300-730 Free Certification Exam Material from Free4Torrent with 100 Questions
Use Real 300-730 - 100% Cover Real Exam Questions
NEW QUESTION 36
Refer to the exhibit.
Which two conclusions should be drawn from the DMVPN phase 2 configuration? (Choose two.)
- A. Next-hop-self is required.
- B. EIGRP route redistribution is not allowed.
- C. Spoke-to-spoke communication is allowed.
- D. EIGRP is used as the dynamic routing protocol.
- E. EIGRP neighbor adjacency will fail.
Answer: C,D
NEW QUESTION 37
Which two commands help determine why the NHRP registration process is not being completed even after the IPsec tunnel is up? (Choose two.)
- A. show crypto isakmp sa
- B. show ip nhrp traffic
- C. show ip traffic
- D. show crypto ipsec sa
- E. show dmvpn detail
Answer: A,B
Explanation:
Section: Secure Communications Architectures
NEW QUESTION 38
Which statement about GETVPN is true?
- A. The pseudotime that is used for replay checking is synchronized via NTP.
- B. The configuration that defines which traffic to encrypt originates from the key server.
- C. Group members must acknowledge all KEK and TEK rekeys, regardless of configuration.
- D. TEK rekeys can be load-balanced between two key servers operating in COOP.
Answer: B
NEW QUESTION 39
Which two types of SSO functionality are available on the Cisco ASA without any external SSO servers? (Choose two.)
- A. OAuth 2.0
- B. Kerberos
- C. NTLM
- D. SAML
- E. HTTP Basic
Answer: C,E
NEW QUESTION 40
Which VPN solution uses TBAR?
- A. GETVPN
- B. Cisco AnyConnect
- C. DMVPN
- D. VTI
Answer: A
Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_getvpn/configuration/xe-3s/sec-get- vpn-xe-3s-book/sec-get-vpn.html
NEW QUESTION 41
Which method dynamically installs the network routes for remote tunnel endpoints?
- A. reverse route injection
- B. route filtering
- C. CEF
- D. policy-based routing
Answer: A
Explanation:
Reference:
<https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnav/configuration/12-4t/sec-vpn- availability-12-4t-book/sec-rev-rte-inject.html>
NEW QUESTION 42
Which technology works with IPsec stateful failover?
- A. GLBR
- B. HSRP
- C. VRRP
- D. GRE
Answer: B
Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/12_2y/12_2yx11/feature/guide/ ft_vpnha.html#wp1122512
NEW QUESTION 43
A Cisco ASA is configured in active/standby mode. What is needed to ensure that Cisco AnyConnect users can connect after a failover event?
- A. AnyConnect client must point to the standby IP address.
- B. AnyConnect images must be uploaded to both failover ASA devices.
- C. Configure a backup server in the XML profile.
- D. The vpnsession-db must be cleared manually.
Answer: B
Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ ha_active_standby.html
NEW QUESTION 44
Refer to the exhibit.
An engineer is troubleshooting a new GRE over IPsec tunnel. The tunnel is established but the engineer cannot ping from spoke 1 to spoke 2. Which type of traffic is being blocked?
- A. ISAKMP packets from spoke1 to spoke2
- B. ESP packets from spoke1 to spoke2
- C. ESP packets from spoke2 to spoke1
- D. ISAKMP packets from spoke2 to spoke1
Answer: C
NEW QUESTION 45
Refer to the exhibit.
Which value must be configured in the User Group field when the Cisco AnyConnect Profile is created to connect to an ASA headend with IPsec as the primary protocol?
- A. tunnel-group
- B. group-alias
- C. group-policy
- D. address-pool
Answer: A
Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect41/ administration/guide/b_AnyConnect_Administrator_Guide_4-1/configure-vpn.html
NEW QUESTION 46
Refer to the exhibit.
The DMVPN spoke is not establishing a session with the hub. Which two actions resolve this issue? (Choose two.)
- A. Change the spoke nhs to 172.16.18.1 and the nbma to 10.0.0.1.
- B. Change the transform set to mode tunnel.
- C. Change the nhrp authentication key on the spoke to cisco123.
- D. Change the ISAKMP policy authentication on the spoke to pre-shared.
- E. Change the ISAKMP key address on the spoke to 0.0.0.0.
Answer: C,E
NEW QUESTION 47
Which command is used to troubleshoot an IPv6 FlexVPN spoke-to-hub connectivity failure?
- A. show crypto ikev2 sa
- B. show crypto isakmp sa
- C. show crypto identity
- D. show crypto gkm
Answer: A
Explanation:
Section: Troubleshooting using ASDM and CLI
Explanation/Reference: https://www.cisco.com/c/en/us/support/docs/security/flexvpn/116413-configure-flexvpn-00.pdf
NEW QUESTION 48
Refer to the exhibit.
Upon setting up a tunnel between two sites, users are complaining that connections to applications over the VPN are not working consistently. The output of show crypto ipsec sa was collected on one of the VPN devices. Based on this output, what should be done to fix this issue?
- A. Make an adjustment to IPSec replay window.
- B. Enable perfect forward secrecy.
- C. Lower the tunnel MTU.
- D. Specify the application networks in the remote identity.
Answer: C
NEW QUESTION 49
What are two functions of ECDH and ECDSA? (Choose two.)
- A. digital signature
- B. encryption
- C. revocation
- D. nonrepudiation
- E. key exchange
Answer: A,E
Explanation:
Section: Secure Communications Architectures
Explanation/Reference: https://tools.cisco.com/security/center/resources/next_generation_cryptography
NEW QUESTION 50
Refer to the exhibit.
The DMVPN tunnel is dropping randomly and no tunnel protection is configured. Which spoke configuration mitigates tunnel drops?


- A. Option A
- B. Option D
- C. Option B
- D. Option C
Answer: B
NEW QUESTION 51
......
Dumps Brief Outline Of The 300-730 Exam: https://www.free4torrent.com/300-730-braindumps-torrent.html
300-730 Training & Certification Get Latest CCNP Security : https://drive.google.com/open?id=1yzT6v_7MFmj5pyxFo-cXOBSdwDmYyJxs