300-730 Online Practice Questions and Answers

Refer to the exhibit.

Based on the exhibit, why are users unable to access CCNP Webserver bookmark?

A. The URL is being blocked by a WebACL.

B. The ASA cannot resolve the URL.

C. The bookmark has been disabled.

D. The user cannot access the URL.

Refer to the exhibit.

Which VPN technology is allowed for users connecting to the Employee tunnel group?

A. SSL AnyConnect

B. IKEv2 AnyConnect

C. crypto map

D. clientless

Which benefit of FlexVPN is a limitation of DMVPN using IKEv1?

A. GRE encapsulation allows for forwarding of non-IP traffic.

B. IKE implementation can install routes in routing table.

C. NHRP authentication provides enhanced security.

D. Dynamic routing protocols can be configured.

What is a requirement for smart tunnels to function properly?

A. Java or ActiveX must be enabled on the client machine.

B. Applications must be UDP.

C. Stateful failover must not be configured.

D. The user on the client machine must have admin access.

A user at a company HQ is having trouble accessing a network share at a branch site that is connected with a L2L IPsec VPN. While troubleshooting, a network security engineer runs a packet tracer on the Cisco ASA to simulate the user

traffic and discovers that the encryption counter is increasing but the decryption counter is not. What must be configured to correct this issue?

A. Adjust the routing on the remote peer device to direct traffic back over the tunnel.

B. Adjust the preshared key on the remote peer to allow traffic to flow over the tunnel.

C. Adjust the transform set to allow bidirectional traffic.

D. Adjust the peer IP address on the remote peer to direct traffic back to the ASA.

Users cannot log in to a Cisco ASA using clientless SSLVPN. Troubleshooting reveals the error message "WebVPN session terminated: Client type not supported". Which step does the administrator take to resolve this issue?

A. Enable the Cisco AnyConnect premium license on the Cisco ASA.

B. Have the user upgrade to a supported browser.

C. Increase the simultaneous logins on the group policy.

D. Enable the clientless VPN protocol on the group policy.

Refer to the exhibit.

An engineer has configured a spoke to connect to a FlexVPN hub. The tunnel is up, but pings fail when the engineer attempts to reach host 192.168.200.10 behind the spoke, and traffic is sourced from host 192.168.100.3, which is behind the FlexVPN server. Based on packet captures, the engineer discovers that host 192.168.200.10 receives the icmp echo and sends an icmp reply that makes it to the inside interface of the spoke. Based on the output in the exhibit captured on the spoke by the engineer, which action resolves this issue?

A. Add the aaa authorization group cert list default default command to the spoke ikev2 profile.

B. Add the route set remote ipv4 192.168.200.0 255.255.255.0 command to the hub authorization policy.

C. Add the aaa authorization group cert list default default command to the hub ikev2 profile.

D. Add the route set remote ipv4 192.168.100.0 255.255.255.0 command to the spoke authorization policy.

An engineer is using DMVPN to provide secure connectivity between a data center and remote sites. Which two routing protocols should be used between the routers? (Choose two.)

A. IS-IS

B. BGP

C. RIPv2

D. OSPF

E. EIGRP

A network administrator wants the Cisco ASA to automatically start downloading the Cisco AnyConnect client without prompting the user to select between WebVPN or AnyConnect. Which command accomplishes this task?

A. anyconnect ssl df-bit-ignore enable

B. anyconnect ask none default anyconnect

C. anyconnect ask enable default anyconnect

D. anyconnect modules value default

Which remote access VPN technology requires transform sets to be explicitly defined?

A. Clientless SSLVPN

B. IPSec

C. Cisco Anyconnect

D. FlexVPN