ExamTopics Logo
Mail Us[email protected]
Menu
 

300-209 Actual Exam Questions

Last updated on Dec. 8, 2024.
Vendor:Cisco
Exam Code:300-209
Exam Name:CCNP Security Implementing Cisco Secure Mobility Solutions (SIMOS)
Exam Questions:314
97% Passed the exam with this material
 

Topic 1 - Single Topic

Question #1 Topic 1

Which two are characteristics of GETVPN? (Choose two.)

  • A. The IP header of the encrypted packet is preserved
  • B. A key server is elected among all configured Group Members
  • C. Unique encryption keys are computed for each Group Member
  • D. The same key encryption and traffic encryption keys are distributed to all Group Members
Reveal Solution Hide Solution   Discussion   1

Correct Answer: AD 🗳️

Question #2 Topic 1

A company has decided to migrate an existing IKEv1 VPN tunnel to IKEv2. Which two are valid configuration constructs on a Cisco IOS router? (Choose two.)

  • A. crypto ikev2 keyring keyring-name peer peer1 address 209.165.201.1 255.255.255.255 pre-shared-key local key1 pre-shared-key remote key2
  • B. crypto ikev2 transform-set transform-set-name esp-3des esp-md5-hmac esp-aes esp-sha-hmac
  • C. crypto ikev2 map crypto-map-name set crypto ikev2 tunnel-group tunnel-group-name set crypto ikev2 transform-set transform-set-name
  • D. crypto ikev2 tunnel-group tunnel-group-name match identity remote address 209.165.201.1 authentication local pre-share authentication remote pre-share
  • E. crypto ikev2 profile profile-name match identity remote address 209.165.201.1 authentication local pre-share authentication remote pre-share
Reveal Solution Hide Solution   Discussion  

Correct Answer: AE 🗳️

Question #3 Topic 1

Which four activities does the Key Server perform in a GETVPN deployment? (Choose four.)

  • A. authenticates group members
  • B. manages security policy
  • C. creates group keys
  • D. distributes policy/keys
  • E. encrypts endpoint traffic
  • F. receives policy/keys
  • G. defines group members
Reveal Solution Hide Solution   Discussion  

Correct Answer: ABCD 🗳️

Question #4 Topic 1

Where is split-tunneling defined for remote access clients on an ASA?

  • A. Group-policy
  • B. Tunnel-group
  • C. Crypto-map
  • D. Web-VPN Portal
  • E. ISAKMP client
Reveal Solution Hide Solution   Discussion  

Correct Answer: A 🗳️

Question #5 Topic 1

Which of the following could be used to configure remote access VPN Host-scan and pre-login policies?

  • A. ASDM
  • B. Connection-profile CLI command
  • C. Host-scan CLI command under the VPN group policy
  • D. Pre-login-check CLI command
Reveal Solution Hide Solution   Discussion  

Correct Answer: A 🗳️

Question #6 Topic 1

In FlexVPN, what command can an administrator use to create a virtual template interface that can be configured and applied dynamically to create virtual access interfaces?

  • A. interface virtual-template number type template
  • B. interface virtual-template number type tunnel
  • C. interface template number type virtual
  • D. interface tunnel-template number
Reveal Solution Hide Solution   Discussion  

Correct Answer: B 🗳️
Here is a reference an explanation that can be included with this test. http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/15-2mt/sec-flex-spoke.html#GUID-4A10927D-4C6A-4202-B01C-DA7E462F5D8A
Configuring the Virtual Tunnel Interface on FlexVPN Spoke

SUMMARY STEPS -
1. enable
2. configure terminal
3. interface virtual-template number type tunnel
4. ip unnumbered tunnel number
5. ip nhrp network-id number
6. ip nhrp shortcut virtual-template-number
7. ip nhrp redirect [timeout seconds]
8. exit

Question #7 Topic 1

In FlexVPN, what is the role of a NHRP resolution request?

  • A. It allows these entities to directly communicate without requiring traffic to use an intermediate hop
  • B. It dynamically assigns VPN users to a group
  • C. It blocks these entities from to directly communicating with each other
  • D. It makes sure that each VPN spoke directly communicates with the hub
Reveal Solution Hide Solution   Discussion  

Correct Answer: A 🗳️

Question #8 Topic 1

What are three benefits of deploying a GET VPN? (Choose three.)

  • A. It provides highly scalable point-to-point topologies.
  • B. It allows replication of packets after encryption.
  • C. It is suited for enterprises running over a DMVPN network.
  • D. It preserves original source and destination IP address information.
  • E. It simplifies encryption management through use of group keying.
  • F. It supports non-IP protocols.
Reveal Solution Hide Solution   Discussion  

Correct Answer: BDE 🗳️

Question #9 Topic 1

What is the default topology type for a GET VPN?

  • A. point-to-point
  • B. hub-and-spoke
  • C. full mesh
  • D. on-demand spoke-to-spoke
Reveal Solution Hide Solution   Discussion  

Correct Answer: C 🗳️

Question #10 Topic 1

Which two GDOI encryption keys are used within a GET VPN network? (Choose two.)

  • A. key encryption key
  • B. group encryption key
  • C. user encryption key
  • D. traffic encryption key
Reveal Solution Hide Solution   Discussion  

Correct Answer: AD 🗳️

file Viewing page 1 out of 32 pages.
Viewing questions 1-10 out of 314 questions
Next Questions
Browse atleast 50% to increase passing rate cup
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago