ExamGecko
Search Search Login
Home Home / Cisco / 300-730

Cisco 300-730 Practice Test - Questions Answers

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the exhibit. The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch is the problem?
Refer to the exhibit. An engineer must allow Cisco AnyConnect users to access the outside interface using protocol UDP 500/4500. In addition, these clients must be able to establish an SSL connection to update Cisco AnyConnect software over the same connection. Which two actions must be taken to achieve this goal? (Choose two.)
Cisco AnyConnect Secure Mobility Client has been configured to use IKEv2 for one group of users and SSL for another group. When the administrator configures a new AnyConnect release on the Cisco ASA, the IKEv2 users cannot download it automatically when they connect. What might be the problem?
A DMVPN spoke is configured with IKEv1 to secure the tunnel. Despite having a configuration similar to other working spokes, the tunnel is not coming up. Packet captures on the spoke show packets leaving the spoke router, but not making it to the hub router. Which solution resolves this issue?
An engineer has successfully established a Phase 1 and Phase 2 tunnel between two sites. Site A has internal subnet 192.168.0.0/24 and Site B has internal subnet 10.0.0.0/24. The engineer notices that no packets are decrypted at Site B. Pings to 192.168.0.1 from internal Site B devices make it to the Site B router, and the Site A router has incrementing encrypt and decrypt counters. What must be done to ensure bidirectional communication between both sites?
Which feature allows a DMVPN Phase 3 spoke to switch to an alternate hub when the primary hub is unreachable?
Which two statements about the Cisco ASA Clientless SSL VPN solution are true? (Choose two.)
What are two advantages of using GETVPN to traverse over the network between corporate offices? (Choose two.)
What must be configured in a FlexVPN deployment to allow for direct communication between spokes connected to different hubs?
An administrator is planning a VPN configuration that will encrypt traffic between multiple servers that will be passing unicast and multicast traffic. This configuration must be able to be implemented without the need to modify routing within the network. Which VPN technology must be used for this task?

Question 1

Report
Export
Collapse

A second set of traffic selectors is negotiated between two peers using IKEv2. Which IKEv2 packet will contain details of the exchange?

A.

IKEv2 IKE_SA_INIT

A.

IKEv2 IKE_SA_INIT

Answers
B.

IKEv2 INFORMATIONAL

B.

IKEv2 INFORMATIONAL

Answers
C.

IKEv2 CREATE_CHILD_SA

C.

IKEv2 CREATE_CHILD_SA

Answers
D.

IKEv2 IKE_AUTH

D.

IKEv2 IKE_AUTH

Answers
Suggested answer: C

Explanation:

The IKEv2 CREATE_CHILD_SA packet is used to establish a new security association (SA) between two peers. This packet contains the details of the exchange, including the traffic selectors, the cryptographic algorithms and keys to be used, and any other relevant information

Question 2

Report
Export
Collapse

Refer to the exhibit.

The DMVPN tunnel is dropping randomly and no tunnel protection is configured. Which spoke configuration mitigates tunnel drops?

A.

Option A

A.

Option A

Answers
B.

Option B

B.

Option B

Answers
C.

Option C

C.

Option C

Answers
D.

Option D

D.

Option D

Answers
Suggested answer: C

Question 3

Report
Export
Collapse

On a FlexVPN hub-and-spoke topology where spoke-to-spoke tunnels are not allowed, which command is needed for the hub to be able to terminate FlexVPN tunnels?

A.

interface virtual-access

A.

interface virtual-access

Answers
B.

ip nhrp redirect

B.

ip nhrp redirect

Answers
C.

interface tunnel

C.

interface tunnel

Answers
D.

interface virtual-template

D.

interface virtual-template

Answers
Suggested answer: D

Explanation:

On a FlexVPN hub-and-spoke topology where spoke-to-spoke tunnels are not allowed, the command that is needed for the hub to be able to terminate FlexVPN tunnels is interface virtual-template. The interface virtual-template command is used to configure a virtual template interface which provides a secure tunnel for FlexVPN connections. The other commands listed - interface virtual-access, ip nhrp redirect, and interface tunnel - are not related to FlexVPN and are not used to terminate FlexVPN tunnels.

Question 4

Report
Export
Collapse

Which statement about GETVPN is true?

A.

The configuration that defines which traffic to encrypt originates from the key server.

A.

The configuration that defines which traffic to encrypt originates from the key server.

Answers
B.

TEK rekeys can be load-balanced between two key servers operating in COOP.

B.

TEK rekeys can be load-balanced between two key servers operating in COOP.

Answers
C.

The pseudotime that is used for replay checking is synchronized via NTP.

C.

The pseudotime that is used for replay checking is synchronized via NTP.

Answers
D.

Group members must acknowledge all KEK and TEK rekeys, regardless of configuration.

D.

Group members must acknowledge all KEK and TEK rekeys, regardless of configuration.

Answers
Suggested answer: A

Explanation:

KS (key server) is 'caretaker' of the GM group. Group registrations and authentication of GMs is takencare of by KS server. Any GM who wants to join the group is required to be successfully authenticated inthe group and sends encryption keys and policy to be used within the group

Question 5

Report
Export
Collapse

Refer to the exhibit.

