Ask Question
Cisco 300-730 Practice Test - Questions Answers, Page 4
Add to Whishlist
List of questions
Question 31
An engineer is troubleshooting a new DMVPN setup on a Cisco IOS router. After the show crypto isakmp sa command is issued, a response is returned of "MM_NO_STATE." Why does this failure occur?
The ISAKMP policy priority values are invalid.
ESP traffic is being dropped.
The Phase 1 policy does not match on both devices.
Tunnel protection is not applied to the DMVPN tunnel.
https://www.cisco.com/c/en/us/support/docs/security/dynamic-multipoint-vpn-dmvpn/111976-dmvpn-troubleshoot-00.htmlThe MMNOSTATE failure occurs when the ISAKMP policy priority values are not configured correctlyon both devices.
The ISAKMP policy priority values are used to determine the order in which theISAKMP policies are applied. If the priority values do not match between the two devices, theISAKMP tunnel may not be established correctly, resulting in the MMNOSTATE failure. To resolve thisissue, the engineer should ensure that the ISAKMP policy priority values are configured correctly onboth the router and the peer.
Question 32
Refer to the exhibit.
The customer can establish a Cisco AnyConnect connection without using an XML profile. When the host "ikev2" is selected in the AnyConnect drop down, the connection fails. What is the cause of this issue?
The HostName is incorrect.
The IP address is incorrect.
Primary protocol should be SSL.
UserGroup must match connection profile.
User Group---Specify a user group. The user group is used in conjunction with Host Address to form agroup-based URL. If you specify the Primary Protocol as IPsec, the User Group must be the exact nameof the connection profile (tunnel group). For SSL, the user group is the group-url of the connectionprofile
Question 33
Refer to the exhibit.
A site-to-site tunnel between two sites is not coming up. Based on the debugs, what is the cause of this issue?
An authentication failure occurs on the remote peer.
A certificate fragmentation issue occurs between both sides.
UDP 4500 traffic from the peer does not reach the router.
An authentication failure occurs on the router.
Question 34
Refer to the exhibit.
Based on the debug output, which type of mismatch is preventing the VPN from coming up?
interesting traffic
lifetime
preshared key
PFS
The first of the two TS payloads is known as TSi (Traffic Selector- initiator). The second is known as TSr (Traffic Selector-responder). TSi specifies the source address of traffic forwarded from (or the destination address of traffic forwarded to) the initiator of the Child SA pair. https://www.rfceditor. org/rfc/rfc5996#page-40 If the responder's policy does not allow it to accept any part of the proposed Traffic Selectors, it responds with a TS_UNACCEPTABLE Notify message.
Question 35
Refer to the exhibit.
The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch is the problem?
preshared key
peer identity
transform set
ikev2 proposal
Question 36
Refer to the exhibit.
Which type of mismatch is causing the problem with the IPsec VPN tunnel?
crypto access list
Phase 1 policy
transform set
preshared key
IKE Message from X.X.X.X Failed its Sanity Check or is MalformedThis debug error appears if the pre-shared keys on the peers do not match. In order to fix this issue,check the pre-shared keys on both sides.1d00H:%CRPTO-4-IKMP_BAD_MESSAGE: IKE message from 198.51.100.1 failed its
sanity check or is malformedhttps://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug-00.html#anc17
Question 37
Refer to the exhibit.
What is a result of this configuration?
Spoke 1 fails the authentication because the authentication methods are incorrect.
Spoke 2 passes the authentication to the hub and successfully proceeds to phase 2.
Spoke 2 fails the authentication because the remote authentication method is incorrect.
Spoke 1 passes the authentication to the hub and successfully proceeds to phase 2.
Question 38
Refer to the exhibit.
Client 1 cannot communicate with client 2. Both clients are using Cisco AnyConnect and have established a successful SSL VPN connection to the hub AS
Which command on the ASA is missing?
dns-server value 10.1.1.2
same-security-traffic permit intra-interface
same-security-traffic permit inter-interface
dns-server value 10.1.1.3
The same-security-traffic intra-interface command lets traffic enter and exit the same interface, which is normally not allowed. This feature might be useful for VPN traffic that enters an interface, but is then routed out the same interface.
The VPN traffic might be unencrypted in this case, or it might be reencrypted for another VPN connection. For example, if you have a hub and spoke VPN network, where the security appliance is the hub, and remote VPN networks are spokes, for one spoke to communicate with another spoke, traffic must go into the security appliance and then out again to the other spoke.
Question 39
Refer to the exhibit.
An SSL client is connecting to an ASA headend. The session fails with the message “Connection attempt has timed out. Please verify Internet connectivity.” Based on how the packet is processed, which phase is causing the failure?
phase 9: rpf-check
phase 5: NAT
phase 4: ACCESS-LIST
phase 3: UN-NAT
Topic 4, Secure Communications Architectures
Question 40
Which redundancy protocol must be implemented for IPsec stateless failover to work?
SSO
GLBP
HSRP
VRRP
IPsec failover fallsinto two categories:statelessfailover and stateful failover.Statelessfailover usesprotocols such as the Hot Standby Router Protocol (HSRP) to provide primary-to-secondary cutover andalso allows the active and standby VPN gateways to share a common virtual IP address
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to Support@examgecko.com.
|
BASIC - 1 Month
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
15
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
40
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Selling illegal goods, money scams etc.
Serious attack on a group.
Harassing an individual (including doxing)
Threatening or glorifying violence or serious harm, including self-harm
Nudity/Sexual content
Sexually explicit or suggestive imagery or writing involving minors
Sexually explicit or suggestive imagery or writing involving non-consenting adults or non-humans
Reusing content without attribution (link and blockquotes)
Not in English or has very bad formatting, grammar, and spelling
Author's credential is offensive, spam, or impersonation
Ex. Illegal content, incomplete question...
Question