1. Home
  2. Cisco
  3. 300-209

Cisco 300-209 Online Practice Questions and Exam Preparation

300-209 Exam Details

  • Exam Code
    :300-209
  • Exam Name
    :Implementing Cisco Secure Mobility Solutions
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :450 Q&As
  • Last Updated
    :Dec 15, 2021

Cisco 300-209 Online Questions & Answers

  • Question 121:

    Scenario:

    You are the senior network security administrator for your organization. Recently and junior engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA and a remote branch office.

    You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR. verify the IPsec configuration is properly

    configured between the two sites.

    NOTE: the show running-config command cannot be used for the this exercise.

    Topology:

    In what state is the IKE security association in on the Cisco ASA?

    A. There are no security associations in place
    B. MM_ACTIVE
    C. ACTIVE(ACTIVE)
    D. QM_IDLE

  • Question 122:

    Which two parameters help to map a VPN session to a tunnel group without using the tunnel- group list? (Choose two.)

    A. group-alias
    B. certificate map
    C. use gateway command
    D. group-url
    E. AnyConnect client version

  • Question 123:

    A company needs to provide secure access to its remote workforce. The end users use public kiosk computers and a wide range of devices. They will be accessing only an internal web application. Which VPN solution satisfies these requirements?

    A. Clientless SSLVPN
    B. AnyConnect Client using SSLVPN
    C. AnyConnect Client using IKEv2
    D. FlexVPN Client
    E. Windows built-in PPTP client

  • Question 124:

    Which command clears all Cisco AnyConnect VPN sessions on a Cisco ASA?

    A. vpn-sessiondb logoff anyconnect
    B. vpn-sessiondb logoff webvpn
    C. clear crypto isakmp sa
    D. vpn-sessiondb logoff l2l

  • Question 125:

    Which statement regarding GET VPN is true?

    A. When you implement GET VPN with VRFs, all VHFs must be defined in the GDOI group configuration on the key server.
    B. T ne pseudotime that is used for replay checking is synchronized via NTP.
    C. Group members must acknowledge all KEK and TEK rekeys, regardless of configuration.
    D. TEK rekesys can be load-balanced between two key servers operating in COOP.
    E. The configuration that defines which traffic to encrypt is present only on the key server.

  • Question 126:

    You have deployed new Cisco AnyConnect start before logon modules and set the configuration to download modules before logon, but all client connections continue to use the previous version of the module. Which action must you take to correct the problem?

    A. Configure start before logon in the client profile.
    B. Configure a group policy to prompt the user to download the updated module.
    C. Define the modules for download in the client profile.
    D. Define the modules for download in the group policy.

  • Question 127:

    Which three commands are included in the command show dmvpn detail? (Choose three.)

    A. show ip nhrp nhs
    B. show dmvpn
    C. show crypto session detail
    D. show crypto ipsec sa detail
    E. show crypto sockets
    F. show ip nhrp

  • Question 128:

    What encryption algorithm does Cisco recommend that you avoid?

    A. HMAC-SHA1
    B. HMAC-MD5
    C. AES-CBS
    D. DES

  • Question 129:

    Which Cisco ASDM option configures WebVPN access on a Cisco ASA?

    A. Configuration > WebVPN > WebVPN Access
    B. Configuration > Remote Access VPN > Clientless SSL VPN Access
    C. Configuration > WebVPN > WebVPN Config
    D. Configuration > VPN > WebVPN Access

  • Question 130:

    You must implement DMVPN Phase 3 by using EIGRP as the dynamic routing protocol for the tunnel overlay. Which action do you take to allow EIGRP to advertise all routes between the hub and all the spokes?

    A. Summarize routes from the hub to the spokes.
    B. Disable split-horizon for EIGRP on the hub.
    C. Configure the hub to set itself as the next hop when advertising networks to the spoke.
    D. Add a distribute list to permit the spoke subnets and deny all other networks.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-209 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.