300-730試験無料問題集（240題）「Cisco Implementing Secure Solutions with Virtual Private Networks 認定」

出題：1

Refer to the exhibit. An engineer must configure a FlexVPN site-to-site GRE tunnel that uses iPsec between two Cisco routers. The indicated configuration was applied on Router_B, but the tunnel fails to come up. Which IP address must be set on Router_B to resolve the issue?

A. 192.16.1.1

B. 192.168.10.1

C. 192.16.1.2

D. 192.168.10.2

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Refer to the exhibit. The DMVPN tunnel is dropping randomly and no tunnel protection is configured.

Which spoke configuration mitigates tunnel drops?

A.

B.

C.

D.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

Which two commands help determine why the NHRP registration process is not being completed even after the IPsec tunnel is up? (Choose two.)

A. show crypto ipsec sa

B. show dmvpn detail

C. show ip traffic

D. show ip nhrp traffic

E. show crypto isakmp sa

正解：B,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

While troubleshooting, an engineer finds that the show crypto isakmp sa command indicates that the last state of the tunnel is MM_KEY_EXCH. What is the next step that should be taken to resolve this issue?

A. Ensure that UDP 500 is not being blocked between the devices.

B. Correct the peer's IP address on the crypto map.

C. Confirm that the pre-shared keys match on both devices.

D. Verify that the ISAKMP proposals match.

正解：C 解答を投票する

出題：5

Which remote access VPN technology requires transform sets to be explicitly defined?

A. Cisco Anyconnect

B. FlexVPN

C. IPSec

D. Clientless SSLVPN

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

A network administrator is troubleshooting a FlexVPN tunnel. The hub router is unable to ping the spoke router's tunnel interface IP address of 192.168.1.2, even though the tunnel is showing up.
The output of the debug ip packet CLI command on the hub router shows the following entry.
IP: tableid=0123456789 s=192.168.1.1 (local), d=192.168.1.2 (loopback2), routed via FIB.
What must be configured to fix this issue?

A. A route map must be configured on hub router to set the next hop for 192.168.1.2 to the dynamic VTI.

B. A matching IKEv2 pre-shared key on the hub and spoke routers in the crypto keyring configuration.

C. An IKEv2 authorization policy must be configured on the spoke router to advertise the interface route.

D. An outbound ACL on the dynamic VTI of the hub router that allows ICMP traffic to 192.168.1.2.

正解：C 解答を投票する

出題：7

Where must an engineer configure a preshared key for a site-to-site VPN tunnel configured on a Cisco ASA?

A. isakmp policy

B. crypto map

C. group policy

D. tunnel group

正解：D 解答を投票する

出題：8

Refer to the exhibit. A network administrator is setting up Cisco AnyConnect on an ASA headend.
When users attempt to connect to the VPN, they are presented with this message. The administrator has replaced the ASA's self-signed certificate with a certificate enrolled with the internal CA and has confirmed that the certificate is not revoked. Which two tasks will the administrator need to do to prevent users from seeing this message? (Choose two.)

A. Enroll and import an SSL certificate with the CN value example.cisco.com on the ASA.

B. Trust the issuing CA for the ASA identity certificate on the user's PC.

C. Enable certificate authentication under the connection profile.

D. Add the CN example.cisco.com to the AnyConnect XML certificate matching section.

E. Add example.cisco.com to the server name list within the AnyConnect Local Policy.

正解：A,B 解答を投票する

出題：9

Cisco AnyConnect clients need to transfer large files over the VPN sessions. Which protocol provides the best throughput?

A. SSL/TLS

B. L2TP

C. IPsec IKEv1

D. DTLS

正解：D 解答を投票する

出題：10

Users are getting untrusted server warnings when they connect to the URL https://asa.lab from their browsers. This URL resolves to 192.168.10.10, which is the IP address for a Cisco ASA configured for a clientless VPN. The VPN was recently set up and issued a certificate from an internal CA server. Users can connect to the VPN by ignoring the message, however, when users access other webservers that use certificates issued by the same internal CA server, they do not experience this issue. Which action resolves this issue?

A. Reissue the certificate with asa.lab in the subject alternative name field.

B. Reissue the certificate with 192.168.10.10 in the subject common name field.

C. Import the CA that signed the certificate into the user trusted root CA store.

D. Import the CA that signed the certificate into the machine trusted root CA store.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：11

Refer to the exhibit. Which type of VPN is being configured, based on the partial configuration snippet?

A. FlexVPN load balancer

B. GET VPN with COOP key server

C. FlexVPN backup gateway

D. GET VPN with dual group member

正解：B 解答を投票する

出題：12

Which requirement is needed to use local authentication for Cisco AnyConnect Secure Mobility Clients that connect to a FlexVPN server?

A. AnyConnect profile

B. EAP query-identity

C. use of certificates instead of username and password

D. EAP-AnyConnect

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：13

Which remote access VPN technology requires the use of the IPsec-proposal configuration option?

A. IKEv1-based VPN

B. SSLVPN Full Tunnel

C. clientless SSLVPN

D. IKEv2-based VPN

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

300-730試験無料問題集「Cisco Implementing Secure Solutions with Virtual Private Networks 認定」