Which two tunnel types produce the show crypto ipsec sa output seen in the exhibit? (Choose two.)

A.

crypto map

A.

crypto map

Answers
B.

DMVPN

B.

DMVPN

Answers
C.

GRE

C.

GRE

Answers
D.

FlexVPN

D.

FlexVPN

Answers
E.

VTI

E.

VTI

Answers
Suggested answer: B, E

Question 6

Report
Export
Collapse

Which two changes must be made in order to migrate from DMVPN Phase 2 to Phase 3 when EIGRP is configured? (Choose two.)

A.

Add NHRP shortcuts on the hub.

A.

Add NHRP shortcuts on the hub.

Answers
B.

Add NHRP redirects on the spoke.

B.

Add NHRP redirects on the spoke.

Answers
C.

Disable EIGRP next-hop-self on the hub.

C.

Disable EIGRP next-hop-self on the hub.

Answers
D.

Enable EIGRP next-hop-self on the hub.

D.

Enable EIGRP next-hop-self on the hub.

Answers
E.

Add NHRP redirects on the hub.

E.

Add NHRP redirects on the hub.

Answers
Suggested answer: D, E

Explanation:

DMVPN disables the EIRGP next-hop-self with "no ip next-hop-self eigrp xxx" in DMVPN phase 2, and to go from Phase 2 to 3 you need use the NHRP protocol, and again enable EIRGP next-hop-self with "ip next-hop-self eigrp 134" under the tunnel interface https://www.cisco.com/c/en/us/td/docs/iosxml/ ios/sec_conn_dmvpn/configuration/15-mt/sec-conn-dmvpn-15-mt-book/sec-conn-dmvpndmvpn. html#GUID-BF561439-BCC0-4AAF-80D9-1F7876CB7B81

Question 7

Report
Export
Collapse

Refer to the exhibit.

A customer cannot establish an IKEv2 site-to-site VPN tunnel between two Cisco ASA devices. Based on the syslog message, which action brings up the VPN tunnel?

A.

Reduce the maximum SA limit on the local Cisco ASA.

A.

Reduce the maximum SA limit on the local Cisco ASA.

Answers
B.

Increase the maximum in-negotiation SA limit on the local Cisco ASA.

B.

Increase the maximum in-negotiation SA limit on the local Cisco ASA.

Answers
C.

Remove the maximum SA limit on the remote Cisco ASA.

C.

Remove the maximum SA limit on the remote Cisco ASA.

Answers
D.

Correct the crypto access list on both Cisco ASA devices.

D.

Correct the crypto access list on both Cisco ASA devices.

Answers
Suggested answer: B

Question 8

Report
Export
Collapse

Which two parameters help to map a VPN session to a tunnel group without using the tunnel-group list? (Choose two.)

A.

group-alias

A.

group-alias

Answers
B.

certificate map

B.

certificate map

Answers
C.

optimal gateway selection

C.

optimal gateway selection

Answers
D.

group-url

D.

group-url

Answers
E.

AnyConnect client version

E.

AnyConnect client version

Answers
Suggested answer: A, D

Explanation:

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generationfirewalls/98580-enable-group-dropdown.html

Question 9

Report
Export
Collapse

Which method dynamically installs the network routes for remote tunnel endpoints?

A.

policy-based routing

A.

policy-based routing

Answers
B.

CEF

B.

CEF

Answers
C.

reverse route injection

C.

reverse route injection

Answers
D.

route filtering

D.

route filtering

Answers
Suggested answer: C

Explanation:

Reverse route injection (RRI) is a method that dynamically installs the network routes for remote tunnel endpoints. The RRI feature allows the router to automatically learn the routes for the remote networks and automatically install these routes into the routing table. This eliminates the need for the administrator to manually configure and maintain the routes for the remote networks. This feature is commonly used in VPN environments, where the router at the VPN endpoint needs to learn the routes for the remote networks behind the other VPN endpoint. The other options such as policy-based routing, CEF, and route filtering are not used to dynamically install the network routes for remote tunnel endpoints

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnav/configuration/12-4t/sec-vpn- availability-12-4t-book/sec-rev-rte-inject.html

Topic 2, Remote access VPNs

Question 10

Report
Export
Collapse

Which command identifies a Cisco AnyConnect profile that was uploaded to the flash of an IOS router?

A.

svc import profile SSL_profile flash:simos-profile.xml

A.

svc import profile SSL_profile flash:simos-profile.xml

Answers
B.

anyconnect profile SSL_profile flash:simos-profile.xml

B.

anyconnect profile SSL_profile flash:simos-profile.xml

Answers
C.

crypto vpn anyconnect profile SSL_profile flash:simos-profile.xml

C.

crypto vpn anyconnect profile SSL_profile flash:simos-profile.xml

Answers
D.

webvpn import profile SSL_profile flash:simos-profile.xml

D.

webvpn import profile SSL_profile flash:simos-profile.xml

Answers
Suggested answer: C

Explanation:

Reference: https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobilityclient/200533- AnyConnect-Configure-Basic-SSLVPN-for-I.html

Total 175 questions
Go to page: of 18
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms