300-209 Exam Details
-
Exam Code
:300-209 -
Exam Name
:Implementing Cisco Secure Mobility Solutions -
Certification
:Cisco Certifications -
Vendor
:Cisco -
Total Questions
:450 Q&As -
Last Updated
:Dec 15, 2021
Cisco 300-209 Online Questions & Answers
-
Question 321:
Scenario
Your organization has just implemented a Cisco AnyConnect SSL VPN solution. Using Cisco ASDM, answer the questions regarding the implementation. Note: Not all screens or option selections are active for this exercise.
Topology
Default_Home
Which two networks will be included in the secured VPN tunnel? (Choose two.)
A. Check the explanation -
Question 322:
Which NGE IKE Diffie-Hellman group identifier has the strongest cryptographic properties?
A. group 10
B. group 24
C. group 5
D. group 20 -
Question 323:
Which four activities does the Key Server perform in a GETVPN deployment? (Choose four.)
A. authenticates group members
B. manages security policy
C. creates group keys
D. distributes policy/keys
E. encrypts endpoint traffic
F. receives policy/keys
G. defines group members -
Question 324:
Which feature is a benefit of Dynamic Multipoint VPN?
A. geographic filtering of spoke devices
B. translation PAT
C. rotating wildcard preshared keys
D. dynamic spoke-to spoke tunnel establishment -
Question 325:
Which way to send OSPF routing updates over a site-to-site IPsec tunnel is true?
A. Set the network type for the inside interface to nonbroadcast mode, and add the remote end as an OSPF neighbor.
B. Set the network type for the outside interface to broadcast mode, and add the headend device as an OSPF neighbor.
C. Set the network type for the DMZ interface to nonbroadcast mode, add the headend as an OSPF neighbor.
D. Set the network type for the outside interface to nonbroadcast mode, and add the remote end as an OSPF neighbor. -
Question 326:
After completing a site-to-site VPN setup between two routers, application performance over the tunnel is slow. You issue the show crypto ipsec sa command and see the following output. What does this output suggest?
interfacE. Tunnel100 Crypto map tag: Tunnel100-head-0, local addr 10.10.10.10 protected vrF. (none) local ident (addr/mask/prot/port): (10.10.10.10/255.255.255.255/47/0) remote ident (addr/mask/prot/port): (10.20.20.20/255.255.255.255/47/0) current_peer 209.165.200.230 port 500 PERMIT, flags={origin_is_acl,} #pkts encaps: 34836, #pkts encrypt: 34836, #pkts digest: 34836 #pkts decaps: 26922, #pkts decrypt: 19211, #pkts verify: 19211 #pkts compresseD. 0, #pkts decompresseD. 0 #pkts not compresseD. 0, #pkts compr. faileD. 0 #pkts not decompresseD. 0, #pkts decompress faileD. 0 #send errors 0, #recv errors 0
A. The VPN has established and is functioning normally.
B. There is an asymmetric routing issue.
C. The remote peer is not receiving encrypted traffic.
D. The remote peer is not able to decrypt traffic.
E. Packet corruption is occurring on the path between the two peers. -
Question 327:
With Cisco ASA active/standby failover, by default, how many monitored interface failures will cause failover to occur?
A. 1
B. 2
C. 3
D. 4
E. 5 -
Question 328:
Drag and Drop Question
Drag and drop the debug messages on the left onto the associated function during trouble shooting on the right.
Select and Place:
-
Question 329:
Which two statements regarding IKEv2 are true per RFC 4306? (Choose two.)
A. It is compatible with IKEv1.
B. It has at minimum a nine-packet exchange.
C. It uses aggressive mode.
D. NAT traversal is included in the RFC.
E. It uses main mode.
F. DPD is defined in RFC 4309.
G. It allows for EAP authentication. -
Question 330:
An engineer is configuring clientless VPN. The finance department has a database server that only they should access but the sales department can currently access it. The finance and the sales department are configured as separate group-policies. Which option must be added to the configuration to make sure the users in the sales department cannot access the finance department server?
A. tunnel group lock
B. port forwarding
C. VPN filter ACL
D. webtype ACL
Related Exams:
-
300-745
Designing Cisco Security Infrastructure (300-745 SDSI) v1.0 -
350-101
Implementing and Operating Cisco Wireless Core Technologies (350-101 WLCOR)v1.0 -
352-011
Cisco Certified Design Expert Practical -
500-052
Cisco Unified Contact Center Express -
500-173
Designing the FlexPod Solution (FPDESIGN) -
500-201
Deploying Cisco Service Provider Mobile Backhaul Solutions -
500-210
SP Optical Technology Field Engineer Representative -
500-220
Engineering Cisco Meraki Solutions (ECMS) v2.2 -
500-230
Cisco Service Provider Routing Field Engineer -
500-240
Cisco Mobile Backhaul for Field Engineers
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-209 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.