300-730 Practice Questions
225 real 300-730 exam questions with expert-verified answers and explanations. Page 3 of 5.
- Question #101Remote Access VPN
An engineer must configure remote desktop connectivity for offsite admins via clientless SSL VPN, configured on a Cisco ASA to Windows Vista workstations. Which two configurations...
clientless SSL VPNRDP pluginASA bookmarksremote desktop - Question #102Remote Access VPN
A network engineer must design an clientless VPN solution for a company. VPN users must be able to access several internal web servers. When reachability to those web servers was t...
clientless VPNweb content rewritingASANAT - Question #103Remote Access VPN
Which two types of SSO functionality are available on the Cisco ASA without any external SSO servers? (Choose two.)
SSONTLMHTTP Basicclientless SSL VPN - Question #104Site-to-site Virtual Private Networks on Routers and Firewalls
Refer to the exhibit. Which type of VPN implementation is displayed?
IKEv2load balancingVPN clusterASA - Question #105Troubleshooting VPNs
A DMVPN spoke is configured with IKEv1 to secure the tunnel. Despite having a configuration similar to other working spokes, the tunnel is not coming up. Packet captures on the spo...
DMVPNIKEv1ESP trafficspoke connectivity - Question #106Troubleshooting VPNs
Refer to the exhibit. A TCP based application that should be accessible over the VPN tunnel is not working! Pings to the appropriate IP address are failing. Based on the output, wh...
site-to-site VPNroutingcrypto ACLtraffic flow - Question #107Remote Access VPN
A network engineer must expand a company's Cisco AnyConnect solution. Currently, a Cisco ASA is set up in North America and another will be installed in Europe with a different IP...
AnyConnectOptimal Gateway SelectionRTTgateway redundancy - Question #108Troubleshooting VPNs
A clientless SSLVPN is set up to allow remote users to access internal HTTPS webservers. Users can access all but one server and see the message "Connection Failed. Server 192.168....
clientless SSL VPNSSL cipher mismatchwebserver accessASA - Question #109Remote Access VPN
Which clientless SSLVPN supported feature works when the http-only-cookie command is enabled?
clientless SSL VPNhttp-only-cookieJava pluginsASA feature - Question #110Troubleshooting VPNs
Refer to the exhibit. The debug output of an IKEv2 exchange between two devices is shown. Why is the IKEv2 exchange failing?
IKEv2identity mismatchdebug outputIKEv2 profile - Question #111Remote Access VPN
A network engineer is setting up a clientless SSLVPN on a Cisco ASA. Remote users must be able to access an internal webserver via the URL example.com. Which two steps accomplish t...
clientless SSL VPNbookmarksDNS resolutionwebserver URL - Question #112Site-to-site Virtual Private Networks on Routers and Firewalls
A network engineer has set up a FlexVPN server to terminate multiple FlexVPN clients. The VPN tunnels are established without issue. However, when a Change of Authorization is issu...
FlexVPNRADIUS CoAdynamic authorizationAAA - Question #113Remote Access VPN
A company needs to ensure only corporate issued laptops and devices are allowed to connect with the Cisco AnyConnect client. The solution should be applicable to multiple operating...
AnyConnectDAPmachine certificatesendpoint posture - Question #114Site-to-site Virtual Private Networks on Routers and Firewalls
When a FlexVPN is configured, which two components must be configured for IKEv2? (Choose two.)
FlexVPNIKEv2profileproposal - Question #115Troubleshooting VPNs
A DMVPN spoke router tunnel is up and passing traffic, but it cannot establish an EIGRP neighbor relationship with the hub router. Which solution resolves this issue?
DMVPNEIGRPNHRP multicasthub-spoke routing - Question #116Troubleshooting VPNs
Refer to the exhibit. An IPsec Cisco AnyConnect client is failing to connect and generates these debugs every time a connection to an IOS headend is attempted. Which action resolve...
