300-730試験無料問題集（208題）「Cisco Implementing Secure Solutions with Virtual Private Networks 認定」

出題：1

A user is experiencing delays on audio calls over a Cisco AnyConnect VPN. Which implementation step resolves this issue?

A. Shorten the encryption key lifetime.

B. Change to 3DES Encryption.

C. Enable DTLS.

D. Install the Cisco AnyConnect 2.3 client for the user to download.

正解：C 解答を投票する

出題：2

Which command shows the smart default configuration for an IPsec profile?

A. show smart-defaults ipsec profile

B. show crypto ipsec profile default

C. show run all crypto ipsec profile

D. ipsec profile does not have any smart default configuration

正解：B 解答を投票する

出題：3

An engineer has integrated a new DMVPN to link remote offices across the internet using Cisco IOS routers. When connecting to remote sites, pings and voice data appear to flow properly, and all tunnel stats show that they are up. However, when trying to connect to a remote server using RDP, the connection fails. Which action resolves this issue?

A. Add RDP port to the extended ACL.

B. Replace certificate on the RDP server.

C. Adjust the MTU size within the routers.

D. Change DMVPN timeout values.

正解：C 解答を投票する

出題：4

What are two variables for configuring clientless SSL VPN single sign-on? (Choose two.)

A. CSCO_WEBVPN_RADIUS_USER

B. CSCO_WEBVPN_INTERNAL_PASSWORD

C. CSCO_WEBVPN_OTP_PASSWORD

D. CSCO_WEBVPN_USERNAME

正解：B,D 解答を投票する

出題：5

Which two statements about the Cisco ASA Clientless SSL VPN solution are true? (Choose two.)

A. The rewriter enable command under the global webvpn configuration enables the rewriter functionality because that feature is disabled by default.

B. When a client connects to the Cisco ASA WebVPN portal and tries to access HTTP resources through the URL bar, the client uses the local DNS to perform FQDN resolution.

C. Clientless SSLVPN provides Layer 3 connectivity into the secured network.

D. When a client connects to the Cisco ASA WebVPN portal and tries to access HTTP resources through the URL bar, the ASA uses its configured DNS servers to perform FQDN resolution.

E. A Cisco ASA can simultaneously allow Clientless SSL VPN sessions and AnyConnect client sessions.

正解：D,E 解答を投票する

出題：6

A network engineer is setting up Cisco AnyConnect 4.9 on a Cisco ASA running ASA software
9.1. Cisco AnyConnect must connect to the Cisco ASA before the user logs on so that login scripts can work successfully. In addition, the VPN must connect without user intervention. Which two key steps accomplish this task? (Choose two.)

A. Create a Cisco AnyConnect VPN profile with Always On set to true.

B. Issue an identity certificate to the trusted root CA folder in the machine store.

C. Create a Cisco Anyconnect VPN Management Tunnel profile.

D. Create a Cisco AnyConnect VPN profile with Start Before Logon set to true.

E. Create a Network Access Manager profile with a client policy set to connect before user logon.

正解：B,D 解答を投票する

出題：7

Which two tasks must be performed to implement a clientless VPN on the Cisco ASA? (Choose two.)

A. Install an enrolled X.509 Certificate.

B. Configure a portal customization.

C. Configure a connection profile

D. Configure a language translation file.

E. Upload an AnyConnect Package.

正解：A,C 解答を投票する

出題：8

Refer to the exhibit. Which type of Cisco VPN is shown for group Cisc012345678?

A. GETVPN

B. DMVPN

C. Cisco AnyConnect Client VPN

D. Clientless SSLVPN

正解：C 解答を投票する

出題：9

Refer to the exhibit. The customer can establish an AnyConnect connection on the first attempt only. Subsequent attempts fail. What might be the issue?

A. IKEv2 is blocked over the path.

B. The primary protocol should be SSL.

C. UserGroup must be the same as the name of the connection profile.

D. UserGroup must be different than the name of the connection profile.

正解：C 解答を投票する

出題：10

Which statement about GETVPN is true?

A. TEK rekeys can be load-balanced between two key servers operating in COOP.

B. The configuration that defines which traffic to encrypt originates from the key server.

C. The pseudotime that is used for replay checking is synchronized via NTP.

D. Group members must acknowledge all KEK and TEK rekeys, regardless of configuration.

正解：B 解答を投票する

出題：11

In a FlexVPN deployment, the spokes successfully connect to the hub, but spoke-to-spoke tunnels do not form. Which troubleshooting step solves the issue?

A. Verify that the spoke receives redirect messages and sends resolution requests.

B. Verify that the tunnel interface is contained within a VRF.

C. Verify the hub configuration to check if the NHRP shortcut is enabled.

D. Verify the spoke configuration to check if the NHRP redirect is enabled.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：12

What are two differences between ECC and RSA? (Choose two.)

A. Key generation in ECC is slower and more CPU intensive than RSA.

B. ECC lags in performance when compared with RSA.

C. Key generation in ECC is faster and less CPU intensive than RSA.

D. ECC can have the same security as RSA but with a shorter key size.

E. ECC cannot have the same security as RSA, even with an increased key size.

正解：C,D 解答を投票する

出題：13

Refer to the exhibit. A user is connecting from behind a PC with a private IP Address. Their ISP provider is blocking TCP port 443. Which AnyConnect XML configuration will allow the user to establish a connection with the ASA?