ExamGecko
Search Search Login
Home Home / Cisco / 300-730

Cisco 300-730 Practice Test - Questions Answers, Page 5

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the exhibit. The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch is the problem?
A DMVPN spoke is configured with IKEv1 to secure the tunnel. Despite having a configuration similar to other working spokes, the tunnel is not coming up. Packet captures on the spoke show packets leaving the spoke router, but not making it to the hub router. Which solution resolves this issue?
Refer to the exhibit. An engineer must allow Cisco AnyConnect users to access the outside interface using protocol UDP 500/4500. In addition, these clients must be able to establish an SSL connection to update Cisco AnyConnect software over the same connection. Which two actions must be taken to achieve this goal? (Choose two.)
Cisco AnyConnect Secure Mobility Client has been configured to use IKEv2 for one group of users and SSL for another group. When the administrator configures a new AnyConnect release on the Cisco ASA, the IKEv2 users cannot download it automatically when they connect. What might be the problem?
An engineer has successfully established a Phase 1 and Phase 2 tunnel between two sites. Site A has internal subnet 192.168.0.0/24 and Site B has internal subnet 10.0.0.0/24. The engineer notices that no packets are decrypted at Site B. Pings to 192.168.0.1 from internal Site B devices make it to the Site B router, and the Site A router has incrementing encrypt and decrypt counters. What must be done to ensure bidirectional communication between both sites?
Which feature allows a DMVPN Phase 3 spoke to switch to an alternate hub when the primary hub is unreachable?
What must be configured in a FlexVPN deployment to allow for direct communication between spokes connected to different hubs?
Users cannot log in to a Cisco ASA using clientless SSLVPN. Troubleshooting reveals the error message "WebVPN session terminated: Client type not supported". Which step does the administrator take to resolve this issue?
Which two statements about the Cisco ASA Clientless SSL VPN solution are true? (Choose two.)
Which command identifies a Cisco AnyConnect profile that was uploaded to the flash of an IOS router?

Question 41

Report
Export
Collapse

Which technology works with IPsec stateful failover?

A.

GLBR

A.

GLBR

Answers
B.

HSRP

B.

HSRP

Answers
C.

GRE

C.

GRE

Answers
D.

VRRP

D.

VRRP

Answers
Suggested answer: B

Explanation:

HSRP (Hot Standby Router Protocol). HSRP is a Cisco proprietary protocol that provides stateful failover for IPsec virtual private networks (VPNs). It is used to create a virtual router in order to provide redundancy in the event of an IPsec VPN failure. HSRP works by assigning a single primary router to manage the connection and forwarding traffic to the secondary router if the primary router fails.

Question 42

Report
Export
Collapse

What are two functions of ECDH and ECDSA? (Choose two.)

A.

nonrepudiation

A.

nonrepudiation

Answers
B.

revocation

B.

revocation

Answers
C.

digital signature

C.

digital signature

Answers
D.

key exchange

D.

key exchange

Answers
E.

encryption

E.

encryption

Answers
Suggested answer: C, D

Explanation:

Reference: https://tools.cisco.com/security/center/resources/next_generation_cryptography

Question 43

Report
Export
Collapse

What uses an Elliptic Curve key exchange algorithm?

A.

ECDSA

A.

ECDSA

Answers
B.

ECDHE

B.

ECDHE

Answers
C.

AES-GCM

C.

AES-GCM

Answers
D.

SHA

D.

SHA

Answers
Suggested answer: B

Explanation:

Reference: https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curvecryptography/

Question 44

Report
Export
Collapse

Which two remote access VPN solutions support SSL? (Choose two.)

A.

FlexVPN

A.

FlexVPN

Answers
B.

clientless

B.

clientless

Answers
C.

EZVPN

C.

EZVPN

Answers
D.

L2TP

D.

L2TP

Answers
E.

Cisco AnyConnect

E.

Cisco AnyConnect

Answers
Suggested answer: B, E

Question 45

Report
Export
Collapse

Which VPN solution uses TBAR?

A.

GETVPN

A.

GETVPN

Answers
B.

VTI

B.

VTI

Answers
C.

DMVPN

C.

DMVPN

Answers
D.

Cisco AnyConnect

D.

