300-730 Practice Questions
225 real 300-730 exam questions with expert-verified answers and explanations. Page 2 of 5.
- Question #51Remote Access VPN
Which IKE identity does an IOS/IOS-XE headend expect to receive if an IPsec Cisco AnyConnect client uses default settings?
IKE identityAnyConnectFlexVPNIOS-XE headend - Question #52Remote Access VPN
Refer to the exhibit. Which VPN technology is allowed for users connecting to the Employee tunnel group?
tunnel-groupvpn-tunnel-protocolclientlessASA policy - Question #53Troubleshooting Using ASDM and CLI
Refer to the exhibit. An engineer is troubleshooting a new GRE over IPsec tunnel. The tunnel is established but the engineer cannot ping from spoke 1 to spoke 2. Which type of traf...
GRE over IPsecESPspoke-to-spoketraffic filtering - Question #54Troubleshooting Using ASDM and CLI
Which command is used to troubleshoot an IPv6 FlexVPN spoke-to-hub connectivity failure?
FlexVPNIKEv2IPv6show crypto ikev2 sa - Question #55Troubleshooting Using ASDM and CLI
In a FlexVPN deployment, the spokes successfully connect to the hub, but spoke-to-spoke tunnels do not form. Which troubleshooting step solves the issue?
FlexVPNNHRP shortcutspoke-to-spokehub configuration - Question #56Troubleshooting Using ASDM and CLI
An engineer is troubleshooting a new DMVPN setup on a Cisco IOS router. After the show crypto isakmp sa command is issued, a response is returned of "MM_NO_STATE." Why does this fa...
DMVPNISAKMPMM_NO_STATEPhase 1 mismatch - Question #57Remote Access VPN
What are two variables for configuring clientless SSL VPN single sign-on? (Choose two.)
clientless SSL VPNsingle sign-onSSO variablesWebVPN - Question #58Troubleshooting Using ASDM and CLI
Refer to the exhibit. A site-to-site tunnel between two sites is not coming up. Based on the debugs, what is the cause of this issue?
site-to-site VPNUDP 4500NAT-Tdebug output - Question #59Troubleshooting Using ASDM and CLI
Refer to the exhibit. Based on the debug output, which type of mismatch is preventing the VPN from coming up?
crypto ACLinteresting trafficIKE negotiationdebug output - Question #60Troubleshooting Using ASDM and CLI
Refer to the exhibit. Which type of site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch is the problem?
site-to-site VPNpeer identityIKEv2debug output - Question #61Troubleshooting VPNs
Refer to the exhibit. Which type of mismatch is causing the problem with the IPsec VPN tunnel?
IPsec troubleshootingpreshared key mismatchIKE Phase 1VPN debug - Question #62Site-to-site VPNs on Routers and Firewalls
Refer to the exhibit. What is a result of this configuration?
FlexVPNspoke authenticationIKEv2 auth methodshub-and-spoke - Question #63Secure Communications
Which two cryptographic technologies are recommended for use with FlexVPN? (Choose two.)
FlexVPNSHA HMACDiffie-Hellmancryptographic recommendations - Question #64Remote Access VPN
Refer to the exhibit. An administrator had the above configuration working with SSL protocol, but as soon as the administrator specified IPsec as the primary protocol, the Cisco An...
AnyConnect IPsectunnel group nameXML profileprimary protocol - Question #65Remote Access VPN
Refer to the exhibit. Client 1 cannot communicate with client 2. Both clients are using Cisco AnyConnect and have established a successful SSL VPN connection to the hub ASA. Which...
AnyConnect SSL VPNsame-security-trafficintra-interfacehairpinning - Question #66Troubleshooting VPNs
Refer to the exhibit. An SSL client is connecting to an ASA headend. The session fails with the message "Connection attempt has timed out. Please verify Internet connectivity." Bas...
SSL VPNASA packet processingUN-NATtroubleshooting phases - Question #67Site-to-site VPNs on Routers and Firewalls
Which redundancy protocol must be implemented for IPsec stateless failover to work?
IPsec stateless failoverHSRPredundancy protocolhigh availability - Question #68Site-to-site VPNs on Routers and Firewalls
Which technology works with IPsec stateful failover?
IPsec stateful failoverHSRPhigh availabilityredundancy - Question #69Secure Communications
What are two functions of ECDH and ECDSA? (Choose two.)
ECDSAECDHdigital signaturekey exchange - Question #70Secure Communications
What uses an Elliptic Curve key exchange algorithm?
ECDHEelliptic curvekey exchange algorithmcryptography - Question #71Remote Access VPN
Which two remote access VPN solutions support SSL? (Choose two.)
SSL VPNclientlessAnyConnectremote access solutions - Question #72Remote Access VPN
An engineer is configuring clientless SSL VPN. The finance department has a database server that only they should access, but the sales department can currently access it. The fina...
clientless SSL VPNwebtype ACLgroup policyaccess control - Question #73Troubleshooting VPNs
An engineer has integrated a new DMVPN to link remote offices across the internet using Cisco IOS routers. When connecting to remote sites, pings and voice data appear to flow prop...
DMVPNMTURDP failuretunnel troubleshooting - Question #74Site-to-site VPNs on Routers and Firewalls
Where must an engineer configure a preshared key for a site-to-site VPN tunnel configured on a Cisco ASA?
preshared keyASA site-to-site VPNtunnel groupIKEv1 - Question #75Remote Access VPN
A network engineer has been tasked with configuring SSL VPN to provide remote users with access to the corporate network. Traffic destined to the enterprise IP range should go thro...
split tunnelAnyConnecttraffic routinggroup policy - Question #76Remote Access VPN
A network engineer must design a remote access solution to allow contractors to access internal services. These contractors do not have permissions to install applications on their...
clientless VPNremote access designno-client installSSL VPN - Question #77Remote Access VPN
Refer to the exhibit. Which type of Cisco VPN is shown for group Cisco12345678?
AnyConnectVPN type identificationASDMtunnel group - Question #78Troubleshooting VPNs
Refer to the exhibit. A network engineer is configuring a remote access SSLVPN and is unable to complete the connection using local credentials. What must be done to remediate this...
SSL VPN troubleshootingAnyConnectgroup policyclient protocol - Question #79Remote Access VPN
A network engineer must implement an SSLVPN Cisco AnyConnect solution that supports 500 concurrent users, ensures all traffic from the client passes through the ASA, and allows use...
AnyConnecttunnel-alladdress poolgroup policy configuration - Question #80Remote Access VPN
Refer to the exhibit. Which type of VPN is used? tunnel-group client general-attributes address-pool MYPOOL authentication-server-group RADIUS tunnel-group client ipsec-attributes...
Easy VPNIPsec remote accesstunnel grouppreshared key - Question #81Remote Access VPN
An engineer would like Cisco AnyConnect users to be able to reach servers within the 10.10.0.0/16 subnet while all other traffic is sent out to the Internet. Which IPsec configurat...
IKEv2 authorization policysplit tunnelingroute setAnyConnect - Question #82Remote Access VPN
Which Cisco AnyConnect component ensures that devices in a specific internal subnet are only accessible using port 443?
VPN filterAnyConnectaccess controlport filtering - Question #83Troubleshooting VPNs
Refer to the exhibit. Upon setting up a tunnel between two sites, users are complaining that connections to applications over the VPN are not working consistently. The output of sh...
IPsec SAreplay windowshow crypto ipsec satroubleshooting - Question #84Troubleshooting VPNs
After a user configures a connection profile with a bookmark list and tests the clientless SSL VPN connection, all of the bookmarks are grayed out. What must be done to correct thi...
clientless SSL VPNbookmarksDNS resolutionASA - Question #85Site-to-site Virtual Private Networks on Routers and Firewalls
Refer to the exhibit. Which type of VPN is being configured, based on the partial configuration snippet? crypto gdoi group GDOI-GROUP1 server local address ipv4 10.0.0.1 redundancy...
