Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Cisco 300-730 - Implementing Secure Solutions with Virtual Private Networks (SVPN)

Cisco 300-730 Premium Access     Download Demo    
Page: 4 / 5
Total 175 questions

Where must an engineer configure a preshared key for a site-to-site VPN tunnel configured on a Cisco ASA?

A.

isakmp policy

B.

group policy

C.

crypto map

D.

tunnel group

A network engineer must design a remote access solution to allow contractors to access internal servers. These contractors do not have permissions to install applications on their computers. Which VPN solution should be used in this design?

A.

IKEv2 AnyConnect

B.

Clientless

C.

Port forwarding

D.

SSL AnyConnect

Refer to the exhibit.

A Cisco ASA is configured as a client to a router running as a FlexVPN server. The router is configured with a virtual template to terminate FlexVPN clients. Traffic between networks 192.168.0.0/24 and 172.16.20.0/24 does not work as expected. Based on the show crypto ikev2 sa output collected from the Cisco ASA in the exhibit, what is the solution to this issue?

A.

Modify the crypto ACL on the router to permit network 192.168.0.0/24 to network 172.16.20.0/24.

B.

Modify the crypto ACL on the ASA to permit network 192.168.0.0/24 to network 172.16.20.0/24.

C.

Modify the crypto ACL on the ASA to permit network 172.16.20.0/24 to network 192.168.0.0/24.

D.

Modify the crypto ACL on the router to permit network 172.16.20.0/24 to network 192.168.0.0/24.

Refer to the exhibit.

A customer cannot establish an IKEv2 site-to-site VPN tunnel between two Cisco ASA devices. Based on the syslog message, which action brings up the VPN tunnel?

A.

Reduce the maximum SA limit on the local Cisco ASA.

B.

Increase the maximum in-negotiation SA limit on the local Cisco ASA.

C.

Remove the maximum SA limit on the remote Cisco ASA.

D.

Correct the crypto access list on both Cisco ASA devices.

Which statement about GETVPN is true?

A.

The configuration that defines which traffic to encrypt originates from the key server.

B.

TEK rekeys can be load-balanced between two key servers operating in COOP.

C.

The pseudotime that is used for replay checking is synchronized via NTP.

D.

Group members must acknowledge all KEK and TEK rekeys, regardless of configuration.

A second set of traffic selectors is negotiated between two peers using IKEv2. Which IKEv2 packet will contain details of the exchange?

A.

IKEv2 IKE_SA_INIT

B.

IKEv2 INFORMATIONAL

C.

IKEv2 CREATE_CHILD_SA

D.

IKEv2 IKE_AUTH

Drag and drop the correct commands from the night onto the blanks within the code on the left to implement a design that allow for dynamic spoke-to-spoke communication. Not all comments are used.

Which two changes must be made in order to migrate from DMVPN Phase 2 to Phase 3 when EIGRP is configured? (Choose two.)

A.

Add NHRP shortcuts on the hub.

B.

Add NHRP redirects on the spoke.

C.

Disable EIGRP next-hop-self on the hub.

D.

Enable EIGRP next-hop-self on the hub.

E.

Add NHRP redirects on the hub.

On a FlexVPN hub-and-spoke topology where spoke-to-spoke tunnels are not allowed, which command is needed for the hub to be able to terminate FlexVPN tunnels?

A.

interface virtual-access

B.

ip nhrp redirect

C.

interface tunnel

D.

interface virtual-template

Which two parameters help to map a VPN session to a tunnel group without using the tunnel-group list? (Choose two.)

A.

group-alias

B.

certificate map

C.

optimal gateway selection

D.

group-url

E.

AnyConnect client version