ExamGecko
Login
Home / Cisco / 300-730 / List of questions
Ask Question

Cisco 300-730 Practice Test - Questions Answers

List of questions

Question 1

Report Export Collapse

A second set of traffic selectors is negotiated between two peers using IKEv2. Which IKEv2 packet will contain details of the exchange?

IKEv2 IKE_SA_INIT

IKEv2 IKE_SA_INIT

IKEv2 INFORMATIONAL

IKEv2 INFORMATIONAL

IKEv2 CREATE_CHILD_SA

IKEv2 CREATE_CHILD_SA

IKEv2 IKE_AUTH

IKEv2 IKE_AUTH

Suggested answer: C
Explanation:

The IKEv2 CREATE_CHILD_SA packet is used to establish a new security association (SA) between two peers. This packet contains the details of the exchange, including the traffic selectors, the cryptographic algorithms and keys to be used, and any other relevant information

asked 10/10/2024
Hossein Nasri
35 questions

Question 2

Report Export Collapse

Refer to the exhibit.

Cisco 300-730 image Question 2 114520 10102024232758000000

The DMVPN tunnel is dropping randomly and no tunnel protection is configured. Which spoke configuration mitigates tunnel drops?

Cisco 300-730 image Question 2 114520 10102024232758000000

Cisco 300-730 image Question 2 114520 10102024232758000000

Cisco 300-730 image Question 2 114520 10102024232758000000

Option A

Option A

Option B

Option B

Option C

Option C

Option D

Option D

Suggested answer: C
asked 10/10/2024
Musoke Kamuzze
41 questions

Question 3

Report Export Collapse

On a FlexVPN hub-and-spoke topology where spoke-to-spoke tunnels are not allowed, which command is needed for the hub to be able to terminate FlexVPN tunnels?

interface virtual-access

interface virtual-access

ip nhrp redirect

ip nhrp redirect

interface tunnel

interface tunnel

interface virtual-template

interface virtual-template

Suggested answer: D
Explanation:

On a FlexVPN hub-and-spoke topology where spoke-to-spoke tunnels are not allowed, the command that is needed for the hub to be able to terminate FlexVPN tunnels is interface virtual-template. The interface virtual-template command is used to configure a virtual template interface which provides a secure tunnel for FlexVPN connections. The other commands listed - interface virtual-access, ip nhrp redirect, and interface tunnel - are not related to FlexVPN and are not used to terminate FlexVPN tunnels.

asked 10/10/2024
ANDREA SIMONELLI
42 questions

Question 4

Report Export Collapse

Which statement about GETVPN is true?

The configuration that defines which traffic to encrypt originates from the key server.

The configuration that defines which traffic to encrypt originates from the key server.

TEK rekeys can be load-balanced between two key servers operating in COOP.

TEK rekeys can be load-balanced between two key servers operating in COOP.

The pseudotime that is used for replay checking is synchronized via NTP.

The pseudotime that is used for replay checking is synchronized via NTP.

Group members must acknowledge all KEK and TEK rekeys, regardless of configuration.

Group members must acknowledge all KEK and TEK rekeys, regardless of configuration.

Suggested answer: A
Explanation:

KS (key server) is 'caretaker' of the GM group. Group registrations and authentication of GMs is takencare of by KS server. Any GM who wants to join the group is required to be successfully authenticated inthe group and sends encryption keys and policy to be used within the group

asked 10/10/2024
Vikram Panchal
45 questions

Question 5

Report Export Collapse

Refer to the exhibit.

Cisco 300-730 image Question 5 114523 10102024232758000000

Which two tunnel types produce the show crypto ipsec sa output seen in the exhibit? (Choose two.)

crypto map

crypto map

DMVPN

DMVPN

GRE

GRE

FlexVPN

FlexVPN

VTI

VTI

Suggested answer: B, E
asked 10/10/2024
Fednol Presume
38 questions

Question 6

Report Export Collapse

Which two changes must be made in order to migrate from DMVPN Phase 2 to Phase 3 when EIGRP is configured? (Choose two.)

Add NHRP shortcuts on the hub.

Add NHRP shortcuts on the hub.

Add NHRP redirects on the spoke.

Add NHRP redirects on the spoke.

Disable EIGRP next-hop-self on the hub.

Disable EIGRP next-hop-self on the hub.

Enable EIGRP next-hop-self on the hub.

Enable EIGRP next-hop-self on the hub.

Add NHRP redirects on the hub.

Add NHRP redirects on the hub.

Suggested answer: D, E
Explanation:

DMVPN disables the EIRGP next-hop-self with "no ip next-hop-self eigrp xxx" in DMVPN phase 2, and to go from Phase 2 to 3 you need use the NHRP protocol, and again enable EIRGP next-hop-self with "ip next-hop-self eigrp 134" under the tunnel interface https://www.cisco.com/c/en/us/td/docs/iosxml/ ios/sec_conn_dmvpn/configuration/15-mt/sec-conn-dmvpn-15-mt-book/sec-conn-dmvpndmvpn. html#GUID-BF561439-BCC0-4AAF-80D9-1F7876CB7B81

asked 10/10/2024
Melissa Petrini
34 questions

Question 7

Report Export Collapse

Refer to the exhibit.

