300-209 Exam Details
-
Exam Code
:300-209 -
Exam Name
:Implementing Cisco Secure Mobility Solutions -
Certification
:Cisco Certifications -
Vendor
:Cisco -
Total Questions
:450 Q&As -
Last Updated
:Dec 15, 2021
Cisco 300-209 Online Questions & Answers
-
Question 301:
While attempting to establish a site-to-site VPN, the engineer notices that phase 1 of the VPN tunnel fails. The engineer wants to run a capture to confirm that the outside interface is receiving phase 1 information from the third-party peer address. Which command must be run on the ASA to verify this information?
A. Capture capin interface outside match udp any eq 500 any eq 500
B. Capture capin interface outside match gre any any
C. Capture capin interface outside macth upto any eq123 any eq 123
D. Capture capin interface outside match ipsec any any
E. Capture capin interface outside match ah any any -
Question 302:
A Cisco router may have a fan issue that could increase its temperature and trigger a failure. What troubleshooting steps would verify the issue without causing additional risks?
A. Configure logging using commands "logging on", "logging buffered 4", and check for fan failure logs using "show logging"
B. Configure logging using commands "logging on", "logging buffered 6", and check for fan failure logs using "show logging"
C. Configure logging using commands "logging on", "logging discriminator msglog1 console 7", and check for fan failure logs using "show logging"
D. Configure logging using commands "logging host 10.11.10.11", "logging trap 2", and check for fan failure logs at the syslog server 10.11.10.11 -
Question 303:
Which two are features of GETVPN but not DMVPN and FlexVPN? (Choose two.)
A. sequence numbers that enable scalable replay checking CD protocol
B. no requirement for an overlay routing protocol.
C. design for use over public or private.
D. WAN enabled use of ESP or AH.
E. one IPsec SA for all encrypted traffic. -
Question 304:
A user is unable to establish an AnyConnect VPN connection to an ASA. When using the Real- Time Log viewer within ASDM to troubleshoot the issue, which two filter options would the administrator choose to show only syslog messages relevant to the VPN connection? (Choose two.)
A. Client's public IP address
B. Client's operating system
C. Client's default gateway IP address
D. Client's username
E. ASA's public IP address -
Question 305:
Which Cisco ASA configuration is used to configure the TCP intercept feature?
A. a TCP map
B. an access list
C. the established command
D. the set connection command with the embryonic-conn-max option
E. a type inspect policy map -
Question 306:
When a tunnel is initiated by the headquarter ASA, which one of the following Diffie- Hellman groups is selected by the headquarter ASA during CREATE_CHILD_SA exchange?
A. 1
B. 2
C. 5
D. 14
E. 19 -
Question 307:
Refer to the exhibit. For the ABC Corporation, members of the NOC need the ability to select tunnel groups from a drop-down menu on the Cisco WebVPN login page.
As the Cisco ASA administrator, how would you accomplish this task?
A. Define a special identity certificate with multiple groups, which are defined in the certificate OU field, that will grant the certificate holder access to the named groups on the login page.
B. Under Group Policies, define a default group that encompasses the required individual groups that will appear on the login page.
C. Under Connection Profiles, define a NOC profile that encompasses the required individual profiles that will appear on the login page.
D. Under Connection Profiles, enable "Allow user to select connection profile." -
Question 308:
When troubleshooting established clientless SSL VPN issues, which three steps should be taken? (Choose three.)
A. Clear the browser history.
B. Clear the browser and Java cache.
C. Collect the information from the computer event log.
D. Enable and use HTML capture tools.
E. Gather crypto debugs on the adaptive security appliance.
F. Use Wireshark to capture network traffic. -
Question 309:
Which three actions can be applied to a traffic class within a type inspect policy map? (Choose three.)
A. drop
B. priority
C. log
D. pass
E. inspect
F. reset -
Question 310:
Witch option is an advantage of using elliptic curve cryptography?
A. Efficiency of operation
B. Ease of implementation
C. symmetrical key exchange
D. resistance to quantum attacks.
Related Exams:
-
300-745
Designing Cisco Security Infrastructure (300-745 SDSI) v1.0 -
350-101
Implementing and Operating Cisco Wireless Core Technologies (350-101 WLCOR)v1.0 -
352-011
Cisco Certified Design Expert Practical -
500-052
Cisco Unified Contact Center Express -
500-173
Designing the FlexPod Solution (FPDESIGN) -
500-201
Deploying Cisco Service Provider Mobile Backhaul Solutions -
500-210
SP Optical Technology Field Engineer Representative -
500-220
Engineering Cisco Meraki Solutions (ECMS) v2.2 -
500-230
Cisco Service Provider Routing Field Engineer -
500-240
Cisco Mobile Backhaul for Field Engineers
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-209 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.