Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Cisco 300-730 - Implementing Secure Solutions with Virtual Private Networks (SVPN)

Cisco 300-730 Premium Access     Download Demo    
Page: 3 / 5
Total 175 questions

Which two remote access VPN solutions support SSL? (Choose two.)

A.

FlexVPN

B.

clientless

C.

EZVPN

D.

L2TP

E.

Cisco AnyConnect

Which two commands help determine why the NHRP registration process is not being completed even after the IPsec tunnel is up? (Choose two.)

A.

show crypto isakmp sa

B.

show ip traffic

C.

show crypto ipsec sa

D.

show ip nhrp traffic

E.

show dmvpn detail

An engineer is configuring clientless SSL VPN. The finance department has a database server that only they should access, but the sales department can currently access it. The finance and the sales departments are configured as separate group-policies. What must be added to the configuration to make sure the users in the sales department cannot access the finance department server?

A.

tunnel group lock

B.

smart tunnel

C.

port forwarding

D.

webtype ACL

After a user configures a connection profile with a bookmark list and tests the clientless SSLVPN connection, all of the bookmarks are grayed out. What must be done to correct this behavior?

A.

Apply the bookmark to the correct group policy.

B.

Specify the correct port for the web server under the bookmark.

C.

Configure a DNS server on the Cisco ASA and verify it has a record for the web server.

D.

Verify HTTP/HTTPS connectivity between the Cisco ASA and the web server.

Which two features are valid backup options for an IOS FlexVPN client? (Choose two.)

A.

HSRP stateless failover

B.

DNS-based hub resolution

C.

reactivate primary peer

D.

tunnel pivot

E.

need distractor

VPN tunnels between a spoke and two DMVPN hubs are not coming up. The network administrator has verified that the encryption, hashing, and DH group proposals for Phase 1 and Phase 2 match on both ends. What is the solution to this issue?

A.

Ensure bidirectional UDP 500/4500 traffic.

B.

Increase the isakmp phase 1 lifetime.

C.

Add NAT statements for VPN traffic.

D.

Enable shared tunnel protection.

A DMVPN spoke is configured with IKEv1 to secure the tunnel. Despite having a configuration similar to other working spokes, the tunnel is not coming up. Packet captures on the spoke show packets leaving the spoke router, but not making it to the hub router. Which solution resolves this issue?

A.

Configure the spoke and hub to use the same IKE version.

B.

Ensure that devices between the hub and spoke are not blocking ESP traffic.

C.

Ensure that devices between the hub and spoke are not blocking GRE traffic.

D.

Enable the tunnel interface with the no shutdown command.

An engineer is requesting an SSL certificate for a VPN load-balancing cluster in which two Cisco ASAs provide clientless SSLVPN access. The FQDN that users will enter to access the clientless VPN is asa.example.com, and users will be redirected to either asa1.example.com or asa2.example.com. The cluster FQDN and individual Cisco ASAs FQDNs resolve to IP addresses 192.168.0.1, 192.168.0.2, and 192.168.0.3 respectively. The issued certificate must be able to be used to validate the identity of either ASA in the cluster without returning any certificate validation errors. Which fields must be included in the certificate to meet these requirements?

A.

CN=*.example.com, SAN=asa.example.com

B.

CN=192.168.0.1, SAN=asa1.example.com, asa2.example.com

C.

CN=asa.example.com, SAN=asa.example.com, asa1.example.com, asa2.example.com

D.

CN=192.168.0.1, SAN=192.168.0.1, 192.168.0.2, 192.168.0.3

A network engineer must implement an SSLVPN Cisco AnyConnect solution that supports 500 concurrent users, ensures all traffic from the client passes through the ASA, and allows users to access all devices on the inside interface subnet (192.168.0.0/24). Assuming all other configuration is set up appropriately, which configuration implements this solution?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

An administrator is planning a VPN configuration that will encrypt traffic between multiple servers that will be passing unicast and multicast traffic. This configuration must be able to be implemented without the need to modify routing within the network. Which VPN technology must be used for this task?

A.

FlexVPN

B.

VTI

C.

GETVPN

D.

DMVPN