ExamGecko
Search Search Login
Home Home / Cisco / 300-730

Cisco 300-730 Practice Test - Questions Answers, Page 8

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the exhibit. The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch is the problem?
A DMVPN spoke is configured with IKEv1 to secure the tunnel. Despite having a configuration similar to other working spokes, the tunnel is not coming up. Packet captures on the spoke show packets leaving the spoke router, but not making it to the hub router. Which solution resolves this issue?
Cisco AnyConnect Secure Mobility Client has been configured to use IKEv2 for one group of users and SSL for another group. When the administrator configures a new AnyConnect release on the Cisco ASA, the IKEv2 users cannot download it automatically when they connect. What might be the problem?
Refer to the exhibit. An engineer must allow Cisco AnyConnect users to access the outside interface using protocol UDP 500/4500. In addition, these clients must be able to establish an SSL connection to update Cisco AnyConnect software over the same connection. Which two actions must be taken to achieve this goal? (Choose two.)
An engineer has successfully established a Phase 1 and Phase 2 tunnel between two sites. Site A has internal subnet 192.168.0.0/24 and Site B has internal subnet 10.0.0.0/24. The engineer notices that no packets are decrypted at Site B. Pings to 192.168.0.1 from internal Site B devices make it to the Site B router, and the Site A router has incrementing encrypt and decrypt counters. What must be done to ensure bidirectional communication between both sites?
What must be configured in a FlexVPN deployment to allow for direct communication between spokes connected to different hubs?
What are two advantages of using GETVPN to traverse over the network between corporate offices? (Choose two.)
Which feature allows a DMVPN Phase 3 spoke to switch to an alternate hub when the primary hub is unreachable?
An administrator is planning a VPN configuration that will encrypt traffic between multiple servers that will be passing unicast and multicast traffic. This configuration must be able to be implemented without the need to modify routing within the network. Which VPN technology must be used for this task?
Users cannot log in to a Cisco ASA using clientless SSLVPN. Troubleshooting reveals the error message "WebVPN session terminated: Client type not supported". Which step does the administrator take to resolve this issue?

Question 71

Report
Export
Collapse

Which two features are valid backup options for an IOS FlexVPN client? (Choose two.)

A.

HSRP stateless failover

A.

HSRP stateless failover

Answers
B.

DNS-based hub resolution

B.

DNS-based hub resolution

Answers
C.

reactivate primary peer

C.

reactivate primary peer

Answers
D.

tunnel pivot

D.

tunnel pivot

Answers
E.

need distractor

E.

need distractor

Answers
Suggested answer: B, C

Question 72

Report
Export
Collapse

Refer to the exhibit.

Which type of VPN is used?

A.

GETVPN

A.

GETVPN

Answers
B.

clientless SSL VPN

B.

clientless SSL VPN

Answers
C.

Cisco Easy VPN

C.

Cisco Easy VPN

Answers
D.

Cisco AnyConnect SSL VPN

D.

Cisco AnyConnect SSL VPN

Answers
Suggested answer: C

Explanation:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/vpn/asa-97-vpn-config/vpn-easyvpn.html

Question 73

Report
Export
Collapse

An engineer would like Cisco AnyConnect users to be able to reach servers within the 10.10.0.0/16 subnet while all other traffic is sent out to the Internet. Which IPsec configuration accomplishes this task?

A.

Option A

A.

Option A

Answers
B.

Option B

B.

Option B

Answers
C.

Option C

C.

Option C

Answers
D.

Option D

D.

Option D

Answers
Suggested answer: B

Explanation:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/xe-3s/sec-flex-vpn-xe-3s-book/sec-cfg-flex-serv.htm

Question 74

Report
Export
Collapse

Which Cisco AnyConnect component ensures that devices in a specific internal subnet are only accessible using port 443?

A.

routing

A.

routing

Answers
B.

WebACL

B.

WebACL

Answers
C.

split tunnel

C.

split tunnel

Answers
D.

VPN filter

D.

VPN filter

Answers
Suggested answer: D

Explanation:

https://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/99103-pix-asa-vpn-filter.html#anc6

Question 75

Report
Export
Collapse

Refer to the exhibit.

Upon setting up a tunnel between two sites, users are complaining that connections to applications over the VPN are not working consistently. The output of show crypto ipsec sa was collected on one of the VPN devices. Based on this output, what should be done to fix this issue?

A.

Lower the tunnel MTU.

A.

Lower the tunnel MTU.

Answers
B.

Enable perfect forward secrecy.

B.

Enable perfect forward secrecy.

Answers
C.

Specify the application networks in the remote identity.

C.

Specify the application networks in the remote identity.

Answers
D.

Make an adjustment to IPSec replay window.

D.

Make an adjustment to IPSec replay window.

Answers
Suggested answer: D

Explanation:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dplane/configuration/xe-16-8/secipsec-data-plane-xe-16-8-book/sec-ipsec-antireplay.html#GUID-1FF00FBB-0746-48B2-A02A-2BB066BEDEF8

Question 76

Report
Export
Collapse

After a user configures a connection profile with a bookmark list and tests the clientless SSLVPN connection, all of the bookmarks are grayed out. What must be done to correct this behavior?

A.

Apply the bookmark to the correct group policy.

A.

Apply the bookmark to the correct group policy.

Answers
B.

Specify the correct port for the web server under the bookmark.

B.

Specify the correct port for the web server under the bookmark.

Answers
C.

Configure a DNS server on the Cisco ASA and verify it has a record for the web server.

C.

Configure a DNS server on the Cisco ASA and verify it has a record for the web server.

Answers
D.

Verify HTTP/HTTPS connectivity between the Cisco ASA and the web server.

D.

Verify HTTP/HTTPS connectivity between the Cisco ASA and the web server.

Answers
Suggested answer: C

Question 77

Report
Export
Collapse

Refer to the exhibit.

Which type of VPN is being configured, based on the partial configuration snippet?

A.

GET VPN with COOP key server

A.

GET VPN with COOP key server

Answers
B.

GET VPN with dual group member

B.

GET VPN with dual group member

Answers
C.

FlexVPN load balancer

C.

FlexVPN load balancer

Answers
D.

FlexVPN backup gateway

D.

FlexVPN backup gateway

Answers
Suggested answer: A

Question 78

Report
Export
Collapse

An administrator is designing a VPN with a partner's non-Cisco VPN solution. The partner's VPN device will negotiate an IKEv2 tunnel that will only encrypt subnets 192.168.0.0/24 going to 10.0.0.0/24. Which technology must be used to meet these requirements?

A.

VTI

A.

VTI

Answers
B.

crypto map

B.

crypto map

Answers
C.

GETVPN

C.

GETVPN

Answers
D.

DMVPN

D.

DMVPN

Answers
Suggested answer: B

Question 79

Report
Export
Collapse

A company's remote locations connect to the data centers via MPLS. A new request requires that unicast and multicast traffic that exits in the remote locations be encrypted. Which non-tunneled technology should be used to satisfy this requirement?

A.

SSL

A.

SSL

Answers
B.

FlexVPN

B.

FlexVPN

Answers
C.

DMVPN

C.

DMVPN

Answers
D.

GETVPN

D.

GETVPN

Answers
Suggested answer: D

Question 80

Report
Export
Collapse

While troubleshooting, an engineer finds that the show crypto isakmp sa command indicates that the last state of the tunnel is MM_KEY_EXCH. What is the next step that should be taken to resolve this issue?

A.

Verify that the ISAKMP proposals match.

A.

Verify that the ISAKMP proposals match.

Answers
B.

Ensure that UDP 500 is not being blocked between the devices.

B.

Ensure that UDP 500 is not being blocked between the devices.

Answers
C.

Correct the peer's IP address on the crypto map.

C.

Correct the peer's IP address on the crypto map.

Answers
D.

Confirm that the pre-shared keys match on both devices.

D.

Confirm that the pre-shared keys match on both devices.

Answers
Suggested answer: D

Explanation:

https://www.networkworld.com/article/2288666/chapter-4--common-ipsec-vpn-issues.html

Total 175 questions
Go to page: of 18
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms