ExamGecko
Login
Home / Cisco / 300-730 / List of questions
Ask Question

Cisco 300-730 Practice Test - Questions Answers, Page 9

Add to Whishlist

List of questions

Question 81

Report Export Collapse

Which VPN technology must be used to ensure that routers are able to dynamically form connections with each other rather than sending traffic through a hub and be able to advertise routes without the use of a dynamic routing protocol?

FlexVPN

FlexVPN

DMVPN Phase 3

DMVPN Phase 3

DMVPN Phase 2

DMVPN Phase 2

GETVPN

GETVPN

Suggested answer: B
Explanation:

DMVPN stands for Dynamic Multipoint VPN, which is a technology that allows routers to dynamicallyform VPN tunnels with each other without requiring a pre-configured static crypto map. DMVPN usesMultipoint GRE (mGRE) interfaces and Next Hop Resolution Protocol (NHRP) to establish directconnections between routers. DMVPN has three phases of operation, each with different features andbenefits.DMVPN Phase 1 is the basic configuration, where all spokes are configured with a single mGRE interfacethat points to the hub as the NHRP server. The spokes can only communicate with the hub, not witheach other. All traffic must go through the hub, which creates a bottleneck and increases latency.DMVPN Phase 2 improves on Phase 1 by allowing spoke-to-spoke communication without going throughthe hub. This is achieved by using NHRP to dynamically resolve the IP address of the destination spokeand create a direct GRE tunnel between the spokes. However, this still requires the use of a dynamicrouting protocol to advertise routes between the spokes, which adds overhead and complexity.DMVPN Phase 3 further enhances Phase 2 by enabling spoke-to-spoke communication without requiringa dynamic routing protocol. This is done by using NHRP shortcut switching and NHRP redirect messages.When a spoke wants to send traffic to another spoke, it sends an NHRP resolution request to the hub,which responds with an NHRP redirect message containing the IP address of the destination spoke. The

asked 10/10/2024
Aleksey Koltsov
35 questions

Question 82

Report Export Collapse

An administrator is setting up AnyConnect for the first time for a few users. Currently, the router does not have access to a RADIUS server. Which AnyConnect protocol must be used to allow users to authenticate?

EAP-GTC

EAP-GTC

EAP-MSCHAPv2

EAP-MSCHAPv2

EAP-MD5

EAP-MD5

EAP-AnyConnect

EAP-AnyConnect

Suggested answer: D
asked 10/10/2024
Muhanad Mohamed
38 questions

Question 83

Report Export Collapse

Refer to the exhibit.

Cisco 300-730 image Question 83 114601 10102024232758000000

DMVPN spoke-to-spoke traffic works, but it passes through the hub, and never sends direct spoke-tospoke traffic. Based on the tunnel interface configuration shown, what must be configured on the hub to solve the issue?

Enable NHRP redirect.

Enable NHRP redirect.

Enable split horizon.

Enable split horizon.

Enable IP redirects.

Enable IP redirects.

Enable NHRP shortcut.

Enable NHRP shortcut.

Suggested answer: A
asked 10/10/2024
Andrew Dobie
40 questions

Question 84

Report Export Collapse

Refer to the exhibit.

Cisco 300-730 image Question 84 114602 10102024232758000000

A user is connecting from behind a PC with a private IP Address. Their ISP provider is blocking TCP port 443. Which AnyConnect XML configuration will allow the user to establish a connection with the ASA?

Cisco 300-730 image Question 84 114602 10102024232758000000

Option A

Option A

Option B

Option B

Option C

Option C

Option D

Option D

Suggested answer: D
asked 10/10/2024
Ubeydullah Kara
41 questions

Question 85

Report Export Collapse

Refer to the exhibit.

Cisco 300-730 image Question 85 114603 10102024232758000000

Which two conclusions should be drawn from the DMVPN phase 2 configuration? (Choose two.)

Next-hop-self is required.

Next-hop-self is required.

EIGRP neighbor adjacency will fail.

EIGRP neighbor adjacency will fail.

EIGRP is used as the dynamic routing protocol.

EIGRP is used as the dynamic routing protocol.

EIGRP route redistribution is not allowed.

EIGRP route redistribution is not allowed.

Spoke-to-spoke communication is allowed.

Spoke-to-spoke communication is allowed.

Suggested answer: C, E
asked 10/10/2024
Rozsahegyi Jozsef
38 questions

Question 86

Report Export Collapse

Refer to the exhibit.

Cisco 300-730 image Question 86 114604 10102024232758000000

The VPN tunnel between the FlexVPN spoke and FlexVPN hub 192.168.0.12 is failing. What should be done to correct this issue?

Add the address 192.168.0.12 255.255.255.255 command to the keyring configuration.

Add the address 192.168.0.12 255.255.255.255 command to the keyring configuration.

Add the match fvrf any command to the IKEv2 policy.

Add the match fvrf any command to the IKEv2 policy.

Add the aaa authorization group psk list Flex_AAA Flex_Auth command to the IKEv2 profile configuration.

Add the aaa authorization group psk list Flex_AAA Flex_Auth command to the IKEv2 profile configuration.

Add the tunnel mode gre ip command to the tunnel configuration.

Add the tunnel mode gre ip command to the tunnel configuration.

Suggested answer: C
asked 10/10/2024
Michel Flipse
46 questions

Question 87

Report Export Collapse

Refer to the exhibit.

Cisco 300-730 image Question 87 114605 10102024232758000000

An IKEv2 site-to-site tunnel between an ASA and a remote peer is not building successfully. What will fix the problem based on the debug output?

Ensure crypto IPsec policy matches on both VPN devices.

Ensure crypto IPsec policy matches on both VPN devices.

Install the correct certificate to validate the peer.

Install the correct certificate to validate the peer.

Correct crypto access list on both VPN devices.

Correct crypto access list on both VPN devices.

Specify the peer IP address in the tunnel group name.

Specify the peer IP address in the tunnel group name.

Suggested answer: C
Explanation:

DMVPN stands for Dynamic Multipoint VPN, which is a technology that allows routers to dynamicallyform VPN tunnels with each other without requiring a pre-configured static crypto map. DMVPN usesMultipoint GRE (mGRE) interfaces and Next Hop Resolution Protocol (NHRP) to establish directconnections between routers. DMVPN has three phases of operation, each with different features andbenefits.DMVPN Phase 1 is the basic configuration, where all spokes are configured with a single mGRE interfacethat points to the hub as the NHRP server. The spokes can only communicate with the hub, not witheach other. All traffic must go through the hub, which creates a bottleneck and increases latency.DMVPN Phase 2 improves on Phase 1 by allowing spoke-to-spoke communication without going throughthe hub. This is achieved by using NHRP to dynamically resolve the IP address of the destination spokeand create a direct GRE tunnel between the spokes. However, this still requires the use of a dynamicrouting protocol to advertise routes between the spokes, which adds overhead and complexity.DMVPN Phase 3 further enhances Phase 2 by enabling spoke-to-spoke communication without requiringa dynamic routing protocol. This is done by using NHRP shortcut switching and NHRP redirect messages.When a spoke wants to send traffic to another spoke, it sends an NHRP resolution request to the hub,which responds with an NHRP redirect message containing the IP address of the destination spoke. The source spoke then creates a direct GRE tunnel with the destination spoke and switches the traffic to thenew tunnel. The hub also sends an NHRP resolution reply to the destination spoke, informing it of thesource spoke's IP address. The destination spoke then creates a direct GRE tunnel with the source spokeand switches the traffic to the new tunnel. This way, the spokes can communicate directly without usinga dynamic routing protocol or going through the hub

asked 10/10/2024
Jose Rodrigues
44 questions

Question 88

Report Export Collapse

Refer to the exhibit.

Cisco 300-730 image Question 88 114606 10102024232758000000

A network engineer is reconfiguring clientless SSLVPN during a maintenance window, and after testing the new configuration, is unable to establish the connection. What must be done to remediate this problem?

Enable client services on the outside interface.

Enable client services on the outside interface.

Enable clientless protocol under the group policy.

Enable clientless protocol under the group policy.

Enable DTLS under the group policy.

Enable DTLS under the group policy.

Enable auto sign-on for the user’s IP address.

Enable auto sign-on for the user’s IP address.

Suggested answer: B
asked 10/10/2024
Marc Casin Martinez
43 questions

Question 89

Report Export Collapse

What are two purposes of the key server in Cisco IOS GETVPN? (Choose two.)

to download encryption keys

to download encryption keys

to maintain encryption policies

to maintain encryption policies

to distribute routing information

to distribute routing information

to encrypt data traffic

to encrypt data traffic

to authenticate group members

to authenticate group members

Suggested answer: B, E
asked 10/10/2024
Farshin Golpad
41 questions

Question 90

Report Export Collapse

An engineer notices that while an employee is connected remotely, all traffic is being routed to the corporate network. Which split-tunnel policy allows a remote client to use their local provider for Internet access when working from home?

tunnelall

tunnelall

excludeall

excludeall

tunnelspecified

tunnelspecified

excludespecified

excludespecified

Suggested answer: C
asked 10/10/2024
Edgar Zapico
46 questions
Total 175 questions
Go to page: of 18
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the exhibit. The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch is the problem?
Which two NHRP functions are specific to DMVPN Phase 3 implementation? (Choose two.)
A company's remote locations connect to the data centers via MPLS. A new request requires that unicast and multicast traffic that exits in the remote locations be encrypted. Which non-tunneled technology should be used to satisfy this requirement?
A DMVPN spoke is configured with IKEv1 to secure the tunnel. Despite having a configuration similar to other working spokes, the tunnel is not coming up. Packet captures on the spoke show packets leaving the spoke router, but not making it to the hub router. Which solution resolves this issue?
Which feature allows a DMVPN Phase 3 spoke to switch to an alternate hub when the primary hub is unreachable?
Which two features provide headend resiliency for Cisco AnyConnect clients? (Choose two.)
What must be configured in a FlexVPN deployment to allow for direct communication between spokes connected to different hubs?
Which two statements about the Cisco ASA Clientless SSL VPN solution are true? (Choose two.)
A Cisco AnyConnect client establishes a SSL VPN connection with an ASA at the corporate office. An engineer must ensure that the client computer meets the enterprise security policy. Which feature can update the client to meet an enterprise security policy?
An administrator is designing a VPN with a partner's non-Cisco VPN solution. The partner's VPN device will negotiate an IKEv2 tunnel that will only encrypt subnets 192.168.0.0/24 going to 10.0.0.0/24. Which technology must be used to meet these requirements?