prepsimulation.com

Cisco 300-209 Implementing Cisco Secure Mobility Solutions (SIMOS)

2020 Cisco Official New Released 300-209 Q&As
100% Free Download! 100% Pass Guaranteed!
https://www.certleader.com/300-209-dumps.html

certleader.com


[New Version Jan 2021] Certleader Cisco 300-209 Exam Dumps[Q121-Q127]

Q1. Which feature is enabled by the use of NHRP in a DMVPN network? A. host routing with Reverse Route Injection B. BGP multiaccess C. host to NBMA resolution D. EIGRP redistribution View AnswerAnswer: C Q2. Which VPN feature allows remote access clients to print documents to local network printers? A. Reverse Route Injection B. split tunneling C. loopback addressing D. dynamic virtua


[New Version Jan 2021] Certleader Cisco 300-209 Exam Dumps[Q109-Q120]

Q1. Which three configurations are required for both IPsec VTI and crypto map-based VPNs? (Choose three.) A. transform set B. ISAKMP policy C. ACL that defines traffic to encrypt D. dynamic routing protocol E. tunnel interface F. IPsec profile G. PSK or PKI trustpoint with certificate View AnswerAnswer: A,B,G Q2. Which Cisco firewall platform supports Cisco NGE? A. FWSM B. Cisco ASA


[New Version Jan 2021] Certleader Cisco 300-209 Exam Dumps[Q97-Q108]

Q1. Which option describes what address preservation with IPsec Tunnel Mode allows when GETVPN is used? A. stronger encryption methods B. Network Address Translation of encrypted traffic C. traffic management based on original source and destination addresses D. Tunnel Endpoint Discovery View AnswerAnswer: C Q2. Refer to the exhibit. The IKEv2 tunnel between Router1 and Router2 is failin


[New Version Jan 2021] Certleader Cisco 300-209 Exam Dumps[Q85-Q96]

Q1. What are two forms of SSL VPN? (Choose two.) A. port forwarding B. Full Tunnel Mode C. Cisco IOS WebVPN D. Cisco AnyConnect View AnswerAnswer: C,D Q2. Which two statements about the Cisco ASA Clientless SSL VPN solution are true? (Choose two.) A. When a client connects to the Cisco ASA WebVPN portal and tries to access HTTP resources through the URL bar, the client uses the local DNS


[New Version Jan 2021] Certleader Cisco 300-209 Exam Dumps[Q73-Q84]

Q1. Which two IKEv1 policy options must match on each peer when you configure an IPsec site-to-site VPN? (Choose two.) A. priority number B. hash algorithm C. encryption algorithm D. session lifetime E. PRF algorithm View AnswerAnswer: B,C Q2. If Web VPN bookmarks are grayed out on the home screen, which action should you take to begin troubleshooting? A. Determine whether the Cisco ASA


[New Version Dec 2021] Certleader Cisco 300-209 Exam Dumps[Q61-Q72]

Q1. Refer to the exhibit. Which type of VPN implementation is displayed? A. IKEv2 reconnect B. IKEv1 cluster C. IKEv2 load balancer D. IKEv1 client E. IPsec high availability F. IKEv2 backup gateway View AnswerAnswer: C Q2. Refer to the exhibit. An administrator is adding IPv6 addressing to an already functioning tunnel. The administrator is unable to ping 2001:DB8:100::2 but can ping


[New Version Dec 2021] Certleader Cisco 300-209 Exam Dumps[Q49-Q60]

Q1. Which hash algorithm is required to protect classified information? A. MD5 B. SHA-1 C. SHA-256 D. SHA-384 View AnswerAnswer: D Q2. When Cisco ASA applies VPN permissions, what is the first set of attributes that it applies? A. dynamic access policy attributes B. group policy attributes C. connection profile attributes D. user attributes View AnswerAnswer: A Q3. What are two be


[New Version Dec 2021] Certleader Cisco 300-209 Exam Dumps[Q37-Q48]

Q1. CORRECT TEXT Scenario: You are the network security manager for your organization. Your manager has received a request to allow an external user to access to your HQ and DM2 servers. You are given the following connection parameters for this task. Using ASDM on the ASA, configure the parameters below and test your configuration by accessing the Guest PC. Not all AS DM screens are active fo


[New Version Nov 2021] Certleader Cisco 300-209 Exam Dumps[Q25-Q36]

Q1. When a tunnel is initiated by the headquarter ASA, which one of the following Diffie-Hellman groups is selected by the headquarter ASA during CREATE_CHILD_SA exchange? A. 1 B. 2 C. 5 D. 14 E. 19 View AnswerAnswer: C Explanation: Traffic initiated by the HQ ASA is assigned to the static outside crypto map, which shown below to use DH group 5. Q2. Refer to the exhibit. An IPsec peer


[New Version Oct 2021] Certleader Cisco 300-209 Exam Dumps[Q13-Q24]

