implementing secure solutions with virtual private networks (svpn 300-730)
Last exam update: Oct 07 ,2024
Page 1 out of 18. Viewing questions 1-10 out of 172
Question 1
Which two changes must be made in order to migrate from DMVPN Phase 2 to Phase 3 when EIGRP is configured? (Choose two.)
A.
Add NHRP shortcuts on the hub.
B.
Add NHRP redirects on the spoke.
C.
Disable EIGRP next-hop-self on the hub.
D.
Enable EIGRP next-hop-self on the hub.
E.
Add NHRP redirects on the hub.
Answer:
ce
User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
0/ 1000
Question 2
Refer to the exhibit.
An engineer must allow Cisco AnyConnect users to access the outside interface using protocol UDP 500/4500. In addition, these clients must be able to establish an SSL connection to update Cisco AnyConnect software over the same connection. Which two actions must be taken to achieve this goal? (Choose two.)
A.
IPsec (IKEv2) Allow Access must be checked on the outside interface.
B.
SSL Enable DTLS must be checked on the outside interface.
C.
Bypass interface access lists for inbound VPN sessions must be unchecked.
D.
IPsec (IKEv2) Enable Client Services must be checked on the outside interface.
E.
SSL Allow Access must be checked on the outside interface.
Answer:
ae
User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
0/ 1000
Question 3
A network engineer is installing Cisco AnyConnect on company laptops so that users can access corporate resources remotely. The VPN concentrator is a Cisco router running IOS-XE 16.9.1 code and configured as a FlexVPN server that uses local authentication and *$Cisc431089017$* as the key-id for the IKEv2 profile. Which two steps must be taken on the computer to allow a successful AnyConnect connection to the router? (Choose two.)
A.
In the Cisco AnyConnect XML profile, set the IPsec Authentication method to EAP-AnyConnect.
B.
In the Cisco AnyConnect XML profile, add the hostname and host address to the server list.
C.
In the Cisco AnyConnect XML profile, set the user group field to DefaultAnyConnectClientGroup.
D.
In the Cisco AnyConnect Local Policy, set the BypassDownloader option in the local to true.
E.
In the Cisco AnyConnect Local Policy, add the router IP address to the Update Policy.
Answer:
ad
User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
0/ 1000
Question 4
What is a characteristic of GETVPN?
A.
An ACL that defines interesting traffic must be configured and applied to the crypto map.
B.
Quick mode is used to create an IPsec SA.
C.
The remote peer for the IPsec session is configured as part of the crypto map.
D.
All peers have one IPsec SPI for inbound and outbound communication.
Answer:
d
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 5
Refer to the exhibit. A network administrator is setting up Cisco AnyConnect on an ASA headend. When users attempt to connect to the VPN, they are presented with this message. The administrator has replaced the ASA's self-signed certificate with a certificate enrolled with the internal CA and has confirmed that the certificate is not revoked. Which two tasks will the administrator need to do to prevent users from seeing this message? (Choose two.)
A.
Trust the issuing CA for the ASA identity certificate on the user's PC.
B.
Enroll and import an SSL certificate with the CN value example.cisco.com on the ASA.
C.
Add the CN example.cisco.com to the AnyConnect XML certificate matching section.
D.
Enable certificate authentication under the connection profile.
E.
Add example.cisco.com to the server name list within the AnyConnect Local Policy.
Answer:
ab
User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
0/ 1000
Question 6
Refer to the exhibit. A network administrator is setting up a phone VPN on a Cisco ASA. The phone cannot connect and the error is presented in a debug on the Cisco ASA. Which action fixes this issue?
A.
Enable web-deploy of the posture module so that the module can be downloaded from the Cisco ASA to an IP phone.
B.
Configure the Cisco ASA to present an RSA certificate to the phone for authentication.
C.
Disable Cisco Secure Desktop under the connection profile VPNPhone.
D.
Install the posture module on the Cisco ASA.
Answer:
c
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 7
Refer to the exhibit. A network engineer is reconfiguring clientless SSLVPN during a maintenance window, and after testing the new configuration, is unable to establish the connection. What must be done to remediate this problem?
A.
Enable client services on the outside interface.
B.
Enable clientless protocol under the group policy.
C.
Enable DTLS under the group policy.
D.
Enable auto sign-on for the user's IP address.
Answer:
b
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 8
Refer to the exhibit.
Which type of VPN tunnel is configured?
A.
Multipoint GRE
B.
DMVPN
C.
FlexVPN
D.
GRE over IPsec
Answer:
b
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 9
Refer to the exhibit. A customer cannot establish an IKEv2 site-to-site VPN tunnel between two Cisco ASA devices. Based on the syslog message, which action brings up the VPN tunnel?
A.
Reduce the maximum SA limit on the local Cisco ASA.
B.
Increase the maximum in-negotiation SA limit on the local Cisco ASA.
C.
Remove the maximum SA limit on the remote Cisco ASA.
D.
Correct the crypto access list on both Cisco ASA devices.
Answer:
b
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 10
A Cisco AnyConnect client establishes a SSL VPN connection with an ASA at the corporate office. An engineer must ensure that the client computer meets the enterprise security policy. Which feature can update the client to meet an enterprise security policy?