ExamGecko
Search Search Login
Home Home / Cisco / 300-730

Cisco 300-730 Practice Test - Questions Answers, Page 4

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the exhibit. The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch is the problem?
A DMVPN spoke is configured with IKEv1 to secure the tunnel. Despite having a configuration similar to other working spokes, the tunnel is not coming up. Packet captures on the spoke show packets leaving the spoke router, but not making it to the hub router. Which solution resolves this issue?
Refer to the exhibit. An engineer must allow Cisco AnyConnect users to access the outside interface using protocol UDP 500/4500. In addition, these clients must be able to establish an SSL connection to update Cisco AnyConnect software over the same connection. Which two actions must be taken to achieve this goal? (Choose two.)
Cisco AnyConnect Secure Mobility Client has been configured to use IKEv2 for one group of users and SSL for another group. When the administrator configures a new AnyConnect release on the Cisco ASA, the IKEv2 users cannot download it automatically when they connect. What might be the problem?
An engineer has successfully established a Phase 1 and Phase 2 tunnel between two sites. Site A has internal subnet 192.168.0.0/24 and Site B has internal subnet 10.0.0.0/24. The engineer notices that no packets are decrypted at Site B. Pings to 192.168.0.1 from internal Site B devices make it to the Site B router, and the Site A router has incrementing encrypt and decrypt counters. What must be done to ensure bidirectional communication between both sites?
Which feature allows a DMVPN Phase 3 spoke to switch to an alternate hub when the primary hub is unreachable?
What must be configured in a FlexVPN deployment to allow for direct communication between spokes connected to different hubs?
Users cannot log in to a Cisco ASA using clientless SSLVPN. Troubleshooting reveals the error message "WebVPN session terminated: Client type not supported". Which step does the administrator take to resolve this issue?
Which two statements about the Cisco ASA Clientless SSL VPN solution are true? (Choose two.)
Which command identifies a Cisco AnyConnect profile that was uploaded to the flash of an IOS router?

Question 31

Report
Export
Collapse

An engineer is troubleshooting a new DMVPN setup on a Cisco IOS router. After the show crypto isakmp sa command is issued, a response is returned of "MM_NO_STATE." Why does this failure occur?

A.

The ISAKMP policy priority values are invalid.

A.

The ISAKMP policy priority values are invalid.

Answers
B.

ESP traffic is being dropped.

B.

ESP traffic is being dropped.

Answers
C.

The Phase 1 policy does not match on both devices.

C.

The Phase 1 policy does not match on both devices.

Answers
D.

Tunnel protection is not applied to the DMVPN tunnel.

D.

Tunnel protection is not applied to the DMVPN tunnel.

Answers
Suggested answer: C

Explanation:

https://www.cisco.com/c/en/us/support/docs/security/dynamic-multipoint-vpn-dmvpn/111976-dmvpn-troubleshoot-00.htmlThe MMNOSTATE failure occurs when the ISAKMP policy priority values are not configured correctlyon both devices.

The ISAKMP policy priority values are used to determine the order in which theISAKMP policies are applied. If the priority values do not match between the two devices, theISAKMP tunnel may not be established correctly, resulting in the MMNOSTATE failure. To resolve thisissue, the engineer should ensure that the ISAKMP policy priority values are configured correctly onboth the router and the peer.

Question 32

Report
Export
Collapse

Refer to the exhibit.

The customer can establish a Cisco AnyConnect connection without using an XML profile. When the host "ikev2" is selected in the AnyConnect drop down, the connection fails. What is the cause of this issue?

A.

The HostName is incorrect.

A.

The HostName is incorrect.

Answers
B.

The IP address is incorrect.

B.

The IP address is incorrect.

Answers
C.

Primary protocol should be SSL.

C.

Primary protocol should be SSL.

Answers
D.

UserGroup must match connection profile.

D.

UserGroup must match connection profile.

Answers
Suggested answer: D

Explanation:

User Group---Specify a user group. The user group is used in conjunction with Host Address to form agroup-based URL. If you specify the Primary Protocol as IPsec, the User Group must be the exact nameof the connection profile (tunnel group). For SSL, the user group is the group-url of the connectionprofile

Question 33

Report
Export
Collapse

Refer to the exhibit.

A site-to-site tunnel between two sites is not coming up. Based on the debugs, what is the cause of this issue?

A.

An authentication failure occurs on the remote peer.

A.

An authentication failure occurs on the remote peer.

Answers
B.

A certificate fragmentation issue occurs between both sides.

B.

A certificate fragmentation issue occurs between both sides.

Answers
C.

UDP 4500 traffic from the peer does not reach the router.

C.

UDP 4500 traffic from the peer does not reach the router.

Answers
D.

An authentication failure occurs on the router.

D.

An authentication failure occurs on the router.

Answers
Suggested answer: C

Question 34

Report
Export
Collapse

Refer to the exhibit.

Based on the debug output, which type of mismatch is preventing the VPN from coming up?

