300-209 Exam Details
-
Exam Code
:300-209 -
Exam Name
:Implementing Cisco Secure Mobility Solutions -
Certification
:Cisco Certifications -
Vendor
:Cisco -
Total Questions
:450 Q&As -
Last Updated
:Dec 15, 2021
Cisco 300-209 Online Questions & Answers
-
Question 221:
Dynamic access policies can support several posture assessment methods to collect endpoint security attributes. From which operating system does an endpoint collect information?
A. CISCO NAC
B. Advanced Endpoint Assessment
C. Host Scan
D. CISCO Secure Desktop -
Question 222:
Which algorithm provides both encryption and authentication for plane communication?
A. RC4
B. SHA-384
C. AES-256
D. SHA-96
E. 3DES
F. AES-GCM -
Question 223:
When an IPsec SVTI is configured, which technology processes traffic forwarding for encryption?
A. ACL
B. IP routing
C. RRI
D. front door VPN routing and forwarding -
Question 224:
A user with IP address 10.10.10.10 is unable to access a HTTP website at IP address 209.165.200.225 through a Cisco ASA. Which two features and commands will help troubleshoot the issue? (Choose two.)
A. Capture user traffic using command capture capin interface inside match ip host 10.10.10.10 any
B. After verifying that user traffic reaches the firewall using syslogs or captures, use packet tracer command packet-tracer input inside tcp 10.10.10.10 1234 209.165.200.225 80
C. Enable logging at level 1 and check the syslogs using commands logging enable, logging buffered 1 and show logging | include 10.10.10.10
D. Check if an access-list on the firewall is blocking the user by using command show running-config access-list | include 10.10.10.10
E. Use packet tracer command packet-tracer input inside udp 0.10.10.10 1234192.168.1.3 161 to see what the firewall is doing with the user's traffic -
Question 225:
Which adaptive security appliance command can be used to see a generic framework of the requirements for configuring a VPN tunnel between an adaptive security appliance and a Cisco IOS router at a remote office?
A. vpnsetup site-to-site steps
B. show running-config crypto
C. show vpn-sessiondb l2l
D. vpnsetup ssl-remote-access steps -
Question 226:
You are troubleshooting a site-to-site VPN issue where the tunnel is not establishing. After issuing the debug crypto isakmp command on the headend router, you see the following output.
What does this output suggest?
1d00h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 1d00h: ISAKMP (0:1); no offers accepted!
1d00h: ISAKMP (0:1): SA not acceptable!
1d00h: %CRYPTO-6-IKMP_MODE_FAILURE.
Processing of Main Mode failed with peer at 10.10.10.10
A. Phase 1 policy does not match on both sides.
B. The transform set does not match on both sides.
C. ISAKMP is not enabled on the remote peer.
D. There is a mismatch in the ACL that identifies interesting traffic. -
Question 227:
Which two parameters are configured within an IKEv2 proposal on an IOS router? (Choose two.)
A. authentication
B. encryption
C. integrity
D. lifetime -
Question 228:
Which option is a benefit of DTLS as compared to TLS?
A. increases performance
B. controls packet order
C. controls packet loss
D. increases reliability -
Question 229:
An engineer wants to ensure that Diffie-Helman keys are re-generated upon a pahse-2 rekey. What option can be configured to allow this?
A. Aggressive mode
B. Dead-peer detection
C. Main mode
D. Perfect-forward secrecy -
Question 230:
DRAG DROP
Drag and drop the cryptographic algorithms for IPsec from the left onto the correct cryptographic processes on the right.
Select and Place:
Related Exams:
-
300-745
Designing Cisco Security Infrastructure (300-745 SDSI) v1.0 -
350-101
Implementing and Operating Cisco Wireless Core Technologies (350-101 WLCOR)v1.0 -
352-011
Cisco Certified Design Expert Practical -
500-052
Cisco Unified Contact Center Express -
500-173
Designing the FlexPod Solution (FPDESIGN) -
500-201
Deploying Cisco Service Provider Mobile Backhaul Solutions -
500-210
SP Optical Technology Field Engineer Representative -
500-220
Engineering Cisco Meraki Solutions (ECMS) v2.2 -
500-230
Cisco Service Provider Routing Field Engineer -
500-240
Cisco Mobile Backhaul for Field Engineers
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-209 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.