ExamGecko
Search Search Login
Home Home / Cisco / 300-730

Cisco 300-730 Practice Test - Questions Answers, Page 7

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the exhibit. The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch is the problem?
A DMVPN spoke is configured with IKEv1 to secure the tunnel. Despite having a configuration similar to other working spokes, the tunnel is not coming up. Packet captures on the spoke show packets leaving the spoke router, but not making it to the hub router. Which solution resolves this issue?
Refer to the exhibit. An engineer must allow Cisco AnyConnect users to access the outside interface using protocol UDP 500/4500. In addition, these clients must be able to establish an SSL connection to update Cisco AnyConnect software over the same connection. Which two actions must be taken to achieve this goal? (Choose two.)
Cisco AnyConnect Secure Mobility Client has been configured to use IKEv2 for one group of users and SSL for another group. When the administrator configures a new AnyConnect release on the Cisco ASA, the IKEv2 users cannot download it automatically when they connect. What might be the problem?
An engineer has successfully established a Phase 1 and Phase 2 tunnel between two sites. Site A has internal subnet 192.168.0.0/24 and Site B has internal subnet 10.0.0.0/24. The engineer notices that no packets are decrypted at Site B. Pings to 192.168.0.1 from internal Site B devices make it to the Site B router, and the Site A router has incrementing encrypt and decrypt counters. What must be done to ensure bidirectional communication between both sites?
Which feature allows a DMVPN Phase 3 spoke to switch to an alternate hub when the primary hub is unreachable?
What must be configured in a FlexVPN deployment to allow for direct communication between spokes connected to different hubs?
Users cannot log in to a Cisco ASA using clientless SSLVPN. Troubleshooting reveals the error message "WebVPN session terminated: Client type not supported". Which step does the administrator take to resolve this issue?
Which two statements about the Cisco ASA Clientless SSL VPN solution are true? (Choose two.)
What are two advantages of using GETVPN to traverse over the network between corporate offices? (Choose two.)

Question 61

Report
Export
Collapse

An engineer has integrated a new DMVPN to link remote offices across the internet using Cisco IOS routers. When connecting to remote sites, pings and voice data appear to flow properly, and all tunnel stats show that they are up.

However, when trying to connect to a remote server using RDP, the connection fails. Which action resolves this issue?

A.

Adjust the MTU size within the routers.

A.

Adjust the MTU size within the routers.

Answers
B.

Add RDP port to the extended ACL.

B.

Add RDP port to the extended ACL.

Answers
C.

Replace certificate on the RDP server.

C.

Replace certificate on the RDP server.

Answers
D.

Change DMVPN timeout values.

D.

Change DMVPN timeout values.

Answers
Suggested answer: A

Question 62

Report
Export
Collapse

Where must an engineer configure a preshared key for a site-to-site VPN tunnel configured on a Cisco ASA?

A.

isakmp policy

A.

isakmp policy

Answers
B.

group policy

B.

group policy

Answers
C.

crypto map

C.

crypto map

Answers
D.

tunnel group

D.

tunnel group

Answers
Suggested answer: D

Question 63

Report
Export
Collapse

A network engineer has been tasked with configuring SSL VPN to provide remote users with access to the corporate network. Traffic destined to the enterprise IP range should go through the tunnel, and all other traffic should go directly to the Internet. Which feature should be configured to achieve this?

A.

U-turning

A.

U-turning

Answers
B.

hairpinning

B.

hairpinning

Answers
C.

split-tunnel

C.

split-tunnel

Answers
D.

dual-homing

D.

dual-homing

Answers
Suggested answer: C

Question 64

Report
Export
Collapse

A network engineer must design a remote access solution to allow contractors to access internal servers. These contractors do not have permissions to install applications on their computers. Which VPN solution should be used in this design?

A.

IKEv2 AnyConnect

A.

IKEv2 AnyConnect

Answers
B.

Clientless

B.

Clientless

Answers
C.

Port forwarding

C.

Port forwarding

Answers
D.

SSL AnyConnect

D.

SSL AnyConnect

Answers
Suggested answer: B

Question 65

Report
Export
Collapse

Refer to the exhibit.

Which type of Cisco VPN is shown for group Cisc012345678?

A.

Cisco AnyConnect Client VPN

A.

Cisco AnyConnect Client VPN

Answers
B.

DMVPN

B.

DMVPN

Answers
C.

Clientless SSLVPN

C.

Clientless SSLVPN

Answers
D.

GETVPN

D.

GETVPN

Answers
Suggested answer: A

Question 66

Report
Export
Collapse

Which command shows the smart default configuration for an IPsec profile?

