Cisco 300-730 SVPN Exam Questions Instant Access

Question 1

Which two features provide headend resiliency for Cisco AnyConnect clients? (Choose two.)

AAnyConnect Auto Reconnect

BAnyConnect Network Access Manager

CAnyConnect Backup Servers

DASA failover

EAnyConnect Always On

Answer : C, D

According to the Implementing Secure Solutions with Virtual Private Networks (SVPN) documents and learning resources available at cisco.com, the two features that provide headend resiliency for Cisco AnyConnect clients are:

AnyConnect Backup Servers: This feature allows the AnyConnect client to automatically connect to a backup server in case the primary server is unreachable or fails. The backup server list is configured on the ASA or IOS headend and pushed to the client during the VPN connection establishment. The client can also manually select a backup server from the list if needed.This feature enhances the availability and reliability of the VPN service for the clients12.

ASA failover: This feature enables two identical ASAs to be paired together as an active/standby or active/active pair. The ASAs synchronize their configuration and state information and monitor each other's health. If the active ASA fails or becomes unreachable, the standby ASA takes over the traffic and VPN sessions without any disruption for the clients.This feature provides high availability and redundancy for the VPN headend34.

1: AnyConnect Backup Servers2:Redundancy options for IOS Headend for AnyConnect Clients3: ASA Failover4:AnyConnect Implementation and Performance/Scaling Reference for COVID-19 Preparation

Question 2

Which command identifies a Cisco AnyConnect profile that was uploaded to the flash of an IOS router?

Asvc import profile SSL_profile flash:simos-profile.xml

Banyconnect profile SSL_profile flash:simos-profile.xml

Ccrypto vpn anyconnect profile SSL_profile flash:simos-profile.xml

Dwebvpn import profile SSL_profile flash:simos-profile.xml

Answer : C

Question 3

Which parameter in IPsec VPN tunnel configurations is optional?

Ahash

Blifetime

Cencryption

DPerfect Forward Secrecy

Answer : D

Question 4

A network engineer is setting up Cisco AnyConnect 4.9 on a Cisco ASA running ASA software 9.1. Cisco AnyConnect must connect to the Cisco ASA before the user logs on so that login scripts can work successfully. In addition, the VPN must connect without user intervention. Which two key steps accomplish this task? (Choose two.)

ACreate a Network Access Manager profile with a client policy set to connect before user logon.

BCreate a Cisco AnyConnect VPN profile with Start Before Logon set to true.

CIssue an identity certificate to the trusted root CA folder in the machine store.

DCreate a Cisco AnyConnect VPN profile with Always On set to true.

ECreate a Cisco Anyconnect VPN Management Tunnel profile.

Answer : B, C

https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/215442-configure-anyconnect-management-vpn-tunn.html

Question 5

A network engineer is setting up a clientless SSLVPN on a Cisco AS

ARemote users must be able to access an internal webserver via the URL example.com. Which two steps accomplish this task? (Choose two.)

AConfigure a bookmark for the webserver.

BConfigure routing so that the user's computer can reach the webserver.

CConfigure a DNS server that can resolve the webserver URL.

DConfigure a browser plugin on the Cisco ASA.

EConfigure routing so that the Cisco ASA can reach the webserver.

Answer : A, A, C

Question 6

Which remote access VPN technology requires the use of the IPsec-proposal configuration option?

Aclientless SSLVPN

BSSLVPN Full Tunnel

CIKEv2-based VPN

DIKEv1-based VPN

Answer : C

https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/vpn/asa-96-vpn-config/vpn-remote-access.html The IPsec-proposal configuration option is used to specify the encryption, integrity, and authentication algorithms that will be used in the IPsec protocol. In the case of IKEv2-based VPN, this option is used to configure the IPsec security associations (SA) that will be established between the VPN client and the VPN gateway during IKEv2 negotiation. IKEv2 uses IPsec as its underlying encryption and authentication protocol, so the IPsec-proposal configuration is essential to establishing a secure VPN tunnel using IKEv2

Question 7

An engineer has integrated a new DMVPN to link remote offices across the internet using Cisco IOS routers. When connecting to remote sites, pings and voice data appear to flow properly, and all tunnel stats show that they are up. However, when trying to connect to a remote server using RDP, the connection fails. Which action resolves this issue?

AAdjust the MTU size within the routers.

BAdd RDP port to the extended ACL.

CReplace certificate on the RDP server.

DChange DMVPN timeout values.

Answer : A

Cisco Implementing Secure Solutions with Virtual Private Networks 300-730 SVPN Exam Questions