Cisco 300-730 Practice Test - Questions Answers, Page 16
Question list
List of questions
Related questions
An organization wants to implement a site-to-site VPN solution that must be able to support 350 sites with direct communications between all sites, fully encrypt the packet header and payload, and support propagation of routing information over IPsec. Which solution meets these requirements?
IPsec full mesh
DMVPN
GETVPN
FlexVPN
Refer to the exhibit.
Which type of VPN tunnel is configured?
Multipoint GRE
DMVPN
FlexVPN
GRE over IPsec
Refer to the exhibit.
An engineer has configured two new VPN tunnels to 172.18.1.1 and 172.19.1.1. However, communication between 10.1.0.10 and 10.1.11.10 does not function. Which action should be taken to resolve this issue?
Remove and reapply the crypto map to the interface.
Insert routes for the 10.1.9.0/24 and 10.1.10.0/24 subnets.
Modify the transform set to use transport mode.
Adjust the network objects to match the appropriate subnets.
Refer to the exhibit.
Trust the issuing CA for the ASA identity certificate on the user's PC.
Enroll and import an SSL certificate with the CN value example.cisco.com on the ASA.
Add the CN example.cisco.com to the AnyConnect XML certificate matching section.
Enable certificate authentication under the connection profile.
Add example.cisco.com to the server name list within the AnyConnect Local Policy.
A DMVPN spoke is configured with IKEv1 to secure the tunnel. Despite having a configuration similar to other working spokes, the tunnel is not coming up. Packet captures on the spoke show packets leaving the spoke router, but not making it to the hub router. Which solution resolves this issue?
Configure the spoke and hub to use the same IKE version.
Ensure that devices between the hub and spoke are not blocking ESP traffic.
Ensure that devices between the hub and spoke are not blocking GRE traffic.
Enable the tunnel interface with the no shutdown command.
Users are getting untrusted server warnings when they connect to the URL https://asa.lab from their browsers. This URL resolves to 192.168.10.10, which is the IP address for a Cisco ASA configured for a clientless VPN. The VPN was recently set up and issued a certificate from an internal CA server. Users can connect to the VPN by ignoring the message, however, when users access other webservers that use certificates issued by the same internal CA server, they do not experience this issue. Which action resolves this issue?
Import the CA that signed the certificate into the machine trusted root CA store.
Reissue the certificate with asa.lab in the subject alternative name field.
Import the CA that signed the certificate into the user trusted root CA store.
Reissue the certificate with 192.168.10.10 in the subject common name field.
Over which two transport mediums is FlexVPN deployed? (Choose two.)
5G
VPLS
internet
MPLS
DWDM
A network administrator is troubleshooting a FlexVPN tunnel. The hub router is unable to ping the spoke router's tunnel interface IP address of 192.168.1.2, even though the tunnel is showing up. The output of the debug ip packet CLI command on the hub router shows the following entry.
IP: tableid=0123456789 s=192.168.1.1 (local), d=192.168.1.2 (loopback2), routed via FIB.
What must be configured to fix this issue?
A matching IKEv2 pre-shared key on the hub and spoke routers in the crypto keyring configuration.
An outbound ACL on the dynamic VTI of the hub router that allows ICMP traffic to 192.168.1.2.
An IKEv2 authorization policy must be configured on the spoke router to advertise the interface route.
A route map must be configured on hub router to set the next hop for 192.168.1.2 to the dynamic VTI.
A network engineer must configure the Cisco ASA so that Cisco AnyConnect clients establishing an SSL VPN connection create an additional tunnel for real-time traffic that is sensitive to packet delays. If this additional tunnel experiences any issues, it must fall back to a TLS connection. Which two Cisco AnyConnect features must be configured to accomplish this task? (Choose two.)
DTLS
DSCP Preservation
DPD
SSL Rekey
OMTU
Refer to the exhibit.
A network administrator is setting up a phone VPN on a Cisco AS
The phone cannot connect and the error is presented in a debug on the Cisco ASA. Which action fixes this issue?
Enable web-deploy of the posture module so that the module can be downloaded from the Cisco ASA to an IP phone.
Configure the Cisco ASA to present an RSA certificate to the phone for authentication.
Disable Cisco Secure Desktop under the connection profile VPNPhone.
Install the posture module on the Cisco ASA.
Question