300-730試験無料問題集（240題）「Cisco Implementing Secure Solutions with Virtual Private Networks 認定」

出題：1

A network administrator is troubleshooting an IPSec Site-to-Site VPN tunnel on a Cisco ASA firewall. The VPN tunnel is established but is unable to pass traffic between 192.168.10.155 and
192.168.100.172. The administrator observes the log message:
%ASA-4-402116: IPSEC: Received an ESP packet (SPI= 0x489041899C,
sequence number= 0x9E) from 100.1.1.1 (user= 100.1.1.1) to 12.12.12.12.
What must the administrator do to resolve this issue?

A. Configure ACL for interesting traffic to match remote firewall.

B. Confirm that IP address of tunnel interface is correctly configured.

C. Implement IKE Phase 1 proposal to match other firewall.

D. Setup identical Pre-shared keys must be on both firewalls.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

A user is trying to log in to a Cisco ASA using the clientless SSLVPN feature and receives the error message "clientless (browser) SSLVPN access is not allowed". Which step should the Cisco ASA administrator take to resolve this issue?

A. Enable the clientless VPN protocol on the group policy.

B. Increase the number of simultaneous logins allowed on the group policy.

C. Validate that the correct license is in use on the ASA for WebVPN.

D. Verify that a user account exists in the local AAA database for the user.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

A Cisco AnyConnect client establishes a SSL VPN connection with an ASA at the corporate office. An engineer must ensure that the client computer meets the enterprise security policy.
Which feature can update the client to meet an enterprise security policy?

A. Endpoint Assessment

B. Advanced Endpoint Assessment

C. Basic Host Scan

D. Cisco Secure Desktop

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Which two commands help determine why the NHRP registration process is not being completed even after the IPsec tunnel is up? (Choose two.)

A. show crypto ipsec sa

B. show dmvpn detail

C. show ip traffic

D. show ip nhrp traffic

E. show crypto isakmp sa

正解：B,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

On an ASA with multiple connection profiles for different departments, what is the best design to ensure that AnyConnect users are assigned the correct connection profile based on their department and do not have the ability to choose a different connection profile?

A. group alias

B. certificate mapping

C. dynamic access policy

D. group URL

正解：D 解答を投票する

出題：6

Refer to the exhibit. Which VPN technology is allowed for users connecting to the Employee tunnel group?

A. crypto map

B. SSL AnyConnect

C. IKEv2 AnyConnect

D. clientless

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

What is a characteristic of GET VPN?

A. tunnel-less

B. hub-and-spoke

C. tunneled

D. peer-to-peer

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

An engineer is using DMVPN to provide secure connectivity between a data center and remote sites. Which two routing protocols should be used between the routers? (Choose two.)

A. EIGRP

B. BGP

C. OSPF

D. RIPv2

E. IS-IS

正解：A,B 解答を投票する

出題：9

What are two variables for configuring clientless SSL VPN single sign-on? (Choose two.)

A. CSCO_WEBVPN_RADIUS_USER

B. CSCO_WEBVPN_INTERNAL_PASSWORD

C. CSCO_WEBVPN_OTP_PASSWORD

D. CSCO_WEBVPN_USERNAME

正解：B,D 解答を投票する

出題：10

Refer to the exhibit. An engineer is diagnosing an issue that occurred after a router at a branch site was assigned a new address. Based on the debugs, what must be done to resolve this issue?

A. Add the remote peer's identity to the server's IKEv2 profile.

B. Ensure that the correct preshared keys are set on both sides.

C. Ensure that the UDP 500 packets between devices are not dropped.

D. Add the remote peer's IP address to the server's IKEv2 keyring.

正解：A 解答を投票する

出題：11

Refer to the exhibit. The DMVPN spoke is not establishing a session with the hub. Which two actions resolve this issue? (Choose two.)

A. Change the transform set to mode tunnel.

B. Change the ISAKMP key address on the spoke to 0.0.0.0.

C. Change the nhrp authentication key on the spoke to cisco123.

D. Change the spoke nhs to 172.16.18.1 and the nbma to 10.0.0.1.

E. Change the ISAKMP policy authentication on the spoke to pre-shared.

正解：C,E 解答を投票する

出題：12

Which Cisco AnyConnect component ensures that devices in a specific internal subnet are only accessible using port 443?

A. routing

B. split tunnel

C. WebACL

D. VPN filter

正解：D 解答を投票する

出題：13

Refer to the exhibit. Based on the configuration output, what is the VPN technology?

A. L2VPN

B. DMVPN

C. site-to-site

D. multicast VPN

正解：A 解答を投票する

出題：14

Drag and Drop Question
Drag and drop the GET VPN components from the left onto the correct descriptions on the right.

正解：

出題：15

Which type of VPN technology is being used when the ssl trust-point <trustpoint name>
<interface name> command is configured?

A. IPsec site-to-site VPN

B. SSL Remote Access VPN

C. GETVPN

D. DMVPN

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：16

A Cisco ASA is configured in active/standby mode. What is needed to ensure that Cisco AnyConnect users can connect after a failover event?

A. AnyConnect images must be uploaded to both failover ASA devices.

B. Configure a backup server in the XML profile.

C. AnyConnect client must point to the standby IP address.

D. The vpnsession-db must be cleared manually.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：17

Refer to the exhibit. Which type of VPN is being configured, based on the partial configuration snippet?

A. FlexVPN load balancer

B. GET VPN with COOP key server

C. FlexVPN backup gateway

D. GET VPN with dual group member

正解：B 解答を投票する

出題：18

An engineer has integrated a new DMVPN to link remote offices across the internet using Cisco IOS routers. When connecting to remote sites, pings and voice data appear to flow properly, and all tunnel stats show that they are up. However, when trying to connect to a remote server using RDP, the connection fails. Which action resolves this issue?

A. Add RDP port to the extended ACL.

B. Replace certificate on the RDP server.

C. Adjust the MTU size within the routers.

D. Change DMVPN timeout values.

正解：C 解答を投票する

出題：19

Refer to the exhibit. A user is connecting from behind a PC with a private IP Address. Their ISP provider is blocking TCP port 443. Which AnyConnect XML configuration will allow the user to establish a connection with the ASA?

A.

B.

C.

D.

正解：C 解答を投票する

300-730試験無料問題集「Cisco Implementing Secure Solutions with Virtual Private Networks 認定」