Before you write the Cisco CCNP Security (300-209) certification exam, you may have certain doubts in your mind regarding the pattern of the test, the types of questions asked in it, the difficulty level of the questions and time required to complete the questions. These Cisco Certified Network Professional Security (SIMOS) sample questions and demo exam help you in removing these doubts and prepare you to take the test.
The best approach to pass your Cisco 300-209 exam is to challenge and improve your knowledge. To test your learning and identify improvement areas with actual exam format, we suggest you practice with Premium Cisco 300-209 Certification Practice Exam. The practice test is one of the most important elements of your Cisco Implementing Cisco Secure Mobility Solutions (SIMOS) exam study strategy to discover your strengths and weaknesses, to improve your time management skills and to get an idea of the score you can expect.
Cisco 300-209 (SIMOS) Sample Questions:
01. Which two of the following provide protect against man-in-the-middle attacks?
a) TCP initial sequence number randomization?
b) TCP sliding-window checking
c) Network Address Translation
d) IPsec VPNs
e) Secure Sockets Layer
02. Which of the following VPN technologies uses non-tunneled IPsec as its encapsulation mode?
a) Individual IPsec tunnels
b) Cisco Easy VPN
c) Dynamic Multipoint VPN (DMVPN)
d) Group Encrypted Transport (GET) VPN
03. Which of the following are valid characterizations of key encryption protocols?
(Choose all that apply.)
04. Which encapsulation mode, when deployed in tunnel mode, provides confidentiality, authenticity, integrity, and antireplay by encapsulating and protecting the entire original IP packet?
a) Authentication Headers (AH)
b) Internet Security Association and Key Management Protocol (ISAKMP)
c) Diffie-Hellman key exchange with Perfect Forward Secrecy (PFS)
d) Encapsulating Security Payload (ESP)
05. The encapsulation on a virtual tunnel interface must be which of the following?
a) Frame Relay
c) AH or ESP
06. Where are dynamic point-to-point VTI tunnels deployed?
a) On the hub router
b) On each spoke router
c) On the hub router and on each spoke router
d) On the VPN concentrator
e) None of the above
07. The IP address of a virtual tunnel interface must be configured using which interface command?
a) ip address
b) ip address dhcp
c) ip address pppoe
d) ip unnumbered
08. Which mechanism provides dynamic mutual discovery of spoke devices?
e) Expired Certificate List
09. Which network topology is in use when every network has a direct VPN connection to every other network? This topology provides any-to-any communication and provides the most optimal direct path for network traffic.
a) Fully meshed network
b) Star topology network
c) Partially meshed network
d) Individual point-to-point VPN connection
e) Hub-and-spoke network
10. When deploying an IPsec site-to-site VPN, what is the recommended method of peer authentication from a security perspective?
a) Pre-shared keys
b) Digital certificates
Answer: d, e
Answer: a, c
Note: If you find any error in these Cisco Implementing Cisco Secure Mobility Solutions (SIMOS) sample questions, you can update us by write an email on firstname.lastname@example.org.