New 2020 CCNP 300-730 SVPN exam questions from PassLeader 300-730 dumps! Welcome to download the newest PassLeader 300-730 VCE and PDF dumps: https://www.passleader.com/300-730.html (166 Q&As –> 238 Q&As)
P.S. Free 2020 CCNP 300-730 SVPN dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=1FvI5Ex1cQ5aV-zvXk36EhmRwqRF3xMhg
NEW QUESTION 89
A network engineer must design a remote access solution to allow contractors to access internal servers. These contractors do not have permissions to install applications on their computers. Which VPN solution should be used in this design?
A. IKEv2 AnyConnect
B. Clientless
C. Port Forwarding
D. SSL AnyConnect
Answer: B
NEW QUESTION 90
Which command shows the smart default configuration for an IPsec profile?
A. show run all crypto ipsec profile
B. ipsec profile does not have any smart default configuration
C. show smart-defaults ipsec profile
D. show crypto ipsec profile default
Answer: D
NEW QUESTION 91
Which two NHRP functions are specific to DMVPN Phase 3 implementation? (Choose two.)
A. registration reply
B. redirect
C. resolution reply
D. registration request
E. resolution request
Answer: BC
NEW QUESTION 92
Which two features are valid backup options for an IOS FlexVPN client? (Choose two.)
A. HSRP stateless failover
B. DNS-based hub resolution
C. reactivate primary peer
D. tunnel pivot
E. need distractor
Answer: BC
NEW QUESTION 93
Which Cisco AnyConnect component ensures that devices in a specific internal subnet are only accessible using port 443?
A. routing
B. WebACL
C. split tunnel
D. VPN filter
Answer: D
NEW QUESTION 94
After a user configures a connection profile with a bookmark list and tests the clientless SSLVPN connection, all of the bookmarks are grayed out. What must be done to correct this behavior?
A. Apply the bookmark to the correct group policy.
B. Specify the correct port for the web server under the bookmark.
C. Configure a DNS server on the Cisco ASA and verify it has a record for the web server.
D. Verify HTTP/HTTPS connectivity between the Cisco ASA and the web server.
Answer: C
NEW QUESTION 95
An administrator is designing a VPN with a partner’s non-Cisco VPN solution. The partner’s VPN device will negotiate an IKEv2 tunnel that will only encrypt subnets 192.168.0.0/24 going to 10.0.0.0/24. Which technology must be used to meet these requirements?
A. VTI
B. crypto map
C. GETVPN
D. DMVPN
Answer: B
NEW QUESTION 96
A company’s remote locations connect to the data centers via MPLS. A new request requires that unicast and multicast traffic that exits in the remote locations be encrypted. Which non-tunneled technology should be used to satisfy this requirement?
A. SSL
B. FlexVPN
C. DMVPN
D. GETVPN
Answer: D
NEW QUESTION 97
While troubleshooting, an engineer finds that the show crypto isakmp sa command indicates that the last state of the tunnel is MM_KEY_EXCH. What is the next step that should be taken to resolve this issue?
A. Verify that the ISAKMP proposals match.
B. Ensure that UDP 500 is not being blocked between the devices.
C. Correct the peer’s IP address on the crypto map.
D. Confirm that the pre-shared keys match on both devices.
Answer: C
NEW QUESTION 98
Which VPN technology must be used to ensure that routers are able to dynamically form connections with each other rather than sending traffic through a hub and be able to advertise routes without the use of a dynamic routing protocol?
A. FlexVPN
B. DMVPN Phase 3
C. DMVPN Phase 2
D. GETVPN
Answer: B
NEW QUESTION 99
An administrator is setting up AnyConnect for the first time for a few users. Currently, the router does not have access to a RADIUS server. Which AnyConnect protocol must be used to allow users to authenticate?
A. EAP-GTC
B. EAP-MSCHAPv2
C. EAP-MD5
D. EAP-AnyConnect
Answer: D
NEW QUESTION 100
An engineer is configuring clientless SSL VPN. The finance department has a database server that only they should access, but the sales department can currently access it. The finance and the sales departments are configured as separate group-policies. What must be added to the configuration to make sure the users in the sales department cannot access the finance department server?
