Test 300-730
Question 1:
Refer to the exhibit. Which type of VPN is used?
A.
GETVPN
B.
clientless SSL VPN
C.
Cisco Easy VPN
D.
Cisco AnyConnect SSL VPN
Question 2:
An engineer is using DMVPN to provide secure connectivity between a data center and remote sites. Which two routing protocols should be used between the routers? (Choose two.)
A.
IS-IS
B.
BGP
C.
RIPv2
D.
OSPF
E.
EIGRP
Question 3:
A clientless SSLVPN solution is built for 10 employees on a newly installed Cisco ASA. After a couple of days in production, it has been observed that only the first two users to log in each day are able to connect successfully. The remaining users encounter the message "Login failed". Which action resolves the issue?
A.
Allocate additional Cisco AnyConnect Premium licenses to the ASA.
B.
Increase the vpn-simultaneous-logins parameter to a value of more than 2.
C.
Increase the number or IP addresses available in the VPN pool.
D.
Verify that the users that cannot log in are in the correct AD group with VPN permissions.
Question 4:
A network administrator deployed IKEv2 Cisco AnyConnect on a Cisco ASA. The current configuration tunnels all traffic through the VPN. Users report poor performance with cloud-based applications, but no issues have been reported about connections to on-premises servers. Packet analysis on Cisco Webex traffic shows very few duplicate ACKs, high RTT, and no IP fragments. Which action improves Webex performance for VPN users?
A.
Configure QoS on the outside interface of the ASA.
B.
Configure Cisco AnyConnect to use DTLS.
C.
Configure a dynamic split tunnel exclusion.
D.
Reduce the Cisco AnyConnect tunnel MTU.
Question 5:
A company needs to ensure only corporate issued laptops and devices are allowed to connect with the Cisco AnyConnect client. The solution should be applicable to multiple operating systems, including Windows, MacOS, and Linux, and should allow for remote remediation if a corporate issued device is stolen. Which solution should be used to accomplish these goals?
A.
Use a DAP registry check on the system to determine the relationship with the corporate domain.
B.
Use a DAP file check on the system to determine the relationship with the corporate domain.
C.
Install and authenticate user certificates on the corporate devices.
D.
Install and authenticate machine certificates on the corporate devices
Question 6:
Refer to the exhibit. The network security engineer identified that the hub router cannot send traffic to the spoke router. Based on the provided output, which action resolves the issue?
A.
Permit UDP ports 500 and 4500 between the hub and spoke.
B.
Correct the next hop server IP address on the spoke router.
C.
Ensure the preshared key on the hub-and-spoke router matches.
D.
Adjust the ip nhrp network-id command on the hub router.
Question 7:
Refer to the exhibit.
An IPsec Cisco AnyConnect client is failing to connect and generates these debugs every time a connection to an IOS headend is attempted. Which action resolves this issue?
A.
Correct the DH group setting.
B.
Correct the PFS setting.
C.
Correct the integrity setting.
D.
Correct the encryption setting.
Question 8:
What are two advantages of using GETVPN to traverse over the network between corporate offices? (Choose two.)
A.
It has unique session keys for improved security.
B.
It supports multicast.
C.
It has QoS support.
D.
It is a highly scalable any to any mesh topology.
E.
It supports a hub-and-spoke topology.
Question 9:
Which VPN technology must be used to ensure that routers are able to dynamically form connections with each other rather than sending traffic through a hub and be able to advertise routes without the use of a dynamic routing protocol?
A.
FlexVPN
B.
DMVPN Phase 3
C.
DMVPN Phase 2
D.
GETVPN
Question 10:
Refer to the exhibit. The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch is the problem?
A.
preshared key
B.
peer identity
C.
transform set
D.
ikev2 proposal
Question 11:
Refer to the exhibit. Which two commands under the tunnel-group webvpn-attributes result in a Cisco AnyConnect user receiving the AnyConnect prompt in the exhibit? (Choose two.)
A.
group-url https://172.16.31.10/General enable
B.
group-policy General internal
C.
authentication aaa
D.
authentication certificate
E.
group-alias General enable
Question 12:
A Cisco IOS router is reconfigured to connect to an additional DMVPN hub that is a part of a different DMVPN phase 3 cloud. After this change was made, users begin to experience problems accessing corporate resources over both tunnels. Before the additional tunnel was created, users could access resources over the first tunnel without any issues. Both tunnels terminate on the same interface of the router and use the same IPsec proposals. Which two actions resolve the issue without affecting spoke-to-spoke traffic in either DMVPN cloud? (Choose two.)