A.

interesting traffic

A.

interesting traffic

Answers
B.

lifetime

B.

lifetime

Answers
C.

preshared key

C.

preshared key

Answers
D.

PFS

D.

PFS

Answers
Suggested answer: A

Explanation:

The first of the two TS payloads is known as TSi (Traffic Selector- initiator). The second is known as TSr (Traffic Selector-responder). TSi specifies the source address of traffic forwarded from (or the destination address of traffic forwarded to) the initiator of the Child SA pair. https://www.rfceditor. org/rfc/rfc5996#page-40 If the responder's policy does not allow it to accept any part of the proposed Traffic Selectors, it responds with a TS_UNACCEPTABLE Notify message.

Question 35

Report
Export
Collapse

Refer to the exhibit.

The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch is the problem?

A.

preshared key

A.

preshared key

Answers
B.

peer identity

B.

peer identity

Answers
C.

transform set

C.

transform set

Answers
D.

ikev2 proposal

D.

ikev2 proposal

Answers
Suggested answer: B

Question 36

Report
Export
Collapse

Refer to the exhibit.

Which type of mismatch is causing the problem with the IPsec VPN tunnel?

A.

crypto access list

A.

crypto access list

Answers
B.

Phase 1 policy

B.

Phase 1 policy

Answers
C.

transform set

C.

transform set

Answers
D.

preshared key

D.

preshared key

Answers
Suggested answer: D

Explanation:

IKE Message from X.X.X.X Failed its Sanity Check or is MalformedThis debug error appears if the pre-shared keys on the peers do not match. In order to fix this issue,check the pre-shared keys on both sides.1d00H:%CRPTO-4-IKMP_BAD_MESSAGE: IKE message from 198.51.100.1 failed its

sanity check or is malformedhttps://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug-00.html#anc17

Question 37

Report
Export
Collapse

Refer to the exhibit.

What is a result of this configuration?

A.

Spoke 1 fails the authentication because the authentication methods are incorrect.

A.

Spoke 1 fails the authentication because the authentication methods are incorrect.

Answers
B.

Spoke 2 passes the authentication to the hub and successfully proceeds to phase 2.

B.

Spoke 2 passes the authentication to the hub and successfully proceeds to phase 2.

Answers
C.

Spoke 2 fails the authentication because the remote authentication method is incorrect.

C.

Spoke 2 fails the authentication because the remote authentication method is incorrect.

Answers
D.

Spoke 1 passes the authentication to the hub and successfully proceeds to phase 2.

D.

Spoke 1 passes the authentication to the hub and successfully proceeds to phase 2.

Answers
Suggested answer: A

Question 38

Report
Export
Collapse

Refer to the exhibit.

Client 1 cannot communicate with client 2. Both clients are using Cisco AnyConnect and have established a successful SSL VPN connection to the hub AS

A.

Which command on the ASA is missing?

A.

Which command on the ASA is missing?

Answers
B.

dns-server value 10.1.1.2

B.

dns-server value 10.1.1.2

Answers
C.

same-security-traffic permit intra-interface

C.

same-security-traffic permit intra-interface

Answers
D.

same-security-traffic permit inter-interface

D.

same-security-traffic permit inter-interface

Answers
E.

dns-server value 10.1.1.3

E.

dns-server value 10.1.1.3

Answers
Suggested answer: B

Explanation:

The same-security-traffic intra-interface command lets traffic enter and exit the same interface, which is normally not allowed. This feature might be useful for VPN traffic that enters an interface, but is then routed out the same interface.

The VPN traffic might be unencrypted in this case, or it might be reencrypted for another VPN connection. For example, if you have a hub and spoke VPN network, where the security appliance is the hub, and remote VPN networks are spokes, for one spoke to communicate with another spoke, traffic must go into the security appliance and then out again to the other spoke.

Question 39

Report
Export
Collapse

Refer to the exhibit.

An SSL client is connecting to an ASA headend. The session fails with the message “Connection attempt has timed out. Please verify Internet connectivity.” Based on how the packet is processed, which phase is causing the failure?

A.

phase 9: rpf-check

A.

phase 9: rpf-check

Answers
B.

phase 5: NAT

B.

phase 5: NAT

Answers
C.

phase 4: ACCESS-LIST

C.

phase 4: ACCESS-LIST

Answers
D.

phase 3: UN-NAT

D.

phase 3: UN-NAT

Answers
Suggested answer: D

Explanation:

Topic 4, Secure Communications Architectures

Question 40

Report
Export
Collapse

Which redundancy protocol must be implemented for IPsec stateless failover to work?

A.

SSO

A.

SSO

Answers
B.

GLBP

B.

GLBP

Answers
C.

HSRP

C.

HSRP

Answers
D.

VRRP

D.

VRRP

Answers
Suggested answer: C

Explanation:

IPsec failover fallsinto two categories:statelessfailover and stateful failover.Statelessfailover usesprotocols such as the Hot Standby Router Protocol (HSRP) to provide primary-to-secondary cutover andalso allows the active and standby VPN gateways to share a common virtual IP address

Total 175 questions
Go to page: of 18
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms