Cisco CCNP 300-730 Questions & Answers

• Question 21:

  Which VPN technology must be used to ensure that routers are able to dynamically form connections with each other rather than sending traffic through a hub and be able to advertise routes without the use of a dynamic routing protocol?

  A. FlexVPN

  B. DMVPN Phase 3

  C. DMVPN Phase 2

  D. GETVPN

  Correct Answer: A

• Question 22:

  An administrator is designing a VPN with a partner's non-Cisco VPN solution. The partner's VPN device will negotiate an IKEv2 tunnel that will only encrypt subnets 192.168.0.0/24 going to 10.0.0.0/24. Which technology must be used to meet these requirements?

  A. VTI

  B. crypto map

  C. GETVPN

  D. DMVPN

  Correct Answer: B

• Question 23:

  Refer to the exhibit.

  

  Which type of VPN is being configured, based on the partial configuration snippet?

  A. GET VPN with COOP key server

  B. GET VPN with dual group member

  C. FlexVPN load balancer

  D. FlexVPN backup gateway

  Correct Answer: A

• Question 24:

  After a user configures a connection profile with a bookmark list and tests the clientless SSLVPN connection, all of the bookmarks are grayed out. What must be done to correct this behavior?

  A. Apply the bookmark to the correct group policy.

  B. Specify the correct port for the web server under the bookmark.

  C. Configure a DNS server on the Cisco ASA and verify it has a record for the web server.

  D. Verify HTTP/HTTPS connectivity between the Cisco ASA and the web server.

  Correct Answer: C

• Question 25:

  Refer to the exhibit.

  

  Upon setting up a tunnel between two sites, users are complaining that connections to applications over the VPN are not working consistently. The output of show crypto ipsec sa was collected on one of the VPN devices. Based on this output, what should be done to fix this issue?

  A. Lower the tunnel MTU.

  B. Enable perfect forward secrecy.

  C. Specify the application networks in the remote identity.

  D. Make an adjustment to IPSec replay window.

  Correct Answer: D

• Question 26:

  Which two features are valid backup options for an IOS FlexVPN client? (Choose two.)

  A. HSRP stateless failover

  B. DNS-based hub resolution

  C. reactivate primary peer

  D. tunnel pivot E. need distractor

  Correct Answer: BC

• Question 27:

  Refer to the exhibit.

  

  Which type of VPN is used?

  A. GETVPN

  B. clientless SSL VPN

  C. Cisco Easy VPN

  D. Cisco AnyConnect SSL VPN

  Correct Answer: C

• Question 28:

  An engineer would like Cisco AnyConnect users to be able to reach servers within the 10.10.0.0/16 subnet while all other traffic is sent out to the Internet. Which IPsec configuration accomplishes this task?

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: B

• Question 29:

  Which Cisco AnyConnect component ensures that devices in a specific internal subnet are only accessible using port 443?

  A. routing

  B. WebACL

  C. split tunnel

  D. VPN filter

  Correct Answer: D

• Question 30:

  A network engineer must implement an SSLVPN Cisco AnyConnect solution that supports 500 concurrent users, ensures all traffic from the client passes through the ASA, and allows users to access all devices on the inside interface subnet (192.168.0.0/24). Assuming all other configuration is set up appropriately, which configuration implements this solution?

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: A

  First, tunnelall to ensure all trafic is passing through ASA (so answer is A or D). second, we need 500 users so the Pool in D is not ensuring this requirement (only 254 ip) so Answer is A.