New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

300-730 Implementing Secure Solutions with Virtual Private Networks (SVPN) Questions and Answers

Questions 4

Refer to the exhibit.

Which type of mismatch is causing the problem with the IPsec VPN tunnel?

Options:

A.

crypto access list

B.

Phase 1 policy

C.

transform set

D.

preshared key

Buy Now
Questions 5

Which two types of SSO functionality are available on the Cisco ASA without any external SSO servers? (Choose two.)

Options:

A.

SAML

B.

NTLM

C.

Kerberos

D.

OAuth 2.0

E.

HTTP Basic

Buy Now
Questions 6

Refer to the exhibit.

The DMVPN spoke is not establishing a session with the hub. Which two actions resolve this issue? (Choose two.)

Options:

A.

Change the spoke nhs to 172.16.18.1 and the nbma to 10.0.0.1.

B.

Change the transform set to mode tunnel.

C.

Change the ISAKMP policy authentication on the spoke to pre-shared.

D.

Change the ISAKMP key address on the spoke to 0.0.0.0.

E.

Change the nhrp authentication key on the spoke to cisco123.

Buy Now
Questions 7

Which clientless SSLVPN supported feature works when the http-only-cookie command is enabled?

Options:

A.

Citrix load balancer

B.

port reflector

C.

Java rewriter -

D.

Java plug-ins

E.

script browser

Buy Now
Questions 8

An engineer must investigate a connectivity issue and decides to use the packet capture feature on Cisco FTD. The goal is to see the real packet going through the Cisco FTD device and see Snort detection actions as a part of the output. After the capture-traffic command is issued, only the packets are displayed. Which action resolves this issue?

Options:

A.

Specify the trace using the -T option after the capture-traffic command

B.

Perform the trace within the Cisco FMC GUI instead of the Cisco FMC CLI

C.

Use the verbose option as a part of the capture-traffic command

D.

Use the capture command and specify the trace option to get the required information

Buy Now
Questions 9

Refer to the exhibit.

A site-to-site tunnel between two sites is not coming up. Based on the debugs, what is the cause of this issue?

Options:

A.

An authentication failure occurs on the remote peer.

B.

A certificate fragmentation issue occurs between both sides.

C.

UDP 4500 traffic from the peer does not reach the router.

D.

An authentication failure occurs on the router.

Questions 10

An engineer is configuring clientless SSL VPN. The finance department has a database server that only they should access, but the sales department can currently access it. The finance and the sales departments are configured as separate group-policies. What must be added to the configuration to make sure the users in the sales department cannot access the finance department server?

Options:

A.

tunnel group lock

B.

smart tunnel

C.

port forwarding

D.

webtype ACL

Questions 11

An administrator is setting up a VPN on an ASA for users who need to access an internal RDP server. Due to security restrictions, the Microsoft RDP client is blocked from running on client workstations via Group Policy. Which VPN feature should be implemented by the administrator to allow these users to have access to the RDP server?

Options:

A.

clientless proxy

B.

smart tunneling

C.

clientless plug-in

D.

clientless rewriter

Buy Now
Questions 12

A network administrator is deploying a Cisco IPS appliance and needs it to operate initially without affecting traffic flows. It must also collect data to provide a baseline of unwanted traffic before being reconfigured to drop it. Which Cisco IPS mode meets these requirements?

Options:

A.

failsafe

B.

inline tap

C.

promiscuous

D.

bypass

Buy Now
Questions 13

What are two differences between ECC and RSA? (Choose two.)

Options:

A.

Key generation in ECC is slower and more CPU intensive than RSA.

B.

ECC can have the same security as RSA but with a shorter key size.

C.

ECC cannot have the same security as RSA, even with an increased key size.

D.

Key generation in ECC is faster and less CPU intensive than RSA.

E.

ECC lags in performance when compared with RSA.

Buy Now
Questions 14

An engineer has integrated a new DMVPN to link remote offices across the internet using Cisco IOS routers. When connecting to remote sites, pings and voice data appear to flow properly, and all tunnel stats show that they are up. However, when trying to connect to a remote server using RDP, the connection fails. Which action resolves this issue?

Options:

A.

Adjust the MTU size within the routers.

B.

Add RDP port to the extended ACL.

C.

Replace certificate on the RDP server.

D.

Change DMVPN timeout values.

