ExamGecko
Search Search Login
Home Home / Cisco / 300-730

Cisco 300-730 Practice Test - Questions Answers, Page 3

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the exhibit. The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch is the problem?
A DMVPN spoke is configured with IKEv1 to secure the tunnel. Despite having a configuration similar to other working spokes, the tunnel is not coming up. Packet captures on the spoke show packets leaving the spoke router, but not making it to the hub router. Which solution resolves this issue?
Refer to the exhibit. An engineer must allow Cisco AnyConnect users to access the outside interface using protocol UDP 500/4500. In addition, these clients must be able to establish an SSL connection to update Cisco AnyConnect software over the same connection. Which two actions must be taken to achieve this goal? (Choose two.)
Cisco AnyConnect Secure Mobility Client has been configured to use IKEv2 for one group of users and SSL for another group. When the administrator configures a new AnyConnect release on the Cisco ASA, the IKEv2 users cannot download it automatically when they connect. What might be the problem?
An engineer has successfully established a Phase 1 and Phase 2 tunnel between two sites. Site A has internal subnet 192.168.0.0/24 and Site B has internal subnet 10.0.0.0/24. The engineer notices that no packets are decrypted at Site B. Pings to 192.168.0.1 from internal Site B devices make it to the Site B router, and the Site A router has incrementing encrypt and decrypt counters. What must be done to ensure bidirectional communication between both sites?
Which feature allows a DMVPN Phase 3 spoke to switch to an alternate hub when the primary hub is unreachable?
What must be configured in a FlexVPN deployment to allow for direct communication between spokes connected to different hubs?
Users cannot log in to a Cisco ASA using clientless SSLVPN. Troubleshooting reveals the error message "WebVPN session terminated: Client type not supported". Which step does the administrator take to resolve this issue?
Which two statements about the Cisco ASA Clientless SSL VPN solution are true? (Choose two.)
Which command identifies a Cisco AnyConnect profile that was uploaded to the flash of an IOS router?

Question 21

Report
Export
Collapse

Which feature allows the ASA to handle nonstandard applications and web resources so that they display correctly over a clientless SSL VPN connection?

A.

single sign-on

A.

single sign-on

Answers
B.

Smart Tunnel

B.

Smart Tunnel

Answers
C.

WebType ACL

C.

WebType ACL

Answers
D.

plug-ins

D.

plug-ins

Answers
Suggested answer: D

Explanation:

Plug-ins are extensions to the Clientless SSL VPN feature that enable the ASA to handle non-standardapplications and Web resources so that they display correctly over a Clientless SSL VPN connection.Plug-ins are software components that the ASA downloads to the remote user's browser. The plug-insprovide support for applications and protocols that are not natively supported by Clientless SSL VPN,such as Java, ActiveX, SSH, Telnet, and RDP. Plug-ins can also provide enhanced functionality andsecurity for Web applications, such as Outlook Web Access and Lotus iNotes.You can read more about plug-ins and how to configure them in the document [ASDM Book 3: Cisco ASASeries VPN ASDM Configuration Guide, 7.7]1

Question 22

Report
Export
Collapse

Which command automatically initiates a smart tunnel when a user logs in to the WebVPN portal page?

A.

auto-upgrade

A.

auto-upgrade

Answers
B.

auto-connect

B.

auto-connect

Answers
C.

auto-start

C.

auto-start

Answers
D.

auto-run

D.

auto-run

Answers
Suggested answer: C

Explanation:

Reference:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/vpn/asa_91_vpn_config/webvpn-configure-policy-group.html

Question 23

Report
Export
Collapse

Refer to the exhibit.

The customer must launch Cisco AnyConnect in the RDP machine. Which IOS configuration accomplishes this task?

A.

Option A

A.

Option A

Answers
B.

Option B

B.

Option B

Answers
C.

Option C

C.

Option C

Answers
D.

Option D

D.

Option D

Answers
Suggested answer: C

Explanation:

Reference: https://community.cisco.com/t5/vpn/starting-anyconnect-vpn-through-rdp-session-oncisco-891/td- p/2128284

Question 24

Report
Export
Collapse

Refer to the exhibit.

Which two commands under the tunnel-group webvpn-attributes result in a Cisco AnyConnect user receiving the AnyConnect prompt in the exhibit? (Choose two.)

A.

group-url https://172.16.31.10/General enable

A.

group-url https://172.16.31.10/General enable

Answers
B.

group-policy General internal

B.

group-policy General internal

Answers
C.

authentication aaa

C.

authentication aaa

Answers
D.

authentication certificate

D.

authentication certificate

Answers
E.

group-alias General enable

E.

group-alias General enable

Answers
Suggested answer: C, E

Explanation:

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generationfirewalls/98580-enable-group-dropdown.html

Question 25

Report
Export
Collapse

Which requirement is needed to use local authentication for Cisco AnyConnect Secure Mobility Clients that connect to a FlexVPN server?

