Cisco 300-730 Exam Dumps - PDF Questions and Testing Engine [Q15-Q30]

Cisco 300-730 Exam Dumps - PDF Questions and Testing Engine

Latest 300-730 Exam Dumps for Pass Guaranteed

Cisco 300-730 exam is focused on testing the candidate's ability to configure, implement, and troubleshoot secure remote access solutions using virtual private networks (VPNs). 300-730 exam covers a wide range of topics, including VPN protocols, secure communication channels, and various VPN technologies. Candidates are also expected to have a good understanding of security policies, access control, and authentication methods.

 

NEW QUESTION # 15
Which two changes must be made in order to migrate from DMVPN Phase 2 to Phase 3 when EIGRP is configured? (Choose two.)

• A. Add NHRP redirects on the hub.
• B. Add NHRP redirects on the spoke.
• C. Disable EIGRP next-hop-self on the hub.
• D. Add NHRP shortcuts on the hub.
• E. Enable EIGRP next-hop-self on the hub.

Answer: A,E

Explanation:
DMVPN disables the EIRGP next-hop-self with "no ip next-hop-self eigrp xxx" in DMVPN phase 2, and to go from Phase 2 to 3 you need use the NHRP protocol, and again enable EIRGP next-hop-self with "ip next-hop-self eigrp 134" under the tunnel interface https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/15-mt/sec-conn-dmvpn-15-mt-book/sec-conn-dmvpn-dmvpn.html#GUID-BF561439-BCC0-4AAF-80D9-1F7876CB7B81

NEW QUESTION # 16
Which parameter is initially used to elect the primary key server from a group of key servers?

• A. highest-priority value
• B. highest IP address
• C. lowest IP address
• D. code version

Answer: A

NEW QUESTION # 17
Refer to the exhibit.

The customer can establish a Cisco AnyConnect connection without using an XML profile. When the host "ikev2" is selected in the AnyConnect drop down, the connection fails. What is the cause of this issue?

• A. The HostName is incorrect.
• B. Primary protocol should be SSL.
• C. UserGroup must match connection profile.
• D. The IP address is incorrect.

Answer: C

Explanation:
Reference:
User Group-Specify a user group. The user group is used in conjunction with Host Address to form a group-based URL. If you specify the Primary Protocol as IPsec, the User Group must be the exact name of the connection profile (tunnel group). For SSL, the user group is the group-url of the connection profile.

NEW QUESTION # 18
A network engineer is setting up a clientless SSLVPN on a Cisco ASA. Remote users must be able to access an internal webserver via the URL example.com. Which two steps accomplish this task? (Choose two.)

• A. Configure a DNS server that can resolve the webserver URL.
• B. Configure routing so that the user's computer can reach the webserver.
• C. Configure a browser plugin on the Cisco ASA.
• D. Configure routing so that the Cisco ASA can reach the webserver.
• E. Configure a bookmark for the webserver.

Answer: A,E

NEW QUESTION # 19
Which two types of web resources or protocols are enabled by default on the Cisco ASA Clientless SSL VPN portal? (Choose two.)

• A. HTTP
• B. ICA (Citrix)
• C. RDP
• D. CIFS
• E. VNC

Answer: A,D

Explanation:
HTTP (Hypertext Transfer Protocol) is used for transferring web resources, such as web pages and HTML documents, across the internet. CIFS (Common Internet File System) is used for sharing files and printers between computers on a network. ICA (Citrix), VNC (Virtual Network Computing), and RDP (Remote Desktop Protocol) are not enabled by default on the Cisco ASA Clientless SSL VPN portal.
https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/vpn/asa-94-vpn-config/webvpn-configure-gateway.html

NEW QUESTION # 20

Refer to the exhibit. The DMVPN tunnel is dropping randomly and no tunnel protection is configured. Which spoke configuration mitigates tunnel drops?

• A.
• B.
• C.
• D.

Answer: A

Explanation:
Section: Site-to-site Virtual Private Networks on Routers and Firewalls

NEW QUESTION # 21
Refer to the exhibit.

An IKEv2 site-to-site tunnel between an ASA and a remote peer is not building successfully. What will fix the problem based on the debug output?

• A. Correct crypto access list on both VPN devices.
• B. Install the correct certificate to validate the peer.
• C. Ensure crypto IPsec policy matches on both VPN devices.
• D. Specify the peer IP address in the tunnel group name.

Answer: C

NEW QUESTION # 22
When a FlexVPN is configured, which two components must be configured for IKEv2? (Choose two.)

• A. method
• B. profile
• C. preference
• D. proposal
• E. persistence

Answer: B,D

NEW QUESTION # 23
Where is split tunneling defined for IKEv2 remote access clients on a Cisco router?

• A. webvpn context
• B. virtual template
• C. Group Policy
• D. IKEv2 authorization policy

Answer: C

Explanation:
Section: Secure Communications Architectures

NEW QUESTION # 24
Refer to the exhibit.

An SSL client is connecting to an ASA headend. The session fails with the message "Connection attempt has timed out. Please verify Internet connectivity." Based on how the packet is processed, which phase is causing the failure?

• A. phase 3: UN-NAT
• B. phase 4: ACCESS-LIST
• C. phase 5: NAT
• D. phase 9: rpf-check

Answer: A

NEW QUESTION # 25
What are two differences between ECC and RSA? (Choose two.)

• A. ECC lags in performance when compared with RSA.
• B. ECC cannot have the same security as RSA, even with an increased key size.
• C. Key generation in ECC is slower and more CPU intensive than RSA.
• D. ECC can have the same security as RSA but with a shorter key size.
• E. Key generation in ECC is faster and less CPU intensive than RSA.

Answer: D,E

NEW QUESTION # 26
Refer to the exhibit.

Which two commands under the tunnel-group webvpn-attributes result in a Cisco AnyConnect user receiving the AnyConnect prompt in the exhibit? (Choose two.)

• A. group-policy General internal
• B. authentication aaa
• C. group-alias General enable
• D. authentication certificate
• E. group-url https://172.16.31.10/General enable

Answer: B,C

Explanation:
https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98580-enable-group-dropdown.html

NEW QUESTION # 27
Which Cisco AnyConnect component ensures that devices in a specific internal subnet are only accessible using port 443?

• A. VPN filter
• B. WebACL
• C. routing
• D. split tunnel

Answer: A

Explanation:
https://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/99103-pix-asa-vpn-filter.html#anc6

NEW QUESTION # 28
When a FlexVPN is configured, which two components must be configured for IKEv2? (Choose two.)

• A. method
• B. profile
• C. preference
• D. proposal
• E. persistence

Answer: B,D

Explanation:
https://www.cisco.com/c/en/us/support/security/flexvpn/products-configuration-examples-list.html

NEW QUESTION # 29
Users cannot log in to a Cisco ASA using clientless SSLVPN. Troubleshooting reveals the error message "WebVPN session terminated: Client type not supported". Which step does the administrator take to resolve this issue?

• A. Enable the Cisco AnyConnect premium license on the Cisco ASA.
• B. Have the user upgrade to a supported browser.
• C. Enable the clientless VPN protocol on the group policy.
• D. Increase the simultaneous logins on the group policy.

Answer: C

NEW QUESTION # 30
......

Reliable CCNP Security 300-730 Dumps PDF May 08, 2024 Recently Updated Questions: https://gocertify.actual4labs.com/Cisco/300-730-actual-exam-dumps.html