ExamGecko
Search Search Login
Home Home / Cisco / 300-730

Cisco 300-730 Practice Test - Questions Answers, Page 6

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the exhibit. The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch is the problem?
A DMVPN spoke is configured with IKEv1 to secure the tunnel. Despite having a configuration similar to other working spokes, the tunnel is not coming up. Packet captures on the spoke show packets leaving the spoke router, but not making it to the hub router. Which solution resolves this issue?
Refer to the exhibit. An engineer must allow Cisco AnyConnect users to access the outside interface using protocol UDP 500/4500. In addition, these clients must be able to establish an SSL connection to update Cisco AnyConnect software over the same connection. Which two actions must be taken to achieve this goal? (Choose two.)
Cisco AnyConnect Secure Mobility Client has been configured to use IKEv2 for one group of users and SSL for another group. When the administrator configures a new AnyConnect release on the Cisco ASA, the IKEv2 users cannot download it automatically when they connect. What might be the problem?
An engineer has successfully established a Phase 1 and Phase 2 tunnel between two sites. Site A has internal subnet 192.168.0.0/24 and Site B has internal subnet 10.0.0.0/24. The engineer notices that no packets are decrypted at Site B. Pings to 192.168.0.1 from internal Site B devices make it to the Site B router, and the Site A router has incrementing encrypt and decrypt counters. What must be done to ensure bidirectional communication between both sites?
Which feature allows a DMVPN Phase 3 spoke to switch to an alternate hub when the primary hub is unreachable?
What must be configured in a FlexVPN deployment to allow for direct communication between spokes connected to different hubs?
Users cannot log in to a Cisco ASA using clientless SSLVPN. Troubleshooting reveals the error message "WebVPN session terminated: Client type not supported". Which step does the administrator take to resolve this issue?
Which two statements about the Cisco ASA Clientless SSL VPN solution are true? (Choose two.)
What are two advantages of using GETVPN to traverse over the network between corporate offices? (Choose two.)

Question 51

Report
Export
Collapse

Which parameter must match on all routers in a DMVPN Phase 3 cloud?

A.

GRE tunnel key

A.

GRE tunnel key

Answers
B.

NHRP network ID

B.

NHRP network ID

Answers
C.

tunnel VRF

C.

tunnel VRF

Answers
D.

EIGRP split-horizon setting

D.

EIGRP split-horizon setting

Answers
Suggested answer: A

Explanation:

NHRP network IDs are locally significant and can be different. It makes sense from a deployment andmaintenance perspective to use unique network ID numbers (using the ip nhrp network-id command)across all routers in a DMVPN network, but it is not necessary that they be the same.https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/15-mt/sec-conn-dmvpn-15-mt-book/sec-conn-dmvpn-dmvpn.html

Question 52

Report
Export
Collapse

Which parameter is initially used to elect the primary key server from a group of key servers?

A.

code version

A.

code version

Answers
B.

highest IP address

B.

highest IP address

Answers
C.

highest-priority value

C.

highest-priority value

Answers
D.

lowest IP address

D.

lowest IP address

Answers
Suggested answer: C

Explanation:

Reference: https://www.cisco.com/c/en/us/products/collateral/security/group-encrypted-transportvpn/deployment_guide_c07_554713.html

Question 53

Report
Export
Collapse

A Cisco ASA is configured in active/standby mode. What is needed to ensure that Cisco AnyConnect users can connect after a failover event?

A.

AnyConnect images must be uploaded to both failover ASA devices.

A.

AnyConnect images must be uploaded to both failover ASA devices.

Answers
B.

The vpnsession-db must be cleared manually.

B.

The vpnsession-db must be cleared manually.

Answers
C.

Configure a backup server in the XML profile.

C.

Configure a backup server in the XML profile.

Answers
D.

AnyConnect client must point to the standby IP address.

D.

AnyConnect client must point to the standby IP address.

Answers
Suggested answer: A

Explanation:

Reference:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ha_active_standby.html

Question 54

Report
Export
Collapse

Which benefit of FlexVPN is a limitation of DMVPN using IKEv1?

A.

GRE encapsulation allows for forwarding of non-IP traffic.

A.

