300-209 - Implementing Cisco Secure Mobility Solutions (SIMOS)
Go back to Cisco
How many questions are there on the 300-209 exam?
There are 65-75 questions on the 300-209 exam to be completed in 90 minutes .
How long is the 300-209 exam?
The 300-209 exam is 90 minutes to complete 65-75 questions.
How much does the 300-209 exam cost?
The 300-209 exam is $300. The exam provider is Pearson Vue and you can register for the exam on their website.
What is the best way to study for the 300-209 exam?
The best way to study for the 300-209 exam is to practice at Exam.com.
Which NGE IKE Diffie-Hellman group identifier has the strongest cryptographic properties?
Which Cisco ASDM option configures forwarding syslog messages to email?
Configuration > Device Management > Logging > E-Mail Setup
Which two troubleshooting steps should be taken when Cisco AnyConnect cannot establish an IKEv2 connection, while SSL works fine? (Choose two.)
Verify that the primary protocol on the client machine is set to IPsec.
Verify that the IKEv2 protocol is enabled on the group policy.
A company has decided to migrate an existing IKEv1 VPN tunnel to IKEv2. Which two are valid configuration constructs on a Cisco IOS router? (Choose two.)
crypto ikev2 keyring keyring-name peer peer1 address 188.8.131.52 255.255.255.255 pre-shared-key local key1 pre-shared-key remote key2
crypto ikev2 profile profile-name match identity remote address 184.108.40.206 authentication local pre-share authentication remote pre-share
A user with IP address 10.10.10.10 is unable to access a HTTP website at IP address 220.127.116.11 through a Cisco ASA. Which two features and commands will help troubleshoot the issue? (Choose two.)
Capture user traffic using command capture capin interface inside match ip host 10.10.10.10 any
After verifying that user traffic reaches the firewall using syslogs or captures, use packet tracer command packet-tracer input inside tcp 10.10.10.10 1234 18.104.22.168 80
Which two are characteristics of GETVPN? (Choose two.)
The IP header of the encrypted packet is preserved
The same key encryption and traffic encryption keys are distributed to all Group Members
What are two forms of SSL VPN? (Choose two.)
Full Tunnel Mode
Which Cisco IPS signature parameter cannot be edited using IDM?
signature engine type
What does NHRP stand for?
Next Hop Resolution Protocol
Which command clears all crypto configuration from a Cisco Adaptive Security Appliance?
clear configure crypto
In FlexVPN, what command can an administrator use to create a virtual template interface that can be configured and applied dynamically to create virtual access interfaces?
interface virtual-template number type tunnel
You are troubleshooting a site-to-site VPN issue where the tunnel is not establishing. After issuing the debug crypto isakmp command on the headend router, you see the following output. What does this output suggest? 1d00h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 1d00h: ISAKMP (0:1); no offers accepted! 1d00h: ISAKMP (0:1): SA not acceptable! 1d00h: %CRYPTO-6-IKMP_MODE_FAILURE. Processing of Main Mode failed with peer at 10.10.10.10
Phase 1 policy does not match on both sides.
Which Cisco adaptive security appliance command can be used to view the count of all active VPN sessions?
show vpn-sessiondb summary
Which cryptographic algorithms are approved to protect Top Secret information?
Which encryption and authentication algorithms does Cisco recommend when deploying a Cisco NGE supported VPN solution?
AES-GCM and SHA-2
Which two statements are true regarding the Cisco IPS appliance traffic normalizer? (Choose two.)
It only operates in inline mode.
It can help prevent false negatives that are caused by evasions.
Which technology is FlexVPN based on?
In the Cisco ASDM interface, where do you enable the DTLS protocol setting?
Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit
Which command configures IKEv2 symmetric identity authentication?
authentication remote rsa-sig
Which application does the Application Access feature of Clientless VPN support?
With Cisco ASA active/standby failover, what is needed to enable subsecond failover?