Q1. Which NGE IKE Diffie-Hellman group identifier has the strongest cryptographic properties? A. group 10 B. group 24 C. group 5 D. group 20 View AnswerAnswer: D Q2. A user is trying to connect to a Cisco IOS device using clientless SSL VPN and cannot establish the connection. Which three commands can be used for troubleshooting of the AAA subsystem? (Choose three.) A. debug aaa authenti


[New Version Sep 2021] Certleader Cisco 300-209 Exam Dumps[Q1-Q12]

Q1. A customer requires all traffic to go through a VPN. However, access to the local network is also required. Which two options can enable this configuration? (Choose two.) A. split exclude B. use of an XML profile C. full tunnel by default D. split tunnel E. split include View AnswerAnswer: A,B Q2. Which Cisco ASDM option configures WebVPN access on a Cisco ASA? A. Configuration >


[New Version Aug 2021] Certleader Cisco 300-209 Exam Dumps[Q97-Q108]

Q1. Which technology supports tunnel interfaces while remaining compatible with legacy VPN implementations? A. FlexVPN B. DMVPN C. GET VPN D. SSL VPN View AnswerAnswer: A Q2. Scenario: You are the senior network security administrator for your organization. Recently and junior engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA and a remote branch


[New Version Aug 2021] Certleader Cisco 300-209 Exam Dumps[Q37-Q48]

Q1. Which command will prevent a group policy from inheriting a filter ACL in a clientless SSL VPN? A. vpn-filter none B. no vpn-filter C. filter value none D. filter value ACLname View AnswerAnswer: C Reference: http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/T-Z/cmdref4/v.html#pgfId-1842564 Q2. Which.DAP endpoint attribute checks for the matching MAC address of


[New Version Jul 2021] Certleader Cisco 300-209 Exam Dumps[Q25-Q36]

Q1. Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server? A. enrollment profile B. enrollment terminal C. enrollment url D. enrollment selfsigned View AnswerAnswer: A Q2. Which two statements comparing.ECC and RSA are true? (Choose two.) A. ECC can


[New Version Jul 2021] Certleader Cisco 300-209 Exam Dumps[Q73-Q84]

Q1. Which three parameters are specified in the isakmp (IKEv1) policy? (Choose three.) A. the hashing algorithm B. the authentication method C. the lifetime D. the session key E. the transform-set F. the peer View AnswerAnswer: A,B,C Q2. An administrator wishes to limit the networks reachable over the Anyconnect VPN tunnels. Which configuration on the ASA will correctly limit the networ


[New Version Jul 2021] Certleader Cisco 300-209 Exam Dumps[Q61-Q72]

Q1. A company has decided to migrate an existing IKEv1 VPN tunnel to IKEv2. Which two are valid configuration constructs on a Cisco IOS router? (Choose two.) A. crypto ikev2 keyring keyring-name peer peer1 address 209.165.201.1 255.255.255.255 pre-shared-key local key1 pre-shared-key remote key2 B. crypto ikev2 transform-set transform-set-name esp-3des esp-md5-hmac esp-aes esp-sha-hmac C


[New Version Jul 2021] Certleader Cisco 300-209 Exam Dumps[Q85-Q96]

Q1. Which three configurations are prerequisites for stateful failover for IPsec? (Choose three.) A. Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically. B. Only crypto map configuration that is set up on the active device must be duplicated on the standby device. C. The IPsec configuration tha


[New Version Jun 2021] Certleader Cisco 300-209 Exam Dumps[Q109-Q120]

Q1. Which two technologies are considered to be Suite B cryptography? (Choose two.) A. MD5 B. SHA2 C. Elliptical Curve Diffie-Hellman D. 3DES E. DES View AnswerAnswer: B,C Q2. Which three configurations are required for both IPsec VTI and crypto map-based VPNs? (Choose three.) A. transform set B. ISAKMP policy C. ACL that defines traffic to encrypt D. dynamic routing protocol E. tun


[New Version Jun 2021] Certleader Cisco 300-209 Exam Dumps[Q121-Q127]

Q1. Which option is a required element of Secure Device Provisioning communications? A. the introducer B. the certificate authority C. the requestor D. the registration authority View AnswerAnswer: A Q2. The Cisco AnyConnect client fails to connect via IKEv2 but works with SSL. The following error message is displayed: "Login Denied, unauthorized connection mechanism, contact your admini


[New Version Jun 2021] Certleader Cisco 300-209 Exam Dumps[Q13-Q24]

Q1. Which three parameters must match on all routers in a DMVPN Phase 3 cloud? (Choose three.) A. NHRP network ID B. GRE tunnel key C. NHRP authentication string D. tunnel VRF E. EIGRP process name F. EIGRP split-horizon setting View AnswerAnswer: A,B,C Q2. Which three types of web resources or protocols are enabled by default on the Cisco ASA Clientless SSL VPN portal? (Choose three.)