300-730 Online Practice Questions and Answers

A Cisco AnyConnect client establishes a SSL VPN connection with an ASA at the corporate office. An engineer must ensure that the client computer meets the enterprise security policy. Which feature can update the client to meet an enterprise security policy?

A. Endpoint Assessment

B. Cisco Secure Desktop

C. Basic Host Scan

D. Advanced Endpoint Assessment

Which two commands help determine why the NHRP registration process is not being completed even after the IPsec tunnel is up? (Choose two.)

A. show crypto isakmp sa

B. show ip traffic

C. show crypto ipsec sa

D. show ip nhrp traffic

E. show dmvpn detail

Refer to the exhibit.

An engineer must allow Cisco AnyConnect users to access the outside interface using protocol UDP 500/4500. In addition, these clients must be able to establish an SSL connection to update Cisco AnyConnect software over the same connection. Which two actions must be taken to achieve this goal? (Choose two.)

A. IPsec (IKEv2) Allow Access must be checked on the outside interface.

B. SSL Enable DTLS must be checked on the outside interface.

C. Bypass interface access lists for inbound VPN sessions must be unchecked.

D. IPsec (IKEv2) Enable Client Services must be checked on the outside interface.

E. SSL Allow Access must be checked on the outside interface.

A user is experiencing delays on audio calls over a Cisco AnyConnect VPN. Which implementation step resolves this issue?

A. Change to 3DES Encryption.

B. Shorten the encryption key lifetime.

C. Install the Cisco AnyConnect 2.3 client for the user to download.

D. Enable DTLS.

Why must a network engineer avoid usage of the default X.509 certificate when implementing clientless SSLVPN on an ASA?

A. The certificate must be managed by the local CA.

B. The certificate is regenerated at each reboot.

C. The default X.509 certificate is not supported for SSLVPN.

D. The certificate is too weak to provide adequate security.

What are two differences between ECC and RSA? (Choose two.)

A. Key generation in ECC is slower and more CPU intensive than RSA.

B. ECC can have the same security as RSA but with a shorter key size.

C. ECC cannot have the same security as RSA, even with an increased key size.

D. Key generation in ECC is faster and less CPU intensive than RSA.

E. ECC lags in performance when compared with RSA.

Refer to the exhibit.

A network administrator is setting up Cisco AnyConnect on an ASA headend. When users attempt to connect to the VPN, they are presented with this message. The administrator has replaced the ASA's self-signed certificate with a certificate enrolled with the internal CA and has confirmed that the certificate is not revoked. Which two tasks will the administrator need to do to prevent users from seeing this message? (Choose two.)

A. Trust the issuing CA for the ASA identity certificate on the user's PC.

B. Enroll and import an SSL certificate with the CN value example.cisco.com on the ASA.

C. Add the CN example.cisco.com to the AnyConnect XML certificate matching section.

D. Enable certificate authentication under the connection profile.

E. Add example.cisco.com to the server name list within the AnyConnect Local Policy.

Which Diffie Hellman group should be used when ECDH is required in a VPN configuration?

A. 24

B. 19

C. 16

D. 15

Refer to the exhibit.

Based on this ASDM output, which remote access technologies are allowed on the ASA?

A. SSLAnyConnect VPN

B. IKEv2 and SSL AnyConnect VPN

C. SSL clientless VPN

D. IKEv2 AnyConnect VPN

A Cisco IOS router is reconfigured to connect to an additional DMVPN hub that is a part of a different DMVPN phase 3 cloud. After this change was made, users begin to experience problems accessing corporate resources over both tunnels. Before the additional tunnel was created, users could access resources over the first tunnel without any issues. Both tunnels terminate on the same interface of the router and use the same IPsec proposals. Which two actions resolve the issue without affecting spoke-to-spoke traffic in either DMVPN cloud? (Choose two.)

A. Enable dead peer detection for both tunnels.

B. Use the same shared IPsec profile for both tunnels.

C. Configure the same NHRP network IDs for both tunnels.

D. Specify the tunnel destination in each tunnel.

E. Assign a unique tunnel key to each tunnel.