Cisco CCNP 300-730 Questions & Answers

• Question 181:

  Refer to the exhibit.

  

  Based on this ASDM output, which remote access technologies are allowed on the ASA?

  A. SSLAnyConnect VPN

  B. IKEv2 and SSL AnyConnect VPN

  C. SSL clientless VPN

  D. IKEv2 AnyConnect VPN

  Correct Answer: B

• Question 182:

  On an ASA with multiple connection profiles for different departments, what is the best design to ensure that AnyConnect users are assigned the correct connection profile based on their department and do not have the ability to choose a different connection profile?

  A. group URL

  B. group alias

  C. dynamic access policy

  D. certificate mapping

  Correct Answer: A

• Question 183:

  Which two tasks must be performed to implement a clientless VPN on the Cisco ASA? (Choose two.)

  A. Configure a connection profile

  B. Upload an AnyConnect Package.

  C. Install an enrolled X.509 Certificate.

  D. Configure a language translation file.

  E. Configure a portal customization.

  Correct Answer: AC

  Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/webvpn-ssl-vpn/119417-config-asa-00.html

• Question 184:

  A Cisco IOS router is reconfigured to connect to an additional DMVPN hub that is a part of a different DMVPN phase 3 cloud. After this change was made, users begin to experience problems accessing corporate resources over both tunnels. Before the additional tunnel was created, users could access resources over the first tunnel without any issues. Both tunnels terminate on the same interface of the router and use the same IPsec proposals. Which two actions resolve the issue without affecting spoke-to-spoke traffic in either DMVPN cloud? (Choose two.)

  A. Enable dead peer detection for both tunnels.

  B. Use the same shared IPsec profile for both tunnels.

  C. Configure the same NHRP network IDs for both tunnels.

  D. Specify the tunnel destination in each tunnel.

  E. Assign a unique tunnel key to each tunnel.

  Correct Answer: DE

• Question 185:

  An engineer is implementing a failover solution for a FlexVPN client site where ESP traffic to the primary FlexVPN server is blocked intermittently after tunnel establishment. This issue causes users at the branch site to lose access to the corporate network. The solution must quickly establish a tunnel and send traffic to the secondary FlexVPN server only during a failover event. Which action must the engineer take to implement this solution?

  A. Create one tunnel with peer statements to each server and use Dead Peer Detection to track the status or the primary server.

  B. Create two tunnels for each FlexVPN server and use the tunnel keepalive command to track the status of each FlexVPN server.

  C. Create one tunnel with peer statements to each server and use object tracking to track the status of the primary server.

  D. Create two tunnels for each FlexVPN server and use a dynamic routing protocol to track the status or each FlexVPN server.

  Correct Answer: A

• Question 186:

  Refer to the exhibit.

  

  Which type of VPN is used in the configuration?

  A. GETVPN

  B. FlexVPN

  C. DMVPN

  D. IPSec

  Correct Answer: C

  Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/15-mt/sec-conn-dmvpn-15-mt-book/sec-conn-dmvpn-ip6-dmvpn.html

• Question 187:

  When deploying a site-to-site VPN, what must be used to minimize IP fragmentation?

  A. IKE version 1

  B. ISAKMP over UDP 500

  C. Dead Peer Detection

  D. Path MTU Discovery

  Correct Answer: D

• Question 188:

  DRAG DROP

  Drag and drop the GET VPN components from the left onto the correct descriptions on the right.

  Select and Place:

  

  Correct Answer:

  

  Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_getvpn/configuration/xe-3s/sec-get-vpn-xe-3s-book/sec-get-vpn.html