Cisco 300-730 SVPN Exam Practice Test Instant Access

Question 1

A network administrator wants to block traffic to a known malware site at https:/www.badsite.com and all subdomains while ensuring no packets from any internal client are sent to that site. Which type of policy must the network administrator use to accomplish this goal?

AAccess Control policy with URL filtering

BPrefilter policy

CDNS policy

DSSL policy
B) Prefilter policy is a type of policy that allows you to perform fast actions on traffic before it reaches the Access Control policy. You can use prefilter rules to drop, fastpath, or trust traffic based on simple criteria, such as IP addresses or ports. However, prefilter rules do not support URL filtering, so you cannot use them to block traffic based on the website domain3.
C) DNS policy is a type of policy that allows you to inspect and modify DNS requests and responses on your network. You can use DNS rules to block, monitor, or sinkhole DNS queries based on the requested domain name or the response IP address. However, DNS policy does not prevent packets from being sent to the malicious site; it only prevents the DNS resolution of the domain name. A client could still access the site if they know the IP address or use an alternative DNS server.
D) SSL policy is a type of policy that allows you to decrypt and inspect encrypted traffic on your network. You can use SSL rules to determine which traffic to decrypt based on various criteria, such as certificate attributes, cipher suites, or URL categories. However, SSL policy does not block traffic; it only decrypts it for further inspection by other policies.

Answer : A

Question 2

An engineer is creating an URL object on Cisco FMC. How must it be configured so that the object will match for HTTPS traffic in an access control policy?

ASpecify the protocol to match (HTTP or HTTPS).

BUse the FQDN including the subdomain for the website.

CUse the subject common name from the website certificate.

DDefine the path to the individual webpage that uses HTTPS.

Answer : B

Question 3

A network engineer must expand a company's Cisco AnyConnect solution. Currently, a Cisco ASA is set up in North America and another will be installed in Europe with a different IP address. Users should connect to the ASA that has the lowest Round Trip Time from their network location as measured by the AnyConnect client. Which solution must be implemented to meet this requirement?

AVPN Load Balancing

BIP SLA

CDNS Load Balancing

DOptimal Gateway Selection

Answer : D

Question 4

Which clientless SSLVPN supported feature works when the http-only-cookie command is enabled?

ACitrix load balancer

Bport reflector

CJava rewriter -

CJava plug-ins

Dscript browser

Answer : D

Question 5

An administrator is deciding which authentication protocol should be implemented for their upcoming Cisco AnyConnect deployment. A list of the security requirements from upper management are: the ability to force AnyConnect users to use complex passwords such as C1$c0451035084!, warn users a few days before their password expires, and allow users to change their password during a remote access session. Which authentication protocol must be used to meet these requirements?

ALDAPS

BRADIUS

CKerberos

DTACACS+

Answer : A

Question 6

A network administrator wants the Cisco ASA to automatically start downloading the Cisco AnyConnect client without prompting the user to select between WebVPN or AnyConnect. Which command accomplishes this task?

Aanyconnect ssl df-bit-ignore enable

Banyconnect ask none default anyconnect

Canyconnect ask enable default anyconnect

Danyconnect modules value default

Answer : B

Question 7

Refer to the exhibit.

An engineer has configured two new VPN tunnels to 172.18.1.1 and 172.19.1.1. However, communication between 10.1.0.10 and 10.1.11.10 does not function. Which action should be taken to resolve this issue?

ARemove and reapply the crypto map to the interface.

BInsert routes for the 10.1.9.0/24 and 10.1.10.0/24 subnets.

CModify the transform set to use transport mode.

DAdjust the network objects to match the appropriate subnets.

Answer : D

Cisco 300-730 Implementing Secure Solutions with Virtual Private Networks SVPN Exam Practice Test