ExamGecko
Login
Home / Cisco / 300-730 / List of questions
Ask Question

Cisco 300-730 Practice Test - Questions Answers, Page 4

Add to Whishlist

List of questions

Question 31

Report Export Collapse

An engineer is troubleshooting a new DMVPN setup on a Cisco IOS router. After the show crypto isakmp sa command is issued, a response is returned of "MM_NO_STATE." Why does this failure occur?

The ISAKMP policy priority values are invalid.

The ISAKMP policy priority values are invalid.

ESP traffic is being dropped.

ESP traffic is being dropped.

The Phase 1 policy does not match on both devices.

The Phase 1 policy does not match on both devices.

Tunnel protection is not applied to the DMVPN tunnel.

Tunnel protection is not applied to the DMVPN tunnel.

Suggested answer: C
Explanation:

https://www.cisco.com/c/en/us/support/docs/security/dynamic-multipoint-vpn-dmvpn/111976-dmvpn-troubleshoot-00.htmlThe MMNOSTATE failure occurs when the ISAKMP policy priority values are not configured correctlyon both devices.

The ISAKMP policy priority values are used to determine the order in which theISAKMP policies are applied. If the priority values do not match between the two devices, theISAKMP tunnel may not be established correctly, resulting in the MMNOSTATE failure. To resolve thisissue, the engineer should ensure that the ISAKMP policy priority values are configured correctly onboth the router and the peer.

asked 10/10/2024
Flamur Kapaj
50 questions

Question 32

Report Export Collapse

Refer to the exhibit.

Cisco 300-730 image Question 32 114550 10102024232758000000

The customer can establish a Cisco AnyConnect connection without using an XML profile. When the host "ikev2" is selected in the AnyConnect drop down, the connection fails. What is the cause of this issue?

The HostName is incorrect.

The HostName is incorrect.

The IP address is incorrect.

The IP address is incorrect.

Primary protocol should be SSL.

Primary protocol should be SSL.

UserGroup must match connection profile.

UserGroup must match connection profile.

Suggested answer: D
Explanation:

User Group---Specify a user group. The user group is used in conjunction with Host Address to form agroup-based URL. If you specify the Primary Protocol as IPsec, the User Group must be the exact nameof the connection profile (tunnel group). For SSL, the user group is the group-url of the connectionprofile

asked 10/10/2024
John Russell
26 questions

Question 33

Report Export Collapse

Refer to the exhibit.

Cisco 300-730 image Question 33 114551 10102024232758000000

A site-to-site tunnel between two sites is not coming up. Based on the debugs, what is the cause of this issue?

An authentication failure occurs on the remote peer.

An authentication failure occurs on the remote peer.

A certificate fragmentation issue occurs between both sides.

A certificate fragmentation issue occurs between both sides.

UDP 4500 traffic from the peer does not reach the router.

UDP 4500 traffic from the peer does not reach the router.

An authentication failure occurs on the router.

An authentication failure occurs on the router.

Suggested answer: C
asked 10/10/2024
Carlos Antonio Cardenas Lee
40 questions

Question 34

Report Export Collapse

Refer to the exhibit.

Cisco 300-730 image Question 34 114552 10102024232758000000

Based on the debug output, which type of mismatch is preventing the VPN from coming up?

interesting traffic

interesting traffic

lifetime

lifetime

preshared key

preshared key

PFS

PFS

Suggested answer: A
Explanation:

The first of the two TS payloads is known as TSi (Traffic Selector- initiator). The second is known as TSr (Traffic Selector-responder). TSi specifies the source address of traffic forwarded from (or the destination address of traffic forwarded to) the initiator of the Child SA pair. https://www.rfceditor. org/rfc/rfc5996#page-40 If the responder's policy does not allow it to accept any part of the proposed Traffic Selectors, it responds with a TS_UNACCEPTABLE Notify message.

asked 10/10/2024
Keshava Channabyraiah
39 questions

Question 35

Report Export Collapse

Refer to the exhibit.

Cisco 300-730 image Question 35 114553 10102024232758000000

The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch is the problem?

Become a Premium Member for full access
  Unlock Premium Member

Question 36

Report Export Collapse

Refer to the exhibit.

Cisco 300-730 image Question 36 114554 10102024232758000000

Which type of mismatch is causing the problem with the IPsec VPN tunnel?

Become a Premium Member for full access
  Unlock Premium Member

Question 37

Report Export Collapse

Refer to the exhibit.

Cisco 300-730 image Question 37 114555 10102024232758000000

What is a result of this configuration?

Become a Premium Member for full access
  Unlock Premium Member

Question 38

Report Export Collapse

Refer to the exhibit.

Cisco 300-730 image Question 38 114556 10102024232758000000

Client 1 cannot communicate with client 2. Both clients are using Cisco AnyConnect and have established a successful SSL VPN connection to the hub AS

Become a Premium Member for full access
  Unlock Premium Member

Question 39

Report Export Collapse

Refer to the exhibit.

Cisco 300-730 image Question 39 114557 10102024232758000000

An SSL client is connecting to an ASA headend. The session fails with the message “Connection attempt has timed out. Please verify Internet connectivity.” Based on how the packet is processed, which phase is causing the failure?

Become a Premium Member for full access
  Unlock Premium Member

Question 40

Report Export Collapse

Which redundancy protocol must be implemented for IPsec stateless failover to work?

Become a Premium Member for full access
  Unlock Premium Member
Total 175 questions
Go to page: of 18
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the exhibit. The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch is the problem?
Which two NHRP functions are specific to DMVPN Phase 3 implementation? (Choose two.)
A company's remote locations connect to the data centers via MPLS. A new request requires that unicast and multicast traffic that exits in the remote locations be encrypted. Which non-tunneled technology should be used to satisfy this requirement?
A DMVPN spoke is configured with IKEv1 to secure the tunnel. Despite having a configuration similar to other working spokes, the tunnel is not coming up. Packet captures on the spoke show packets leaving the spoke router, but not making it to the hub router. Which solution resolves this issue?
Which feature allows a DMVPN Phase 3 spoke to switch to an alternate hub when the primary hub is unreachable?
Which two features provide headend resiliency for Cisco AnyConnect clients? (Choose two.)
What must be configured in a FlexVPN deployment to allow for direct communication between spokes connected to different hubs?
Which two statements about the Cisco ASA Clientless SSL VPN solution are true? (Choose two.)
A Cisco AnyConnect client establishes a SSL VPN connection with an ASA at the corporate office. An engineer must ensure that the client computer meets the enterprise security policy. Which feature can update the client to meet an enterprise security policy?
An administrator is designing a VPN with a partner's non-Cisco VPN solution. The partner's VPN device will negotiate an IKEv2 tunnel that will only encrypt subnets 192.168.0.0/24 going to 10.0.0.0/24. Which technology must be used to meet these requirements?