ExamGecko
Search Search Login
Home Home / Cisco / 300-730

Cisco 300-730 Practice Test - Questions Answers, Page 14

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the exhibit. The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch is the problem?
A DMVPN spoke is configured with IKEv1 to secure the tunnel. Despite having a configuration similar to other working spokes, the tunnel is not coming up. Packet captures on the spoke show packets leaving the spoke router, but not making it to the hub router. Which solution resolves this issue?
Refer to the exhibit. An engineer must allow Cisco AnyConnect users to access the outside interface using protocol UDP 500/4500. In addition, these clients must be able to establish an SSL connection to update Cisco AnyConnect software over the same connection. Which two actions must be taken to achieve this goal? (Choose two.)
Cisco AnyConnect Secure Mobility Client has been configured to use IKEv2 for one group of users and SSL for another group. When the administrator configures a new AnyConnect release on the Cisco ASA, the IKEv2 users cannot download it automatically when they connect. What might be the problem?
An engineer has successfully established a Phase 1 and Phase 2 tunnel between two sites. Site A has internal subnet 192.168.0.0/24 and Site B has internal subnet 10.0.0.0/24. The engineer notices that no packets are decrypted at Site B. Pings to 192.168.0.1 from internal Site B devices make it to the Site B router, and the Site A router has incrementing encrypt and decrypt counters. What must be done to ensure bidirectional communication between both sites?
Which feature allows a DMVPN Phase 3 spoke to switch to an alternate hub when the primary hub is unreachable?
What must be configured in a FlexVPN deployment to allow for direct communication between spokes connected to different hubs?
Users cannot log in to a Cisco ASA using clientless SSLVPN. Troubleshooting reveals the error message "WebVPN session terminated: Client type not supported". Which step does the administrator take to resolve this issue?
Which two statements about the Cisco ASA Clientless SSL VPN solution are true? (Choose two.)
Which two features provide headend resiliency for Cisco AnyConnect clients? (Choose two.)

Question 131

Report
Export
Collapse

Refer to the exhibit.

The network administrator must allow the Cisco AnyConnect Secure Mobility Client to securely access the corporate resources via IKEv2 and print locally. Traffic that is destined for the Internet must still be tunneled to the Cisco AS

A.

Which configuration does the administrator use to accomplish this goal?

A.

Which configuration does the administrator use to accomplish this goal?

Answers
B.

Split exclude policy with a deny for 192.168.0.3/32.

B.

Split exclude policy with a deny for 192.168.0.3/32.

Answers
C.

Split exclude policy with a permit for 0.0.0.0/32.

C.

Split exclude policy with a permit for 0.0.0.0/32.

Answers
D.

Tunnel all policy.

D.

Tunnel all policy.

Answers
E.

Split include policy with a permit for 192.168.0.0/24.

E.

Split include policy with a permit for 192.168.0.0/24.

Answers
Suggested answer: B

Question 132

Report
Export
Collapse

An organization wants to distribute remote access VPN load across 12 VPN headend locations supporting 25,000 simultaneous users. Which load balancing method meets this requirement?

A.

one VPN profile per site

A.

one VPN profile per site

Answers
B.

DNS-based load balancing

B.

DNS-based load balancing

Answers
C.

AnyConnect native load balancing

C.

AnyConnect native load balancing

Answers
D.

equal cost, multipath load balancing

D.

equal cost, multipath load balancing

Answers
Suggested answer: B

Question 133

Report
Export
Collapse

What are two advantages of using GETVPN to traverse over the network between corporate offices?

(Choose two.)

A.

It has unique session keys for improved security.

A.

It has unique session keys for improved security.

Answers
B.

It supports multicast.

B.

It supports multicast.

Answers
C.

It has QoS support.

C.

It has QoS support.

Answers
D.

It is a highly scalable any to any mesh topology.

D.

It is a highly scalable any to any mesh topology.

Answers
E.

It supports a hub-and-spoke topology.

E.

It supports a hub-and-spoke topology.

Answers
Suggested answer: B, D

Question 134

Report
Export
Collapse

Why must a network engineer avoid usage of the default X.509 certificate when implementing clientless SSLVPN on an ASA?

A.

The certificate must be managed by the local CA.

A.

The certificate must be managed by the local CA.

Answers
B.

The certificate is regenerated at each reboot.

B.

The certificate is regenerated at each reboot.

Answers
C.

The default X.509 certificate is not supported for SSLVPN.

C.

The default X.509 certificate is not supported for SSLVPN.

Answers
D.

The certificate is too weak to provide adequate security.

D.

The certificate is too weak to provide adequate security.

Answers
Suggested answer: B

Explanation:

By default, the ASA generates a self-signed X.509 certificate upon startup. This certificate is used in order to serve client connections by default. It is not recommended to use this certificate because its authenticity cannot be verified by the browser. Furthermore, this certificate is regenerated upon each reboot so it changes after each reboot. https://www.cisco.com/c/en/us/support/docs/securityvpn/ webvpn-ssl-vpn/119417-config-asa-00.html

Question 135

Report
Export
Collapse

An engineer has configured Cisco AnyConnect VPN using IKEv2 on a Cisco IOS router. The user cannot connect in the Cisco AnyConnect client, but receives an alert message "Use a browser to gain access." Which action does the engineer take to resolve this issue?

A.

Reset user login credentials.

A.

Reset user login credentials.

Answers
B.

Correct the URL address.

B.

Correct the URL address.

Answers
C.

Connect using HTTPS.

C.

Connect using HTTPS.

Answers
D.

Disable the HTTP server.

D.

Disable the HTTP server.

