Cisco 300-730 Practice Test - Questions Answers, Page 13
Question list
List of questions
Related questions
Which DMVPN feature allows spokes to be deployed with dynamically assigned public IP addresses?
2547oDMVPN
NHRP
OSPF
NAT Traversal
Refer to the exhibit.
An engineer is building an IKEv1 tunnel to a peer Cisco ASA, but the tunnel is failing. Based on the configuration in the exhibit, which action must be taken to allow the VPN tunnel to come up?
Add a route for the 10.7.7.0/24 network to egress the outside interface.
Enable IKEv1 on the outside interface.
Change the IKEv1 policy number to be at least 256.
Change the transform set mode to transport.
An engineer has successfully established a Phase 1 and Phase 2 tunnel between two sites. Site A has internal subnet 192.168.0.0/24 and Site B has internal subnet 10.0.0.0/24. The engineer notices that no packets are decrypted at Site B.
Pings to 192.168.0.1 from internal Site B devices make it to the Site B router, and the Site A router has incrementing encrypt and decrypt counters. What must be done to ensure bidirectional communication between both sites?
Modify the routing at Site B so that traffic is sent to Site A.
Configure the correct DH group on both devices.
Allow protocol ESP or AH on the firewall in front of the Site B router.
Enable PFS on the headend device.
Refer to the exhibit.
A Cisco ASA is configured as a client to a router running as a FlexVPN server. The router is configured with a virtual template to terminate FlexVPN clients. Traffic between networks 192.168.0.0/24 and 172.16.20.0/24 does not work as expected. Based on the show crypto ikev2 sa output collected from the Cisco ASA in the exhibit, what is the solution to this issue?
Modify the crypto ACL on the router to permit network 192.168.0.0/24 to network 172.16.20.0/24.
Modify the crypto ACL on the ASA to permit network 192.168.0.0/24 to network 172.16.20.0/24.
Modify the crypto ACL on the ASA to permit network 172.16.20.0/24 to network 192.168.0.0/24.
Modify the crypto ACL on the router to permit network 172.16.20.0/24 to network 192.168.0.0/24.
A user is trying to log in to a Cisco ASA using the clientless SSLVPN feature and receives the error message "clientless (browser) SSLVPN access is not allowed". Which step should the Cisco ASA administrator take to resolve this issue?
Enable the clientless VPN protocol on the group policy.
Validate that the correct license is in use on the ASA for WebVPN.
Increase the number of simultaneous logins allowed on the group policy.
Verify that a user account exists in the local AAA database for the user.
Which feature allows a DMVPN Phase 3 spoke to switch to an alternate hub when the primary hub is unreachable?
multicast PIM
backup NHS
per-tunnel jitter probes
NHRP shortcut
An engineer is using DMVPN to provide secure connectivity between a data center and remote sites.
Which two routing protocols should be used between the routers? (Choose two.)
IS-IS
BGP
RIPv2
OSPF
EIGRP
Which remote access VPN technology requires the use of the IPsec-proposal configuration option?
clientless SSLVPN
SSLVPN Full Tunnel
IKEv2-based VPN
IKEv1-based VPN
Over the weekend, an administrator upgraded the Cisco ASA image on the firewalls and noticed that users cannot connect to the headquarters site using Cisco AnyConnect. What is the solution for this issue?
Upgrade the Cisco AnyConnect client version to be compatible with the Cisco ASA software image.
Upgrade the Cisco AnyConnect Network Access module to be compatible with the Cisco ASA software image.
Upgrade the Cisco AnyConnect client driver to be compatible with the Cisco ASA software image.
Upgrade the Cisco AnyConnect Start Before Logon module to be compatible with the Cisco ASA software image.
Which two components are required in a Cisco IOS GETVPN key server configuration? (Choose two.)
RSA key
IKE policy
SSL cipher
GRE tunnel
L2TP protocol
Question