300-209 testing material(91 to 100) for consumer: Jun 2017 Edition

Exam Code: 300-209 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Implementing Cisco Secure Mobility Solutions (SIMOS)
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 300-209 Exam.


Free VCE & PDF File for Cisco 300-209 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW 300-209 Exam Dumps (PDF & VCE):
Available on:

Q91. Which option shows the correct traffic selectors for the child SA on the remote ASA, when the headquarter ASA initiates the tunnel? 

A. Local selector Remote selector 

B. Local selector Remote selector 

C. Local selector Remote selector 

D. Local selector Remote selector - 

E. Local selector – Remote selector - 



The traffic selector is used to determine which traffic should be protected (encrypted over the IPSec tunnel). We want this to be specific, otherwise Internet traffic will also be sent over the tunnel and most likely dropped on the remote side. Here, we just want to protect traffic from (THE LOCAL SIDE) to (THE REMOTE SIDE). 

Q92. Refer to the exhibit. 

Which VPN solution does this configuration represent? 



C. FlexVPN 

D. site-to-site 


Q93. Which command enables IOS SSL VPN Smart Tunnel support for PuTTY? 

A. appl ssh putty.exe win 

B. appl ssh putty.exe windows 

C. appl ssh putty 

D. appl ssh putty.exe 


Q94. Refer to the exhibit. 

Which technology does this configuration demonstrate? 

A. AnyConnect SSL over IPv4+IPv6 

B. AnyConnect FlexVPN over IPv4+IPv6 

C. AnyConnect FlexVPN IPv6 over IPv4 

D. AnyConnect SSL IPv6 over IPv4 


Q95. You are configuring a Cisco IOS SSL VPN gateway to operate with DVTI support. Which command must you configure on the virtual template? 

A. tunnel protection ipsec 

B. ip virtual-reassembly 

C. tunnel mode ipsec 

D. ip unnumbered 


Q96. Which.protocol must be enabled on the inside interface to use cluster encryption in SSL VPN load balancing? 



C. IKEv2 



Q97. Scenario: 

You are the senior network security administrator for your organization. Recently and junior engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA and a remote branch office. 

You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR, verify the IPsec configuration is properly configured between the two sites. 

NOTE: the show running-config command cannot be used for this exercise. 


Which transform set is being used on the branch ISR? 

A. Default 


C. ESP-AES-256-MD5-TRANS mode transport 




This can be seen from the “show crypto ipsec sa” command as shown below: 

Q98. If Web VPN bookmarks are grayed out on the home screen, which action should you take to begin troubleshooting? 

A. Determine whether the Cisco ASA can resolve the DNS names. 

B. Determine whether the Cisco ASA has DNS forwarders set up. 

C. Determine whether an ACL is present to permit DNS forwarding. 

D. Replace the DNS name with an IP address. 


Q99. Refer to the exhibit. 

The IKEv2 tunnel between Router1 and Router2 is failing during session establishment. Which action will allow the session to establish correctly? 

A. The address command on Router2 must be narrowed down to a /32 mask. 

B. The local and remote keys on Router2 must be switched. 

C. The pre-shared key must be altered to use only lowercase letters. 

D. The local and remote keys on Router2 must be the same. 


Q100. Refer to the exhibit. 

After the configuration is performed, which combination of devices can connect? 

A. a device with an identity type of IPv4 address of or or a certificate with subject name of "cisco.com" 

B. a device with an identity type of IPv4 address of both and or a certificate with subject name containing "cisco.com" 

C. a device with an identity type of IPv4 address of both and and a certificate with subject name containing "cisco.com" 

D. a device with an identity type of IPv4 address of or or a certificate with subject name containing "cisco.com"