ExamGecko
Search Search Login
Home Home / Cisco / 300-730

Cisco 300-730 Practice Test - Questions Answers, Page 2

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the exhibit. The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch is the problem?
A DMVPN spoke is configured with IKEv1 to secure the tunnel. Despite having a configuration similar to other working spokes, the tunnel is not coming up. Packet captures on the spoke show packets leaving the spoke router, but not making it to the hub router. Which solution resolves this issue?
Refer to the exhibit. An engineer must allow Cisco AnyConnect users to access the outside interface using protocol UDP 500/4500. In addition, these clients must be able to establish an SSL connection to update Cisco AnyConnect software over the same connection. Which two actions must be taken to achieve this goal? (Choose two.)
Cisco AnyConnect Secure Mobility Client has been configured to use IKEv2 for one group of users and SSL for another group. When the administrator configures a new AnyConnect release on the Cisco ASA, the IKEv2 users cannot download it automatically when they connect. What might be the problem?
An engineer has successfully established a Phase 1 and Phase 2 tunnel between two sites. Site A has internal subnet 192.168.0.0/24 and Site B has internal subnet 10.0.0.0/24. The engineer notices that no packets are decrypted at Site B. Pings to 192.168.0.1 from internal Site B devices make it to the Site B router, and the Site A router has incrementing encrypt and decrypt counters. What must be done to ensure bidirectional communication between both sites?
Which feature allows a DMVPN Phase 3 spoke to switch to an alternate hub when the primary hub is unreachable?
What must be configured in a FlexVPN deployment to allow for direct communication between spokes connected to different hubs?
An administrator is planning a VPN configuration that will encrypt traffic between multiple servers that will be passing unicast and multicast traffic. This configuration must be able to be implemented without the need to modify routing within the network. Which VPN technology must be used for this task?
Users cannot log in to a Cisco ASA using clientless SSLVPN. Troubleshooting reveals the error message "WebVPN session terminated: Client type not supported". Which step does the administrator take to resolve this issue?
Which two statements about the Cisco ASA Clientless SSL VPN solution are true? (Choose two.)

Question 11

Report
Export
Collapse

Refer to the exhibit.

Which value must be configured in the User Group field when the Cisco AnyConnect Profile is created to connect to an ASA headend with IPsec as the primary protocol?

A.

address-pool

A.

address-pool

Answers
B.

group-alias

B.

group-alias

Answers
C.

group-policy

C.

group-policy

Answers
D.

tunnel-group

D.

tunnel-group

Answers
Suggested answer: D

Explanation:

The user group is used in conjunction with Host Address to form a group-based URL. If you specify the Primary Protocol as IPsec, the User Group must be the exact name of the connection profile (tunnel group). For SSL, the user group is the group-url of the connection profile.

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guide/b_AnyConnect_Administrator_Guide_4-0/anyconnect-profile-editor.html#ID-1430-0000026c

Reference: https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect41/administration/guide/b_AnyConnect_Administrator_Guide_4-1/configure-vpn.html

Question 12

Report
Export
Collapse

Refer to the exhibit.

What is configured as a result of this command set?

A.

FlexVPN client profile for IPv6

A.

FlexVPN client profile for IPv6

Answers
B.

FlexVPN server to authorize groups by using an IPv6 external AAA

B.

FlexVPN server to authorize groups by using an IPv6 external AAA

Answers
C.

FlexVPN server for an IPv6 dVTI session

C.

FlexVPN server for an IPv6 dVTI session

Answers
D.

FlexVPN server to authenticate IPv6 peers by using EAP

D.

FlexVPN server to authenticate IPv6 peers by using EAP

Answers
Suggested answer: C

Explanation:

https://www.cisco.com/c/en/us/support/docs/security/flexvpn/116528-config-flexvpn-00.html

Question 13

Report
Export
Collapse

Which two types of web resources or protocols are enabled by default on the Cisco ASA Clientless SSL VPN portal? (Choose two.)

A.

HTTP

A.

HTTP

Answers
B.

ICA (Citrix)

B.

ICA (Citrix)

Answers
C.

VNC

C.

VNC

Answers
D.

RDP

D.

RDP

Answers
E.

CIFS

E.

CIFS

Answers
Suggested answer: A, E

Explanation:

HTTP (Hypertext Transfer Protocol) is used for transferring web resources, such as web pages andHTML documents, across the internet. CIFS (Common Internet File System) is used for sharing filesand printers between computers on a network. ICA (Citrix), VNC (Virtual Network Computing), andRDP (Remote Desktop Protocol) are not enabled by default on the Cisco ASA Clientless SSL VPNportal.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/vpn/asa-94-vpnconfig/webvpn-configure-gateway.html

Question 14

Report
Export
Collapse

Which configuration construct must be used in a FlexVPN tunnel?

A.

EAP configuration

A.

EAP configuration

Answers
B.

multipoint GRE tunnel interface

B.

multipoint GRE tunnel interface

Answers
C.

IKEv1 policy

C.

IKEv1 policy

Answers
D.

IKEv2 profile

D.

IKEv2 profile

Answers
Suggested answer: D

Explanation:

The correct answer is D. IKEv2 profile. A FlexVPN tunnel requires an IKEv2 profile to define theparameters for the IKEv2 negotiation and the IPsec security association. The IKEv2 profile references theIKEv2 keyring, the authentication method, the identity of the peers, and other options. The IKEv2 profileis then applied to a virtual tunnel interface (VTI) or a dynamic virtual tunnel interface (DVTI) to protectthe tunnel with IPsec12. An EAP configuration is used for authentication with Extensible AuthenticationProtocol (EAP), which is optional for FlexVPN3. A multipoint GRE tunnel interface is used for DMVPN,not FlexVPN. An IKEv1 policy is used for IKEv1, not IKEv2, which is the protocol for FlexVPN.

Question 15

Report
Export
Collapse

A Cisco AnyConnect client establishes a SSL VPN connection with an ASA at the corporate office. An engineer must ensure that the client computer meets the enterprise security policy. Which feature can update the client to meet an enterprise security policy?

A.

Endpoint Assessment

A.

Endpoint Assessment

Answers
B.

Cisco Secure Desktop

B.

Cisco Secure Desktop

Answers
C.

Basic Host Scan

C.

Basic Host Scan

Answers
D.

Advanced Endpoint Assessment

D.

Advanced Endpoint Assessment

Answers
Suggested answer: D

Question 16

Report
Export
Collapse

Which two features provide headend resiliency for Cisco AnyConnect clients? (Choose two.)

A.

AnyConnect Auto Reconnect

A.

AnyConnect Auto Reconnect

Answers
B.

AnyConnect Network Access Manager

B.

AnyConnect Network Access Manager

Answers
C.

AnyConnect Backup Servers

C.

AnyConnect Backup Servers

Answers
D.

ASA failover

D.

ASA failover

Answers
E.

AnyConnect Always On

E.

AnyConnect Always On

Answers
Suggested answer: C, D

Explanation:

According to the Implementing Secure Solutions with Virtual Private Networks (SVPN) documents andlearning resources available at cisco.com, the two features that provide headend resiliency for CiscoAnyConnect clients are:AnyConnect Backup Servers: This feature allows the AnyConnect client to automatically connect to abackup server in case the primary server is unreachable or fails. The backup server list is configured onthe ASA or IOS headend and pushed to the client during the VPN connection establishment. The clientcan also manually select a backup server from the list if needed.This feature enhances the availabilityand reliability of the VPN service for the clients12.ASA failover: This feature enables two identical ASAs to be paired together as an active/standby oractive/active pair. The ASAs synchronize their configuration and state information and monitor eachother's health. If the active ASA fails or becomes unreachable, the standby ASA takes over the traffic andVPN sessions without any disruption for the clients.This feature provides high availability andredundancy for the VPN headend34.1: AnyConnect Backup Servers2:Redundancy options for IOS Headend for AnyConnect Clients3: ASAFailover4:AnyConnect Implementation and Performance/Scaling Reference for COVID-19 Preparation

Question 17

Report
Export
Collapse

Cisco AnyConnect Secure Mobility Client has been configured to use IKEv2 for one group of users and SSL for another group. When the administrator configures a new AnyConnect release on the Cisco ASA, the IKEv2 users cannot download it automatically when they connect. What might be the problem?

