This page was exported from Actual Test Materials [ http://blog.actualtests4sure.com ] Export date:Fri Nov 15 18:54:55 2024 / +0000 GMT ___________________________________________________ Title: Read Online 300-730 Test Practice Test Questions Exam Dumps [Q40-Q61] --------------------------------------------------- Read Online 300-730 Test Practice Test Questions Exam Dumps Easily To Pass New 300-730 Premium Exam Updated [Sep 16, 2024] NO.40 Which parameter must match on all routers in a DMVPN Phase 3 cloud?  GRE tunnel key  NHRP network ID  tunnel VRF  EIGRP split-horizon setting https://journey2theccie.wordpress.com/2020/04/17/dmvpn-phase-3-configuration/ tunnel key is optionalNO.41 Which redundancy protocol must be implemented for IPsec stateless failover to work?  SSO  GLBP  HSRP  VRRP IPsec failover fallsinto two categories:statelessfailover and stateful failover.Statelessfailover uses protocols such as the Hot Standby Router Protocol (HSRP) to provide primary-to-secondary cutover and also allows the active and standby VPN gateways to share a common virtual IP address.NO.42 Which parameter is initially used to elect the primary key server from a group of key servers?  code version  highest IP address  highest-priority value  lowest IP address Section: Secure Communications ArchitecturesExplanation/Reference: https://www.cisco.com/c/en/us/products/collateral/security/group-encrypted-transport-vpn/ deployment_guide_c07_554713.htmlNO.43 An engineer would like Cisco AnyConnect users to be able to reach servers within the 10.10.0.0/16 subnet while all other traffic is sent out to the Internet. Which IPsec configuration accomplishes this task?  Option A  Option B  Option C  Option D NO.44 Refer to the exhibit.What is a result of this configuration?  Spoke 1 fails the authentication because the authentication methods are incorrect.  Spoke 2 passes the authentication to the hub and successfully proceeds to phase 2.  Spoke 2 fails the authentication because the remote authentication method is incorrect.  Spoke 1 passes the authentication to the hub and successfully proceeds to phase 2. NO.45 An engineer notices that while an employee is connected remotely, all traffic is being routed to the corporate network. Which split-tunnel policy allows a remote client to use their local provider for Internet access when working from home?  tunnelall  excludeall  tunnelspecified  excludespecified NO.46 An engineer would like Cisco AnyConnect users to be able to reach servers within the10.10.0.0/16 subnet while all other traffic is sent out to the Internet. Which IPsec configuration accomplishes this task?         NO.47 Refer to the exhibit.A network engineer is reconfiguring clientless SSLVPN during a maintenance window, and after testing the new configuration, is unable to establish the connection. What must be done to remediate this problem?  Enable client services on the outside interface.  Enable clientless protocol under the group policy.  Enable DTLS under the group policy.  Enable auto sign-on for the user’s IP address. NO.48 Which feature allows a DMVPN Phase 3 spoke to switch to an alternate hub when the primary hub is unreachable?  multicast PIM  backup NHS  per-tunnel jitter probes  NHRP shortcut The DMVPN-Tunnel Health Monitoring and Recovery (Backup NHS) feature allows you to control the number of connections to the Dynamic Multipoint Virtual Private Network (DMVPN) hub and allows you to switch to alternate hubs in case of a connection failure to the primary hubs. https://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_dmvpn/configuration/15-2mt/sec-conn-dmvpn-backup-nhs.html#:~:text=The%20DMVPN%2DTunnel%20Health%20Monitoring%20and%20Recovery%20(Backup%20NHS),failure%20to%20the%20primary%20hubs.Backup NHS, or Next Hop Server, is a feature of DMVPN Phase 3 that allows a spoke router to switch to an alternate hub when the primary hub is unreachable. This is accomplished by using a secondary IP address for the hub router, which is used as the next hop for any traffic sent by the spoke router to the hub.NO.49 Refer to the exhibit.A network administrator is setting up a phone VPN on a Cisco ASA. The phone cannot connect and the error is presented in a debug on the Cisco ASA. Which action fixes this issue?  Enable web-deploy of the posture module so that the module can be downloaded from the Cisco ASA to an IP phone.  Configure the Cisco ASA to present an RSA certificate to the phone for authentication.  Disable Cisco Secure Desktop under the connection profile VPNPhone.  Install the posture module on the Cisco ASA. CSD and IP phones: Currently, IP phones do not support Cisco Secure Desktop (CSD) and do not connect when CSD is enabled for the tunnel group or globally in the ASA.NO.50 Refer to the exhibit. A network engineer is reconfiguring clientless SSLVPN during a maintenance window, and after testing the new configuration, is unable to establish the connection. What must be done to remediate this problem?  Enable client services on the outside interface.  Enable clientless protocol under the group policy.  Enable DTLS under the group policy.  Enable auto sign-on for the user’s IP address. NO.51 A company needs to ensure only corporate issued laptops and devices are allowed to connect with the Cisco AnyConnect client. The solution should be applicable to multiple operating systems, including Windows, MacOS, and Linux, and should allow for remote remediation if a corporate issued device is stolen. Which solution should be used to accomplish these goals?  Use a DAP registry check on the system to determine the relationship with the corporate domain.  Use a DAP file check on the system to determine the relationship with the corporate domain.  Install and authenticate user certificates on the corporate devices.  Install and authenticate machine certificates on the corporate devices https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/asdm78/vpn/asdm-78-vpn-config/vpn-asdm-dap.html#ID-2184-00000017NO.52 In a FlexVPN deployment, the spokes successfully connect to the hub, but spoke-to-spoke tunnels do not form. Which troubleshooting step solves the issue?  Verify the spoke configuration to check if the NHRP redirect is enabled.  Verify that the spoke receives redirect messages and sends resolution requests.  Verify the hub configuration to check if the NHRP shortcut is enabled.  Verify that the tunnel interface is contained within a VRF. Reference:On receiving the redirect, Spoke1 initiates a resolution request for Host2 over the point-to-point tunnel interface (the same interface over which it received the redirect). The resolution request traverses the routed path (Spoke1-hub-spoke2). On receiving the resolution request, Spoke2 determines that it is the exit point and needs to respond to the resolution request. https://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/15-2mt/sec-flex-spoke.htmlNO.53 Which two commands help determine why the NHRP registration process is not being completed even after the IPsec tunnel is up? (Choose two.)  show crypto isakmp sa  show ip traffic  show crypto ipsec sa  show ip nhrp traffic  show dmvpn detail Ipsec tunnel is up so we don’t need to troubleshoot that (so we don’t need option A and C here) Option B (show ip traffic) is totally unrelated here.This leave us with D and E which are indeed both helping us to troubleshoot DMVPN NHRP registration process.NO.54 Refer to the exhibit.An IKEv2 site-to-site tunnel between an ASA and a remote peer is not building successfully. What will fix the problem based on the debug output?  Ensure crypto IPsec policy matches on both VPN devices.  Install the correct certificate to validate the peer.  Correct crypto access list on both VPN devices.  Specify the peer IP address in the tunnel group name. To fix the problem with the IKEv2 site-to-site tunnel between an ASA and a remote peer based on the debug output, you should ensure that the crypto IPsec policy matches on both VPN devices. The debug output indicates that the crypto policies on the two VPN devices are mismatched, which is preventing the tunnel from building successfully. Installing the correct certificate to validate the peer, correcting the crypto access list on both VPN devices, and specifying the peer IP address in the tunnel group name will not fix the problem.NO.55 Refer to the exhibit.Which VPN technology is used in the exhibit?  DVTI  VTI  DMVPN  GRE https://www.cisco.com/en/US/technologies/tk583/tk372/technologies_white_paper0900aecd8029d629.htmlNO.56 –Drag and drop the GET VPN components from the left onto the correct descriptions on the right. NO.57 Where must an engineer configure a preshared key for a site-to-site VPN tunnel configured on a Cisco ASA?  isakmp policy  group policy  crypto map  tunnel group NO.58 A DMVPN spoke router tunnel is up and passing traffic, but it cannot establish an EIGRP neighbor relationship with the hub router. Which solution resolves this issue?  Enable EIGRP Split Horizon on the hub tunnel interface.  Remove the EIGRP stub configuration on the spoke tunnel interface.  Enable the EIGRP next hop self feature on the hub tunnel interface.  Configure the dynamic NHRP multicast map on the hub tunnel interface. DMVPN is an NBMA network, which doesn’t support multicast at all. The only reason we can get it working to the hub is because of the nhrp multicast command we add to the tunnel interface.NO.59 Refer to the exhibit.Upon setting up a tunnel between two sites, users are complaining that connections to applications over the VPN are not working consistently. The output of show crypto ipsec sa was collected on one of the VPN devices. Based on this output, what should be done to fix this issue?  Lower the tunnel MTU.  Enable perfect forward secrecy.  Specify the application networks in the remote identity.  Make an adjustment to IPSec replay window. NO.60 Which benefit of FlexVPN is a limitation of DMVPN using IKEv1?  GRE encapsulation allows for forwarding of non-IP traffic.  IKE implementation can install routes in routing table.  NHRP authentication provides enhanced security.  Dynamic routing protocols can be configured. Section: Secure Communications ArchitecturesNO.61 Which technology is used to send multicast traffic over a site-to-site VPN?  GRE over IPsec on IOS router  GRE over IPsec on FTD  IPsec tunnel on FTD  GRE tunnel on ASA The GRE over IPsec implementations on Cisco documents refers to Routers. Loading … 300-730 Certification All-in-One Exam Guide Sep-2024: https://www.actualtests4sure.com/300-730-test-questions.html --------------------------------------------------- Images: https://blog.actualtests4sure.com/wp-content/plugins/watu/loading.gif https://blog.actualtests4sure.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2024-09-16 09:51:43 Post date GMT: 2024-09-16 09:51:43 Post modified date: 2024-09-16 09:51:43 Post modified date GMT: 2024-09-16 09:51:43