Decrease the default unit failover polltime to 300 msec and the unit failover holdtime to 900 msec.
Which of the following could be used to configure remote access VPN Host-scan and pre-login policies?
Which command enables IOS SSL VPN Smart Tunnel support for PuTTY?
appl ssh putty.exe windows
In Cisco IDM, the Configuration > Sensor Setup > SSH > Known Host Keys screen is used for what purpose?
to enable communications with a blocking device
Which Cisco ASDM option configures WebVPN access on a Cisco ASA?
Configuration > Remote Access VPN > Clientless SSL VPN Access
Which cryptographic algorithms are a part of the Cisco NGE suite?
Which option describes the purpose of the shared argument in the DMVPN interface command tunnel protection IPsec profile ProfileName shared?
shares a single profile between multiple tunnel interfaces
Which command will prevent a group policy from inheriting a filter ACL in a clientless SSL VPN?
filter value none
Which technology can rate-limit the number of tunnels on a DMVPN hub when system utilization is above a specified percentage?
Which technology supports tunnel interfaces while remaining compatible with legacy VPN implementations?
Which is used by GETVPN, FlexVPN and DMVPN?
Which statement is true when implementing a router with a dynamic public IP address in a crypto map based site-to-site VPN?
The tunnel establishment will fail if the router is configured as a responder only.
Which technology must be installed on the client computer to enable users to launch applications from a Clientless SSL VPN?
Which two GDOI encryption keys are used within a GET VPN network? (Choose two.)
key encryption key
traffic encryption key
Which two cryptographic technologies are recommended for use with FlexVPN? (Choose two.)
SHA (HMAC variant)
Refute users want to access internal servers behind an ASA using Microsoft terminal services. Which option outlines the steps required to allow users access via the ASA clientless VPN portal?
1. Upload an RDP plugin to the ASA 2. Configure a bookmark of the type rdp:// server-IP 3. Assign the bookmark list to the desired group policy
When Cisco ASA applies VPN permissions, what is the first set of attributes that it applies?
dynamic access policy attributes
Which access rule is disabled automatically after the global access list has been defined and applied?
the implicit interface access rule that permits all IP traffic from high security level to low security level interfaces
Which command specifies the path to the Host Scan package in an ASA AnyConnect VPN?
csd hostscan image path
What is the default storage location of user-level bookmarks in an IOS clientless SSL VPN?
Numerous attacks using duplicate packets, changed packets, or out-of-order packets are able to successfully evade and pass through the Cisco IPS appliance when it is operating in inline mode. What could be causing this problem?
The normalizer is set to asymmetric mode.
An internet-based VPN solution is being considered to replace an existing private WAN connecting remote offices. A multimedia application is used that relies on multicast for communication. Which two VPN solutions meet the application's network requirement? (Choose two.)
Which statement describes a prerequisite for single-sign-on Netegrity Cookie Support in an IOC SSL VPN?
A Cisco plug-in must be installed on a SiteMinder server.
On Cisco ASA Software Version 8.4.1 and later, which three EtherChannel modes are supported? (Choose three.)
active mode, which initiates LACP negotiation
passive mode, which responds to LACP negotiation from the peer
on mode, which enables static port-channel mode
By default, which access rule is applied inbound to the inside interface?
All IP traffic sourced from any source to any less secure network destinations is permitted.
Which algorithm is replaced by elliptic curve cryptography in Cisco NGE?
In the Diffie-Hellman protocol, which type of key is the shared secret?
a symmetric key
Which IKEv2 feature minimizes the configuration of a FlexVPN on Cisco IOS devices?
IKEv2 Smart Defaults
Which command simplifies the task of converting an SSL VPN to an IKEv2 VPN on a Cisco ASA appliance that has an invalid IKEv2 configuration?
migrate remote-access ssl overwrite
Which two types of authentication are supported when you use Cisco ASDM to configure site-to- site IKEv2 with IPv6? (Choose two.)