1. Home
  2. Cisco
  3. 300-209

Cisco 300-209 Online Practice Questions and Exam Preparation

300-209 Exam Details

  • Exam Code
    :300-209
  • Exam Name
    :Implementing Cisco Secure Mobility Solutions
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :450 Q&As
  • Last Updated
    :Dec 15, 2021

Cisco 300-209 Online Questions & Answers

  • Question 271:

    An engineer is configuring IPsec VPN and wants to choose an authentication protocol that is reliable and supports ACK and sequence. Which protocol accomplishes this goal?

    A. IKEv1
    B. AES-192
    C. ESP
    D. AES-256

  • Question 272:

    An internet-based VPN solution is being considered to replace anexisting private WAN connectingremote offices. A multimedia application is used that relies on multicast for communication. Which two VPN solutions meet the application's network requirement? (Choose two.)

    A. FlexVPN
    B. DMVPN
    C. Group Encrypted Transport VPN
    D. Crypto-map based Site-to-Site IPsec VPNs
    E. AnyConnect VPN

  • Question 273:

    Which option describes traffic that will initiate a VPN connection?

    A. trusted
    B. external
    C. internal
    D. interesting

  • Question 274:

    A temporary worker must use clientless SSL VPN with an SSH plug-in, in order to access the console of an internal corporate server, the projects.xyz.com server. For security reasons, the network security auditor insists that the temporary

    user is restricted to the one internal corporate server, 10.0.4.18.

    You are the network engineer who is responsible for the network access of the temporary user.

    What should you do to restrict SSH access to the one projects.xyz.com server?

    A. Configure access-list temp_user_acl extended permit TCP any host 10.0.4.18 eq 22.
    B. Configure access-list temp_user_acl standard permit host 10.0.4.18 eq 22.
    C. Configure access-list temp_acl webtype permit url ssh://10.0.4.18.
    D. Configure a plug-in SSH bookmark for host 10.0.4.18, and disable network browsing on the clientless SSL VPN portal of the temporary worker.

  • Question 275:

    You are designing a remote VPN solution that will use the Cisco AnyConnect client. By default, which type of traffic should you enable on the perimeter firewall to allow users to initiate sessions from the LAN to an external Cisco ASA?

    A. TCP port 8443 in DTLS mode
    B. UDP port 848 in DTLS mode
    C. TCP port 443 in TLS mode
    D. UDP ports 500 and 4500

  • Question 276:

    When you are configuring a hub-and-spoke DMVPN network, which tunnel mode should you use for the spoke router configuration?

    A. GRE multipoint
    B. Classis point-to-point GRE
    C. IPsec multipoint
    D. Nonbroadcast multiaccess

  • Question 277:

    You are troubleshooting a site-to-site VPN issue where the tunnel is not establishing. After issuing the debug crypto ipsec command on the headend router, you see the following output. What does this output suggest?

    1d00h: IPSec (validate_proposal): transform proposal (port 3, trans 2, hmac_alg 2) not supported 1d00h: ISAKMP (0:2) : atts not acceptable. Next payload is 0 1d00h: ISAKMP (0:2) SA not acceptable

    A. Phase 1 policy does not match on both sides.
    B. The Phase 2 transform set does not match on both sides.
    C. ISAKMP is not enabled on the remote peer.
    D. The crypto map is not applied on the remote peer.
    E. The Phase 1 transform set does not match on both sides.

  • Question 278:

    Which command can be used to troubleshoot an IPv6 FlexVPN spoke-to-hub connectivity failure?

    A. show crypto lkev2 client flexvpn
    B. show crypto identity
    C. show crypto isakmp sa
    D. show crypto gkm

  • Question 279:

    By default, how does a Cisco ASA appliance process IP fragments?

    A. Each fragment passes through the Cisco ASA appliance without any inspections.
    B. Each fragment is blocked by the Cisco ASA appliance.
    C. The Cisco ASA appliance verifies each fragment and performs virtual IP re-assembly before the full IP packet is forwarded out.
    D. The Cisco ASA appliance forwards the packet out as soon as all of the fragments of the packet have been received.

  • Question 280:

    Which Cisco IOS VPN feature simplifies IPsec VPN configuration and design by using on- demand virtual access interfaces that are cloned from a virtual template configuration?

    A. GET VPN
    B. dynamic VTI
    C. static VTI
    D. GRE tunnels
    E. GRE over IPsec tunnels
    F. DMVPN

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-209 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.