GETVPNCOOP key serverGDOIkey server redundancy - Question #86Site-to-site Virtual Private Networks on Routers and Firewalls
An administrator is designing a VPN with a partner's non-Cisco VPN solution. The partner's VPN device will negotiate an IKEv2 tunnel that will only encrypt subnets 192.168.0.0/24 g...
IKEv2crypto mappolicy-based VPNinteroperability - Question #87Secure Communications Architectures
A company's remote locations connect to the data centers via MPLS. A new request requires that unicast and multicast traffic that exits in the remote locations be encrypted. Which...
GETVPNMPLSmulticast encryptionnon-tunneled VPN - Question #88Troubleshooting VPNs
While troubleshooting, an engineer finds that the show crypto isakmp sa command indicates that the last state of the tunnel is MM_KEY_EXCH. What is the next step that should be tak...
IKEv1ISAKMPMM_KEY_EXCHpre-shared key - Question #89Site-to-site Virtual Private Networks on Routers and Firewalls
Which VPN technology must be used to ensure that routers are able to dynamically form connections with each other rather than sending traffic through a hub and be able to advertise...
GETVPNDMVPNspoke-to-spokeVPN architecture - Question #90Remote Access VPN
An administrator is setting up AnyConnect for the first time for a few users. Currently, the router does not have access to a RADIUS server. Which AnyConnect protocol must be used...
AnyConnectEAPlocal authenticationIKEv2 - Question #91Site-to-site Virtual Private Networks on Routers and Firewalls
Refer to the exhibit. Which of the following is true about this configuration?
DMVPNNHRP redirectPhase 3hub configuration - Question #92Remote Access VPN
Refer to the exhibit. A user is connecting from behind a PC with a private IP Address. Their ISP provider is blocking TCP port 443. Which AnyConnect XML configuration will allow th...
AnyConnectIPsecXML profileport 443 blocked - Question #93Site-to-site Virtual Private Networks on Routers and Firewalls
Refer to the exhibit. Which two conclusions should be drawn from the DMVPN phase 2 configuration? (Choose two.)
DMVPN Phase 2EIGRPspoke-to-spokedynamic routing - Question #94Troubleshooting VPNs
Refer to the exhibit. The VPN tunnel between the FlexVPN spoke and FlexVPN hub 192.168.0.12 is failing. What should be done to correct this issue?
FlexVPNIKEv2AAA authorizationtroubleshooting - Question #95Troubleshooting Using ASDM and CLI
Refer to the exhibit. An IKEv2 site-to-site tunnel between an ASA and a remote peer is not building successfully. What will fix the problem based on the debug output?
IKEv2ASAcrypto access-listdebug output analysis - Question #96Troubleshooting Using ASDM and CLI
Refer to the exhibit. A network engineer is reconfiguring clientless SSLVPN during a maintenance window, and after testing the new configuration, is unable to establish the connect...
clientless SSL VPNgroup policyASAprotocol configuration - Question #97Secure Communications Architectures
What are two purposes of the key server in Cisco IOS GETVPN? (Choose two.)
GETVPNkey serverencryption policygroup member authentication - Question #98Remote Access VPN
An engineer notices that while an employee is connected remotely, all traffic is being routed to the corporate network. Which split-tunnel policy allows a remote client to use thei...
split tunnelingAnyConnecttunnelspecifiedVPN policy - Question #99Site-to-site Virtual Private Networks on Routers and Firewalls
In order to enable FlexVPN to use a AAA attribute list, which two tasks must be performed? (Choose two.)
FlexVPNAAAIKEv2 profileauthorization policy - Question #100Site-to-site Virtual Private Networks on Routers and Firewalls
Which technology and VPN component allows a VPN headend to dynamically learn post NAT IP addresses of remote routers at different sites?
DMVPNNHRPNAT traversaldynamic IP learning