A.

use of certificates instead of username and password

A.

use of certificates instead of username and password

Answers
B.

EAP-AnyConnect

B.

EAP-AnyConnect

Answers
C.

EAP query-identity

C.

EAP query-identity

Answers
D.

AnyConnect profile

D.

AnyConnect profile

Answers
Suggested answer: B

Explanation:

https://www.cisco.com/c/en/us/support/docs/security/flexvpn/200555-FlexVPN-AnyConnect-IKEv2-Remote-Access.pdf

Reference: https://www.cisco.com/c/en/us/support/docs/security/flexvpn/200555-FlexVPNAnyConnect-IKEv2- Remote-Access.html

Question 26

Report
Export
Collapse

Which IKE identity does an IOS/IOS-XE headend expect to receive if an IPsec Cisco AnyConnect client uses default settings?

A.

*$SecureMobilityClient$*

A.

*$SecureMobilityClient$*

Answers
B.

*$AnyConnectClient$*

B.

*$AnyConnectClient$*

Answers
C.

*$RemoteAccessVpnClient$*

C.

*$RemoteAccessVpnClient$*

Answers
D.

*$DfltlkeldentityS*

D.

*$DfltlkeldentityS*

Answers
Suggested answer: B

Explanation:

Reference: https://www.cisco.com/c/en/us/support/docs/security/flexvpn/200555-FlexVPNAnyConnect-IKEv2- Remote-Access.html

Question 27

Report
Export
Collapse

Refer to the exhibit.

Which VPN technology is allowed for users connecting to the Employee tunnel group?

A.

SSL AnyConnect

A.

SSL AnyConnect

Answers
B.

IKEv2 AnyConnect

B.

IKEv2 AnyConnect

Answers
C.

crypto map

C.

crypto map

Answers
D.

clientless

D.

clientless

Answers
Suggested answer: D

Explanation:

When you configure other group policies, any attribute that you do not explicitly specify takes its value from the default group policy. To view the default group policy.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/vpngrp.html

Question 28

Report
Export
Collapse

Refer to the exhibit.

An engineer is troubleshooting a new GRE over IPsec tunnel. The tunnel is established but the engineer cannot ping from spoke 1 to spoke 2. Which type of traffic is being blocked?

A.

ESP packets from spoke2 to spoke1

A.

ESP packets from spoke2 to spoke1

Answers
B.

ISAKMP packets from spoke2 to spoke1

B.

ISAKMP packets from spoke2 to spoke1

Answers
C.

ESP packets from spoke1 to spoke2

C.

ESP packets from spoke1 to spoke2

Answers
D.

ISAKMP packets from spoke1 to spoke2

D.

ISAKMP packets from spoke1 to spoke2

Answers
Suggested answer: A

Question 29

Report
Export
Collapse

Which command is used to troubleshoot an IPv6 FlexVPN spoke-to-hub connectivity failure?

A.

show crypto ikev2 sa

A.

show crypto ikev2 sa

Answers
B.

show crypto isakmp sa

B.

show crypto isakmp sa

Answers
C.

show crypto gkm

C.

show crypto gkm

Answers
D.

show crypto identity

D.

show crypto identity

Answers
Suggested answer: A

Explanation:

Reference: https://www.cisco.com/c/en/us/support/docs/security/flexvpn/116413-configureflexvpn-00.pdf

Question 30

Report
Export
Collapse

In a FlexVPN deployment, the spokes successfully connect to the hub, but spoke-to-spoke tunnels do not form. Which troubleshooting step solves the issue?

A.

Verify the spoke configuration to check if the NHRP redirect is enabled.

A.

Verify the spoke configuration to check if the NHRP redirect is enabled.

Answers
B.

Verify that the spoke receives redirect messages and sends resolution requests.

B.

Verify that the spoke receives redirect messages and sends resolution requests.

Answers
C.

Verify the hub configuration to check if the NHRP shortcut is enabled.

C.

Verify the hub configuration to check if the NHRP shortcut is enabled.

Answers
D.

Verify that the tunnel interface is contained within a VRF.

D.

Verify that the tunnel interface is contained within a VRF.

Answers
Suggested answer: B

Explanation:

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/15-mt/sec-conn- dmvpn-15-mt-book/sec-conn-dmvpn-summ-maps.pdf

Total 175 questions
Go to page: of 18
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms