Exam Details
Exam Code
:300-730Exam Name
:Implementing Secure Solutions with Virtual Private Networks (SVPN)Certification
:CCNPVendor
:CiscoTotal Questions
:192 Q&AsLast Updated
:May 15, 2024
Cisco CCNP 300-730 Questions & Answers
-
Question 41:
Refer to the exhibit.
Which type of VPN tunnel is configured?
A. Multipoint GRE
B. DMVPN
C. FlexVPN
D. GRE over IPsec
-
Question 42:
An engineer is configuring clientless SSL VPN. The finance department has a database server that only they should access, but the sales department can currently access it. The finance and the sales departments are configured as separate group-policies. What must be added to the configuration to make sure the users in the sales department cannot access the finance department server?
A. tunnel group lock
B. smart tunnel
C. port forwarding
D. webtype ACL
-
Question 43:
Which command must be configured on the tunnel interface of a FlexVPN spoke to receive a dynamic IP address from the hub?
A. ip address negotiated
B. ip unnumbered
C. ip address dhcp
D. ip address pool
-
Question 44:
Which configuration allows a Cisco ASA to receive an IPsec connection from a peer with an unknown IP address?
A. dynamic crypto map
B. dynamic tunnel group
C. dynamic AAA attributes
D. dynamic access policy
-
Question 45:
Which feature must be disabled in EIGRP for DMVPN spokes to learn routes to other DMVPN spokes?
A. split-horizon
B. bandwidth percent
C. next-hop-self
D. hold time
-
Question 46:
Two Cisco ASAs are set up in a VPN load-balancing configuration in an environment where there are thousands of unique Cisco AnyConnect connections per day. Which scalable IP address assignment method must be implemented on both ASAs to achieve minimal overlap when assigning IP addresses from the same subnet to AnyConnect clients?
A. DHCP
B. local
C. RADIUS framed IP address
D. RADIUS address pools
-
Question 47:
Refer to the exhibit.
An engineer has configured two new VPN tunnels to 172.18.1.1 and 172.19.1.1. However, communication between 10.1.0.10 and 10.1.11.10 does not function. Which action should be taken to resolve this issue?
A. Remove and reapply the crypto map to the interface.
B. Insert routes for the 10.1.9.0/24 and 10.1.10.0/24 subnets.
C. Modify the transform set to use transport mode.
D. Adjust the network objects to match the appropriate subnets.
-
Question 48:
Refer to the exhibit.
A network administrator is setting up Cisco AnyConnect on an ASA headend. When users attempt to connect to the VPN, they are presented with this message. The administrator has replaced the ASA's self-signed certificate with a certificate enrolled with the internal CA and has confirmed that the certificate is not revoked. Which two tasks will the administrator need to do to prevent users from seeing this message? (Choose two.)
A. Trust the issuing CA for the ASA identity certificate on the user's PC.
B. Enroll and import an SSL certificate with the CN value example.cisco.com on the ASA.
C. Add the CN example.cisco.com to the AnyConnect XML certificate matching section.
D. Enable certificate authentication under the connection profile.
E. Add example.cisco.com to the server name list within the AnyConnect Local Policy.
-
Question 49:
Users are getting untrusted server warnings when they connect to the URL https://asa.lab from their browsers. This URL resolves to 192.168.10.10, which is the IP address for a Cisco ASA configured for a clientless VPN. The VPN was recently set up and issued a certificate from an internal CA server. Users can connect to the VPN by ignoring the message, however, when users access other webservers that use certificates issued by the same internal CA server, they do not experience this issue. Which action resolves this issue?
A. Import the CA that signed the certificate into the machine trusted root CA store.
B. Reissue the certificate with asa.lab in the subject alternative name field.
C. Import the CA that signed the certificate into the user trusted root CA store.
D. Reissue the certificate with 192.168.10.10 in the subject common name field.
-
Question 50:
A network engineer must configure the Cisco ASA so that Cisco AnyConnect clients establishing an SSL VPN connection create an additional tunnel for real-time traffic that is sensitive to packet delays. If this additional tunnel experiences any issues, it must fall back to a TLS connection. Which two Cisco AnyConnect features must be configured to accomplish this task? (Choose two.)
A. DTLS
B. DSCP Preservation
C. DPD
D. SSL Rekey
E. OMTU
Related Exams:
300-610
Designing Cisco Data Center Infrastructure (DCID)350-501
Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR)350-701
Implementing and Operating Cisco Security Core Technologies (SCOR)350-601
Implementing and Operating Cisco Data Center Core Technologies (DCCOR)350-801
Implementing and Operating Cisco Collaboration Core Technologies (CLCOR)350-401
Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR) & CCIE Enterprise Infrastructure & CCIE Enterprise Wireless300-535
Automating and Programming Cisco Service Provider Solutions (SPAUTO)300-515
Implementing Cisco Service Provider VPN Services (SVPI)300-510
Implementing Cisco Service Provider Advanced Routing Solutions (SPRI)300-735
Automating and Programming Cisco Security Solutions (SAUTO)
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-730 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.