Free 300-730 Exam Files Downloaded Instantly 100% Dumps & Practice Exam
Free Exam Updates 300-730 dumps with test Engine Practice
NEW QUESTION 34
Which redundancy protocol must be implemented for IPsec stateless failover to work?
- A. VRRP
- B. HSRP
- C. GLBP
- D. SSO
Answer: B
NEW QUESTION 35
Refer to the exhibit.
Which type of mismatch is causing the problem with the IPsec VPN tunnel?
- A. Phase 1 policy
- B. preshared key
- C. crypto access list
- D. transform set
Answer: B
NEW QUESTION 36
Which technology is used to send multicast traffic over a site-to-site VPN?
- A. GRE over IPsec on FTD
- B. IPsec tunnel on FTD
- C. GRE over IPsec on IOS router
- D. GRE tunnel on ASA
Answer: A
NEW QUESTION 37
Refer to the exhibit.
Which VPN technology is used in the exhibit?
- A. VTI
- B. DMVPN
- C. GRE
- D. DVTI
Answer: A
Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/zZ-Archive/ IPsec_Virtual_Tunnel_Interface.html#GUID-EB8C433B-2394-42B9-997F-B40803E58A91
NEW QUESTION 38
Which IKE identity does an IOS/IOS-XE headend expect to receive if an IPsec Cisco AnyConnect client uses default settings?
- A. *$DfltlkeldentityS*
- B. *$RemoteAccessVpnClient$*
- C. *$SecureMobilityClient$*
- D. *$AnyConnectClient$*
Answer: D
Explanation:
Reference:
https://www.cisco.com/c/en/us/support/docs/security/flexvpn/200555-FlexVPN-AnyConnect-IKEv2- Remote-Access.html
NEW QUESTION 39
A Cisco ASA is configured in active/standby mode. What is needed to ensure that Cisco AnyConnect users can connect after a failover event?
- A. AnyConnect images must be uploaded to both failover ASA devices.
- B. Configure a backup server in the XML profile.
- C. The vpnsession-db must be cleared manually.
- D. AnyConnect client must point to the standby IP address.
Answer: A
Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ ha_active_standby.html
NEW QUESTION 40
Refer to the exhibit.
The DMVPN tunnel is dropping randomly and no tunnel protection is configured. Which spoke configuration mitigates tunnel drops?


- A. Option D
- B. Option C
- C. Option B
- D. Option A
Answer: A
NEW QUESTION 41
Which command is used to troubleshoot an IPv6 FlexVPN spoke-to-hub connectivity failure?
- A. show crypto identity
- B. show crypto ikev2 sa
- C. show crypto gkm
- D. show crypto isakmp sa
Answer: B
Explanation:
Section: Troubleshooting using ASDM and CLI
Explanation/Reference: https://www.cisco.com/c/en/us/support/docs/security/flexvpn/116413-configure-flexvpn-00.pdf
NEW QUESTION 42
A Cisco AnyConnect client establishes a SSL VPN connection with an ASA at the corporate office. An engineer must ensure that the client computer meets the enterprise security policy. Which feature can update the client to meet an enterprise security policy?
- A. Endpoint Assessment
- B. Advanced Endpoint Assessment
- C. Basic Host Scan
- D. Cisco Secure Desktop
Answer: B
NEW QUESTION 43
What are two purposes of the key server in Cisco IOS GETVPN? (Choose two.)
- A. to download encryption keys
- B. to maintain encryption policies
- C. to distribute routing information
- D. to encrypt data traffic
- E. to authenticate group members
Answer: B,E
NEW QUESTION 44
Refer to the exhibit.
A network engineer is configuring a remote access SSLVPN and is unable to complete the connection using local credentials. What must be done to remediate this problem?
- A. Configure the group policy to force local authentication.
- B. Configure a AAA server group to authenticate the client.
- C. Enable the client protocol in the Cisco AnyConnect profile.
- D. Change the authentication method to local.
Answer: C
NEW QUESTION 45
A network engineer must implement an SSLVPN Cisco AnyConnect solution that supports 500 concurrent users, ensures all traffic from the client passes through the ASA, and allows users to access all devices on the inside interface subnet (192.168.0.0/24). Assuming all other configuration is set up appropriately, which configuration implements this solution?
- A. Option A
- B. Option C
- C. Option B
- D. Option D
Answer: A
NEW QUESTION 46 
Refer to the exhibit. The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch is the problem?
- A. preshared key
- B. ikev2 proposal
- C. peer identity
- D. transform set
Answer: C
Explanation:
Section: Troubleshooting using ASDM and CLI
NEW QUESTION 47
On a FlexVPN hub-and-spoke topology where spoke-to-spoke tunnels are not allowed, which command is needed for the hub to be able to terminate FlexVPN tunnels?
