300-209 Exam - Implementing Cisco Secure Mobility Solutions (SIMOS)

Q1. Which Cisco adaptive security appliance command can be used to view the count of all active VPN sessions? 

A. show vpn-sessiondb summary 

B. show crypto ikev1 sa 

C. show vpn-sessiondb ratio encryption 

D. show iskamp sa detail 

E. show crypto protocol statistics all 

View Answer

Q2. Which configuration is used to build a tunnel between a Cisco ASA and ISR? 

A. crypto map 

B. DMVPN 

C. GET VPN 

D. GRE with IPsec 

E. GRE without IPsec 

View Answer

Q3. A rogue static route is installed in the routing table of a Cisco FlexVPN and is causing 

traffic to be blackholed. Which command should be used to identify the peer from which that route originated? 

A. show crypto ikev2 sa detail 

B. show crypto route 

C. show crypto ikev2 client flexvpn 

D. show ip route eigrp 

E. show crypto isakmp sa detail 

View Answer

Q4. The following configuration steps have been completeD. 

. WebVPN was enabled on the ASA outside interface. 

. SSL VPN client software was loaded to the ASA. 

. A DHCP scope was configured and applied to a WebVPN Tunnel Group. 

What additional step is required if the client software fails to load when connecting to the ASA SSL page? 

A. The SSL client must be loaded to the client by an ASA administrator 

B. The SSL client must be downloaded to the client via FTP 

C. The SSL VPN client must be enabled on the ASA after loading 

D. The SSL client must be enabled on the client machine before loading 

View Answer

Q5. Scenario: 

You are the senior network security administrator for your organization. Recently and junior engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA and a remote branch office. 

You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR, verify the IPsec configuration is properly configured between the two sites. 

NOTE: the show running-config command cannot be used for this exercise. 

Topology: 

In what state is the IKE security association in on the Cisco ASA? 

A. There are no security associations in place 

B. MM_ACTIVE 

C. ACTIVE(ACTIVE) 

D. QM_IDLE 

View Answer

Q6. You are troubleshooting a DMVPN NHRP registration failure. Which command can you use to view request counters? 

A. show ip nhrp nhs detail 

B. show ip nhrp tunnel 

C. show ip nhrp incomplete 

D. show ip nhrp incomplete tunnel tunnel_interface_number 

View Answer

Q7. If Web VPN bookmarks are grayed out on the home screen, which action should you take to begin troubleshooting? 

A. Determine whether the Cisco ASA can resolve the DNS names. 

B. Determine whether the Cisco ASA has DNS forwarders set up. 

C. Determine whether an ACL is present to permit DNS forwarding. 

D. Replace the DNS name with an IP address. 

View Answer

Q8. In the Cisco ASDM interface, where do you enable the DTLS protocol setting? 

A. Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit > Add or Edit Internal Group Policy 

B. Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit 

C. Device Management > Users/AAA > User Accounts > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client 

D. Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit 

View Answer

Q9. Which technology is FlexVPN based on? 

A. OER 

B. VRF 

C. IKEv2 

D. an RSA nonce 

View Answer

Q10. Which three parameters must match on all routers in a DMVPN Phase 3 cloud? (Choose three.) 

A. NHRP network ID 

B. GRE tunnel key 

C. NHRP authentication string 

D. tunnel VRF 

E. EIGRP process name 

F. EIGRP split-horizon setting 

View Answer