300-730試験無料問題集（240題）「Cisco Implementing Secure Solutions with Virtual Private Networks 認定」

出題：1

Which DMVPN feature allows spokes to be deployed with dynamically assigned public IP addresses?

A. 2547oDMVPN

B. NAT Traversal

C. NHRP

D. OSPF

正解：C 解答を投票する

出題：2

Which technology and VPN component allows a VPN headend to dynamically learn post NAT IP addresses of remote routers at different sites?

A. GETVPN with NHRP

B. DMVPN with ISAKMP

C. DMVPN with NHRP

D. GETVPN with ISAKMP

正解：C 解答を投票する

出題：3

An engineer would like Cisco AnyConnect users to be able to reach servers within the
10.10.0.0/16 subnet while all other traffic is sent out to the Internet. Which IPsec configuration accomplishes this task?

A.

B.

C.

D.

正解：C 解答を投票する

出題：4

A company's remote locations connect to the data centers via MPLS. A new request requires that unicast and multicast traffic that exits in the remote locations be encrypted. Which non-tunneled technology should be used to satisfy this requirement?

A. SSL

B. FlexVPN

C. GETVPN

D. DMVPN

正解：C 解答を投票する

出題：5

After a network security administrator configures site-to-site IPsec VPN peer, they receive this error message:
1d00h: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Main Mode failed with peer at 150.150.150.1.
What is the solution to this problem?

A. Crypto map must be applied to correct interface.

B. Transport set must match between sites.

C. IPsec policy must match between sites.

D. ISAKMP policy must match between sites.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

Which command is used to troubleshoot an IPv6 FlexVPN spoke-to-hub connectivity failure?

A. show crypto ikev2 sa

B. show crypto identity

C. show crypto gkm

D. show crypto isakmp sa

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

Refer to the exhibit. Which type of VPN is used?

A. Cisco Easy VPN

B. GETVPN

C. Cisco AnyConnect SSL VPN

D. clientless SSL VPN

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

Which command automatically initiates a smart tunnel when a user logs in to the WebVPN portal page?

A. auto-run

B. auto-upgrade

C. auto-start

D. auto-connect

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

Refer to the exhibit. A customer cannot establish an IKEv2 site-to-site VPN tunnel between two Cisco ASA devices. Based on the syslog message, which action brings up the VPN tunnel?

A. Reduce the maximum SA limit on the local Cisco ASA.

B. Remove the maximum SA limit on the remote Cisco ASA.

C. Increase the maximum in-negotiation SA limit on the local Cisco ASA.

D. Correct the crypto access list on both Cisco ASA devices.

正解：C 解答を投票する

出題：10

A network engineer must configure the Cisco ASA so that Cisco AnyConnect clients establishing an SSL VPN connection create an additional tunnel for real-time traffic that is sensitive to packet delays. If this additional tunnel experiences any issues, it must fall back to a TLS connection.
Which two Cisco AnyConnect features must be configured to accomplish this task? (Choose two.)

A. OMTU

B. DPD

C. SSL Rekey

D. DSCP Preservation

E. DTLS

正解：B,E 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：11

Drag and Drop Question
Drag and drop the GETVPN components from the left onto the descriptions on the right.

正解：

出題：12

Which feature of GETVPN is a limitation of DMVPN and FlexVPN?

A. enabled use of ESP or AH

B. design for use over public or private WAN

C. sequence numbers that enable scalable replay checking

D. no requirement for an overlay routing protocol

正解：D 解答を投票する

出題：13

An engineer is configuring IPsec VPN and wants to choose an authentication protocol that is reliable and supports ACK and sequence.
Which protocol accomplishes this goal?

A. AES-192

B. AES-256

C. IKEv1

D. ESP

正解：D 解答を投票する

出題：14

Which statement about GETVPN is true?

A. TEK rekeys can be load-balanced between two key servers operating in COOP.

B. The configuration that defines which traffic to encrypt originates from the key server.

C. The pseudotime that is used for replay checking is synchronized via NTP.

D. Group members must acknowledge all KEK and TEK rekeys, regardless of configuration.

正解：B 解答を投票する

出題：15

A clientless SSLVPN solution is built for 10 employees on a newly installed Cisco ASA. After a couple of days in production, it has been observed that only the first two users to log in each day are able to connect successfully. The remaining users encounter the message "Login failed".
Which action resolves the issue?

A. Increase the number or IP addresses available in the VPN pool.

B. Increase the vpn-simultaneous-logins parameter to a value of more than 2.

C. Verify that the users that cannot log in are in the correct AD group with VPN permissions.

D. Allocate additional Cisco AnyConnect Premium licenses to the ASA.

正解：D 解答を投票する

出題：16

Regarding licensing, which option will allow IKEv2 connections on the adaptive security appliance?

A. Cisco AnyConnect Mobile must be installed to allow AnyConnect IKEv2 sessions.

B. IKEv2 sessions are not licensed.

C. The Advanced Endpoint Assessment license must be installed to allow Cisco AnyConnect IKEv2 sessions.

D. AnyConnect Essentials can be used for Cisco AnyConnect IKEv2 connections.

正解：D 解答を投票する

出題：17

Which command is configured Cisco ASA to allow packets from an IPsec tunnel and the payloads to bypass interface ACLs on the firewall?

A. sysopt connection permit-sslvpn

B. sysopt connection permit-vpn

C. sysopt connection permit-ikev1

D. sysopt connection permit-acl

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：18

Under which section must a bookmark or URL list be configured on a Cisco ASA to be available for clientless SSLVPN users?

A. webvpn (group-policy)

B. tunnel-group (general-attributes)

C. tunnel-group (webvpn-attributes)

D. webvpn (global configuration)

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：19

What is the default rekey timer for security association pair in the case of IPsec for Cisco ASA?

A. 24 hours

B. 12 hours

C. 8 hours

D. 18 hours

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

300-730試験無料問題集「Cisco Implementing Secure Solutions with Virtual Private Networks 認定」