Free 300-730 Sample Questions — Implementing Secure Solutions with Virtual Private Networks (SVPN 300-730)

A user is trying to log in to a Cisco ASA using the clientless SSLVPN feature and receives the error message "clientless (browser) SSLVPN access is not allowed". Which step should the Cisco ASA administrator take to resolve this issue?

• A. Enable the clientless VPN protocol on the group policy
• B. Validate that the correct license is in use on the ASA for WebVPN
• C. Increase the number of simultaneous logins allowed on the group policy
• D. Verify that a user account exists in the local AAA database for the user

An engineer is requesting an SSL certificate for a VPN load-balancing cluster in which two Cisco ASAs provide clientless SSLVPN access. The FQDN that users will enter to access the clientless VPN is asa.example.com, and users will be redirected to either asa1.example.com or asa2.example.com. The cluster FQDN and individual Cisco ASAs FQDNs resolve to IP addresses 192.168.0.1, 192.168.0.2, and 192.168.0.3 respectively. The issued certificate must be able to be used to validate the identity of either ASA in the cluster without returning any certificate validation errors. Which fields must be included in the certificate to meet these requirements?

• A. CN=*.example.com, SAN=asa.example.com
• B. CN=192.168.0.1, SAN=asa1.example.com, asa2.example.com
• C. CN=asa.example.com, SAN=asa.example.com, asa1.example.com, asa2.example.com
• D. CN=192.168.0.1, SAN=192.168.0.1, 192.168.0.2, 192.168.0.3

Users cannot log in to a Cisco ASA using clientless SSLVPN. Troubleshooting reveals the error message "WebVPN session terminated: Client type not supported". Which step does the administrator take to resolve this issue?

• A. Enable the Cisco AnyConnect premium license on the Cisco ASA
• B. Have the user upgrade to a supported browser
• C. Increase the simultaneous logins on the group policy
• D. Enable the clientless VPN protocol on the group policy

Which two features are valid backup options for an IOS FlexVPN client? (Choose two.)

• A. HSRP stateless failover
• B. DNS-based hub resolution
• C. reactivate primary peer
• D. tunnel pivot
• E. need distractor

Which VPN does VPN load balancing on the ASA support?

• A. VTI
• B. IPsec site-to-site tunnels
• C. L2TP over IPsec
• D. Cisco AnyConnect

An engineer has configured Cisco AnyConnect VPN using IKEv2 on a Cisco IOS router. The user cannot connect in the Cisco AnyConnect client, but receives an alert message "Use a browser to gain access." Which action does the engineer take to resolve this issue?

• A. Reset user login credentials
• B. Correct the URL address
• C. Connect using HTTPS
• D. Disable the HTTP server

A DMVPN spoke router tunnel is up and passing traffic, but it cannot establish an EIGRP neighbor relationship with the hub router. Which solution resolves this issue?

• A. Enable EIGRP Split Horizon on the hub tunnel interface
• B. Remove the EIGRP stub configuration on the spoke tunnel interface
• C. Enable the EIGRP next hop self feature on the hub tunnel interface
• D. Configure the dynamic NHRP multicast map on the hub tunnel interface

An administrator is setting up Cisco AnyConnect on a Cisco ASA with the requirement that AnyConnect automatically establishes a VPN when a company-owned laptop is connected to the internet outside of the corporate network. Which configuration meets these requirements?

• A. SBL with user certificate authentication
• B. TND with machine certificate authentication
• C. SBL with machine certificate authentication
• D. TND with user certificate authentication

What are the two AAA methods for user authentication when configuring the IKEv2 profile? (Choose two.)

• A. user
• B. eap
• C. rsa-sig
• D. cert
• E. pre-share

A network engineer is installing Cisco AnyConnect on company laptops so that users can access corporate resources remotely. The VPN concentrator is a Cisco router running IOS-XE 16.9.1 code and configured as a FlexVPN server that uses local authentication and *$Cisc431089017$* as the key-id for the IKEv2 profile. Which two steps must be taken on the computer to allow a successful AnyConnect connection to the router? (Choose two.)

