cisco 300-730 practice test
implementing secure solutions with virtual private networks (svpn 300-730)
Last exam update: Jan 15 ,2025
Question 1
Which VPN technology must be used to ensure that routers are able to dynamically form connections with each other rather than sending traffic through a hub and be able to advertise routes without the use of a dynamic routing protocol?
- A. FlexVPN
- B. DMVPN Phase 3
- C. DMVPN Phase 2
- D. GETVPN
Answer:
b
Question 2
Refer to the exhibit. The VPN tunnel between the FlexVPN spoke and FlexVPN hub 192.168.0.12 is failing. What should be done to correct this issue?
- A. Add the address 192.168.0.12 255.255.255.255 command to the keyring configuration.
- B. Add the match fvrf any command to the IKEv2 policy.
- C. Add the aaa authorization group psk list Flex_AAA Flex_Auth command to the IKEv2 profile configuration.
- D. Add the tunnel mode gre ip command to the tunnel configuration.
Answer:
c
Question 3
An engineer has configured Cisco AnyConnect VPN using IKEv2 on a Cisco IOS router. The user cannot connect in the Cisco AnyConnect client, but receives an alert message Use a browser to gain access. Which action does the engineer take to resolve this issue?
- A. Reset user login credentials.
- B. Correct the URL address.
- C. Connect using HTTPS.
- D. Disable the HTTP server.
Answer:
c
Question 4
What are two differences between ECC and RSA? (Choose two.)
- A. Key generation in ECC is slower and more CPU intensive than RSA.
- B. ECC can have the same security as RSA but with a shorter key size.
- C. ECC cannot have the same security as RSA, even with an increased key size.
- D. Key generation in ECC is faster and less CPU intensive than RSA.
- E. ECC lags in performance when compared with RSA.
Answer:
bd
Question 5
Which two types of web resources or protocols are enabled by default on the Cisco ASA Clientless SSL VPN portal? (Choose two.)
- A. HTTP
- B. ICA (Citrix)
- C. VNC
- D. RDP
- E. CIFS
Answer:
de
Reference:
https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/vpn/asa-94-vpn-config/webvpn-configure-gateway.html
Question 6
A DMVPN spoke router tunnel is up and passing traffic, but it cannot establish an EIGRP neighbor relationship with the hub router. Which solution resolves this issue?
- A. Enable EIGRP Split Horizon on the hub tunnel interface.
- B. Remove the EIGRP stub configuration on the spoke tunnel interface.
- C. Enable the EIGRP next hop self feature on the hub tunnel interface.
- D. Configure the dynamic NHRP multicast map on the hub tunnel interface.
Answer:
d
Question 7
Which feature allows a DMVPN Phase 3 spoke to switch to an alternate hub when the primary hub is unreachable?
- A. multicast PIM
- B. backup NHS
- C. per-tunnel jitter probes
- D. NHRP shortcut
Answer:
d
Question 8
An administrator is setting up Cisco AnyConnect on a Cisco ASA with the requirement that AnyConnect automatically establishes a VPN when a company-owned laptop is connected to the internet outside of the corporate network. Which configuration meets these requirements?
- A. SBL with user certificate authentication
- B. TND with machine certificate authentication
- C. SBL with machine certificate authentication
- D. TND with user certificate authentication
Answer:
d
Question 9
Which two types of SSO functionality are available on the Cisco ASA without any external SSO servers? (Choose two.)
- A. SAML
- B. NTLM
- C. Kerberos
- D. OAuth 2.0
- E. HTTP Basic
Answer:
be
Question 10
When a FlexVPN is configured, which two components must be configured for IKEv2? (Choose two.)
- A. method
- B. profile
- C. proposal
- D. preference
- E. persistence
Answer:
bc