What Guaranteed 300-730 Exam Price Is

NEW QUESTION 1
In a FlexVPN deployment, the spokes successfully connect to the hub, but spoke-to-spoke tunnels do not form. Which troubleshooting step solves the issue?

• A. Verify the spoke configuration to check if the NHRP redirect is enabled.
• B. Verify that the spoke receives redirect messages and sends resolution requests.
• C. Verify the hub configuration to check if the NHRP shortcut is enabled.
• D. Verify that the tunnel interface is contained within a VRF.

Answer: B

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/15-mt/sec-conn-dmvpn-15-mt-book/sec-conn-dmvpn-summ-maps.pdf

NEW QUESTION 2
Which benefit of FlexVPN is a limitation of DMVPN using IKEv1?

• A. GRE encapsulation allows for forwarding of non-IP traffic.
• B. IKE implementation can install routes in routing table.
• C. NHRP authentication provides enhanced security.
• D. Dynamic routing protocols can be configured.

Answer: B

NEW QUESTION 3
Refer to the exhibit.

Based on the exhibit, why are users unable to access CCNP Webserver bookmark?

• A. The URL is being blocked by a WebACL.
• B. The ASA cannot resolve the URL.
• C. The bookmark has been disabled.
• D. The user cannot access the URL.

Answer: C

NEW QUESTION 4
Which parameter must match on all routers in a DMVPN Phase 3 cloud?

• A. GRE tunnel key
• B. NHRP network ID
• C. tunnel VRF
• D. EIGRP split-horizon setting

Answer: A

NEW QUESTION 5
Which statement about GETVPN is true?

• A. The configuration that defines which traffic to encrypt originates from the key server.
• B. TEK rekeys can be load-balanced between two key servers operating in COOP.
• C. The pseudotime that is used for replay checking is synchronized via NTP.
• D. Group members must acknowledge all KEK and TEK rekeys, regardless of configuration.

Answer: A

NEW QUESTION 6
Which redundancy protocol must be implemented for IPsec stateless failover to work?

• A. SSO
• B. GLBP
• C. HSRP
• D. VRRP

Answer: C

Explanation:
Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/17826-ipsec-feat.html

NEW QUESTION 7
Which requirement is needed to use local authentication for Cisco AnyConnect Secure Mobility Clients that connect to a FlexVPN server?

• A. use of certificates instead of username and password
• B. EAP-AnyConnect
• C. EAP query-identity
• D. AnyConnect profile

Answer: D

Explanation:
Reference: https://www.cisco.com/c/en/us/support/docs/security/flexvpn/200555-FlexVPN-AnyConnect-IKEv2-Remote-Access.html

NEW QUESTION 8
Which method dynamically installs the network routes for remote tunnel endpoints?

• A. policy-based routing
• B. CEF
• C. reverse route injection
• D. route filtering

Answer: C

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnav/configuration/12-4t/sec-vpn-availability-12-4t-book/sec-rev-rte-inject.html

NEW QUESTION 9
Refer to the exhibit.

What is a result of this configuration?

• A. Spoke 1 fails the authentication because the authentication methods are incorrect.
• B. Spoke 2 passes the authentication to the hub and successfully proceeds to phase 2.
• C. Spoke 2 fails the authentication because the remote authentication method is incorrect.
• D. Spoke 1 passes the authentication to the hub and successfully proceeds to phase 2.

Answer: A

NEW QUESTION 10
Which VPN does VPN load balancing on the ASA support?

• A. VTI
• B. IPsec site-to-site tunnels
• C. L2TP over IPsec
• D. Cisco AnyConnect

Answer: D

NEW QUESTION 11
Refer to the exhibit.

An engineer is troubleshooting a new GRE over IPsec tunnel. The tunnel is established but the engineer cannot ping from spoke 1 to spoke 2. Which type of traffic is being blocked?

• A. ESP packets from spoke2 to spoke1
• B. ISAKMP packets from spoke2 to spoke1
• C. ESP packets from spoke1 to spoke2
• D. ISAKMP packets from spoke1 to spoke2

Answer: A

NEW QUESTION 12
Which feature allows the ASA to handle nonstandard applications and web resources so that they display correctly over a clientless SSL VPN connection?

• A. single sign-on
• B. Smart Tunnel
• C. WebType ACL
• D. plug-ins

Answer: B

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/vpn_clientless_ssl.html#29951

NEW QUESTION 13
Cisco AnyConnect Secure Mobility Client has been configured to use IKEv2 for one group of users and SSL for another group. When the administrator configures a new AnyConnect release on the Cisco ASA, the IKEv2 users cannot download it automatically when they connect. What might be the problem?

• A. The XML profile is not configured correctly for the affected users.
• B. The new client image does not use the same major release as the current one.
• C. Client services are not enabled.
• D. Client software updates are not supported with IKEv2.

Answer: C

NEW QUESTION 14
Refer to the exhibit.

A customer cannot establish an IKEv2 site-to-site VPN tunnel between two Cisco ASA devices. Based on the syslog message, which action brings up the VPN tunnel?

• A. Reduce the maximum SA limit on the local Cisco ASA.
• B. Increase the maximum in-negotiation SA limit on the local Cisco ASA.
• C. Remove the maximum SA limit on the remote Cisco ASA.
• D. Correct the crypto access list on both Cisco ASA devices.

Answer: B

NEW QUESTION 15
Which feature of GETVPN is a limitation of DMVPN and FlexVPN?

• A. sequence numbers that enable scalable replay checking
• B. enabled use of ESP or AH
• C. design for use over public or private WAN
• D. no requirement for an overlay routing protocol

Answer: D

NEW QUESTION 16
DRAG DROP
Drag and drop the correct commands from the night onto the blanks within the code on the left to implement a design that allow for dynamic spoke-to-spoke communication. Not all comments are used.
Select and Place:

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/xe-16/sec-conn-dmvpn-xe-16-book/sec-conn-dmvpn-summ-maps.html

NEW QUESTION 17
Which two commands help determine why the NHRP registration process is not being completed even after the IPsec tunnel is up? (Choose two.)

• A. show crypto isakmp sa
• B. show ip traffic
• C. show crypto ipsec sa
• D. show ip nhrp traffic
• E. show dmvpn detail

Answer: AD

NEW QUESTION 18
Refer to the exhibit.

A site-to-site tunnel between two sites is not coming up. Based on the debugs, what is the cause of this issue?

• A. An authentication failure occurs on the remote peer.
• B. A certificate fragmentation issue occurs between both sides.
• C. UDP 4500 traffic from the peer does not reach the router.
• D. An authentication failure occurs on the router.

Answer: C

NEW QUESTION 19
Which command automatically initiates a smart tunnel when a user logs in to the WebVPN portal page?

• A. auto-upgrade
• B. auto-connect
• C. auto-start
• D. auto-run

Answer: C

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/vpn/asa_91_vpn_config/webvpn-configure-policy-group.html

NEW QUESTION 20
A second set of traffic selectors is negotiated between two peers using IKEv2. Which IKEv2 packet will contain details of the exchange?

• A. IKEv2 IKE_SA_INIT
• B. IKEv2 INFORMATIONAL
• C. IKEv2 CREATE_CHILD_SA
• D. IKEv2 IKE_AUTH

Answer: B

NEW QUESTION 21
......