• A. In the Cisco AnyConnect XML profile, set the IPsec Authentication method to EAP-AnyConnect
• B. In the Cisco AnyConnect XML profile, add the hostname and host address to the server list
• C. In the Cisco AnyConnect XML profile, set the user group field to DefaultAnyConnectClientGroup
• D. In the Cisco AnyConnect Local Policy, set the BypassDownloader option in the local to true
• E. In the Cisco AnyConnect Local Policy, add the router IP address to the Update Policy

Which command automatically initiates a smart tunnel when a user logs in to the WebVPN portal page?

• A. auto-upgrade
• B. auto-connect
• C. auto-start
• D. auto-run

What is a characteristic of GETVPN?

• A. An ACL that defines interesting traffic must be configured and applied to the crypto map
• B. Quick mode is used to create an IPsec SA
• C. The remote peer for the IPsec session is configured as part of the crypto map
• D. All peers have one IPsec SPI for inbound and outbound communication

Which technology and VPN component allows a VPN headend to dynamically learn post NAT IP addresses of remote routers at different sites?

• A. DMVPN with ISAKMP
• B. GETVPN with ISAKMP
• C. DMVPN with NHRP
• D. GETVPN with NHRP

A network engineer has set up a FlexVPN server to terminate multiple FlexVPN clients. The VPN tunnels are established without issue. However, when a Change of Authorization is issued by the RADIUS server, the FlexVPN server does not update the authorization of connected FlexVPN clients. Which action resolves this issue?

• A. Add the aaa server radius dynamic-author command on the FlexVPN clients
• B. Fix the RADIUS key mismatch between the RADIUS server and FlexVPN server
• C. Add the aaa server radius dynamic-author command on the FlexVPN server
• D. Fix the RADIUS key mismatch between the RADIUS server and FlexVPN clients

An engineer notices that while an employee is connected remotely, all traffic is being routed to the corporate network. Which split-tunnel policy allows a remote client to use their local provider for Internet access when working from home?

• A. tunnelall
• B. excludeall
• C. tunnelspecified
• D. excludespecified

What are two purposes of the key server in Cisco IOS GETVPN? (Choose two.)

• A. to download encryption keys
• B. to maintain encryption policies
• C. to distribute routing information
• D. to encrypt data traffic
• E. to authenticate group members

The corporate network security policy requires that all internet and network traffic must be tunneled to the corporate office. Remote workers have been provided with printers to use locally at home while they are remotely connected to the corporate network. Which two steps must be executed to allow printing to the local printers? (Choose two.)

• A. Configure the split-tunnel-policy on the Cisco ASA to tunnelall
• B. Check the Allow Local LAN access checkbox in the Cisco AnyConnect client
• C. Add a persistent static route in the client OS for the local LAN network
• D. Configure the split-tunnel-policy on the Cisco ASA to excludespecified
• E. Configure the split-tunnel-policy on the Cisco ASA to tunnelspecified

Which IKE identity does an IOS/IOS-XE headend expect to receive if an IPsec Cisco AnyConnect client uses default settings?

• A. *$SecureMobilityClient$*
• B. *$AnyConnectClient$*
• C. *$RemoteAccessVpnClient$*
• D. *$DfltlkeldentityS*

An engineer must force a new IKEv2 security association to be built when using FlexVPN. Which two commands must the engineer apply to meet the requirement? (Choose two.)

• A. clear flexvpn sessions
• B. clear ipsec sa
• C. clear isakmp crypto sa
• D. shut the tunnel interface
• E. no shut the tunnel interface

What uses an Elliptic Curve key exchange algorithm?

• A. ECDSA
• B. ECDHE
• C. AES-GCM
• D. SHA