300-730 Online Practice Questions and Answers

A second set of traffic selectors is negotiated between two peers using IKEv2. Which IKEv2 packet will contain details of the exchange?

A. IKEv2 IKE_SA_INIT

B. IKEv2 INFORMATIONAL

C. IKEv2 CREATE_CHILD_SA

D. IKEv2 IKE_AUTH

Which command identifies a Cisco AnyConnect profile that was uploaded to the flash of an IOS router?

A. svc import profile SSL_profile flash:simos-profile.xml

B. anyconnect profile SSL_profile flash:simos-profile.xml

C. crypto vpn anyconnect profile SSL_profile flash:simos-profile.xml

D. webvpn import profile SSL_profile flash:simos-profile.xml

Which requirement is needed to use local authentication for Cisco AnyConnect Secure Mobility Clients that connect to a FlexVPN server?

A. use of certificates instead of username and password

B. EAP-AnyConnect

C. EAP query-identity

D. AnyConnect profile

Which VPN does VPN load balancing on the ASA support?

A. VTI

B. IPsec site-to-site tunnels

C. L2TP over IPsec

D. Cisco AnyConnect

Which technology is used to send multicast traffic over a site-to-site VPN?

A. GRE over IPsec on IOS router

B. GRE over IPsec on FTD

C. IPsec tunnel on FTD

D. GRE tunnel on ASA

Refer to the exhibit.

An engineer must allow Cisco AnyConnect users to access the outside interface using protocol UDP 500/4500. In addition, these clients must be able to establish an SSL connection to update Cisco AnyConnect software over the same connection. Which two actions must be taken to achieve this goal? (Choose two.)

A. IPsec (IKEv2) Allow Access must be checked on the outside interface.

B. SSL Enable DTLS must be checked on the outside interface.

C. Bypass interface access lists for inbound VPN sessions must be unchecked.

D. IPsec (IKEv2) Enable Client Services must be checked on the outside interface.

E. SSL Allow Access must be checked on the outside interface.

Refer to the exhibit.

Based on the configuration output, what is the VPN technology?

A. site-to-site

B. DMVPN

C. L2VPN

D. multicast VPN

Which remote access VPN technology requires the use of the IPsec-proposal configuration option?

A. clientless SSLVPN

B. SSLVPN Full Tunnel

C. IKEv2-based VPN

D. IKEv1-based VPN

Why must a network engineer avoid usage of the default X.509 certificate when implementing clientless SSLVPN on an ASA?

A. The certificate must be managed by the local CA.

B. The certificate is regenerated at each reboot.

C. The default X.509 certificate is not supported for SSLVPN.

D. The certificate is too weak to provide adequate security.

Which VPN technology minimizes the impact on VPN performance when encrypting multicast traffic on a Private WAN?

A. DMVPN

B. IPsec VPN

C. FlexVPN

D. GETVPN

An engineer is implementing the FlexVPN solution on a Cisco IOS router. The router must only terminate VPN requests and must not initiate them. Additionally, the interface must support VPNs from other routers and Cisco AnyConnect connections. Which interface type must be configured to meet these requirements?

A. point-to-point GRE tunnel interface

B. multipoint GRE tunnel interface

C. static virtual tunnel interface

D. virtual template interface

Over which two transport mediums is FlexVPN deployed? (Choose two.)

A. 5G

B. VPLS

C. internet

D. MPLS

E. DWDM

Which VPN technology must be used to ensure that routers are able to dynamically form connections with each other rather than sending traffic through a hub and be able to advertise routes without the use of a dynamic routing protocol?

A. FlexVPN

B. DMVPN Phase 3

C. DMVPN Phase 2

D. GETVPN

Refer to the exhibit.

Which two conclusions should be drawn from the DMVPN phase 2 configuration? (Choose two.)

A. Next-hop-self is required.

B. EIGRP neighbor adjacency will fail.

C. EIGRP is used as the dynamic routing protocol.

D. EIGRP route redistribution is not allowed.

E. Spoke-to-spoke communication is allowed.

A clientless SSLVPN solution is built for 10 employees on a newly installed Cisco ASA. After a couple of days in production, it has been observed that only the first two users to log in each day are able to connect successfully. The remaining users encounter the message "Login failed". Which action resolves the issue?

A. Allocate additional Cisco AnyConnect Premium licenses to the ASA.

B. Increase the vpn-simultaneous-logins parameter to a value of more than 2.

C. Increase the number or IP addresses available in the VPN pool.

D. Verify that the users that cannot log in are in the correct AD group with VPN permissions.