AnyConnectIKEv2DH groupIKE negotiation failure - Question #117Remote Access VPN
Refer to the exhibit. An engineer must allow Cisco AnyConnect users to access the outside interface using protocol UDP 500/4500. In addition, these clients must be able to establis...
AnyConnectIKEv2client servicesASA interface configuration - Question #118Site-to-site Virtual Private Networks on Routers and Firewalls
Refer to the exhibit. Based on the configuration output, what is the VPN technology?
L2VPNVPN technology identificationsite-to-siteexhibit analysis - Question #119Troubleshooting VPNs
A user at a company HQ is having trouble accessing a network share at a branch site that is connected with an SSL IPsec VPN. While troubleshooting, a network security engineer sees...
IPsec VPNasymmetric routingencryption counterone-way traffic - Question #120Remote Access VPN
A user is experiencing delays on audio calls over a Cisco AnyConnect VPN. Which implementation step resolves this issue?
AnyConnectDTLSvoice qualitylatency - Question #121Troubleshooting VPNs
Users cannot log in to a Cisco ASA using clientless SSLVPN. Troubleshooting reveals the error message "WebVPN session terminated: Client type not supported". Which step does the ad...
clientless SSLVPNgroup policyWebVPNASA troubleshooting - Question #122Remote Access VPN
An administrator is setting up a VPN on an ASA for users who need to access an internal RDP server. Due to security restrictions, the Microsoft RDP client is blocked from running o...
clientless plug-inRDPWebVPNASA - Question #123Secure Communications Architectures
An administrator is planning a VPN configuration that will encrypt traffic between multiple servers that will be passing unicast and multicast traffic. This configuration must be a...
GETVPNmulticastencryptionrouting preservation - Question #124Site-to-site VPNs on Routers and Firewalls
Refer to the exhibit. Based on the provided Flex-spoke IKEv2 authorization policy configuration, which command is required to configure route set remote ipv4 192.168.100.0 255.255....
FlexVPNIKEv2 authorizationroute setspoke configuration - Question #125Site-to-site VPNs on Routers and Firewalls
Which DMVPN feature allows spokes to be deployed with dynamically assigned public IP addresses?
DMVPNNHRPdynamic IPspoke registration - Question #126Troubleshooting Using ASDM and CLI
Refer to the exhibit. An engineer is building an IKEv1 tunnel to a peer Cisco ASA, but the tunnel is failing. Based on the configuration in the exhibit, which action must be taken...
IKEv1ASA configurationinterface activationVPN tunnel - Question #127Troubleshooting VPNs
An engineer has successfully established a Phase 1 and Phase 2 tunnel between two sites. Site A has internal subnet 192.168.0.0/24 and Site B has internal subnet 10.0.0.0/24. The e...
IPsecESPfirewall filteringbidirectional traffic - Question #128Troubleshooting VPNs
Refer to the exhibit. A Cisco ASA is configured as a client to a router running as a FlexVPN server. The router is configured with a virtual template to terminate FlexVPN clients....
FlexVPNcrypto ACLIKEv2 SAASA - Question #129Troubleshooting VPNs
A user is trying to log in to a Cisco ASA using the clientless SSLVPN feature and receives the error message "clientless (browser) SSLVPN access is not allowed". Which step should...
clientless SSLVPNlicenseWebVPNASA - Question #130Site-to-site VPNs on Routers and Firewalls
Which feature allows a DMVPN Phase 3 spoke to switch to an alternate hub when the primary hub is unreachable?
DMVPNbackup NHShub redundancyNHRP - Question #131Site-to-site VPNs on Routers and Firewalls
An engineer is using DMVPN to provide secure connectivity between a data center and remote sites. Which two routing protocols should be used between the routers? (Choose two.)
DMVPNrouting protocolsBGPEIGRP - Question #132Remote Access VPN
Which remote access VPN technology requires the use of the IPsec-proposal configuration option?
