300-730 Online Practice Questions and Answers

Refer to the exhibit.

An engineer is troubleshooting a new GRE over IPsec tunnel. The tunnel is established but the engineer cannot ping from spoke 1 to spoke 2. Which type of traffic is being blocked?

A. ESP packets from spoke2 to spoke1

B. ISAKMP packets from spoke2 to spoke1

C. ESP packets from spoke1 to spoke2

D. ISAKMP packets from spoke1 to spoke2

A user is experiencing delays on audio calls over a Cisco AnyConnect VPN. Which implementation step resolves this issue?

A. Change to 3DES Encryption.

B. Shorten the encryption key lifetime.

C. Install the Cisco AnyConnect 2.3 client for the user to download.

D. Enable DTLS.

An engineer is using DMVPN to provide secure connectivity between a data center and remote sites. Which two routing protocols should be used between the routers? (Choose two.)

A. IS-IS

B. BGP

C. RIPv2

D. OSPF

E. EIGRP

What are two advantages of using GETVPN to traverse over the network between corporate offices? (Choose two.)

A. It has unique session keys for improved security.

B. It supports multicast.

C. It has QoS support.

D. It is a highly scalable any to any mesh topology.

E. It supports a hub-and-spoke topology.

Which configuration allows a Cisco ASA to receive an IPsec connection from a peer with an unknown IP address?

A. dynamic crypto map

B. dynamic tunnel group

C. dynamic AAA attributes

D. dynamic access policy

After a user configures a connection profile with a bookmark list and tests the clientless SSLVPN connection, all of the bookmarks are grayed out. What must be done to correct this behavior?

A. Apply the bookmark to the correct group policy.

B. Specify the correct port for the web server under the bookmark.

C. Configure a DNS server on the Cisco ASA and verify it has a record for the web server.

D. Verify HTTP/HTTPS connectivity between the Cisco ASA and the web server.

Refer to the exhibit.

Which type of VPN is being configured, based on the partial configuration snippet?

A. GET VPN with COOP key server

B. GET VPN with dual group member

C. FlexVPN load balancer

D. FlexVPN backup gateway

An administrator is designing a VPN with a partner's non-Cisco VPN solution. The partner's VPN device will negotiate an IKEv2 tunnel that will only encrypt subnets 192.168.0.0/24 going to 10.0.0.0/24. Which technology must be used to meet these requirements?

A. VTI

B. crypto map

C. GETVPN

D. DMVPN

Refer to the exhibit.

The network security engineer identified that the hub router cannot send traffic to the spoke router. Based on the provided output, which action resolves the issue?

A. Permit UDP ports 500 and 4500 between the hub and spoke.

B. Correct the next hop server IP address on the spoke router.

C. Ensure the preshared key on the hub-and-spoke router matches.

D. Adjust the ip nhrp network-id command on the hub router.

A clientless SSLVPN solution is built for 10 employees on a newly installed Cisco ASA. After a couple of days in production, it has been observed that only the first two users to log in each day are able to connect successfully. The remaining users encounter the message "Login failed". Which action resolves the issue?

A. Allocate additional Cisco AnyConnect Premium licenses to the ASA.

B. Increase the vpn-simultaneous-logins parameter to a value of more than 2.

C. Increase the number or IP addresses available in the VPN pool.

D. Verify that the users that cannot log in are in the correct AD group with VPN permissions.