cisco 300-730 practice test
Implementing Secure Solutions with Virtual Private Networks (SVPN)
Last exam update: Apr 12 ,2024
Question 1 Topic 1
Topic 1
DRAG DROP
Drag and drop the correct commands from the night onto the blanks within the code on the left to implement a design that
allow for dynamic spoke-to-spoke communication. Not all comments are used.
Select and Place:
Answer:
Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/xe-16/sec-conn-dmvpn-xe-16-
book/sec-conn-dmvpn-summ-maps.html
Question 2 Topic 1
Topic 1
A second set of traffic selectors is negotiated between two peers using IKEv2. Which IKEv2 packet will contain details of the
exchange?
- A. IKEv2 IKE_SA_INIT
- B. IKEv2 INFORMATIONAL
- C. IKEv2 CREATE_CHILD_SA
- D. IKEv2 IKE_AUTH
Answer:
B
Question 3 Topic 1
Topic 1
Refer to the exhibit. The DMVPN tunnel is dropping randomly and no tunnel protection is configured. Which spoke
configuration mitigates tunnel drops?
- A. Option A
- B. Option B
- C. Option C
- D. Option D
Answer:
D
Question 4 Topic 1
Topic 1
On a FlexVPN hub-and-spoke topology where spoke-to-spoke tunnels are not allowed, which command is needed for the
hub to be able to terminate FlexVPN tunnels?
- A. interface virtual-access
- B. ip nhrp redirect
- C. interface tunnel
- D. interface virtual-template
Answer:
D
Question 5 Topic 1
Topic 1
Which statement about GETVPN is true?
- A. The configuration that defines which traffic to encrypt originates from the key server.
- B. TEK rekeys can be load-balanced between two key servers operating in COOP.
- C. The pseudotime that is used for replay checking is synchronized via NTP.
- D. Group members must acknowledge all KEK and TEK rekeys, regardless of configuration.
Answer:
A
Question 6 Topic 1
Topic 1
Refer to the exhibit. Which two tunnel types produce the show crypto ipsec sa output seen in the exhibit?
(Choose two.)
- A. crypto map
- B. DMVPN
- C. GRE
- D. FlexVPN
- E. VTI
Answer:
B E
Question 7 Topic 1
Topic 1
Which two changes must be made in order to migrate from DMVPN Phase 2 to Phase 3 when EIGRP is configured?
(Choose two.)
- A. Add NHRP shortcuts on the hub.
- B. Add NHRP redirects on the spoke.
- C. Disable EIGRP next-hop-self on the hub.
- D. Enable EIGRP next-hop-self on the hub.
- E. Add NHRP redirects on the hub.
Answer:
C E
Question 8 Topic 1
Topic 1
Refer to the exhibit. A customer cannot establish an IKEv2 site-to-site VPN tunnel between two Cisco ASA devices. Based
on the syslog message, which action brings up the VPN tunnel?
- A. Reduce the maximum SA limit on the local Cisco ASA.
- B. Increase the maximum in-negotiation SA limit on the local Cisco ASA.
- C. Remove the maximum SA limit on the remote Cisco ASA.
- D. Correct the crypto access list on both Cisco ASA devices.
Answer:
B
Question 9 Topic 1
Topic 1
Which two parameters help to map a VPN session to a tunnel group without using the tunnel-group list?
(Choose two.)
- A. group-alias
- B. certificate map
- C. optimal gateway selection
- D. group-url
- E. AnyConnect client version
Answer:
B D
Question 10 Topic 1
Topic 1
Which method dynamically installs the network routes for remote tunnel endpoints?
- A. policy-based routing
- B. CEF
- C. reverse route injection
- D. route filtering
Answer:
C
Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnav/configuration/12-4t/sec-vpnavailability-12-4t-
book/sec-rev-rte-inject.html
Topic 2, Remote access VPNs
Question 11 Topic 2
Topic 2
Which command identifies a Cisco AnyConnect profile that was uploaded to the flash of an IOS router?
- A. svc import profile SSL_profile flash:simos-profile.xml
- B. anyconnect profile SSL_profile flash:simos-profile.xml
- C. crypto vpn anyconnect profile SSL_profile flash:simos-profile.xml
- D. webvpn import profile SSL_profile flash:simos-profile.xml
Answer:
C
Explanation:
Reference: https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/200533AnyConnect-
Configure-Basic-SSLVPN-for-I.html
Question 12 Topic 2
Topic 2
Refer to the exhibit. Which value must be configured in the User Group field when the Cisco AnyConnect Profile is created to
connect to an ASA headend with IPsec as the primary protocol?
- A. address-pool
- B. group-alias
- C. group-policy
- D. tunnel-group
Answer:
D
Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect41/
administration/guide/b_AnyConnect_Administrator_Guide_4-1/configure-vpn.html
Question 13 Topic 2
Topic 2
Refer to the exhibit. What is configured as a result of this command set?
- A. FlexVPN client profile for IPv6
- B. FlexVPN server to authorize groups by using an IPv6 external AAA
- C. FlexVPN server for an IPv6 dVTI session
- D. FlexVPN server to authenticate IPv6 peers by using EAP
Answer:
A
Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/xe-3s/sec-flexvpn-xe-3s-
book/sec-cfg-flex-clnt.html
Question 14 Topic 2
Topic 2
Which two types of web resources or protocols are enabled by default on the Cisco ASA Clientless SSL VPN portal?
(Choose two.)
- A. HTTP
- B. ICA (Citrix)
- C. VNC
- D. RDP
- E. CIFS
Answer:
D E
Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/vpn/asa-94-vpn-config/ webvpn-
configure-gateway.html
Question 15 Topic 2
Topic 2
Which configuration construct must be used in a FlexVPN tunnel?
- A. EAP configuration
- B. multipoint GRE tunnel interface
- C. IKEv1 policy
- D. IKEv2 profile
Answer:
D