300-730 Practice Questions
225 real 300-730 exam questions with expert-verified answers and explanations. Page 4 of 5.
- Question #151Remote Access VPN
An administrator is setting up Cisco AnyConnect on a Cisco ASA with the requirement that AnyConnect automatically establishes a VPN when a company-owned laptop is connected to the...
AnyConnectTNDmachine certificateauto-connect - Question #152Site-to-site VPNs on Routers and Firewalls
Which two protocols does DMVPN leverage to build dynamic VPNs to multiple destinations? (Choose two.)
DMVPNNHRPmGREdynamic VPN - Question #153Remote Access VPN
An engineer is requesting an SSL certificate for a VPN load-balancing cluster in which two Cisco ASAs provide clientless SSL VPN access. The FQDN that users will enter to access th...
SSL certificateSANVPN load balancingFQDN - Question #154Site-to-site VPNs on Routers and Firewalls
Over which two transport mediums is FlexVPN deployed? (Choose two.)
FlexVPNMPLSinternet transportdeployment - Question #155Remote Access VPN
A network engineer must configure the Cisco ASA so that Cisco AnyConnect clients establishing an SSL VPN connection create an additional tunnel for real-time traffic that is sensit...
DTLSDPDAnyConnectTLS fallback - Question #156Troubleshooting VPNs
When troubleshooting FlexVPN spoke-to-spoke tunnels, what should be verified first?
FlexVPNNHRPspoke-to-spokeresolution request - Question #157Troubleshooting VPNs
Users are getting untrusted server warnings when they connect to the URL https://asa.lab from their browsers. This URL resolves to 192.168.10.10, which is the IP address for a Cisc...
SSL certificateSANclientless VPNcertificate validation - Question #158Troubleshooting Using ASDM and CLI
Refer to the exhibit. An engineer has configured two new VPN tunnels to 172.18.1.1 and 172.19.1.1. However, communication between 10.1.0.10 and 10.1.11.10 does not function. Which...
crypto mapnetwork objectsACLsite-to-site VPN - Question #159Troubleshooting VPNs
Refer to the exhibit. A network administrator is setting up Cisco AnyConnect on an ASA headend. When users attempt to connect to the VPN, they are presented with this message. The...
AnyConnectcertificate trustCASSL VPN - Question #160Remote Access VPN
Two Cisco ASAs are set up in a VPN load-balancing configuration to an environment where there are thousands of unique Cisco AnyConnect connections per day. Which scalable IP addres...
AnyConnectDHCPIP address assignmentscalability - Question #161Site-to-site VPNs on Routers and Firewalls
Which feature must be disabled in EIGRP for DMVPN spokes to learn routes to other DMVPN spokes?
DMVPNEIGRPsplit-horizonspoke-to-spoke routing - Question #162Site-to-site VPNs on Routers and Firewalls
Which command must be configured on the tunnel interface of a FlexVPN spoke to receive a dynamic IP address from the hub?
FlexVPNspoke configurationdynamic IPtunnel interface - Question #163Site-to-site VPNs on Routers and Firewalls
Which configuration allows a Cisco ASA to receive an IPsec connection from a peer with an unknown IP address?
Cisco ASAdynamic crypto mapIPsecunknown peer - Question #164Secure Communications Architectures
An organization wants to implement a site-to-site VPN solution that must be able to support 350 sites with direct communications between all sites, fully encrypt the packet header...
FlexVPNDMVPNGETVPNVPN solution design - Question #165Site-to-site VPNs on Routers and Firewalls
Refer to the exhibit. Which type of VPN tunnel is configured? [Exhibit: Configuration snippet] ``` interface Tunnel119 ip address 172.20.58.7 255.255.0.0 ip mtu 1400 ip tcp adjust-...
GRE over IPsectunnel configurationtunnel protectionpoint-to-point tunnel - Question #166Remote Access VPN
A network administrator wants the Cisco ASA to automatically start downloading the Cisco AnyConnect client without prompting the user to select between WebVPN or AnyConnect. Which...
Cisco AnyConnectclientless SSLanyconnect askASA configuration - Question #167Troubleshooting VPNs
A clientless SSLVPN solution is built for 10 employees on a newly installed Cisco ASA. After a couple of days in production, it has been observed that only the first two users to l...
clientless SSLVPNAnyConnect Premium licenseconcurrent sessionslogin failure - Question #168Troubleshooting VPNs
A Cisco IOS router is reconfigured to connect to an additional DMVPN hub that is a part of a different DMVPN phase 3 cloud . After this change was made, users began to experience p...
DMVPNmultiple hubstunnel keyNHRP - Question #169Remote Access VPN
Which remote access VPN technology requires transform sets to be explicitly defined?
IPsectransform setsremote access VPNIKE - Question #170Troubleshooting VPNs
Refer to the exhibit. Which action must be taken on the IPsec tunnel configuration to resolve the issue? [Exhibit: Console output showing IPsec error messages] ``` March 09 09:39:1...
IPsecproxy identitiesaccess listscrypto map - Question #171Troubleshooting VPNs
Refer to the exhibit. The network security engineer identified that the hub router cannot send traffic to the spoke router. Based on the provided output, which action resolves the...
DMVPNNHRP NHSpending registrationhub-spoke - Question #172Remote Access VPN
An administrator is deciding which authentication protocol should be implemented for their upcoming Cisco AnyConnect deployment. A list of the security requirements from upper mana...
Cisco AnyConnectRADIUSpassword expiryauthentication protocol - Question #173Secure Communications Architectures
A network administrator is deploying a Cisco IPS appliance and needs it to operate initially without affecting traffic flows. It must also collect data to provide a baseline of unw...
IPSpromiscuous modeinline taptraffic inspection - Question #174Troubleshooting VPNs
An engineer must investigate a connectivity issue and decides to use the packet capture feature on Cisco FTD. The goal is to see the real packet going through the Cisco FTD device...
Cisco FTDpacket capturecapture-trafficSnort trace - Question #175Site-to-site VPNs on Routers and Firewalls
Which configuration sets up spoke-to-spoke dynamic tunnels of FlexVPN?
FlexVPNspoke-to-spokeip nhrp redirectdynamic tunnels - Question #176Site-to-site VPNs on Routers and Firewalls
Which two dynamic routing protocols work over FlexVPN for failover redundancy? (Choose two.)
FlexVPNOSPFEIGRPdynamic routing - Question #177Secure Communications
What are the two AAA methods for user authentication when configuring the IKEv2 profile? (Choose two.)
IKEv2AAAEAPpre-shared key authentication - Question #178Troubleshooting VPNs
Refer to the exhibit. An engineer must configure a FlexVPN site-to-site GRE tunnel that uses IPsec between two Cisco routers. The indicated configuration was applied on Router_B, b...
FlexVPNGRE tunnelIP addressingsite-to-site - Question #179Troubleshooting VPNs
A network administrator is troubleshooting an IPSec Site-to-Site VPN tunnel on a Cisco ASA firewall. The VPN tunnel is established but is unable to pass traffic between 192.168.10....
IPsec site-to-sitecrypto ACLinteresting trafficESP packet - Question #180Troubleshooting Using ASDM and CLI
Which command is configured Cisco ASA to allow packets from an IPsec tunnel and the payloads to bypass interface ACLs on the firewall?
Cisco ASAsysopt connection permit-vpninterface ACL bypassIPsec - Question #181Troubleshooting VPNs
After a network security administrator configures site-to-site IPsec VPN peer, they receive this error message: `1d00h: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Main Mode failed...
ISAKMP policyIKE phase 1Main Modesite-to-site VPN - Question #182Site-to-site VPNs on Routers and Firewalls
A network administrator has been handed a VPN configuration with the ip nhrp summary-map command configured. Which type of VPN technology is being used?
NHRPDMVPNGETVPNVPN identification - Question #183Site-to-site VPNs on Routers and Firewalls
What is the default rekey timer for security association pair in the case of IPsec for Cisco ASA?
IPsec SArekey timerCisco ASAsecurity association - Question #184Secure Communications Architectures
An engineer must design a VPN solution with this criteria: - Configured on the IOS XE router. - Able to terminate policy-based VPNs from Cisco and non-Cisco devices. - QoS can be a...
Multi-SA VTIIOS XEpolicy-based VPNQoS per-tunnel - Question #185Remote Access VPN
Which type of VPN technology is being used when the ssl trust-point <trustpoint name> <interface name> command is configured?
SSL VPNtrust-pointremote accessCisco ASA - Question #186Remote Access VPN
Which two Java-based components for web browsers in clientless SSL VPN sessions are distributed by Cisco? (Choose two.)
clientless SSL VPNRDP2VNCJava components - Question #187Remote Access VPN
What is the role of a tunnel-group configuration of Secure Client remote-access vpn on Cisco ASA?
tunnel-groupgroup policySecure ClientASA - Question #188Troubleshooting VPNs
A network engineer configured Secure Client VPN for a vendor to provide access to internal resources for a migration project. A pool of 192.168.100.0/28 has been assigned and a loc...
IP address poolSecure Clientpool exhaustionsubnet sizing - Question #189Remote Access VPN
Which two Secure Client Advantage and Premier models are available for Cisco Secure Client Remote Access VPN? (Choose two.)
Secure Client licensingApexEssentialsremote access models - Question #190Remote Access VPN
An engineer configures the Group URL feature on a Cisco Secure Firewall ASA. The requirement is to place contractors using Cisco Secure Client to access the network into a limited...
Group URLgroup-aliastunnel-groupASA - Question #191Remote Access VPN
An engineer must design a remote access VPN solution that meet these requirements: - supports users by telecommuters on the go - encrypts user connections to the corporate network...
Secure Client SSL VPNTLSclient-based VPNremote access design - Question #192Troubleshooting VPNs
Two VPN clients have established SSL VPN connections to the outside interface on same Cisco Secure Firewall ASA, but they cannot communicate with each other. Which CLI command must...
same-security-trafficintra-interfaceSSL VPNASA - Question #193Troubleshooting VPNs
Refer to the following configuration exhibit. Which action resolves the issue? ``` aaa authentication login EAP_AUTHc local aaa authorization exec default local aaa authorization n...
IKEv2AnyConnect EAPPKI trustpointself-signed certificate - Question #194Troubleshooting VPNs
Refer to the exhibit. A network security administrator receives this error message after configuring a site-to-site IPsec VPN between two sites What is the solution to this problem...
IPsec validationcrypto mapinvalid local addresssite-to-site VPN - Question #195Troubleshooting VPNs
Refer to the exhibit. A customer has a DMVPN establishment problem between a hub and a spoke router. To troubleshoot this problem, the network administrator checks the traffic coun...
DMVPNNHRP registrationNHSreq-failed - Question #196Troubleshooting VPNs
Refer to the exhibit. A network engineer is troubleshooting a new DMVPN configuration. The network connectivity between the hub and spoke is working as it should, but users cannot...
DMVPNISAKMP SAMM_NO_STATEIPsec profile - Question #197Troubleshooting VPNs
Which state indicates that BFD is missing on a peer when troubleshooting DMVPN?
BFDDMVPNpeer stateNHRP - Question #198Troubleshooting VPNs
A network administrator is setting up a Cisco ASA to authenticate clientless SSLVPN users using an internal Microsoft Active Directory server. When the configuration is complete an...
clientless SSL VPNLDAPActive Directoryaaa-server - Question #199Troubleshooting VPNs
Refer to the exhibit. A new IPsec VPN tunnel has been configured and the security associations do not establish. After running the show crypto isakmp sa command, the output is disp...
IKE phase 1MM_WAIT_MSG_6pre-shared keyISAKMP SA - Question #200Site-to-site VPNs on Routers and Firewalls
Which interface type must be used in an IKEv2 deployment that needs to route non-IP traffic?
IKEv2GRE tunnelnon-IP trafficVTI