we provide Highest Quality Cisco 300-209 exam guide which are the best for clearing 300-209 test, and to get certified by Cisco Implementing Cisco Secure Mobility Solutions (SIMOS). The 300-209 Questions & Answers covers all the knowledge points of the real 300-209 exam. Crack your Cisco 300-209 Exam with latest dumps, guaranteed!

Q51. Refer to the exhibit. 

A customer cannot establish an IKEv2 site-to-site VPN tunnel between two Cisco ASA devices. Based on the syslog message, which action can bring up the VPN tunnel? 

A. Increase the maximum SA limit on the local Cisco ASA. 

B. Correct the crypto access list on both Cisco ASA devices. 

C. Remove the maximum SA limit on the remote Cisco ASA. 

D. Reduce the maximum SA limit on the local Cisco ASA. 

E. Correct the IP address in the local and remote crypto maps. 

F. Increase the maximum SA limit on the remote Cisco ASA. 

Answer:


Q52. Which two statements regarding IKEv2 are true per RFC 4306? (Choose two.) 

A. It is compatible with IKEv1. 

B. It has at minimum a nine-packet exchange. 

C. It uses aggressive mode. 

D. NAT traversal is included in the RFC. 

E. It uses main mode. 

F. DPD is defined in RFC 4309. 

G. It allows for EAP authentication. 

Answer: D,G 


Q53. Which is used by GETVPN, FlexVPN and DMVPN? 

A. NHRP 

B. MPLS 

C. GRE 

D. ESP 

Answer:


Q54. Which protocol supports high availability in a Cisco IOS SSL VPN environment? 

A. HSRP 

B. VRRP 

C. GLBP 

D. IRDP 

Answer:


Q55. CORRECT TEXT 

Scenario: 

You are the network security manager for your organization. Your manager has received a request to allow an external user to access to your HQ and DM2 servers. You are given the following connection parameters for this task. 

Using ASDM on the ASA, configure the parameters below and test your configuration by accessing the Guest PC. Not all AS DM screens are active for this exercise. Also, for this exercise, all changes are automatically applied to the ASA and you will not have to click APPLY to apply the changes manually. 

. Enable Clientless SSL VPN on the outside interface 

. Using the Guest PC, open an Internet Explorer window and test and verify the basic connection to the SSL VPN portal using address: https://vpn-secure-x.public 

. a. You may notice a certificate error in the status bar, this can be ignored for this exercise 

. b. Username: vpnuser 

. c. Password: cisco123 

. d. Logout of the portal once you have verified connectivity 

. Configure two bookmarks with the following parameters: 

. a. Bookmark List Name: MY-BOOKMARKS 

. b. Use the: URL with GET or POST method 

. c. Bookmark Title: HQ-Server 

. i. http://10.10.3.20 

. d. Bookmark Title: DMZ-Server-FTP 

. i. ftp://172.16.1.50 

. e. Assign the configured Bookmarks to: 

. i. DfltGrpPolicy 

. ii. DfltAccessPolicy 

. iii. LOCAL User: vpnuser 

. From the Guest PC, reconnect to the SSL VPN Portal 

. Test both configured Bookmarks to ensure desired connectivity 

You have completed this exercise when you have configured and successfully tested Clientless SSL VPN connectivity. 

Topology: 

Answer: Please find the solution in below explanation. 

Explanation: 

First, enable clientless VPN access on the outside interface by checking the box found below: 

Then, log in to the given URL using the vpnuser/cisco123 credentials: 

Logging in will take you to this page, which means you have now verified basic connectivity: 

Now log out by hitting the logout button. 

Now, go back to the ASDM and navigate to the Bookmarks portion: 

Make the name MY-BOOKMARKS and use the “Add” tab and add the bookmarks per the instructions: 

Ensure the “URL with GET of POST method” button is selected and hit OK: 

Add the two bookmarks as given in the instructions: 

You should now see the two bookmarks listed: 

Hit OK and you will see this: 

Select the MY-BOOKMARKS Bookmarks and click on the “Assign” button. Then, click on the appropriate check boxes as specified in the instructions and hit OK. 

After hitting OK, you will now see this: 

Then, go back to the Guest-PC, log back in and you should be able to test out the two new bookmarks. 


Q56. Which technology can rate-limit the number of tunnels on a DMVPN hub when system utilization is above a specified percentage? 

A. NHRP Event Publisher 

B. interface state control 

C. CAC 

D. NHRP Authentication 

E. ip nhrp connect 

Answer:


Q57. Which three parameters must match on all routers in a DMVPN Phase 3 cloud? (Choose three.) 

A. NHRP network ID 

B. GRE tunnel key 

C. NHRP authentication string 

D. tunnel VRF 

E. EIGRP process name 

F. EIGRP split-horizon setting 

Answer: A,B,C 


Q58. Which option is most effective at preventing a remote access VPN user from bypassing the corporate transparent web proxy? 

A. using the proxy-server settings of the client computer to specify a PAC file for the client computer to download 

B. instructing users to use the corporate proxy server for all web browsing 

C. disabling split tunneling 

D. permitting local LAN access 

Answer:


Q59. Which three settings are required for crypto map configuration? (Choose three.) 

A. match address 

B. set peer 

C. set transform-set 

D. set security-association lifetime 

E. set security-association level per-host 

F. set pfs 

Answer: A,B,C 


Q60. Which VPN solution is best for a collection of branch offices connected by MPLS that frequenty make VoIP calls between branches? 

A. GETVPN 

B. Cisco AnyConnect 

C. site-to-site 

D. DMVPN 

Answer: