Cisco CCNP Security 300-730 Questions & Answers

• Question 41:

  Which two features are valid backup options for an IOS FlexVPN client? (Choose two.)

  A. HSRP stateless failover

  B. DNS-based hub resolution

  C. reactivate primary peer

  D. tunnel pivot E. need distractor

  Correct Answer: BC

• Question 42:

  Refer to the exhibit.

  

  Which type of VPN is used?

  A. GETVPN

  B. clientless SSL VPN

  C. Cisco Easy VPN

  D. Cisco AnyConnect SSL VPN

  Correct Answer: C

• Question 43:

  An engineer would like Cisco AnyConnect users to be able to reach servers within the 10.10.0.0/16 subnet while all other traffic is sent out to the Internet. Which IPsec configuration accomplishes this task?

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: B

• Question 44:

  Which Cisco AnyConnect component ensures that devices in a specific internal subnet are only accessible using port 443?

  A. routing

  B. WebACL

  C. split tunnel

  D. VPN filter

  Correct Answer: D

• Question 45:

  A network engineer must implement an SSLVPN Cisco AnyConnect solution that supports 500 concurrent users, ensures all traffic from the client passes through the ASA, and allows users to access all devices on the inside interface subnet (192.168.0.0/24). Assuming all other configuration is set up appropriately, which configuration implements this solution?

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: A

  First, tunnelall to ensure all trafic is passing through ASA (so answer is A or D). second, we need 500 users so the Pool in D is not ensuring this requirement (only 254 ip) so Answer is A.

• Question 46:

  Which two NHRP functions are specific to DMVPN Phase 3 implementation? (Choose two.)

  A. registration reply

  B. redirect

  C. resolution reply

  D. registration request

  E. resolution request

  Correct Answer: CE

  Registration reply/request in present in all DMVPN phases Resolution reply/request in only in DMVPN phase 3

• Question 47:

  Refer to the exhibit.

  

  Which type of Cisco VPN is shown for group Cisc012345678?

  A. Cisco AnyConnect Client VPN

  B. DMVPN

  C. Clientless SSLVPN

  D. GETVPN

  Correct Answer: A

  It is stated client-vpn as the vpn-tunnel-protocol.

• Question 48:

  Which command shows the smart default configuration for an IPsec profile?

  A. show run all crypto ipsec profile

  B. ipsec profile does not have any smart default configuration

  C. show smart-defaults ipsec profile

  D. show crypto ipsec profile default

  Correct Answer: D

• Question 49:

  Refer to the exhibit.

  

  The DMVPN spoke is not establishing a session with the hub. Which two actions resolve this issue? (Choose two.)

  A. Change the spoke nhs to 172.16.18.1 and the nbma to 10.0.0.1.

  B. Change the transform set to mode tunnel.

  C. Change the ISAKMP policy authentication on the spoke to pre-shared.

  D. Change the ISAKMP key address on the spoke to 0.0.0.0.

  E. Change the nhrp authentication key on the spoke to cisco123.

  Correct Answer: CE

• Question 50:

  Refer to the exhibit.

  

  A network engineer is configuring a remote access SSLVPN and is unable to complete the connection using local credentials. What must be done to remediate this problem?

  A. Enable the client protocol in the Cisco AnyConnect profile.

  B. Configure a AAA server group to authenticate the client.

  C. Change the authentication method to local.

  D. Configure the group policy to force local authentication.

  Correct Answer: A

  AAA Server Group is already configured as local. But at the bottom the ssl client is not activated