Cisco 300-730 SVPN Exam Questions Instant Access

Question 1

Which parameter must match on all routers in a DMVPN Phase 3 cloud?

AGRE tunnel key

BNHRP network ID

Ctunnel VRF

DEIGRP split-horizon setting

Answer : A

NHRP network IDs are locally significant and can be different. It makes sense from a deployment and maintenance perspective to use unique network ID numbers (using the ip nhrp network-id command) across all routers in a DMVPN network, but it is not necessary that they be the same. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/15-mt/sec-conn-dmvpn-15-mt-book/sec-conn-dmvpn-dmvpn.html

Question 2

Refer to the exhibit.

The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch is the problem?

Apreshared key

Bpeer identity

Ctransform set

Dikev2 proposal

Answer : B

Question 3

While troubleshooting, an engineer finds that the show crypto isakmp sa command indicates that the last state of the tunnel is MM_KEY_EXCH. What is the next step that should be taken to resolve this issue?

AVerify that the ISAKMP proposals match.

BEnsure that UDP 500 is not being blocked between the devices.

CCorrect the peer's IP address on the crypto map.

DConfirm that the pre-shared keys match on both devices.

Answer : D

https://www.networkworld.com/article/2288666/chapter-4--common-ipsec-vpn-issues.html

Question 4

Which IKE identity does an IOS/IOS-XE headend expect to receive if an IPsec Cisco AnyConnect client uses default settings?

A*$SecureMobilityClient$*

B*$AnyConnectClient$*

C*$RemoteAccessVpnClient$*

D*$DfltlkeldentityS*

Answer : B

Question 5

Refer to the exhibit.

Which type of VPN implementation is displayed?

AIKEv1 cluster

BIKEv2 backup gateway

CIKEv2 load balancer

DIKEv2 reconnect

Answer : C

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/xe-16-10/sec-flex-vpn-xe-16-10-book/sec-cfg-clb-supp.html

Question 6

Refer to the exhibit.

Which two tunnel types produce the show crypto ipsec sa output seen in the exhibit? (Choose two.)

Acrypto map

BDMVPN

CGRE

DFlexVPN

EVTI

Answer : B, E

Question 7

Refer to the exhibit.

The network administrator must allow the Cisco AnyConnect Secure Mobility Client to securely access the corporate resources via IKEv2 and print locally. Traffic that is destined for the Internet must still be tunneled to the Cisco AS

AWhich configuration does the administrator use to accomplish this goal?

ASplit exclude policy with a deny for 192.168.0.3/32.

BSplit exclude policy with a permit for 0.0.0.0/32.

CTunnel all policy.

DSplit include policy with a permit for 192.168.0.0/24.

Answer : B

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/70847-local-lan-pix-asa.html

Cisco Implementing Secure Solutions with Virtual Private Networks 300-730 SVPN Exam Questions