300-740 Exam Details
-
Exam Code
:300-740 -
Exam Name
:Designing and Implementing Secure Cloud Access for Users and Endpoints -
Certification
:CCNP Security -
Vendor
:Cisco -
Total Questions
:61 Q&As -
Last Updated
:Jan 09, 2026
Cisco 300-740 Online Questions & Answers
-
Question 1:
DRAG DROP
Refer to the exhibit.
An engineer must configure SAML single sign-on in Cisco ISE to use Microsoft Azure AD as an identity provider. Drag and drop the steps from the left into the sequence on the right to configure Cisco ISE with SAML single sign-on.
Select and Place:
-
Question 2:
DRAG DROP
Drag and drop the tasks from the left into order on the right to implement adding Duo multifactor authentication to Meraki Client VPN login.
Select and Place:
-
Question 3:
DRAG DROP
Refer to the exhibit.
An engineer must configure multifactor authentication using the Duo Mobile app to provide admin access to a Cisco Meraki switch. The engineer already configured Duo Mobile and received an activation code. Drag and drop the steps from left to right to complete the configuration.
Select and Place:
-
Question 4:
Refer to the exhibit.
crypto ikev1 policy 5 authentication pre-share hash aes-256 encryption sha-256 group 1
An engineer must configure a remote access IPsec/IKEv1 VPN that will use AES256 and SHA256 on a Cisco ASA firewall. The indicated configuration was applied to the firewall; however, the tunnel fails to establish.
Which two IKEv1 policy commands must be run to meet the requirement? (Choose two.)
A. encryption aes-256
B. ipsec-proposal sha-256-aes-256
C. integrity aes-256
D. ipsec-proposal AES256-SHA256
E. hash sha-256 -
Question 5:
Which method is used by a Cisco XDR solution to prioritize actions?
A. Updating antivirus signatures
B. Monitoring endpoint activity
C. Leveraging AI and machine learning
D. Analyzing network traffic patterns -
Question 6:
Refer to the exhibit.
An engineer must enable access to Salesforce using Cisco Umbrella and Cisco Cloudlock. These actions were performed:
From Salesforce, add the Cloudlock IP address to the allow list From Cloudlock, authorize Salesforce
However, Salesforce access via Cloudlock is still unauthorized. What should be done to meet the requirements?
A. From the Salesforce admin page, grant API access to Cloudlock.
B. From the Salesforce admin page, grant network access to Cloudlock
C. From the Cloudlock dashboard, grant API access to Salesforce.
D. From the Cloudlock dashboard, grant network access to Salesforce. -
Question 7:
Refer to the exhibit.
An engineer must create a policy in Cisco Secure Firewall Management Center to prevent restricted users from being able to browse any business or mobile phone shopping websites. The indicated policy was applied; however, the restricted users still can browse on the mobile phone shopping websites during business hours. What should be done to meet the requirement?
A. Set Dest Zones to Business Mobile Phones Shopping.
B. Set Dest Networks to Business Mobile Phones Shopping.
C. Set Time Range for rule 4 of Access Controlled Groups to All.
D. Move rule 4 Access Controlled Groups to the top. -
Question 8:
Refer to the exhibit.
An engineer must configure Duo SSO for Cisco Webex and add the Webex application to the Duo Access Gateway. Which two actions must be taken in Duo? (Choose two.)
A. Upload the application XML metadata file.
B. Upload the SAML application JSON file.
C. Configure the Applications settings for Cisco Webex.
D. Import the Identity Provider metadata.
E. Add a new application to the Duo platform. -
Question 9:
Which web application firewall deployment in the Cisco Secure DDoS protects against application layer and volumetric attacks?
A. Hybrid
B. On-demand
C. Always-on
D. Active/passive -
Question 10:
Refer to the exhibit.
An engineer must connect an on-premises network to the public cloud using Cisco Umbrella as a Cloud Access Security Broker. The indicated configuration was applied to router R1; however, connectivity to Umbrella fails with this error: % OPENDNS-3- DNS_RES_FAILURE. Which action must be taken on R1 to enable the connection?
A. Configure the Open DNS servers with the ip name-server command.
B. Configure a DHCP scope using the ip dhcp pool command.
C. Add the opendns in command to the interface configuration.
D. Add the opendns out command to the interface configuration.
Related Exams:
-
300-710
Securing Networks with Cisco Firepower (SNCF) -
300-715
Implementing and Configuring Cisco Identity Services Engine (SISE) -
300-720
Securing Email with Cisco Email Security Appliance (SESA) -
300-725
Securing the Web with Cisco Web Security Appliance (SWSA) -
300-730
Implementing Secure Solutions with Virtual Private Networks (SVPN) -
300-735
Automating and Programming Cisco Security Solutions (SAUTO) -
300-740
Designing and Implementing Secure Cloud Access for Users and Endpoints -
350-701
Implementing and Operating Cisco Security Core Technologies (SCOR)
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-740 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.