A.

show run all crypto ipsec profile

A.

show run all crypto ipsec profile

Answers
B.

ipsec profile does not have any smart default configuration

B.

ipsec profile does not have any smart default configuration

Answers
C.

show smart-defaults ipsec profile

C.

show smart-defaults ipsec profile

Answers
D.

show crypto ipsec profile default

D.

show crypto ipsec profile default

Answers
Suggested answer: D

Explanation:

The following table lists the commands that are enabled with the IKEv2 Smart Defaults feature, alongwith the default values....Device# show crypto ipsec profile defaultIPSEC profile defaultSecurity association lifetime: 4608000 kilobytes/3600 secondsResponder-Only (Y/N): NPFS (Y/N): NTransform sets={default: { esp-aes esp-sha-hmac },}https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/xe-3s/sec-flex-vpn-xe-3s-book/sec-cfg-ikev2-flex.htm

Question 67

Report
Export
Collapse

Refer to the exhibit.

The DMVPN spoke is not establishing a session with the hub. Which two actions resolve this issue?

(Choose two.)

A.

Change the spoke nhs to 172.16.18.1 and the nbma to 10.0.0.1.

A.

Change the spoke nhs to 172.16.18.1 and the nbma to 10.0.0.1.

Answers
B.

Change the transform set to mode tunnel.

B.

Change the transform set to mode tunnel.

Answers
C.

Change the ISAKMP policy authentication on the spoke to pre-shared.

C.

Change the ISAKMP policy authentication on the spoke to pre-shared.

Answers
D.

Change the ISAKMP key address on the spoke to 0.0.0.0.

D.

Change the ISAKMP key address on the spoke to 0.0.0.0.

Answers
E.

Change the nhrp authentication key on the spoke to cisco123.

E.

Change the nhrp authentication key on the spoke to cisco123.

Answers
Suggested answer: C, E

Question 68

Report
Export
Collapse

Refer to the exhibit.

A network engineer is configuring a remote access SSLVPN and is unable to complete the connection using local credentials. What must be done to remediate this problem?

A.

Enable the client protocol in the Cisco AnyConnect profile.

A.

Enable the client protocol in the Cisco AnyConnect profile.

Answers
B.

Configure a AAA server group to authenticate the client.

B.

Configure a AAA server group to authenticate the client.

Answers
C.

Change the authentication method to local.

C.

Change the authentication method to local.

Answers
D.

Configure the group policy to force local authentication.

D.

Configure the group policy to force local authentication.

Answers
Suggested answer: A

Question 69

Report
Export
Collapse

Which two NHRP functions are specific to DMVPN Phase 3 implementation? (Choose two.)

A.

registration reply

A.

registration reply

Answers
B.

redirect

B.

redirect

Answers
C.

resolution reply

C.

resolution reply

Answers
D.

registration request

D.

registration request

Answers
E.

resolution request

E.

resolution request

Answers
Suggested answer: B, C

Explanation:

NHRP redirect is a function that allows the hub to inform the source spoke of a better path to reach thedestination spoke, by sending an NHRP redirect message containing the IP address of the destinationspoke.This triggers the source spoke to send an NHRP resolution request to the destination spoke, inorder to establish a direct spoke-to-spoke tunnel1.NHRP resolution reply is a function that allows the destination spoke to respond to the NHRP resolutionrequest from the source spoke, by sending an NHRP resolution reply containing its own IP address andthe IP address of the source spoke.This confirms the establishment of the direct spoke-to-spoke tunnel,and also allows the destination spoke to create a reciprocal tunnel to the source spoke2.These two functions are specific to DMVPN Phase 3, because they enable spoke-to-spokecommunication without requiring a dynamic routing protocol or going through the hub.In DMVPN Phase1 and Phase 2, NHRP registration request, registration reply, and resolution request are also used, butthey have different purposes and effects3.

Question 70

Report
Export
Collapse

A network engineer must implement an SSLVPN Cisco AnyConnect solution that supports 500 concurrent users, ensures all traffic from the client passes through the ASA, and allows users to access all devices on the inside interface subnet

(192.168.0.0/24). Assuming all other configuration is set up appropriately, which configuration implements this solution?

A.

Option A

A.

Option A

Answers
B.

Option B

B.

Option B

Answers
C.

Option C

C.

Option C

Answers
D.

Option D

D.

Option D

Answers
Suggested answer: A

Explanation:

ensures all traffic from the client passes through the ASA' that is one of the requirements. Meaning alltraffic should pass through the tunnel, I know they mention 192.168.0.0 network but that is just toconfuse

Total 175 questions
Go to page: of 18
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms