Ask Question
Cisco 300-730 Practice Test - Questions Answers, Page 2
Add to Whishlist
List of questions
Question 11
Refer to the exhibit.
Which value must be configured in the User Group field when the Cisco AnyConnect Profile is created to connect to an ASA headend with IPsec as the primary protocol?
address-pool
group-alias
group-policy
tunnel-group
The user group is used in conjunction with Host Address to form a group-based URL. If you specify the Primary Protocol as IPsec, the User Group must be the exact name of the connection profile (tunnel group). For SSL, the user group is the group-url of the connection profile.
https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guide/b_AnyConnect_Administrator_Guide_4-0/anyconnect-profile-editor.html#ID-1430-0000026c
Reference: https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect41/administration/guide/b_AnyConnect_Administrator_Guide_4-1/configure-vpn.html
Question 12
Refer to the exhibit.
What is configured as a result of this command set?
FlexVPN client profile for IPv6
FlexVPN server to authorize groups by using an IPv6 external AAA
FlexVPN server for an IPv6 dVTI session
FlexVPN server to authenticate IPv6 peers by using EAP
https://www.cisco.com/c/en/us/support/docs/security/flexvpn/116528-config-flexvpn-00.html
Question 13
Which two types of web resources or protocols are enabled by default on the Cisco ASA Clientless SSL VPN portal? (Choose two.)
HTTP
ICA (Citrix)
VNC
RDP
CIFS
HTTP (Hypertext Transfer Protocol) is used for transferring web resources, such as web pages andHTML documents, across the internet. CIFS (Common Internet File System) is used for sharing filesand printers between computers on a network. ICA (Citrix), VNC (Virtual Network Computing), andRDP (Remote Desktop Protocol) are not enabled by default on the Cisco ASA Clientless SSL VPNportal.
https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/vpn/asa-94-vpnconfig/webvpn-configure-gateway.html
Question 14
Which configuration construct must be used in a FlexVPN tunnel?
EAP configuration
multipoint GRE tunnel interface
IKEv1 policy
IKEv2 profile
The correct answer is D. IKEv2 profile. A FlexVPN tunnel requires an IKEv2 profile to define theparameters for the IKEv2 negotiation and the IPsec security association. The IKEv2 profile references theIKEv2 keyring, the authentication method, the identity of the peers, and other options. The IKEv2 profileis then applied to a virtual tunnel interface (VTI) or a dynamic virtual tunnel interface (DVTI) to protectthe tunnel with IPsec12. An EAP configuration is used for authentication with Extensible AuthenticationProtocol (EAP), which is optional for FlexVPN3. A multipoint GRE tunnel interface is used for DMVPN,not FlexVPN. An IKEv1 policy is used for IKEv1, not IKEv2, which is the protocol for FlexVPN.
Question 15
A Cisco AnyConnect client establishes a SSL VPN connection with an ASA at the corporate office. An engineer must ensure that the client computer meets the enterprise security policy. Which feature can update the client to meet an enterprise security policy?
Endpoint Assessment
Cisco Secure Desktop
Basic Host Scan
Advanced Endpoint Assessment
Question 16
Which two features provide headend resiliency for Cisco AnyConnect clients? (Choose two.)
AnyConnect Auto Reconnect
AnyConnect Network Access Manager
AnyConnect Backup Servers
ASA failover
AnyConnect Always On
According to the Implementing Secure Solutions with Virtual Private Networks (SVPN) documents andlearning resources available at cisco.com, the two features that provide headend resiliency for CiscoAnyConnect clients are:AnyConnect Backup Servers: This feature allows the AnyConnect client to automatically connect to abackup server in case the primary server is unreachable or fails. The backup server list is configured onthe ASA or IOS headend and pushed to the client during the VPN connection establishment. The clientcan also manually select a backup server from the list if needed.This feature enhances the availabilityand reliability of the VPN service for the clients12.ASA failover: This feature enables two identical ASAs to be paired together as an active/standby oractive/active pair. The ASAs synchronize their configuration and state information and monitor eachother's health. If the active ASA fails or becomes unreachable, the standby ASA takes over the traffic andVPN sessions without any disruption for the clients.This feature provides high availability andredundancy for the VPN headend34.1: AnyConnect Backup Servers2:Redundancy options for IOS Headend for AnyConnect Clients3: ASAFailover4:AnyConnect Implementation and Performance/Scaling Reference for COVID-19 Preparation
Question 17
Cisco AnyConnect Secure Mobility Client has been configured to use IKEv2 for one group of users and SSL for another group. When the administrator configures a new AnyConnect release on the Cisco ASA, the IKEv2 users cannot download it automatically when they connect. What might be the problem?
The XML profile is not configured correctly for the affected users.
The new client image does not use the same major release as the current one.
Client services are not enabled.
Client software updates are not supported with IKEv2.
https://community.cisco.com/t5/vpn/anyconnect-service-port-not-enabled/td-p/2968124
Question 18
Under which section must a bookmark or URL list be configured on a Cisco ASA to be available for clientless SSLVPN users?
tunnel-group (general-attributes)
tunnel-group (webvpn-attributes)
webvpn (group-policy)
webvpn (global configuration)
Question 19
Refer to the exhibit.
Based on the exhibit, why are users unable to access CCNP Webserver bookmark?
The URL is being blocked by a WebACL.
The ASA cannot resolve the URL.
The bookmark has been disabled.
The user cannot access the URL.
https://community.cisco.com/t5/network-security/missing-ssl-vpn-bookmarks/td-p/1597023
Question 20
Which two statements about the Cisco ASA Clientless SSL VPN solution are true? (Choose two.)
When a client connects to the Cisco ASA WebVPN portal and tries to access HTTP resourcesthrough the URL bar, the client uses the local DNS to perform FQDN resolution.
The rewriter enable command under the global webvpn configuration enables the rewriter functionality because that feature is disabled by default.
A Cisco ASA can simultaneously allow Clientless SSL VPN sessions and AnyConnect client sessions.
When a client connects to the Cisco ASA WebVPN portal and tries to access HTTP resourcesthrough the URL bar, the ASA uses its configured DNS servers to perform FQDN resolution.
Clientless SSLVPN provides Layer 3 connectivity into the secured network.
https://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/webvpn.html
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
15
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
40
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Selling illegal goods, money scams etc.
Serious attack on a group.
Harassing an individual (including doxing)
Threatening or glorifying violence or serious harm, including self-harm
Nudity/Sexual content
Sexually explicit or suggestive imagery or writing involving minors
Sexually explicit or suggestive imagery or writing involving non-consenting adults or non-humans
Reusing content without attribution (link and blockquotes)
Not in English or has very bad formatting, grammar, and spelling
Author's credential is offensive, spam, or impersonation
Ex. Illegal content, incomplete question...
Question