GRE encapsulation allows for forwarding of non-IP traffic.

Answers
B.

IKE implementation can install routes in routing table.

B.

IKE implementation can install routes in routing table.

Answers
C.

NHRP authentication provides enhanced security.

C.

NHRP authentication provides enhanced security.

Answers
D.

Dynamic routing protocols can be configured.

D.

Dynamic routing protocols can be configured.

Answers
Suggested answer: B

Question 55

Report
Export
Collapse

What is a requirement for smart tunnels to function properly?

A.

Java or ActiveX must be enabled on the client machine.

A.

Java or ActiveX must be enabled on the client machine.

Answers
B.

Applications must be UDP.

B.

Applications must be UDP.

Answers
C.

Stateful failover must not be configured.

C.

Stateful failover must not be configured.

Answers
D.

The user on the client machine must have admin access.

D.

The user on the client machine must have admin access.

Answers
Suggested answer: A

Explanation:

Reference: https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-nextgeneration-firewalls/111007-smart-tunnel-asa-00.html

Question 56

Report
Export
Collapse

Where is split tunneling defined for IKEv2 remote access clients on a Cisco router?

A.

IKEv2 authorization policy

A.

IKEv2 authorization policy

Answers
B.

Group Policy

B.

Group Policy

Answers
C.

virtual template

C.

virtual template

Answers
D.

webvpn context

D.

webvpn context

Answers
Suggested answer: A

Explanation:

https://www.cisco.com/c/en/us/support/docs/routers/3600-series-multiservice-platforms/91193-rtr-ipsec-internet-connect.html

Question 57

Report
Export
Collapse

Which technology is used to send multicast traffic over a site-to-site VPN?

A.

GRE over IPsec on IOS router

A.

GRE over IPsec on IOS router

Answers
B.

GRE over IPsec on FTD

B.

GRE over IPsec on FTD

Answers
C.

IPsec tunnel on FTD

C.

IPsec tunnel on FTD

Answers
D.

GRE tunnel on ASA

D.

GRE tunnel on ASA

Answers
Suggested answer: A

Explanation:

https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/216276-configure-route-based-site-to-site-vpn-t.html#anc6

Question 58

Report
Export
Collapse

Which feature of GETVPN is a limitation of DMVPN and FlexVPN?

A.

sequence numbers that enable scalable replay checking

A.

sequence numbers that enable scalable replay checking

Answers
B.

enabled use of ESP or AH

B.

enabled use of ESP or AH

Answers
C.

design for use over public or private WAN

C.

design for use over public or private WAN

Answers
D.

no requirement for an overlay routing protocol

D.

no requirement for an overlay routing protocol

Answers
Suggested answer: D

Question 59

Report
Export
Collapse

Refer to the exhibit.

Cisco AnyConnect must be set up on a router to allow users to access internal servers 192.168.0.10 and 192.168.0.11. All other traffic should go out of the client's local NIC. Which command accomplishes this configuration?

A.

svc split include 192.168.0.0 255.255.255.0

A.

svc split include 192.168.0.0 255.255.255.0

Answers
B.

svc split exclude 192.168.0.0 255.255.255.0

B.

svc split exclude 192.168.0.0 255.255.255.0

Answers
C.

svc split include acl CCNP

C.

svc split include acl CCNP

Answers
D.

svc split exclude acl CCNP

D.

svc split exclude acl CCNP

Answers
Suggested answer: C

Explanation:

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/200533-AnyConnect-Configure-Basic-SSLVPN-for-I.html

Question 60

Report
Export
Collapse

An engineer is configuring clientless SSL VPN. The finance department has a database server that only they should access, but the sales department can currently access it. The finance and the sales departments are configured as separate group-policies. What must be added to the configuration to make sure the users in the sales department cannot access the finance department server?

A.

tunnel group lock

A.

tunnel group lock

Answers
B.

smart tunnel

B.

smart tunnel

Answers
C.

port forwarding

C.

port forwarding

Answers
D.

webtype ACL

D.

webtype ACL

Answers
Suggested answer: D

Explanation:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/general/asa-generalcli/acl-webtype.pdf

Total 175 questions
Go to page: of 18
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms