1. Home
  2. Cisco
  3. 300-730

Implementing Secure Solutions with Virtual Private Networks (SVPN)

Exam Details

  • Exam Code
    :300-730
  • Exam Name
    :Implementing Secure Solutions with Virtual Private Networks (SVPN)
  • Certification
    :CCNP Security
  • Vendor
    :Cisco
  • Total Questions
    :225 Q&As
  • Last Updated
    :Mar 30, 2025

Cisco CCNP Security 300-730 Questions & Answers

  • Question 21:

    An administrator is deciding which authentication protocol should be implemented for their upcoming Cisco AnyConnect deployment. A list of the security requirements from upper management are: the ability to force AnyConnect users to use complex passwords such as C1$c0451035084!, warn users a few days before their password expires, and allow users to change their password during a remote access session. Which authentication protocol must be used to meet these requirements?

    A. LDAPS

    B. RADIUS

    C. Kerberos

    D. TACACS+

  • Question 22:

    In order to enable FlexVPN to use a AAA attribute list, which two tasks must be performed? (Choose two.)

    A. Define the RADIUS server.

    B. Verify that clients are using the correct authorization policy.

    C. Define the AAA server.

    D. Assign the list to an authorization policy.

    E. Set the maximum segment size.

  • Question 23:

    Which technology and VPN component allows a VPN headend to dynamically learn post NAT IP addresses of remote routers at different sites?

    A. DMVPN with ISAKMP

    B. GETVPN with ISAKMP

    C. DMVPN with NHRP

    D. GETVPN with NHRP

  • Question 24:

    An engineer must configure remote desktop connectivity for offsite admins via clientless SSL VPN, configured on a Cisco ASA to Windows Vista workstations. Which two configurations provide the requested access? (Choose two.)

    A. Telnet bookmark via the Telnet plugin

    B. RDP2 bookmark via the RDP2 plugin

    C. VNC bookmark via the VNC plugin

    D. Citrix bookmark via the ICA plugin

    E. SSH bookmark via the SSH plugin

  • Question 25:

    What are two purposes of the key server in Cisco IOS GETVPN? (Choose two.)

    A. to download encryption keys

    B. to maintain encryption policies

    C. to distribute routing information

    D. to encrypt data traffic

    E. to authenticate group members

  • Question 26:

    An engineer notices that while an employee is connected remotely, all traffic is being routed to the corporate network. Which split-tunnel policy allows a remote client to use their local provider for Internet access when working from home?

    A. tunnelall

    B. excludeall

    C. tunnelspecified

    D. excludespecified

  • Question 27:

    Refer to the exhibit.

    An IKEv2 site-to-site tunnel between an ASA and a remote peer is not building successfully. What will fix the problem based on the debug output?

    A. Ensure crypto IPsec policy matches on both VPN devices.

    B. Install the correct certificate to validate the peer.

    C. Correct crypto access list on both VPN devices.

    D. Specify the peer IP address in the tunnel group name.

  • Question 28:

    Refer to the exhibit.

    A network engineer is reconfiguring clientless SSLVPN during a maintenance window, and after testing the new configuration, is unable to establish the connection. What must be done to remediate this problem?

    A. Enable client services on the outside interface.

    B. Enable clientless protocol under the group policy.

    C. Enable DTLS under the group policy.

    D. Enable auto sign-on for the user's IP address.

  • Question 29:

    Refer to the exhibit.

    The VPN tunnel between the FlexVPN spoke and FlexVPN hub 192.168.0.12 is failing. What should be done to correct this issue?

    A. Add the address 192.168.0.12 255.255.255.255 command to the keyring configuration.

    B. Add the match fvrf any command to the IKEv2 policy.

    C. Add the aaa authorization group psk list Flex_AAA Flex_Auth command to the IKEv2 profile configuration.

    D. Add the tunnel mode gre ip command to the tunnel configuration.

  • Question 30:

    Refer to the exhibit.

    Which two conclusions should be drawn from the DMVPN phase 2 configuration? (Choose two.)

    A. Next-hop-self is required.

    B. EIGRP neighbor adjacency will fail.

    C. EIGRP is used as the dynamic routing protocol.

    D. EIGRP route redistribution is not allowed.

    E. Spoke-to-spoke communication is allowed.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-730 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.