A. tunnel group lock
B. smart tunnel
C. port forwarding
D. webtype ACL
Answer: A
NEW QUESTION 101
An engineer has integrated a new DMVPN to link remote offices across the internet using Cisco IOS routers. When connecting to remote sites, pings and voice data appear to flow properly, and all tunnel stats show that they are up. However, when trying to connect to a remote server using RDP, the connection fails. Which action resolves this issue?
A. Adjust the MTU size within the routers.
B. Add RDP port to the extended ACL.
C. Replace certificate on the RDP server.
D. Change DMVPN timeout values.
Answer: A
NEW QUESTION 102
Where must an engineer configure a preshared key for a site-to-site VPN tunnel configured on a Cisco ASA?
A. isakmp policy
B. group policy
C. crypto map
D. tunnel group
Answer: D
NEW QUESTION 103
A network engineer has been tasked with configuring SSL VPN to provide remote users with access to the corporate network. Traffic destined to the enterprise IP range should go through the tunnel, and all other traffic should go directly to the Internet. Which feature should be configured to achieve this?
A. U-turning
B. hairpinning
C. split-tunnel
D. dual-homing
Answer: C
NEW QUESTION 104
What are two purposes of the key server in Cisco IOS GETVPN? (Choose two.)
A. to download encryption keys
B. to maintain encryption policies
C. to distribute routing information
D. to encrypt data traffic
E. to authenticate group members
Answer: BE
NEW QUESTION 105
An engineer notices that while an employee is connected remotely, all traffic is being routed to the corporate network. Which split-tunnel policy allows a remote client to use their local provider for Internet access when working from home?
A. tunnelall
B. excludeall
C. tunnelspecified
D. excludespecified
Answer: C
NEW QUESTION 106
In order to enable FlexVPN to use a AAA attribute list, which two tasks must be performed? (Choose two.)
A. Define the RADIUS server.
B. Verify that clients are using the correct authorization policy.
C. Define the AAA server.
D. Assign the list to an authorization policy.
E. Set the maximum segment size.
Answer: BD
NEW QUESTION 107
Which technology and VPN component allows a VPN headend to dynamically learn post NAT IP addresses of remote routers at different sites?
A. DMVPN with ISAKMP
B. GETVPN with ISAKMP
C. DMVPN with NHRP
D. GETVPN with NHRP
Answer: C
NEW QUESTION 108
An engineer must configure remote desktop connectivity for offsite admins via clientless SSL VPN, configured on a Cisco ASA to Windows Vista workstations. Which two configurations provide the requested access? (Choose two.)
A. Telnet bookmark via the Telnet plugin.
B. RDP2 bookmark via the RDP2 plugin.
C. VNC bookmark via the VNC plugin.
D. Citrix bookmark via the ICA plugin.
E. SSH bookmark via the SSH plugin.
Answer: BE
NEW QUESTION 109
A network engineer must design a clientless VPN solution for a company. VPN users must be able to access several internal web servers. When reachability to those web servers was tested, it was found that one website is not being rewritten correctly by the ASA. What is a potential solution for this issue while still allowing it to be a clientless VPN setup?
A. Set up a smart tunnel with the IP address of the web server.
B. Set up a NAT rule that translates the ASA public address to the web server private address on port 80.
C. Set up Cisco AnyConnect with a split tunnel that has the IP address of the web server.
D. Set up a WebACL to permit the IP address of the web server.
Answer: A
NEW QUESTION 110
Which two types of SSO functionality are available on the Cisco ASA without any external SSO servers? (Choose two.)
A. SAML
B. NTLM
C. Kerberos
D. OAuth 2.0
E. HTTP Basic
Answer: BE
NEW QUESTION 111
Drag and Drop
Drag and drop the code snippets from the right onto the blanks in the configuration to implement FlexVPN. Not all snippets are used.
Answer:
NEW QUESTION 112
……
New 2020 CCNP 300-730 SVPN exam questions from PassLeader 300-730 dumps! Welcome to download the newest PassLeader 300-730 VCE and PDF dumps: https://www.passleader.com/300-730.html (166 Q&As –> 238 Q&As)
P.S. Free 2020 CCNP 300-730 SVPN dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=1FvI5Ex1cQ5aV-zvXk36EhmRwqRF3xMhg