Buy Now
Questions 15

A network engineer has been tasked with configuring SSL VPN to provide remote users with access to the corporate network. Traffic destined to the enterprise IP range should go through the tunnel, and all other traffic

should go directly to the Internet. Which feature should be configured to achieve this?

Options:

A.

U-turning

B.

hairpinning

C.

split-tunnel

D.

dual-homing

Buy Now
Questions 16

Refer to the exhibit.

An IKEv2 site-to-site tunnel between an ASA and a remote peer is not building successfully. What will fix the problem based on the debug output?

Options:

A.

Ensure crypto IPsec policy matches on both VPN devices.

B.

Install the correct certificate to validate the peer.

C.

Correct crypto access list on both VPN devices.

D.

Specify the peer IP address in the tunnel group name.

Buy Now
Questions 17

Refer to the exhibit.

An SSL client is connecting to an ASA headend. The session fails with the message “Connection attempt has timed out. Please verify Internet connectivity.” Based on how the packet is processed, which phase is causing the failure?

Options:

A.

phase 9: rpf-check

B.

phase 5: NAT

C.

phase 4: ACCESS-LIST

D.

phase 3: UN-NAT

Buy Now
Questions 18

Refer to the exhibit.

An engineer is troubleshooting a new GRE over IPsec tunnel. The tunnel is established but the engineer cannot ping from spoke 1 to spoke 2. Which type of traffic is being blocked?

Options:

A.

ESP packets from spoke2 to spoke1

B.

ISAKMP packets from spoke2 to spoke1

C.

ESP packets from spoke1 to spoke2

D.

ISAKMP packets from spoke1 to spoke2

Buy Now
Questions 19

Refer to the exhibit.

What is a result of this configuration?

Options:

A.

Spoke 1 fails the authentication because the authentication methods are incorrect.

B.

Spoke 2 passes the authentication to the hub and successfully proceeds to phase 2.

C.

Spoke 2 fails the authentication because the remote authentication method is incorrect.

D.

Spoke 1 passes the authentication to the hub and successfully proceeds to phase 2.

Buy Now
Questions 20

Which command is used to troubleshoot an IPv6 FlexVPN spoke-to-hub connectivity failure?

Options:

A.

show crypto ikev2 sa

B.

show crypto isakmp sa

C.

show crypto gkm

D.

show crypto identity

Buy Now
Questions 21

Refer to the exhibit.

The customer can establish a Cisco AnyConnect connection without using an XML profile. When the host "ikev2" is selected in the AnyConnect drop down, the connection fails. What is the cause of this issue?

Options:

A.

The HostName is incorrect.

B.

The IP address is incorrect.

C.

Primary protocol should be SSL.

D.

UserGroup must match connection profile.

Buy Now
Questions 22

Refer to the exhibit.

The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch is the problem?

Options:

A.

preshared key

B.

peer identity

C.

transform set

D.

ikev2 proposal

Buy Now
Questions 23

Which technology works with IPsec stateful failover?

Options:

A.

GLBR

B.

HSRP

C.

GRE

D.

VRRP

Buy Now
Questions 24

Refer to the exhibit.

Which VPN technology is used in the exhibit?

Options:

A.

DVTI

B.

VTI

C.

DMVPN

D.

GRE

Buy Now
Questions 25

A Cisco ASA is configured in active/standby mode. What is needed to ensure that Cisco AnyConnect users can connect after a failover event?

Options:

A.

AnyConnect images must be uploaded to both failover ASA devices.

B.

The vpnsession-db must be cleared manually.

C.

Configure a backup server in the XML profile.

D.

AnyConnect client must point to the standby IP address.

Buy Now
Questions 26

What uses an Elliptic Curve key exchange algorithm?

Options:

A.

ECDSA

B.

ECDHE

C.

AES-GCM

D.

SHA

Buy Now
Questions 27

Which two commands help determine why the NHRP registration process is not being completed even after the IPsec tunnel is up? (Choose two.)

Options:

A.

show crypto isakmp sa

B.

show ip traffic

C.

show crypto ipsec sa

D.

show ip nhrp traffic

E.

show dmvpn detail

Questions 28

Which benefit of FlexVPN is a limitation of DMVPN using IKEv1?

Options:

A.

GRE encapsulation allows for forwarding of non-IP traffic.

B.

