ExamGecko
Search Search Login
Home Home / Cisco / 300-730

Cisco 300-730 Practice Test - Questions Answers, Page 18

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the exhibit. The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch is the problem?
A DMVPN spoke is configured with IKEv1 to secure the tunnel. Despite having a configuration similar to other working spokes, the tunnel is not coming up. Packet captures on the spoke show packets leaving the spoke router, but not making it to the hub router. Which solution resolves this issue?
Cisco AnyConnect Secure Mobility Client has been configured to use IKEv2 for one group of users and SSL for another group. When the administrator configures a new AnyConnect release on the Cisco ASA, the IKEv2 users cannot download it automatically when they connect. What might be the problem?
Refer to the exhibit. An engineer must allow Cisco AnyConnect users to access the outside interface using protocol UDP 500/4500. In addition, these clients must be able to establish an SSL connection to update Cisco AnyConnect software over the same connection. Which two actions must be taken to achieve this goal? (Choose two.)
An engineer has successfully established a Phase 1 and Phase 2 tunnel between two sites. Site A has internal subnet 192.168.0.0/24 and Site B has internal subnet 10.0.0.0/24. The engineer notices that no packets are decrypted at Site B. Pings to 192.168.0.1 from internal Site B devices make it to the Site B router, and the Site A router has incrementing encrypt and decrypt counters. What must be done to ensure bidirectional communication between both sites?
What are two advantages of using GETVPN to traverse over the network between corporate offices? (Choose two.)
Which feature allows a DMVPN Phase 3 spoke to switch to an alternate hub when the primary hub is unreachable?
What must be configured in a FlexVPN deployment to allow for direct communication between spokes connected to different hubs?
An administrator is planning a VPN configuration that will encrypt traffic between multiple servers that will be passing unicast and multicast traffic. This configuration must be able to be implemented without the need to modify routing within the network. Which VPN technology must be used for this task?
Users cannot log in to a Cisco ASA using clientless SSLVPN. Troubleshooting reveals the error message "WebVPN session terminated: Client type not supported". Which step does the administrator take to resolve this issue?

Question 171

Report
Export
Collapse

An engineer is requesting an SSL certificate for a VPN load-balancing cluster in which two Cisco ASAs provide clientless SSLVPN access. The FQDN that users will enter to access the clientless VPN is asa.example.com, and users will be redirected to either asa1.example.com or asa2.example.com. The cluster FQDN and individual Cisco ASAs FQDNs resolve to IP addresses 192.168.0.1, 192.168.0.2, and 192.168.0.3 respectively. The issued certificate must be able to be used to validate the identity of either ASA in the cluster without returning any certificate validation errors. Which fields must be included in the certificate to meet these requirements?

A.

CN=*.example.com, SAN=asa.example.com

A.

CN=*.example.com, SAN=asa.example.com

Answers
B.

CN=192.168.0.1, SAN=asa1.example.com, asa2.example.com

B.

CN=192.168.0.1, SAN=asa1.example.com, asa2.example.com

Answers
C.

CN=asa.example.com, SAN=asa.example.com, asa1.example.com, asa2.example.com

C.

CN=asa.example.com, SAN=asa.example.com, asa1.example.com, asa2.example.com

Answers
D.

CN=192.168.0.1, SAN=192.168.0.1, 192.168.0.2, 192.168.0.3

D.

CN=192.168.0.1, SAN=192.168.0.1, 192.168.0.2, 192.168.0.3

Answers
Suggested answer: C

Explanation:

https://integratingit.wordpress.com/2020/03/14/asa-vpn-load-balancing/

Question 172

Report
Export
Collapse

An administrator is setting up Cisco AnyConnect on a Cisco ASA with the requirement that AnyConnect automatically establishes a VPN when a company-owned laptop is connected to the internet outside of the corporate network. Which configuration meets these requirements?

A.

SBL with user certificate authentication

A.

SBL with user certificate authentication

Answers
B.

TND with machine certificate authentication

B.

TND with machine certificate authentication

Answers
C.

SBL with machine certificate authentication

C.

SBL with machine certificate authentication

Answers
D.

TND with user certificate authentication

D.

TND with user certificate authentication

Answers
Suggested answer: B

Explanation:

Trusted Network Detection (TND) gives you the ability to have AnyConnect automatically disconnect a VPN connection when the user is inside the corporate network (the trusted network) and start the VPN connection when the user is outside the corporate network (the untrusted network). https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect41/administration/guide/b_AnyConnect_Administrator_Guide_4-1/configure-vpn.html#id_100236

Question 173

Report
Export
Collapse

Which command must be configured on the tunnel interface of a FlexVPN spoke to receive a dynamic IP address from the hub?

A.

ip address negotiated

A.

ip address negotiated

Answers
B.

ip unnumbered

B.

ip unnumbered

Answers
C.

ip address dhcp

C.

ip address dhcp

Answers
D.

ip address pool

D.

ip address pool

Answers
Suggested answer: A

Explanation:

https://integratingit.wordpress.com/2018/03/31/configuring-flexvpn-external-aaa-with-radius/

interface Tunnel0

ip address negotiated

tunnel source GigabitEthernet1

tunnel mode ipsec ipv4

tunnel destination 1.1.1.5

tunnel protection ipsec profile IPSEC_PROFILE

Question 174

Report
Export
Collapse

An engineer is implementing the FlexVPN solution on a Cisco IOS router. The router must only terminate VPN requests and must not initiate them. Additionally, the interface must support VPNs from other routers and Cisco AnyConnect connections. Which interface type must be configured to meet these requirements?

A.

point-to-point GRE tunnel interface

A.

point-to-point GRE tunnel interface

Answers
B.

multipoint GRE tunnel interface

B.

multipoint GRE tunnel interface

Answers
C.

static virtual tunnel interface

C.

static virtual tunnel interface

Answers
D.

virtual template interface

D.

virtual template interface

Answers
Suggested answer: D

Explanation:

The correct interface type to meet these requirements is the virtual template interface. This interface allows for the creation of multiple virtual access interfaces, which can be used for various types of remote access VPN connections, including site-to-site and AnyConnect VPNs. The virtual template interface can be configured to terminate VPN requests from other routers and allow for dynamic creation of VPN sessions, while also supporting AnyConnect VPN connections.

Question 175

Report
Export
Collapse

DRAG DROP

Drag and drop the GETVPN components from the left onto the descriptions on the right.


Question 175
Correct answer: Question 175
Total 175 questions
Go to page: of 18
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms