ExamGecko
Search Search Login
Home Home / Cisco / 300-730

Cisco 300-730 Practice Test - Questions Answers, Page 9

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the exhibit. The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch is the problem?
A DMVPN spoke is configured with IKEv1 to secure the tunnel. Despite having a configuration similar to other working spokes, the tunnel is not coming up. Packet captures on the spoke show packets leaving the spoke router, but not making it to the hub router. Which solution resolves this issue?
Cisco AnyConnect Secure Mobility Client has been configured to use IKEv2 for one group of users and SSL for another group. When the administrator configures a new AnyConnect release on the Cisco ASA, the IKEv2 users cannot download it automatically when they connect. What might be the problem?
Refer to the exhibit. An engineer must allow Cisco AnyConnect users to access the outside interface using protocol UDP 500/4500. In addition, these clients must be able to establish an SSL connection to update Cisco AnyConnect software over the same connection. Which two actions must be taken to achieve this goal? (Choose two.)
An engineer has successfully established a Phase 1 and Phase 2 tunnel between two sites. Site A has internal subnet 192.168.0.0/24 and Site B has internal subnet 10.0.0.0/24. The engineer notices that no packets are decrypted at Site B. Pings to 192.168.0.1 from internal Site B devices make it to the Site B router, and the Site A router has incrementing encrypt and decrypt counters. What must be done to ensure bidirectional communication between both sites?
What must be configured in a FlexVPN deployment to allow for direct communication between spokes connected to different hubs?
What are two advantages of using GETVPN to traverse over the network between corporate offices? (Choose two.)
Which feature allows a DMVPN Phase 3 spoke to switch to an alternate hub when the primary hub is unreachable?
An administrator is planning a VPN configuration that will encrypt traffic between multiple servers that will be passing unicast and multicast traffic. This configuration must be able to be implemented without the need to modify routing within the network. Which VPN technology must be used for this task?
Users cannot log in to a Cisco ASA using clientless SSLVPN. Troubleshooting reveals the error message "WebVPN session terminated: Client type not supported". Which step does the administrator take to resolve this issue?

Question 81

Report
Export
Collapse

Which VPN technology must be used to ensure that routers are able to dynamically form connections with each other rather than sending traffic through a hub and be able to advertise routes without the use of a dynamic routing protocol?

A.

FlexVPN

A.

FlexVPN

Answers
B.

DMVPN Phase 3

B.

DMVPN Phase 3

Answers
C.

DMVPN Phase 2

C.

DMVPN Phase 2

Answers
D.

GETVPN

D.

GETVPN

Answers
Suggested answer: B

Explanation:

DMVPN stands for Dynamic Multipoint VPN, which is a technology that allows routers to dynamicallyform VPN tunnels with each other without requiring a pre-configured static crypto map. DMVPN usesMultipoint GRE (mGRE) interfaces and Next Hop Resolution Protocol (NHRP) to establish directconnections between routers. DMVPN has three phases of operation, each with different features andbenefits.DMVPN Phase 1 is the basic configuration, where all spokes are configured with a single mGRE interfacethat points to the hub as the NHRP server. The spokes can only communicate with the hub, not witheach other. All traffic must go through the hub, which creates a bottleneck and increases latency.DMVPN Phase 2 improves on Phase 1 by allowing spoke-to-spoke communication without going throughthe hub. This is achieved by using NHRP to dynamically resolve the IP address of the destination spokeand create a direct GRE tunnel between the spokes. However, this still requires the use of a dynamicrouting protocol to advertise routes between the spokes, which adds overhead and complexity.DMVPN Phase 3 further enhances Phase 2 by enabling spoke-to-spoke communication without requiringa dynamic routing protocol. This is done by using NHRP shortcut switching and NHRP redirect messages.When a spoke wants to send traffic to another spoke, it sends an NHRP resolution request to the hub,which responds with an NHRP redirect message containing the IP address of the destination spoke. The

Question 82

Report
Export
Collapse

An administrator is setting up AnyConnect for the first time for a few users. Currently, the router does not have access to a RADIUS server. Which AnyConnect protocol must be used to allow users to authenticate?

A.

EAP-GTC

A.

EAP-GTC

Answers
B.

EAP-MSCHAPv2

B.

EAP-MSCHAPv2

Answers
C.

EAP-MD5

C.

EAP-MD5

Answers
D.

EAP-AnyConnect

D.

EAP-AnyConnect

Answers
Suggested answer: D

Question 83

Report
Export
Collapse

Refer to the exhibit.

DMVPN spoke-to-spoke traffic works, but it passes through the hub, and never sends direct spoke-tospoke traffic. Based on the tunnel interface configuration shown, what must be configured on the hub to solve the issue?

A.

Enable NHRP redirect.

A.

Enable NHRP redirect.

Answers
B.

Enable split horizon.

B.

Enable split horizon.

Answers
C.

Enable IP redirects.

C.

Enable IP redirects.

Answers
D.

Enable NHRP shortcut.

D.

Enable NHRP shortcut.

Answers
Suggested answer: A

Question 84

Report
Export
Collapse

Refer to the exhibit.

A user is connecting from behind a PC with a private IP Address. Their ISP provider is blocking TCP port 443. Which AnyConnect XML configuration will allow the user to establish a connection with the ASA?

A.

Option A

A.

Option A

Answers
B.

Option B

B.

Option B

Answers
C.

Option C

C.

Option C

Answers
D.

Option D

D.

Option D

Answers
Suggested answer: D

Question 85

Report
Export
Collapse

Refer to the exhibit.

Which two conclusions should be drawn from the DMVPN phase 2 configuration? (Choose two.)

A.

Next-hop-self is required.

A.

Next-hop-self is required.

Answers
B.

EIGRP neighbor adjacency will fail.

B.

EIGRP neighbor adjacency will fail.

Answers
C.

EIGRP is used as the dynamic routing protocol.

C.

EIGRP is used as the dynamic routing protocol.

Answers
D.

EIGRP route redistribution is not allowed.

D.

EIGRP route redistribution is not allowed.

Answers
E.

Spoke-to-spoke communication is allowed.

E.

Spoke-to-spoke communication is allowed.

Answers
Suggested answer: C, E

Question 86

Report
Export
Collapse

Refer to the exhibit.

The VPN tunnel between the FlexVPN spoke and FlexVPN hub 192.168.0.12 is failing. What should be done to correct this issue?

A.

Add the address 192.168.0.12 255.255.255.255 command to the keyring configuration.

A.

Add the address 192.168.0.12 255.255.255.255 command to the keyring configuration.

Answers
B.

Add the match fvrf any command to the IKEv2 policy.

B.

Add the match fvrf any command to the IKEv2 policy.

Answers
C.

Add the aaa authorization group psk list Flex_AAA Flex_Auth command to the IKEv2 profile configuration.

C.

Add the aaa authorization group psk list Flex_AAA Flex_Auth command to the IKEv2 profile configuration.

Answers
D.

Add the tunnel mode gre ip command to the tunnel configuration.

D.

Add the tunnel mode gre ip command to the tunnel configuration.

Answers
Suggested answer: C

Question 87

Report
Export
Collapse

Refer to the exhibit.

An IKEv2 site-to-site tunnel between an ASA and a remote peer is not building successfully. What will fix the problem based on the debug output?

A.

Ensure crypto IPsec policy matches on both VPN devices.

A.

Ensure crypto IPsec policy matches on both VPN devices.

Answers
B.

Install the correct certificate to validate the peer.

B.

Install the correct certificate to validate the peer.

Answers
C.

Correct crypto access list on both VPN devices.

C.

Correct crypto access list on both VPN devices.

Answers
D.

Specify the peer IP address in the tunnel group name.

D.

Specify the peer IP address in the tunnel group name.

Answers
Suggested answer: C

Explanation:

DMVPN stands for Dynamic Multipoint VPN, which is a technology that allows routers to dynamicallyform VPN tunnels with each other without requiring a pre-configured static crypto map. DMVPN usesMultipoint GRE (mGRE) interfaces and Next Hop Resolution Protocol (NHRP) to establish directconnections between routers. DMVPN has three phases of operation, each with different features andbenefits.DMVPN Phase 1 is the basic configuration, where all spokes are configured with a single mGRE interfacethat points to the hub as the NHRP server. The spokes can only communicate with the hub, not witheach other. All traffic must go through the hub, which creates a bottleneck and increases latency.DMVPN Phase 2 improves on Phase 1 by allowing spoke-to-spoke communication without going throughthe hub. This is achieved by using NHRP to dynamically resolve the IP address of the destination spokeand create a direct GRE tunnel between the spokes. However, this still requires the use of a dynamicrouting protocol to advertise routes between the spokes, which adds overhead and complexity.DMVPN Phase 3 further enhances Phase 2 by enabling spoke-to-spoke communication without requiringa dynamic routing protocol. This is done by using NHRP shortcut switching and NHRP redirect messages.When a spoke wants to send traffic to another spoke, it sends an NHRP resolution request to the hub,which responds with an NHRP redirect message containing the IP address of the destination spoke. The source spoke then creates a direct GRE tunnel with the destination spoke and switches the traffic to thenew tunnel. The hub also sends an NHRP resolution reply to the destination spoke, informing it of thesource spoke's IP address. The destination spoke then creates a direct GRE tunnel with the source spokeand switches the traffic to the new tunnel. This way, the spokes can communicate directly without usinga dynamic routing protocol or going through the hub

Question 88

Report
Export
Collapse

Refer to the exhibit.

A network engineer is reconfiguring clientless SSLVPN during a maintenance window, and after testing the new configuration, is unable to establish the connection. What must be done to remediate this problem?

A.

Enable client services on the outside interface.

A.

Enable client services on the outside interface.

Answers
B.

Enable clientless protocol under the group policy.

B.

Enable clientless protocol under the group policy.

Answers
C.

Enable DTLS under the group policy.

C.

Enable DTLS under the group policy.

Answers
D.

Enable auto sign-on for the user’s IP address.

D.

Enable auto sign-on for the user’s IP address.

Answers
Suggested answer: B

Question 89

Report
Export
Collapse

What are two purposes of the key server in Cisco IOS GETVPN? (Choose two.)

A.

to download encryption keys

A.

to download encryption keys

Answers
B.

to maintain encryption policies

B.

to maintain encryption policies

Answers
C.

to distribute routing information

C.

to distribute routing information

Answers
D.

to encrypt data traffic

D.

to encrypt data traffic

Answers
E.

to authenticate group members

E.

to authenticate group members

Answers
Suggested answer: B, E

Question 90

Report
Export
Collapse

An engineer notices that while an employee is connected remotely, all traffic is being routed to the corporate network. Which split-tunnel policy allows a remote client to use their local provider for Internet access when working from home?

A.

tunnelall

A.

tunnelall

Answers
B.

excludeall

B.

excludeall

Answers
C.

tunnelspecified

C.

tunnelspecified

Answers
D.

excludespecified

D.

excludespecified

Answers
Suggested answer: C
Total 175 questions
Go to page: of 18
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms