The Replace Guide To 300-730 Exam Prep

NEW QUESTION 1
Which feature of GETVPN is a limitation of DMVPN and FlexVPN?

• A. sequence numbers that enable scalable replay checking
• B. enabled use of ESP or AH
• C. design for use over public or private WAN
• D. no requirement for an overlay routing protocol

Answer: D

NEW QUESTION 2
Which configuration construct must be used in a FlexVPN tunnel?

• A. EAP configuration
• B. multipoint GRE tunnel interface
• C. IKEv1 policy
• D. IKEv2 profile

Answer: D

NEW QUESTION 3
Which two statements about the Cisco ASA Clientless SSL VPN solution are true? (Choose two.)

• A. When a client connects to the Cisco ASA WebVPN portal and tries to access HTTP resources through the URL bar, the client uses the local DNS to perform FQDN resolution.
• B. The rewriter enable command under the global webvpn configuration enables the rewriter functionality because that feature is disabled by default.
• C. A Cisco ASA can simultaneously allow Clientless SSL VPN sessions and AnyConnect client sessions.
• D. When a client connects to the Cisco ASA WebVPN portal and tries to access HTTP resources through the URL bar, the ASA uses its configured DNS servers to perform FQDN resolution.
• E. Clientless SSLVPN provides Layer 3 connectivity into the secured network.

Answer: CD

NEW QUESTION 4
A Cisco AnyConnect client establishes a SSL VPN connection with an ASA at the corporate office. An engineer must ensure that the client computer meets the enterprise security policy. Which feature can update the client to meet an enterprise security policy?

• A. Endpoint Assessment
• B. Cisco Secure Desktop
• C. Basic Host Scan
• D. Advanced Endpoint Assessment

Answer: D

NEW QUESTION 5
Which two changes must be made in order to migrate from DMVPN Phase 2 to Phase 3 when EIGRP is configured? (Choose two.)

• A. Add NHRP shortcuts on the hub.
• B. Add NHRP redirects on the spoke.
• C. Disable EIGRP next-hop-self on the hub.
• D. Enable EIGRP next-hop-self on the hub.
• E. Add NHRP redirects on the hub.

Answer: CE

NEW QUESTION 6
A second set of traffic selectors is negotiated between two peers using IKEv2. Which IKEv2 packet will contain details of the exchange?

• A. IKEv2 IKE_SA_INIT
• B. IKEv2 INFORMATIONAL
• C. IKEv2 CREATE_CHILD_SA
• D. IKEv2 IKE_AUTH

Answer: B

NEW QUESTION 7
Refer to the exhibit.

Which VPN technology is used in the exhibit?

• A. DVTI
• B. VTI
• C. DMVPN
• D. GRE

Answer: B

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/zZ-Archive/IPsec_Virtual_Tunnel_Interface.html#GUID-EB8C433B-2394-42B9-997F-B40803E58A91

NEW QUESTION 8
Which two commands help determine why the NHRP registration process is not being completed even after the IPsec tunnel is up? (Choose two.)

• A. show crypto isakmp sa
• B. show ip traffic
• C. show crypto ipsec sa
• D. show ip nhrp traffic
• E. show dmvpn detail

Answer: AD

NEW QUESTION 9
Which parameter is initially used to elect the primary key server from a group of key servers?

• A. code version
• B. highest IP address
• C. highest-priority value
• D. lowest IP address

Answer: C

Explanation:
Reference: https://www.cisco.com/c/en/us/products/collateral/security/group-encrypted-transport-vpn/deployment_guide_c07_554713.html

NEW QUESTION 10
Refer to the exhibit.

A site-to-site tunnel between two sites is not coming up. Based on the debugs, what is the cause of this issue?

• A. An authentication failure occurs on the remote peer.
• B. A certificate fragmentation issue occurs between both sides.
• C. UDP 4500 traffic from the peer does not reach the router.
• D. An authentication failure occurs on the router.

Answer: C

NEW QUESTION 11
Which feature allows the ASA to handle nonstandard applications and web resources so that they display correctly over a clientless SSL VPN connection?

• A. single sign-on
• B. Smart Tunnel
• C. WebType ACL
• D. plug-ins

Answer: B

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/vpn_clientless_ssl.html#29951

NEW QUESTION 12
Which command is used to troubleshoot an IPv6 FlexVPN spoke-to-hub connectivity failure?

• A. show crypto ikev2 sa
• B. show crypto isakmp sa
• C. show crypto gkm
• D. show crypto identity

Answer: A

Explanation:
Reference: https://www.cisco.com/c/en/us/support/docs/security/flexvpn/116413-configure-flexvpn-00.pdf

NEW QUESTION 13
Which VPN does VPN load balancing on the ASA support?

• A. VTI
• B. IPsec site-to-site tunnels
• C. L2TP over IPsec
• D. Cisco AnyConnect

Answer: D

NEW QUESTION 14
Refer to the exhibit.

Client 1 cannot communicate with client 2. Both clients are using Cisco AnyConnect and have established a successful SSL VPN connection to the hub ASA. Which command on the ASA is missing?

• A. dns-server value 10.1.1.2
• B. same-security-traffic permit intra-interface
• C. same-security-traffic permit inter-interface
• D. dns-server value 10.1.1.3

Answer: B

NEW QUESTION 15
Which benefit of FlexVPN is a limitation of DMVPN using IKEv1?

• A. GRE encapsulation allows for forwarding of non-IP traffic.
• B. IKE implementation can install routes in routing table.
• C. NHRP authentication provides enhanced security.
• D. Dynamic routing protocols can be configured.

Answer: B

NEW QUESTION 16
Refer to the exhibit.

What is a result of this configuration?

• A. Spoke 1 fails the authentication because the authentication methods are incorrect.
• B. Spoke 2 passes the authentication to the hub and successfully proceeds to phase 2.
• C. Spoke 2 fails the authentication because the remote authentication method is incorrect.
• D. Spoke 1 passes the authentication to the hub and successfully proceeds to phase 2.

Answer: A

NEW QUESTION 17
Refer to the exhibit.

What is configured as a result of this command set?

• A. FlexVPN client profile for IPv6
• B. FlexVPN server to authorize groups by using an IPv6 external AAA
• C. FlexVPN server for an IPv6 dVTI session
• D. FlexVPN server to authenticate IPv6 peers by using EAP

Answer: A

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/xe-3s/sec-flex-vpn-xe-3s-book/sec-cfg-flex-clnt.html

NEW QUESTION 18
Refer to the exhibit.

The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch is the problem?

• A. preshared key
• B. peer identity
• C. transform set
• D. ikev2 proposal

Answer: B

NEW QUESTION 19
Which IKE identity does an IOS/IOS-XE headend expect to receive if an IPsec Cisco AnyConnect client uses default settings?

• A. *$SecureMobilityClient$*
• B. *$AnyConnectClient$*
• C. *$RemoteAccessVpnClient$*
• D. *$DfltlkeldentityS*

Answer: B

Explanation:
Reference: https://www.cisco.com/c/en/us/support/docs/security/flexvpn/200555-FlexVPN-AnyConnect-IKEv2-Remote-Access.html

NEW QUESTION 20
Which redundancy protocol must be implemented for IPsec stateless failover to work?

• A. SSO
• B. GLBP
• C. HSRP
• D. VRRP

Answer: C

Explanation:
Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/17826-ipsec-feat.html

NEW QUESTION 21
Where is split tunneling defined for IKEv2 remote access clients on a Cisco router?

• A. IKEv2 authorization policy
• B. Group Policy
• C. virtual template
• D. webvpn context

Answer: B

NEW QUESTION 22
Refer to the exhibit.

Which two commands under the tunnel-group webvpn-attributes result in a Cisco AnyConnect user receiving the AnyConnect prompt in the exhibit? (Choose two.)

• A. group-url https://172.16.31.10/General enable
• B. group-policy General internal
• C. authentication aaa
• D. authentication certificate
• E. group-alias General enable

Answer: BE

NEW QUESTION 23
Refer to the exhibit.

An engineer is troubleshooting a new GRE over IPsec tunnel. The tunnel is established but the engineer cannot ping from spoke 1 to spoke 2. Which type of traffic is being blocked?

• A. ESP packets from spoke2 to spoke1
• B. ISAKMP packets from spoke2 to spoke1
• C. ESP packets from spoke1 to spoke2
• D. ISAKMP packets from spoke1 to spoke2

Answer: A

NEW QUESTION 24
......