Cisco 300-730 SVPN Exam Questions Instant Access

Question 1

Under which section must a bookmark or URL list be configured on a Cisco ASA to be available for clientless SSLVPN users?

Atunnel-group (general-attributes)

Btunnel-group (webvpn-attributes)

Cwebvpn (group-policy)

Dwebvpn (global configuration)

Answer : C

https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/vpn/asa-97-vpn-config/webvpn-configure-policy-groups.html says clearly: In group-policy webvpn configuration mode, you can specify (list of things, including url-list).

Question 2

Which remote access VPN technology requires the use of the IPsec-proposal configuration option?

Aclientless SSLVPN

BSSLVPN Full Tunnel

CIKEv2-based VPN

DIKEv1-based VPN

Answer : C

https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/vpn/asa-96-vpn-config/vpn-remote-access.html The IPsec-proposal configuration option is used to specify the encryption, integrity, and authentication algorithms that will be used in the IPsec protocol. In the case of IKEv2-based VPN, this option is used to configure the IPsec security associations (SA) that will be established between the VPN client and the VPN gateway during IKEv2 negotiation. IKEv2 uses IPsec as its underlying encryption and authentication protocol, so the IPsec-proposal configuration is essential to establishing a secure VPN tunnel using IKEv2

Question 3

Refer to the exhibit.

DMVPN spoke-to-spoke traffic works, but it passes through the hub, and never sends direct spoke-to-spoke traffic. Based on the tunnel interface configuration shown, what must be configured on the hub to solve the issue?

AEnable NHRP redirect.

BEnable split horizon.

CEnable IP redirects.

DEnable NHRP shortcut.

Answer : A

Question 4

What is a characteristic of GETVPN?

AAn ACL that defines interesting traffic must be configured and applied to the crypto map.

BQuick mode is used to create an IPsec SA.

CThe remote peer for the IPsec session is configured as part of the crypto map.

DAll peers have one IPsec SPI for inbound and outbound communication.

Answer : D

In GETVPN, all group members share a common security association (SA) database and the same keys for encryption and decryption. This approach avoids the need for per-peer IPsec SAs and simplifies the configuration and management of the VPN. Instead of using multiple SAs, GETVPN uses a single SA with a unique Group Domain of Interpretation (GDOI) group key that is distributed to all group members.

Question 5

A network administrator wants the Cisco ASA to automatically start downloading the Cisco AnyConnect client without prompting the user to select between WebVPN or AnyConnect. Which command accomplishes this task?

Aanyconnect ssl df-bit-ignore enable

Banyconnect ask none default anyconnect

Canyconnect ask enable default anyconnect

Danyconnect modules value default

Answer : B

https://networklessons.com/cisco/asa-firewall/cisco-asa-anyconnect-remote-access-vpn#:~:text=The%20anyconnect%20ask%20command%20specifies,of%20the%20anyconnect%20client%20automatically.

Question 6

Refer to the exhibit.

Which type of VPN is being configured, based on the partial configuration snippet?

AGET VPN with COOP key server

BGET VPN with dual group member

CFlexVPN load balancer

DFlexVPN backup gateway

Answer : A

Question 7

An administrator is setting up a VPN on an ASA for users who need to access an internal RDP server. Due to security restrictions, the Microsoft RDP client is blocked from running on client workstations via Group Policy. Which VPN feature should be implemented by the administrator to allow these users to have access to the RDP server?

Aclientless proxy

Bsmart tunneling

Cclientless plug-in

Dclientless rewriter

Answer : C

Cisco Implementing Secure Solutions with Virtual Private Networks 300-730 SVPN Exam Questions