300-730試験無料問題集（208題）「Cisco Implementing Secure Solutions with Virtual Private Networks 認定」

出題：1

A network engineer must design a clientless VPN solution for a company. VPN users must be able to access several internal web servers. When reachability to those web servers was tested, it was found that one website is not being rewritten correctly by the ASA. What is a potential solution for this issue while still allowing it to be a clientless VPN setup?

A. Set up a WebACL to permit the IP address of the web server.

B. Set up a smart tunnel with the IP address of the web server.

C. Set up a NAT rule that translates the ASA public address to the web server private address on port 80.

D. Set up Cisco AnyConnect with a split tunnel that has the IP address of the web server.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Which two components are required in a Cisco IOS GETVPN key server configuration? (Choose two.)

A. L2TP protocol

B. RSA key

C. GRE tunnel

D. SSL cipher

E. IKE policy

正解：B,E 解答を投票する

出題：3

Under which section must a bookmark or URL list be configured on a Cisco ASA to be available for clientless SSLVPN users?

A. webvpn (group-policy)

B. tunnel-group (general-attributes)

C. tunnel-group (webvpn-attributes)

D. webvpn (global configuration)

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Refer to the exhibit. The VPN tunnel between the FlexVPN spoke and FlexVPN hub 192.168.0.12 is failing.
What should be done to correct this issue?

A. Add the address 192.168.0.12 255.255.255.255 command to the keyring configuration.

B. Add the tunnel mode gre ip command to the tunnel configuration.

C. Add the aaa authorization group psk list Flex_AAA Flex_Auth command to the IKEv2 profile configuration.

D. Add the match fvrf any command to the IKEv2 policy.

正解：C 解答を投票する

出題：5

Which statement about GETVPN is true?

A. TEK rekeys can be load-balanced between two key servers operating in COOP.

B. The configuration that defines which traffic to encrypt originates from the key server.

C. The pseudotime that is used for replay checking is synchronized via NTP.

D. Group members must acknowledge all KEK and TEK rekeys, regardless of configuration.

正解：B 解答を投票する

出題：6

Which IKE identity does an IOS/IOS-XE headend expect to receive if an IPsec Cisco AnyConnect client uses default settings?

A. *$RemoteAccessVpnClient$*

B. *$DfltlkeldentityS*

C. *$SecureMobilityClient$*

D. *$AnyConnectClient$*

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

What must be configured in a FlexVPN deployment to allow for direct communication between spokes connected to different hubs?

A. A GRE tunnel must exist between hub routers.

B. EIGRP must be used as routing protocol.

C. Hub routers must be on same Layer 2 network.

D. Load balancing must be disabled.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

An engineer is using DMVPN to provide secure connectivity between a data center and remote sites. Which two routing protocols should be used between the routers? (Choose two.)

A. EIGRP

B. BGP

C. OSPF

D. RIPv2

E. IS-IS

正解：A,B 解答を投票する

出題：9

Refer to the exhibit. DMVPN spoke-to-spoke traffic works, but it passes through the hub, and never sends direct spoke-to-spoke traffic. Based on the tunnel interface configuration shown, what must be configured on the hub to solve the issue?

A. Enable split horizon.

B. Enable IP redirects.

C. Enable NHRP shortcut.

D. Enable NHRP redirect.

正解：D 解答を投票する

出題：10

A network engineer is configuring a server. The router will terminate encrypted VPN connections on g0/0, which is in the VRF "Internet". The clear-text traffic that must be encrypted before being sent out traverses g0/1, which is in the VRF "Internal". Which two VRF-specific configurations allow VPN traffic to traverse the VRF-aware interfaces? (Choose two.)

A. Under the IKEv2 profile, add the ivrf Internal command.

B. Under the IKEv2 profile, add the match fvrf Internal command.

C. Under the IKEv2 profile, add the match fvrf Internet command.

D. Under the virtual-template interface, add the tunnel vrf Internet command.

E. Under the virtual-template interface, add the ip vrf forwarding Internet command.

正解：C,D 解答を投票する

出題：11

Refer to the exhibit. The network security engineer identified that the hub router cannot send traffic to the spoke router. Based on the provided output, which action resolves the issue?

A. Correct the next hop server IP address on the spoke router.

B. Permit UDP ports 500 and 4500 between the hub and spoke.

C. Adjust the ip nhrp network-id command on the hub router.

D. Ensure the preshared key on the hub-and-spoke router matches.

正解：A 解答を投票する

出題：12

Regarding licensing, which option will allow IKEv2 connections on the adaptive security appliance?

A. Cisco AnyConnect Mobile must be installed to allow AnyConnect IKEv2 sessions.

B. IKEv2 sessions are not licensed.

C. The Advanced Endpoint Assessment license must be installed to allow Cisco AnyConnect IKEv2 sessions.

D. AnyConnect Essentials can be used for Cisco AnyConnect IKEv2 connections.

正解：D 解答を投票する

出題：13

A network engineer must expand a company's Cisco AnyConnect solution. Currently, a Cisco ASA is set up in North America and another will be installed in Europe with a different IP address.
Users should connect to the ASA that has the lowest Round Trip Time from their network location as measured by the AnyConnect client. Which solution must be implemented to meet this requirement?

A. DNS Load Balancing

B. VPN Load Balancing

C. IP SLA

D. Optimal Gateway Selection

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

300-730試験無料問題集「Cisco Implementing Secure Solutions with Virtual Private Networks 認定」