Cisco 300-730 image Question 7 114525 10102024232758000000

A customer cannot establish an IKEv2 site-to-site VPN tunnel between two Cisco ASA devices. Based on the syslog message, which action brings up the VPN tunnel?

Reduce the maximum SA limit on the local Cisco ASA.

Reduce the maximum SA limit on the local Cisco ASA.

Increase the maximum in-negotiation SA limit on the local Cisco ASA.

Increase the maximum in-negotiation SA limit on the local Cisco ASA.

Remove the maximum SA limit on the remote Cisco ASA.

Remove the maximum SA limit on the remote Cisco ASA.

Correct the crypto access list on both Cisco ASA devices.

Correct the crypto access list on both Cisco ASA devices.

Suggested answer: B
asked 10/10/2024
Michael Whitehouse
56 questions

Question 8

Report Export Collapse

Which two parameters help to map a VPN session to a tunnel group without using the tunnel-group list? (Choose two.)

group-alias

group-alias

certificate map

certificate map

optimal gateway selection

optimal gateway selection

group-url

group-url

AnyConnect client version

AnyConnect client version

Suggested answer: A, D
Explanation:

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generationfirewalls/98580-enable-group-dropdown.html

asked 10/10/2024
DHANANJAY TIWARI
36 questions

Question 9

Report Export Collapse

Which method dynamically installs the network routes for remote tunnel endpoints?

policy-based routing

policy-based routing

CEF

CEF

reverse route injection

reverse route injection

route filtering

route filtering

Suggested answer: C
Explanation:

Reverse route injection (RRI) is a method that dynamically installs the network routes for remote tunnel endpoints. The RRI feature allows the router to automatically learn the routes for the remote networks and automatically install these routes into the routing table. This eliminates the need for the administrator to manually configure and maintain the routes for the remote networks. This feature is commonly used in VPN environments, where the router at the VPN endpoint needs to learn the routes for the remote networks behind the other VPN endpoint. The other options such as policy-based routing, CEF, and route filtering are not used to dynamically install the network routes for remote tunnel endpoints

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnav/configuration/12-4t/sec-vpn- availability-12-4t-book/sec-rev-rte-inject.html

Topic 2, Remote access VPNs

asked 10/10/2024
Maria Lilian Tongson
44 questions

Question 10

Report Export Collapse

Which command identifies a Cisco AnyConnect profile that was uploaded to the flash of an IOS router?

svc import profile SSL_profile flash:simos-profile.xml

svc import profile SSL_profile flash:simos-profile.xml

anyconnect profile SSL_profile flash:simos-profile.xml

anyconnect profile SSL_profile flash:simos-profile.xml

crypto vpn anyconnect profile SSL_profile flash:simos-profile.xml

crypto vpn anyconnect profile SSL_profile flash:simos-profile.xml

webvpn import profile SSL_profile flash:simos-profile.xml

webvpn import profile SSL_profile flash:simos-profile.xml

Suggested answer: C
Explanation:

Reference: https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobilityclient/200533- AnyConnect-Configure-Basic-SSLVPN-for-I.html

asked 10/10/2024
M Kumar
45 questions
Total 175 questions
Go to page: of 18
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the exhibit. The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch is the problem?
Which two NHRP functions are specific to DMVPN Phase 3 implementation? (Choose two.)
A company's remote locations connect to the data centers via MPLS. A new request requires that unicast and multicast traffic that exits in the remote locations be encrypted. Which non-tunneled technology should be used to satisfy this requirement?
A DMVPN spoke is configured with IKEv1 to secure the tunnel. Despite having a configuration similar to other working spokes, the tunnel is not coming up. Packet captures on the spoke show packets leaving the spoke router, but not making it to the hub router. Which solution resolves this issue?
Which feature allows a DMVPN Phase 3 spoke to switch to an alternate hub when the primary hub is unreachable?
Which two features provide headend resiliency for Cisco AnyConnect clients? (Choose two.)
What must be configured in a FlexVPN deployment to allow for direct communication between spokes connected to different hubs?
Which two statements about the Cisco ASA Clientless SSL VPN solution are true? (Choose two.)
A Cisco AnyConnect client establishes a SSL VPN connection with an ASA at the corporate office. An engineer must ensure that the client computer meets the enterprise security policy. Which feature can update the client to meet an enterprise security policy?
An administrator is designing a VPN with a partner's non-Cisco VPN solution. The partner's VPN device will negotiate an IKEv2 tunnel that will only encrypt subnets 192.168.0.0/24 going to 10.0.0.0/24. Which technology must be used to meet these requirements?