IKEv2IPsec-proposalremote access VPNASA - Question #133Troubleshooting VPNs
Over the weekend, an administrator upgraded the Cisco ASA image on the firewalls and noticed that users cannot connect to the headquarters site using Cisco AnyConnect. What is the...
AnyConnectversion compatibilityASA upgradeVPN client - Question #134Secure Communications Architectures
Which two components are required in a Cisco IOS GETVPN key server configuration? (Choose two.)
GETVPNkey serverRSA keyIKE policy - Question #135Remote Access VPN
Refer to the exhibit. What action will the given configuration achieve?
split tunnelsplit excludeAnyConnectgroup policy - Question #136Remote Access VPN
An organization wants to distribute remote access VPN load across 12 VPN headend locations supporting 25,000 simultaneous users. Which load balancing method meets this requirement?
load balancingAnyConnectDNSVPN headend - Question #137Secure Communications Architectures
What are two advantages of using GETVPN to traverse over the network between corporate offices? (Choose two.)
GETVPNmulticastany-to-any topologyscalability - Question #138Remote Access VPN
Why must a network engineer avoid usage of the default X.509 certificate when implementing clientless SSLVPN on an ASA?
X.509 certificateclientless SSLVPNPKIASA - Question #139Troubleshooting VPNs
An engineer has configured Cisco AnyConnect VPN using IKEv2 on a Cisco IOS router. The user cannot connect in the Cisco AnyConnect client, but receives an alert message "Use a brow...
AnyConnectIKEv2IOS routerURL configuration - Question #140Remote Access VPN
A router is being configured for IKEv2 AnyConnect using AnyConnect-EAP. How would the administrator separate profiles for administrators and employees so that authorization differs...
AnyConnect-EAPIKEv2key-idgroup authorization - Question #141Site-to-site VPNs on Routers and Firewalls
Which parameter in IPsec VPN tunnel configurations is optional?
IPsecPFSIKE parametersVPN tunnel - Question #142Site-to-site VPNs on Routers and Firewalls
A company is setting up a dynamic crypto map on the Cisco ASA at the headquarters to accept connections from the branch offices. There will be no IP subnet overlap between the bran...
dynamic crypto mapReverse Route InjectionCisco ASArouting - Question #143Site-to-site VPNs on Routers and Firewalls
A network engineer is implementing a FlexVPN tunnel between two Cisco IOS routers. The FlexVPN tunnels will terminate an encrypted traffic on an interface configured with an IP MTU...
FlexVPNMTUfragmentationtunnel interface - Question #144Secure Communications Architectures
Which VPN technology minimizes the impact on VPN performance when encrypting multicast traffic on a Private WAN?
GETVPNmulticastprivate WANVPN performance - Question #145Secure Communications
What are two differences between ECC and RSA? (Choose two.)
ECCRSAkey generationasymmetric encryption - Question #146Remote Access VPN
Refer to the exhibit. Based on the output of the show run command, which remote access VPN technology is configured?
SSL VPNfull tunnelAnyConnectremote access - Question #147Site-to-site VPNs on Routers and Firewalls
Refer to the exhibit. Which component must be configured on routers for a GETVPN deployment work properly?
GETVPNKey ServerGroup MemberGDOI - Question #148Remote Access VPN
A network administrator deployed IKEv2 Cisco AnyConnect on a Cisco ASA. The current configuration tunnels all traffic through the VPN. Users report poor performance with cloud-base...
AnyConnectsplit tunnelcloud performanceDTLS - Question #149Troubleshooting VPNs
A network administrator is troubleshooting a FlexVPN tunnel. The hub router is unable to ping the spoke router's tunnel interface IP address of 192.168.1.2, even though the tunnel...
FlexVPNIKEv2 authorization policyDVTIrouting - Question #150Remote Access VPN
An engineer is implementing the FlexVPN solution on a Cisco IOS router. The router must only terminate VPN requests and must not initiate them. Additionally, the interface must sup...
FlexVPNvirtual template interfaceDVTIAnyConnect