1. Home
  2. Cisco
  3. 300-730

Implementing Secure Solutions with Virtual Private Networks (SVPN)

Exam Details

  • Exam Code
    :300-730
  • Exam Name
    :Implementing Secure Solutions with Virtual Private Networks (SVPN)
  • Certification
    :CCNP Security
  • Vendor
    :Cisco
  • Total Questions
    :225 Q&As
  • Last Updated
    :Mar 30, 2025

Cisco CCNP Security 300-730 Questions & Answers

  • Question 61:

    Which feature must be disabled in EIGRP for DMVPN spokes to learn routes to other DMVPN spokes?

    A. split-horizon

    B. bandwidth percent

    C. next-hop-self

    D. hold time

  • Question 62:

    Refer to the exhibit.

    An engineer has configured two new VPN tunnels to 172.18.1.1 and 172.19.1.1. However, communication between 10.1.0.10 and 10.1.11.10 does not function. Which action should be taken to resolve this issue?

    A. Remove and reapply the crypto map to the interface.

    B. Insert routes for the 10.1.9.0/24 and 10.1.10.0/24 subnets.

    C. Modify the transform set to use transport mode.

    D. Adjust the network objects to match the appropriate subnets.

  • Question 63:

    Refer to the exhibit.

    A network administrator is setting up Cisco AnyConnect on an ASA headend. When users attempt to connect to the VPN, they are presented with this message. The administrator has replaced the ASA's self-signed certificate with a certificate enrolled with the internal CA and has confirmed that the certificate is not revoked. Which two tasks will the administrator need to do to prevent users from seeing this message? (Choose two.)

    A. Trust the issuing CA for the ASA identity certificate on the user's PC.

    B. Enroll and import an SSL certificate with the CN value example.cisco.com on the ASA.

    C. Add the CN example.cisco.com to the AnyConnect XML certificate matching section.

    D. Enable certificate authentication under the connection profile.

    E. Add example.cisco.com to the server name list within the AnyConnect Local Policy.

  • Question 64:

    Users are getting untrusted server warnings when they connect to the URL https://asa.lab from their browsers. This URL resolves to 192.168.10.10, which is the IP address for a Cisco ASA configured for a clientless VPN. The VPN was recently set up and issued a certificate from an internal CA server. Users can connect to the VPN by ignoring the message, however, when users access other webservers that use certificates issued by the same internal CA server, they do not experience this issue. Which action resolves this issue?

    A. Import the CA that signed the certificate into the machine trusted root CA store.

    B. Reissue the certificate with asa.lab in the subject alternative name field.

    C. Import the CA that signed the certificate into the user trusted root CA store.

    D. Reissue the certificate with 192.168.10.10 in the subject common name field.

  • Question 65:

    A network engineer must configure the Cisco ASA so that Cisco AnyConnect clients establishing an SSL VPN connection create an additional tunnel for real-time traffic that is sensitive to packet delays. If this additional tunnel experiences any issues, it must fall back to a TLS connection. Which two Cisco AnyConnect features must be configured to accomplish this task? (Choose two.)

    A. DTLS

    B. DSCP Preservation

    C. DPD

    D. SSL Rekey

    E. OMTU

  • Question 66:

    When troubleshooting FlexVPN spoke-to-spoke tunnels, what should be verified first?

    A. NHRP redirect is enabled on the hub.

    B. The spokes have sent a resolution request.

    C. NHRP cache entries exist on the spoke.

    D. NHO routes exist on the spokes.

  • Question 67:

    Over which two transport mediums is FlexVPN deployed? (Choose two.)

    A. 5G

    B. VPLS

    C. internet

    D. MPLS

    E. DWDM

  • Question 68:

    The corporate network security policy requires that all internet and network traffic must be tunneled to the corporate office. Remote workers have been provided with printers to use locally at home while they are remotely connected to the corporate network. Which two steps must be executed to allow printing to the local printers? (Choose two.)

    A. Configure the split-tunnel-policy on the Cisco ASA to tunnelall.

    B. Check the Allow Local LAN access checkbox in the Cisco AnyConnect client.

    C. Add a persistent static route in the client OS for the local LAN network.

    D. Configure the split-tunnel-policy on the Cisco ASA to excludespecified.

    E. Configure the split-tunnel-policy on the Cisco ASA to tunnelspecified.

  • Question 69:

    An administrator is setting up Cisco AnyConnect on a Cisco ASA with the requirement that AnyConnect automatically establishes a VPN when a company-owned laptop is connected to the internet outside of the corporate network. Which configuration meets these requirements?

    A. SBL with user certificate authentication

    B. TND with machine certificate authentication

    C. SBL with machine certificate authentication

    D. TND with user certificate authentication

  • Question 70:

    Which two protocols does DMVPN leverage to build dynamic VPNs to multiple destinations? (Choose two.)

    A. IKEv2

    B. NHRP

    C. mGRE

    D. mBGP

    E. GDOI

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-730 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.