Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple70

Home
Cisco
CCNP Security
300-730
Implementing Secure Solutions with Virtual Private Networks (SVPN) Questions and Answers

Pass the Cisco CCNP Security 300-730 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam 300-730 Premium Access

View all detail and faqs for the 300-730 exam

Go to Exam

520 Students Passed

84% Average Score

96% Same Questions

Viewing page 1 out of 5 pages

Viewing questions 1-10 out of questions

Questions # 1:

Which two components are required in a Cisco IOS GETVPN key server configuration? (Choose two.)

Options:

RSA key

IKE policy

SSL cipher

GRE tunnel

L2TP protocol

Answer

A, B

Questions # 2:

Refer to the exhibit.

Question # 2

A network engineer is configuring a remote access SSLVPN and is unable to complete the connection using local credentials. What must be done to remediate this problem?

Options:

Enable the client protocol in the Cisco AnyConnect profile.

Configure a AAA server group to authenticate the client.

Change the authentication method to local.

Configure the group policy to force local authentication.

Answer

Questions # 3:

A network engineer must expand a company's Cisco AnyConnect solution. Currently, a Cisco ASA is set up in North America and another will be installed in Europe with a different IP address. Users should connect to the ASA that has the lowest Round Trip Time from their network location as measured by the AnyConnect client. Which solution must be implemented to meet this requirement?

Options:

VPN Load Balancing

IP SLA

DNS Load Balancing

Optimal Gateway Selection

Answer

Explanation

Optimal Gateway Selection (OGS). OGS is a feature that can be used in order to determine which gateway has the lowest Round Trip Time (RTT) and connect to that gateway. One can use the OGS feature in order to minimize latency for Internet traffic without user intervention. With OGS, Cisco AnyConnect Secure Mobility Client (AnyConnect) identifies and selects which secure gateway is best for connection or reconnection. OGS begins upon first connection or upon a reconnection at least four hours after the previous disconnection.

Questions # 4:

Refer to the exhibit.

Question # 4

Which type of VPN is being configured, based on the partial configuration snippet?

Options:

GET VPN with COOP key server

GET VPN with dual group member

FlexVPN load balancer

FlexVPN backup gateway

Answer

Questions # 5:

Which Cisco AnyConnect component ensures that devices in a specific internal subnet are only accessible using port 443?

Options:

routing

WebACL

split tunnel

VPN filter

Answer

Explanation

https://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/99103-pix-asa-vpn-filter.html#anc6

Questions # 6:

A network engineer must design a remote access solution to allow contractors to access internal servers. These contractors do not have permissions to install applications on their computers. Which VPN solution should be used in this design?

Options:

IKEv2 AnyConnect

Clientless

Port forwarding

SSL AnyConnect

Answer

Questions # 7:

Refer to the exhibit.

Question # 7

An IKEv2 site-to-site tunnel between an ASA and a remote peer is not building successfully. What will fix the problem based on the debug output?

Options:

Ensure crypto IPsec policy matches on both VPN devices.

Install the correct certificate to validate the peer.

Correct crypto access list on both VPN devices.

Specify the peer IP address in the tunnel group name.

Answer

Explanation

To fix the problem with the IKEv2 site-to-site tunnel between an ASA and a remote peer based on the debug output, you should ensure that the crypto IPsec policy matches on both VPN devices. The debug output indicates that the crypto policies on the two VPN devices are mismatched, which is preventing the tunnel from building successfully. Installing the correct certificate to validate the peer, correcting the crypto access list on both VPN devices, and specifying the peer IP address in the tunnel group name will not fix the problem.

Questions # 8:

Refer to the exhibit.

Question # 8

An engineer is diagnosing an issue that occurred after a router at a branch site was assigned a new address. Based on the debugs, what must be done to resolve this issue?

Options:

Add the remote peer’s IP address to the server's IKEv2 keyring.

Ensure that the correct preshared keys are set on both sides.

Ensure that the UDP 500 packets between devices are not dropped.

Add the remote peer’s identity to the server’s IKEv2 profile.

Answer

Questions # 9:

Question # 9

An engineer is building an IKEv1 tunnel to a peer Cisco ASA, but the tunnel is failing. Based on the configuration in the exhibit, which action must be taken to allow the VPN tunnel to come up?