A.
Enable dead peer detection for both tunnels.
B.
Use the same shared IPsec profile for both tunnels.
C.
Configure the same NHRP network IDs for both tunnels.
D.
Specify the tunnel destination in each tunnel.
E.
Assign a unique tunnel key to each tunnel.
Question 13:
When troubleshooting FlexVPN spoke-to-spoke tunnels, what should be verified first?
A.
NHRP redirect is enabled on the hub.
B.
The spokes have sent a resolution request.
C.
NHRP cache entries exist on the spoke.
D.
NHO routes exist on the spokes.
Question 14:
An administrator is setting up a VPN on an ASA for users who need to access an internal RDP server. Due to security restrictions, the Microsoft RDP client is blocked from running on client workstations via Group Policy. Which VPN feature should be implemented by the administrator to allow these users to have access to the RDP server?
A.
clientless proxy
B.
smart tunneling
C.
clientless plug-in
D.
clientless rewriter
Question 15:
A network engineer is configuring a server. The router will terminate encrypted VPN connections on g0/0, which is in the VRF "Internet". The clear-text traffic that must be encrypted before being sent out traverses g0/1, which is in the VRF "Internal". Which two VRF-specific configurations allow VPN traffic to traverse the VRF-aware interfaces? (Choose two.)
A.
Under the IKEv2 profile, add the ivrf Internal command.
B.
Under the virtual-template interface, add the ip vrf forwarding Internet command.
C.
Under the IKEv2 profile, add the match fvrf Internal command.
D.
Under the IKEv2 profile, add the match fvrf Internet command.
E.
Under the virtual-template interface, add the tunnel vrf Internet command.
Question 16:
An engineer notices that while an employee is connected remotely, all traffic is being routed to the corporate network. Which split-tunnel policy allows a remote client to use their local provider for Internet access when working from home?
A.
tunnelall
B.
excludeall
C.
tunnelspecified
D.
excludespecified
Question 17:
Cisco AnyConnect Secure Mobility Client has been configured to use IKEv2 for one group of users and SSL for another group. When the administrator configures a new AnyConnect release on the Cisco ASA, the IKEv2 users cannot download it automatically when they connect. What might be the problem?
A.
The XML profile is not configured correctly for the affected users.
B.
The new client image does not use the same major release as the current one.
C.
Client services are not enabled.
D.
Client software updates are not supported with IKEv2.
Question 18:
Which two commands help determine why the NHRP registration process is not being completed even after the IPsec tunnel is up? (Choose two.)
A.
show crypto isakmp sa
B.
show ip traffic
C.
show crypto ipsec sa
D.
show ip nhrp traffic
E.
show dmvpn detail
Question 19:
Which remote access VPN technology requires the use of the IPsec-proposal configuration option?
A.
clientless SSLVPN
B.
SSLVPN Full Tunnel
C.
IKEv2-based VPN
D.
IKEv1-based VPN
Question 20:
Refer to the exhibit. What is a result of this configuration?
A.
Spoke 1 fails the authentication because the authentication methods are incorrect.
B.
Spoke 2 passes the authentication to the hub and successfully proceeds to phase 2.
C.
Spoke 2 fails the authentication because the remote authentication method is incorrect.
D.
Spoke 1 passes the authentication to the hub and successfully proceeds to phase 2.
Disclaimer:
The content on this webpage is collected from various internet sources. While we strive for accuracy, we cannot guarantee its completeness or correctness. Please use it with caution and conduct further research if needed. We do not claim ownership or copyright over any content. If you find any copyrighted material or content that violates laws, please contact us for removal. By accessing this webpage, you agree to these terms. Thank you for your understanding.
The content on this webpage is collected from various internet sources. While we strive for accuracy, we cannot guarantee its completeness or correctness. Please use it with caution and conduct further research if needed. We do not claim ownership or copyright over any content. If you find any copyrighted material or content that violates laws, please contact us for removal. By accessing this webpage, you agree to these terms. Thank you for your understanding.