IKE implementation can install routes in routing table.

C.

NHRP authentication provides enhanced security.

D.

Dynamic routing protocols can be configured.

Questions 29

Which VPN solution uses TBAR?

Options:

A.

GETVPN

B.

VTI

C.

DMVPN

D.

Cisco AnyConnect

Buy Now
Questions 30

Which technology is used to send multicast traffic over a site-to-site VPN?

Options:

A.

GRE over IPsec on IOS router

B.

GRE over IPsec on FTD

C.

IPsec tunnel on FTD

D.

GRE tunnel on ASA

Questions 31

What is a requirement for smart tunnels to function properly?

Options:

A.

Java or ActiveX must be enabled on the client machine.

B.

Applications must be UDP.

C.

Stateful failover must not be configured.

D.

The user on the client machine must have admin access.

Buy Now
Questions 32

Which parameter is initially used to elect the primary key server from a group of key servers?

Options:

A.

code version

B.

highest IP address

C.

highest-priority value

D.

lowest IP address

Buy Now
Questions 33

A second set of traffic selectors is negotiated between two peers using IKEv2. Which IKEv2 packet will contain details of the exchange?

Options:

A.

IKEv2 IKE_SA_INIT

B.

IKEv2 INFORMATIONAL

C.

IKEv2 CREATE_CHILD_SA

D.

IKEv2 IKE_AUTH

Buy Now
Questions 34

Refer to the exhibit.

Which two tunnel types produce the show crypto ipsec sa output seen in the exhibit? (Choose two.)

Options:

A.

crypto map

B.

DMVPN

C.

GRE

D.

FlexVPN

E.

VTI

Buy Now
Questions 35

Which two changes must be made in order to migrate from DMVPN Phase 2 to Phase 3 when EIGRP is configured? (Choose two.)

Options:

A.

Add NHRP shortcuts on the hub.

B.

Add NHRP redirects on the spoke.

C.

Disable EIGRP next-hop-self on the hub.

D.

Enable EIGRP next-hop-self on the hub.

E.

Add NHRP redirects on the hub.

Buy Now
Questions 36

Refer to the exhibit.

The DMVPN tunnel is dropping randomly and no tunnel protection is configured. Which spoke configuration mitigates tunnel drops?

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Questions 37

Which method dynamically installs the network routes for remote tunnel endpoints?

Options:

A.

policy-based routing

B.

CEF

C.

reverse route injection

D.

route filtering

Buy Now
Questions 38

Which statement about GETVPN is true?

Options:

A.

The configuration that defines which traffic to encrypt originates from the key server.

B.

TEK rekeys can be load-balanced between two key servers operating in COOP.

C.

The pseudotime that is used for replay checking is synchronized via NTP.

D.

Group members must acknowledge all KEK and TEK rekeys, regardless of configuration.

Buy Now
Questions 39

On a FlexVPN hub-and-spoke topology where spoke-to-spoke tunnels are not allowed, which command is needed for the hub to be able to terminate FlexVPN tunnels?

Options:

A.

interface virtual-access

B.

ip nhrp redirect

C.

interface tunnel

D.

interface virtual-template

Buy Now
Questions 40

Drag and drop the correct commands from the night onto the blanks within the code on the left to implement a design that allow for dynamic spoke-to-spoke communication. Not all comments are used.

Options:

Buy Now
Questions 41

Refer to the exhibit.

A customer cannot establish an IKEv2 site-to-site VPN tunnel between two Cisco ASA devices. Based on the syslog message, which action brings up the VPN tunnel?

Options:

A.

Reduce the maximum SA limit on the local Cisco ASA.

B.

Increase the maximum in-negotiation SA limit on the local Cisco ASA.

C.

Remove the maximum SA limit on the remote Cisco ASA.

D.

Correct the crypto access list on both Cisco ASA devices.

Questions 42

Which configuration construct must be used in a FlexVPN tunnel?

Options:

A.

EAP configuration

B.

multipoint GRE tunnel interface

C.

IKEv1 policy

D.

IKEv2 profile

Buy Now
Exam Code: 300-730
Exam Name: Implementing Secure Solutions with Virtual Private Networks (SVPN)
Last Update: Dec 22, 2024
Questions: 175

PDF + Testing Engine

$144.99

Testing Engine

$109.99

PDF (Q&A)

$94.99