Cisco AnyConnect

Answers
Suggested answer: A

Explanation:

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_getvpn/configuration/xe-3s/sec-get- vpn-xe-3s-book/sec-get-vpn.html

Question 46

Report
Export
Collapse

Which two commands help determine why the NHRP registration process is not being completed even after the IPsec tunnel is up? (Choose two.)

A.

show crypto isakmp sa

A.

show crypto isakmp sa

Answers
B.

show ip traffic

B.

show ip traffic

Answers
C.

show crypto ipsec sa

C.

show crypto ipsec sa

Answers
D.

show ip nhrp traffic

D.

show ip nhrp traffic

Answers
E.

show dmvpn detail

E.

show dmvpn detail

Answers
Suggested answer: A, D

Explanation:

https://www.cisco.com/c/en/us/support/docs/security/dynamic-multipoint-vpn-dmvpn/111976-dmvpn-troubleshoot-00.html

Question 47

Report
Export
Collapse

Refer to the exhibit.

All internal clients behind the ASA are port address translated to the public outside interface that has an IP address of 3.3.3.3. Client 1 and client 2 have established successful SSL VPN connections to the ASA. What must be implemented so that "3.3.3.3" is returned from a browser search on the IP address?

A.

Same-security-traffic permit inter-interface under Group Policy


A.

Same-security-traffic permit inter-interface under Group Policy


Answers
B.

Exclude Network List Below under Group Policy


B.

Exclude Network List Below under Group Policy


Answers
C.

Tunnel All Networks under Group Policy


C.

Tunnel All Networks under Group Policy


Answers
D.

Tunnel Network List Below under Group Policy


D.

Tunnel Network List Below under Group Policy


Answers
Suggested answer: C

Explanation:

The reason is that by default, the SSL VPN clients use split tunneling, which means they only send trafficdestined for the corporate network through the VPN tunnel, and use their local gateway for other

traffic, such as browsing the internet. This means that when they search for their IP address on abrowser, they will see their local IP address, not the IP address of the ASA.To change this behavior, you need to configure the Group Policy on the ASA to tunnel all networks,which means that all traffic from the SSL VPN clients will go through the VPN tunnel, regardless of thedestination. This way, when they search for their IP address on a browser, they will see the IP address ofthe ASA, which is 3.3.3.3.To configure tunnel all networks under Group Policy, you can use either ASDM or CLI.For example, usingASDM, you can follow these steps1:Choose Configuration > Remote Access VPN > Network (Client) Access > Group Policies.Select the group policy that you want to modify and click Edit.In the Edit Internal Group Policy window, choose Advanced > Split Tunneling.In the Policy drop-down list, choose Tunnel All Networks.Click OK and then Apply.Using CLI, you can enter these commands:ciscoasa(config)# group-policy <group_policy_name> attributes ciscoasa(config-group-policy)# split-tunnel-policy tunnelall

Question 48

Report
Export
Collapse

Cisco AnyConnect clients need to transfer large files over the VPN sessions. Which protocol provides the best throughput?

A.

SSL/TLS

A.

SSL/TLS

Answers
B.

L2TP

B.

L2TP

Answers
C.

DTLS

C.

DTLS

Answers
D.

IPsec IKEv1

D.

IPsec IKEv1

Answers
Suggested answer: C

Question 49

Report
Export
Collapse

Refer to the exhibit.

Which VPN technology is used in the exhibit?

A.

DVTI

A.

DVTI

Answers
B.

VTI

B.

VTI

Answers
C.

DMVPN

C.

DMVPN

Answers
D.

GRE

D.

GRE

Answers
Suggested answer: B

Explanation:

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/zZArchive/IPsec_Virtual_Tunnel_Interface.html#GUID-EB8C433B-2394-42B9-997F-B40803E58A91

Question 50

Report
Export
Collapse

Which VPN does VPN load balancing on the ASA support?

A.

VTI

A.

VTI

Answers
B.

IPsec site-to-site tunnels

B.

IPsec site-to-site tunnels

Answers
C.

L2TP over IPsec

C.

L2TP over IPsec

Answers
D.

Cisco AnyConnect

D.

Cisco AnyConnect

Answers
Suggested answer: D
Total 175 questions
Go to page: of 18
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms