1. Home
  2. Cisco
  3. 300-730

Implementing Secure Solutions with Virtual Private Networks (SVPN)

Exam Details

  • Exam Code
    :300-730
  • Exam Name
    :Implementing Secure Solutions with Virtual Private Networks (SVPN)
  • Certification
    :CCNP Security
  • Vendor
    :Cisco
  • Total Questions
    :225 Q&As
  • Last Updated
    :

Cisco CCNP Security 300-730 Questions & Answers

  • Question 11:

    A network administrator wants the Cisco ASA to automatically start downloading the Cisco AnyConnect client without prompting the user to select between WebVPN or AnyConnect. Which command accomplishes this task?

    A. anyconnect ssl df-bit-ignore enable

    B. anyconnect ask none default anyconnect

    C. anyconnect ask enable default anyconnect

    D. anyconnect modules value default

  • Question 12:

    A clientless SSLVPN solution is built for 10 employees on a newly installed Cisco ASA. After a couple of days in production, it has been observed that only the first two users to log in each day are able to connect successfully. The remaining users encounter the message "Login failed". Which action resolves the issue?

    A. Allocate additional Cisco AnyConnect Premium licenses to the ASA.

    B. Increase the vpn-simultaneous-logins parameter to a value of more than 2.

    C. Increase the number or IP addresses available in the VPN pool.

    D. Verify that the users that cannot log in are in the correct AD group with VPN permissions.

  • Question 13:

    Refer to the exhibit.

    A company has been using SAML to authenticate their clientless SSLVPN users. After about a year of uptime in production, users begin to experience issues authenticating. Based on the collected debugs, which action resolves the issue?

    A. Increase the SAML Request Timeout value on the ASA.

    B. Verify that the IdP is using the SAML-attribute NameID.

    C. Ensure that the ASA and IdP are synchronized to a NTP server.

    D. Replace the expired IdP signing certificate with a valid one.

  • Question 14:

    Refer to the exhibit.

    A network administrator is setting up a phone VPN on a Cisco ASA. The phone cannot connect and the error is presented in a debug on the Cisco ASA. Which action fixes this issue?

    A. Enable web-deploy of the posture module so that the module can be downloaded from the Cisco ASA to an IP phone.

    B. Configure the Cisco ASA to present an RSA certificate to the phone for authentication.

    C. Disable Cisco Secure Desktop under the connection profile VPNPhone.

    D. Install the posture module on the Cisco ASA.

  • Question 15:

    Refer to the exhibit.

    The network security engineer identified that the hub router cannot send traffic to the spoke router. Based on the provided output, which action resolves the issue?

    A. Permit UDP ports 500 and 4500 between the hub and spoke.

    B. Correct the next hop server IP address on the spoke router.

    C. Ensure the preshared key on the hub-and-spoke router matches.

    D. Adjust the ip nhrp network-id command on the hub router.

  • Question 16:

    Refer to the exhibit.

    Which action must be taken on the IPsec tunnel configuration to resolve the issue?

    A. The access lists on each peer must mirror each other.

    B. The transform set on each peer must match.

    C. The access lists on each peer must be identical.

    D. The transform set on each peer must be compatible.

  • Question 17:

    Which Diffie Hellman group should be used when ECDH is required in a VPN configuration?

    A. 24

    B. 19

    C. 16

    D. 15

  • Question 18:

    Which two types of SSO functionality are available on the Cisco ASA without any external SSO servers? (Choose two.)

    A. SAML

    B. NTLM

    C. Kerberos

    D. OAuth 2.0

    E. HTTP Basic

  • Question 19:

    Refer to the exhibit.

    Which type of VPN implementation is displayed?

    A. IKEv1 cluster

    B. IKEv2 backup gateway

    C. IKEv2 load balancer

    D. IKEv2 reconnect

  • Question 20:

    A network engineer must design a clientless VPN solution for a company. VPN users must be able to access several internal web servers. When reachability to those web servers was tested, it was found that one website is not being rewritten correctly by the ASA. What is a potential solution for this issue while still allowing it to be a clientless VPN setup?

    A. Set up a smart tunnel with the IP address of the web server.

    B. Set up a NAT rule that translates the ASA public address to the web server private address on port 80.

    C. Set up Cisco AnyConnect with a split tunnel that has the IP address of the web server.

    D. Set up a WebACL to permit the IP address of the web server.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-730 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.