nerdexam
Cisco

300-730 · Question #4

300-730 Question #4: Real Exam Question with Answer & Explanation

The correct answer is C. DTLS. DTLS provides the best throughput for large file transfers over AnyConnect VPN because it runs over UDP and avoids the TCP-over-TCP performance collapse that affects SSL/TLS.

Remote Access VPN

Question

Cisco AnyConnect clients need to transfer large files over the VPN sessions. Which protocol provides the best throughput?

Options

  • ASSL/TLS
  • BL2TP
  • CDTLS
  • DIPsec IKEv1

Explanation

DTLS provides the best throughput for large file transfers over AnyConnect VPN because it runs over UDP and avoids the TCP-over-TCP performance collapse that affects SSL/TLS.

Common mistakes.

  • A. SSL/TLS runs over TCP, and tunneling TCP application traffic inside a TCP-based VPN causes TCP meltdown, degrading throughput significantly for large transfers.
  • B. L2TP adds a layer of encapsulation overhead and typically requires IPsec for security, increasing header size and reducing effective throughput compared to DTLS.
  • D. IPsec IKEv1 has longer negotiation sequences and lacks the UDP-based transport optimizations that make DTLS efficient for bulk data over AnyConnect sessions.

Concept tested. DTLS throughput advantage for AnyConnect large file transfers

Reference. https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect410/administration/guide/b_AnyConnect_Administrator_Guide_4-10/b_AnyConnect_Administrator_Guide_4-10_chapter_0100.html

Topics

#AnyConnect#DTLS#throughput#SSL/TLS

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-730 Practice