- A. ip nhrp redirect
- B. interface tunnel
- C. interface virtual-template
- D. interface virtual-access
Answer: C
NEW QUESTION 48
Refer to the exhibit.
A customer cannot establish an IKEv2 site-to-site VPN tunnel between two Cisco ASA devices. Based on the syslog message, which action brings up the VPN tunnel?
- A. Remove the maximum SA limit on the remote Cisco ASA.
- B. Correct the crypto access list on both Cisco ASA devices.
- C. Reduce the maximum SA limit on the local Cisco ASA.
- D. Increase the maximum in-negotiation SA limit on the local Cisco ASA.
Answer: D
NEW QUESTION 49
An administrator is designing a VPN with a partner's non-Cisco VPN solution. The partner's VPN device will negotiate an IKEv2 tunnel that will only encrypt subnets 192.168.0.0/24 going to 10.0.0.0/24. Which technology must be used to meet these requirements?
- A. VTI
- B. DMVPN
- C. GETVPN
- D. crypto map
Answer: D
NEW QUESTION 50
Which Cisco AnyConnect component ensures that devices in a specific internal subnet are only accessible using port 443?
- A. split tunnel
- B. WebACL
- C. VPN filter
- D. routing
Answer: C
NEW QUESTION 51
Which method dynamically installs the network routes for remote tunnel endpoints?
- A. reverse route injection
- B. CEF
- C. policy-based routing
- D. route filtering
Answer: A
Explanation:
Section: Site-to-site Virtual Private Networks on Routers and Firewalls Explanation/Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnav/configuration/12-4t/sec-vpn- availability-12-4t-book/sec-rev-rte-inject.html
NEW QUESTION 52
Cisco AnyConnect clients need to transfer large files over the VPN sessions. Which protocol provides the best throughput?
- A. L2TP
- B. SSL/TLS
- C. IPsec IKEv1
- D. DTLS
Answer: D
Explanation:
Section: Secure Communications Architectures
NEW QUESTION 53
Which requirement is needed to use local authentication for Cisco AnyConnect Secure Mobility Clients that connect to a FlexVPN server?
- A. AnyConnect profile
- B. EAP-AnyConnect
- C. EAP query-identity
- D. use of certificates instead of username and password
Answer: A
NEW QUESTION 54
Refer to the exhibit.
What is configured as a result of this command set?
- A. FlexVPN server to authorize groups by using an IPv6 external AAA
- B. FlexVPN client profile for IPv6
- C. FlexVPN server to authenticate IPv6 peers by using EAP
- D. FlexVPN server for an IPv6 dVTI session
Answer: B
Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/xe-3s/sec-flex- vpn-xe-3s-book/sec-cfg-flex-clnt.html
NEW QUESTION 55
Refer to the exhibit.
Based on the debug output, which type of mismatch is preventing the VPN from coming up?
- A. interesting traffic
- B. preshared key
- C. lifetime
- D. PFS
Answer: C
Explanation:
If the responder's policy does not allow it to accept any part of the proposed Traffic Selectors, it responds with a TS_UNACCEPTABLE Notify message.
NEW QUESTION 56
A second set of traffic selectors is negotiated between two peers using IKEv2. Which IKEv2 packet will contain details of the exchange?
- A. IKEv2 IKE_AUTH
- B. IKEv2 IKE_SA_INIT
- C. IKEv2 INFORMATIONAL
- D. IKEv2 CREATE_CHILD_SA
Answer: C
NEW QUESTION 57
A company's remote locations connect to the data centers via MPLS. A new request requires that unicast and multicast traffic that exits in the remote locations be encrypted. Which non-tunneled technology should be used to satisfy this requirement?
- A. SSL
- B. DMVPN
- C. GETVPN
- D. FlexVPN
Answer: C
NEW QUESTION 58
Refer to the exhibit.
The DMVPN spoke is not establishing a session with the hub. Which two actions resolve this issue? (Choose two.)
- A. Change the ISAKMP policy authentication on the spoke to pre-shared.
- B. Change the spoke nhs to 172.16.18.1 and the nbma to 10.0.0.1.
- C. Change the transform set to mode tunnel.
- D. Change the ISAKMP key address on the spoke to 0.0.0.0.
- E. Change the nhrp authentication key on the spoke to cisco123.
Answer: D,E
NEW QUESTION 59
......
Provide Valid Dumps To Help You Prepare For Implementing Secure Solutions with Virtual Private Networks Exam: https://pdfdumps.free4torrent.com/300-730-valid-dumps-torrent.html