Answers
Suggested answer: D

Explanation:

https://www.cisco.com/c/en/us/support/docs/security/flexvpn/115755-flexvpn-ike-eap-00.html

Question 136

Report
Export
Collapse

A router is being configured for IKEv2 AnyConnect using AnyConnect-EAP. How would the administrator separate profiles for administrators and employees so that authorization differs when they connect?

A.

Define group aliases on the headend and have the user pick the appropriate alias when they connect

A.

Define group aliases on the headend and have the user pick the appropriate alias when they connect

Answers
B.

Define group-urls on the headend and create two XML profiles to match the administrator and user group urls

B.

Define group-urls on the headend and create two XML profiles to match the administrator and user group urls

Answers
C.

Create a certificate map and match on the appropriate certificate fields

C.

Create a certificate map and match on the appropriate certificate fields

Answers
D.

Upgrade the Cisco AnyConnect Start Before Logon module to be compatible with the Cisco ASA software image.

D.

Upgrade the Cisco AnyConnect Start Before Logon module to be compatible with the Cisco ASA software image.

Answers
Suggested answer: B

Explanation:

According to the documentConfigure FlexVPN: AnyConnect IKEv2 Remote Access with Local UserDatabase, one way to separate profiles for administrators and employees is to use group-urls on theheadend and create two XML profiles to match the administrator and user group urls. This allows theheadend to assign different group-policies and tunnel-groups based on the group-url that the userconnects to. For example:webvpn enable outside anyconnect image disk0:/anyconnect-win-4.6.03049-webdeploy-k9.pkg 1anyconnect enable tunnel-group-list enable group-policy Admin internal group-policy Admin attributesvpn-tunnel-protocol ikev2 ssl-client address-pools value AdminPool group-policy User internal group-policy User attributes vpn-tunnel-protocol ikev2 ssl-client address-pools value UserPool tunnel-groupAdmin type remote-access tunnel-group Admin general-attributes default-group-policy Admin tunnel-group Admin webvpn-attributes group-url https://10.0.0.1/Admin enable tunnel-group User typeremote-access tunnel-group User general-attributes default-group-policy User tunnel-group Userwebvpn-attributes group-url https://10.0.0.1/User enableThe XML profiles can be created with the AnyConnect Profile Editor and uploaded to the headend. Theprofile for administrators should have the server list entry as:<ServerList> <HostEntry> <HostName>Admin</HostName> <HostAddress>10.0.0.1</HostAddress><PrimaryProtocol>IPsec</PrimaryProtocol> <UserGroup>Admin</UserGroup> </HostEntry></ServerList>The profile for users should have the server list entry as:<ServerList> <HostEntry> <HostName>User</HostName> <HostAddress>10.0.0.1</HostAddress><PrimaryProtocol>IPsec</PrimaryProtocol> <UserGroup>User</UserGroup> </HostEntry> </ServerList>This way, when the user connects to the headend, they can choose either Admin or User from the drop-down list and get the appropriate authorization based on their group-url.

Question 137

Report
Export
Collapse

Which parameter in IPsec VPN tunnel configurations is optional?

A.

hash

A.

hash

Answers
B.

lifetime

B.

lifetime

Answers
C.

encryption

C.

encryption

Answers
D.

Perfect Forward Secrecy

D.

Perfect Forward Secrecy

Answers
Suggested answer: D

Question 138

Report
Export
Collapse

A company is setting up a dynamic crypto map on the Cisco ASA at the headquarters to accept connections from the branch offices. There will be no IP subnet overlap between the branch offices, but the engineer does not know which encryption domains will be requested by the branch offices.

Additionally, the company security policy states that routing protocol traffic should not leave the HQ network. Which solution should be used to route traffic back to the branches from the Cisco ASA with minimal administrative effort?

A.

Configure Reverse Route Injection on the dynamic crypto map.

A.

Configure Reverse Route Injection on the dynamic crypto map.

Answers
B.

Configure a default route with the tunneled keyword on all branch routers.

B.

Configure a default route with the tunneled keyword on all branch routers.

Answers
C.

Configure static routes for remote subnets.

C.

Configure static routes for remote subnets.

Answers
D.

Configure snapshot routing with EIGRP to send out of band routing updates.

D.

Configure snapshot routing with EIGRP to send out of band routing updates.

Answers
Suggested answer: A

Question 139

Report
Export
Collapse

A network engineer is implementing a FlexVPN tunnel between two Cisco IOS routers. The FlexVPN tunnels will terminate on encrypted traffic on an interface configured with an IP MTU of 1500, and the company has a security policy to drop fragmented traffic coming into or leaving the network. The tunnel will be used to transfer TFTP data between users and internal servers. When the TFTP traffic is not traversing a VPN, it can have a maximum IP packet size of 1500.

Assuming the encrypted payload will add 90 bytes, which configuration allows TFTP traffic to traverse the FlexVPN tunnel without being dropped?

A.

Set the tunnel IP MTU to 1500.

A.

Set the tunnel IP MTU to 1500.

Answers
B.

Set the tunnel tcp adjust-mss to 1460.

B.

Set the tunnel tcp adjust-mss to 1460.

Answers
C.

Set the tunnel IP MTU to 1400.

C.

Set the tunnel IP MTU to 1400.

Answers
D.

Set the tunnel tcp adjust-mss to 1360.

D.

Set the tunnel tcp adjust-mss to 1360.

Answers
Suggested answer: D

Question 140

Report
Export
Collapse

Which VPN technology minimizes the impact on VPN performance when encrypting multicast traffic on a Private WAN?

A.

DMVPN

A.

DMVPN

Answers
B.

IPsec VPN

B.

IPsec VPN

Answers
C.

FlexVPN

C.

FlexVPN

Answers
D.

GETVPN

D.

GETVPN

Answers
Suggested answer: D
Total 175 questions
Go to page: of 18
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms