-to-LAN VPN ISAKMP policy. 

E. It is an AnyConnect ISAKMP policy. 

F. PSK will not work as configured 

Answer: A,C 

Q13. Which statement regarding GET VPN is true? 

A. TEK rekeys can be load-balanced between two key servers operating in COOP. 

B. When you implement GET VPN with VRFs, all VRFs must be defined in the GDOI group configuration on the key server. 

C. Group members must acknowledge all KEK and TEK rekeys, regardless of configuration. 

D. The configuration that defines which traffic to encrypt is present only on the key server. 

E. The pseudotime that is used for replay checking is synchronized via NTP. 

Answer:

Q14. A network administrator is configuring AES encryption for the ISAKMP policy on an IOS router. Which two configurations are valid? (Choose two.) 

A. crypto isakmp policy 10 

encryption aes 254 

B. crypto isakmp policy 10 

encryption aes 192 

C. crypto isakmp policy 10 

encryption aes 256 

D. crypto isakmp policy 10 

encryption aes 196 

E. crypto isakmp policy 10 

encryption aes 199 

F. crypto isakmp policy 10 

encryption aes 64 

Answer: B,C 

Q15. Which technology must be installed on the client computer to enable users to launch applications from a Clientless SSL VPN? 

A. Java 

B. QuickTime plug-in 

C. Silverlight 

D. Flash 

Answer:

START 300-209 EXAM
© All pages Copyright to 2024 by itexamlabs.com. All rights reserved. testpreplab.com certstest.com