최신 300-730 무료덤프 - Cisco Implementing Secure Solutions with Virtual Private Networks

문제1

Which benefit of FlexVPN is a limitation of DMVPN using IKEv1?

A. Dynamic routing protocols can be configured.

B. NHRP authentication provides enhanced security.

C. GRE encapsulation allows for forwarding of non-IP traffic.

D. IKE implementation can install routes in routing table.

정답: D

문제2

Refer to the exhibit. All internal clients behind the ASA are port address translated to the public outside interface that has an IP address of 3.3.3.3. Client 1 and client 2 have established successful SSL VPN connections to the ASA.
What must be implemented so that "3.3.3.3" is returned from a browser search on the IP address?

A. Tunnel All Networks under Group Policy

B. Same-security-traffic permit inter-interface under Group Policy

C. Tunnel Network List Below under Group Policy

D. Exclude Network List Below under Group Policy

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제3

A network engineer has set up a FlexVPN server to terminate multiple FlexVPN clients. The VPN tunnels are established without issue. However, when a Change of Authorization is issued by the RADIUS server, the FlexVPN server does not update the authorization of connected FlexVPN clients. Which action resolves this issue?

A. Add the aaa server radius dynamic-author command on the FlexVPN server.

B. Fix the RADIUS key mismatch between the RADIUS server and FlexVPN server.

C. Add the aaa server radius dynamic-author command on the FlexVPN clients.

D. Fix the RADIUS key mismatch between the RADIUS server and FlexVPN clients.

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제4

Refer to the exhibit. Which component must be configured on routers for a GETVPN deployment work properly?

A. Customer 1 CE1: Key Server - R1 and Customer 1 CE2: Group Members

B. PE3: Key Server - all CEs: Group Members

C. PE3: Key Server - Customer 2 CEs: Group Members

D. R1: Key Server - Customer 1 CEs: Group Members

정답: C

문제5

Which two features are valid backup options for an IOS FlexVPN client? (Choose two.)

A. need distractor

B. DNS-based hub resolution

C. tunnel pivot

D. HSRP stateless failover

E. reactivate primary peer

정답: B,E

설명: (DumpTOP 회원만 볼 수 있음)

문제6

What are two advantages of using GETVPN to traverse over the network between corporate offices? (Choose two.)

A. It is a highly scalable any to any mesh topology.

B. It supports a hub-and-spoke topology.

C. It has unique session keys for improved security.

D. It supports multicast.

E. It has QoS support.

정답: A,D

문제7

Refer to the exhibit. The network administrator must allow the Cisco AnyConnect Secure Mobility Client to securely access the corporate resources via IKEv2 and print locally. Traffic that is destined for the Internet must still be tunneled to the Cisco ASA. Which configuration does the administrator use to accomplish this goal?

A. Split include policy with a permit for 192.168.0.0/24.

B. Split exclude policy with a permit for 0.0.0.0/32.

C. Tunnel all policy.

D. Split exclude policy with a deny for 192.168.0.3/32.

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제8

Refer to the exhibit. An IKEv2 site-to-site tunnel between an ASA and a remote peer is not building successfully. What will fix the problem based on the debug output?

A. Specify the peer IP address in the tunnel group name.

B. Correct crypto access list on both VPN devices.

C. Install the correct certificate to validate the peer.

D. Ensure crypto IPsec policy matches on both VPN devices.

정답: B

문제9

Refer to the exhibit. An engineer is troubleshooting a new GRE over IPsec tunnel.
The tunnel is established but the engineer cannot ping from spoke 1 to spoke 2.
Which type of traffic is being blocked?

A. ISAKMP packets from spoke2 to spoke1

B. ESP packets from spoke1 to spoke2

C. ESP packets from spoke2 to spoke1

D. ISAKMP packets from spoke1 to spoke2

정답: C

문제10

Which command is used to troubleshoot an IPv6 FlexVPN spoke-to-hub connectivity failure?

A. show crypto identity

B. show crypto isakmp sa

C. show crypto ikev2 sa

D. show crypto gkm

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제11

Refer to the exhibit. Cisco AnyConnect must be set up on a router to allow users to access internal servers 192.168.0.10 and 192.168.0.11.
All other traffic should go out of the client's local NIC.
Which command accomplishes this configuration?

A. svc split exclude 192.168.0.0 255.255.255.0

B. svc split include 192.168.0.0 255.255.255.0

C. svc split include acl CCNP

D. svc split exclude acl CCNP

정답: C

문제12

In order to enable FlexVPN to use a AAA attribute list, which two tasks must be performed?
(Choose two.)

A. Define the AAA server.

B. Define the RADIUS server.

C. Assign the list to an authorization policy.

D. Set the maximum segment size.

E. Verify that clients are using the correct authorization policy.

정답: C,E

문제13

Refer to the exhibit. Users cannot connect via AnyConnect SSLVPN. Which action resolves this issue?

A. Add an IPsec preshared key to the group policy.

B. Configure the HTTP server to listen on port 443.

C. Configure the ASA to act as a DHCP server.

D. Add ssl-client to the allowed list of VPN protocols.

정답: D

문제14

Which Cisco AnyConnect component ensures that devices in a specific internal subnet are only accessible using port 443?

A. split tunnel

B. WebACL

C. VPN filter

D. routing

정답: C

최신 300-730 무료덤프 - Cisco Implementing Secure Solutions with Virtual Private Networks

우리와 연락하기

유용한 링크

최신 업데이트