A.

The XML profile is not configured correctly for the affected users.

A.

The XML profile is not configured correctly for the affected users.

Answers
B.

The new client image does not use the same major release as the current one.

B.

The new client image does not use the same major release as the current one.

Answers
C.

Client services are not enabled.

C.

Client services are not enabled.

Answers
D.

Client software updates are not supported with IKEv2.

D.

Client software updates are not supported with IKEv2.

Answers
Suggested answer: C

Explanation:

https://community.cisco.com/t5/vpn/anyconnect-service-port-not-enabled/td-p/2968124

Question 18

Report
Export
Collapse

Under which section must a bookmark or URL list be configured on a Cisco ASA to be available for clientless SSLVPN users?

A.

tunnel-group (general-attributes)

A.

tunnel-group (general-attributes)

Answers
B.

tunnel-group (webvpn-attributes)

B.

tunnel-group (webvpn-attributes)

Answers
C.

webvpn (group-policy)

C.

webvpn (group-policy)

Answers
D.

webvpn (global configuration)

D.

webvpn (global configuration)

Answers
Suggested answer: C

Question 19

Report
Export
Collapse

Refer to the exhibit.

Based on the exhibit, why are users unable to access CCNP Webserver bookmark?

A.

The URL is being blocked by a WebACL.

A.

The URL is being blocked by a WebACL.

Answers
B.

The ASA cannot resolve the URL.

B.

The ASA cannot resolve the URL.

Answers
C.

The bookmark has been disabled.

C.

The bookmark has been disabled.

Answers
D.

The user cannot access the URL.

D.

The user cannot access the URL.

Answers
Suggested answer: B

Explanation:

https://community.cisco.com/t5/network-security/missing-ssl-vpn-bookmarks/td-p/1597023

Question 20

Report
Export
Collapse

Which two statements about the Cisco ASA Clientless SSL VPN solution are true? (Choose two.)

A.

When a client connects to the Cisco ASA WebVPN portal and tries to access HTTP resourcesthrough the URL bar, the client uses the local DNS to perform FQDN resolution.

A.

When a client connects to the Cisco ASA WebVPN portal and tries to access HTTP resourcesthrough the URL bar, the client uses the local DNS to perform FQDN resolution.

Answers
B.

The rewriter enable command under the global webvpn configuration enables the rewriter functionality because that feature is disabled by default.

B.

The rewriter enable command under the global webvpn configuration enables the rewriter functionality because that feature is disabled by default.

Answers
C.

A Cisco ASA can simultaneously allow Clientless SSL VPN sessions and AnyConnect client sessions.

C.

A Cisco ASA can simultaneously allow Clientless SSL VPN sessions and AnyConnect client sessions.

Answers
D.

When a client connects to the Cisco ASA WebVPN portal and tries to access HTTP resourcesthrough the URL bar, the ASA uses its configured DNS servers to perform FQDN resolution.

D.

When a client connects to the Cisco ASA WebVPN portal and tries to access HTTP resourcesthrough the URL bar, the ASA uses its configured DNS servers to perform FQDN resolution.

Answers
E.

Clientless SSLVPN provides Layer 3 connectivity into the secured network.

E.

Clientless SSLVPN provides Layer 3 connectivity into the secured network.

Answers
Suggested answer: C, D

Explanation:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/webvpn.html

Total 175 questions
Go to page: of 18
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms