CCNP Security Implementing Cisco Secure Mobility Solutions (SIMOS)

Here you have the best Cisco 300-209 practice exam questions

You have 314 total questions to study from
Each page has 5 questions, making a total of 63 pages
You can navigate through the pages using the buttons at the bottom
This questions were last updated on January 9, 2026
This site is not affiliated with or endorsed by Cisco.

Question 1 of 314

Which two are characteristics of GETVPN? (Choose two.)

The IP header of the encrypted packet is preserved

A key server is elected among all configured Group Members

Unique encryption keys are computed for each Group Member

The same key encryption and traffic encryption keys are distributed to all Group Members

Correct Answer: A, D

GETVPN (Group Encrypted Transport VPN) is a technology that provides encryption services while maintaining the original IP header of the packet. This means that the IP header is not altered during the encryption process, which allows for routing to occur transparently. Additionally, in GETVPN, the same key encryption and traffic encryption keys are distributed to all group members, ensuring that each member can decrypt the traffic encrypted by any other member within the same group. These characteristics help maintain efficient network performance and ease of configuration in a group communication context.

Question 2 of 314

A company has decided to migrate an existing IKEv1 VPN tunnel to IKEv2. Which two are valid configuration constructs on a Cisco IOS router? (Choose two.)

crypto ikev2 keyring keyring-name peer peer1 address 209.165.201.1 255.255.255.255 pre-shared-key local key1 pre-shared-key remote key2

crypto ikev2 transform-set transform-set-name esp-3des esp-md5-hmac esp-aes esp-sha-hmac

crypto ikev2 map crypto-map-name set crypto ikev2 tunnel-group tunnel-group-name set crypto ikev2 transform-set transform-set-name

crypto ikev2 tunnel-group tunnel-group-name match identity remote address 209.165.201.1 authentication local pre-share authentication remote pre-share

crypto ikev2 profile profile-name match identity remote address 209.165.201.1 authentication local pre-share authentication remote pre-share

Correct Answer: A, E

Question 3 of 314

Which four activities does the Key Server perform in a GETVPN deployment? (Choose four.)

authenticates group members

manages security policy

creates group keys

distributes policy/keys

encrypts endpoint traffic

receives policy/keys

defines group members

Correct Answer: A, B, C, D

Question 4 of 314

Where is split-tunneling defined for remote access clients on an ASA?

Question 5 of 314

Which of the following could be used to configure remote access VPN Host-scan and pre-login policies?

ASDM

Connection-profile CLI command

Host-scan CLI command under the VPN group policy

Pre-login-check CLI command

Correct Answer: A