Implementing Secure Solutions with Virtual Private Networks (SVPN 300-730) v1.0

Page:    1 / 13   
Exam contains 188 questions
Expand All

In a FlexVPN deployment, the spokes successfully connect to the hub, but spoke-to-spoke tunnels do not form. Which troubleshooting step solves the issue?

  • A. Verify the spoke configuration to check if the NHRP redirect is enabled.
  • B. Verify that the spoke receives redirect messages and sends resolution requests.
  • C. Verify the hub configuration to check if the NHRP shortcut is enabled.
  • D. Verify that the tunnel interface is contained within a VRF.


Answer : B

Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/15-mt/sec-conn-dmvpn-15-mt-book/sec-conn-dmvpn-summ- maps.pdf

An engineer is troubleshooting a new DMVPN setup on a Cisco IOS router. After the show crypto isakmp sa command is issued, a response is returned of
"MM_NO_STATE." Why does this failure occur?

  • A. The ISAKMP policy priority values are invalid.
  • B. ESP traffic is being dropped.
  • C. The Phase 1 policy does not match on both devices.
  • D. Tunnel protection is not applied to the DMVPN tunnel.


Answer : B


Refer to the exhibit. The customer can establish a Cisco AnyConnect connection without using an XML profile. When the host "ikev2" is selected in the
AnyConnect drop down, the connection fails. What is the cause of this issue?

  • A. The HostName is incorrect.
  • B. The IP address is incorrect.
  • C. Primary protocol should be SSL.
  • D. UserGroup must match connection profile.


Answer : D

Reference:
https://community.cisco.com/t5/security-documents/anyconnect-xml-settings/ta-p/3157891


Refer to the exhibit. A site-to-site tunnel between two sites is not coming up. Based on the debugs, what is the cause of this issue?

  • A. An authentication failure occurs on the remote peer.
  • B. A certificate fragmentation issue occurs between both sides.
  • C. UDP 4500 traffic from the peer does not reach the router.
  • D. An authentication failure occurs on the router.


Answer : C


Refer to the exhibit. Based on the debug output, which type of mismatch is preventing the VPN from coming up?

  • A. interesting traffic
  • B. lifetime
  • C. preshared key
  • D. PFS


Answer : B

If the responder's policy does not allow it to accept any part of the proposed Traffic Selectors, it responds with a TS_UNACCEPTABLE Notify message.


Refer to the exhibit. The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch is the problem?

  • A. preshared key
  • B. peer identity
  • C. transform set
  • D. ikev2 proposal


Answer : B


Refer to the exhibit. Which type of mismatch is causing the problem with the IPsec VPN tunnel?

  • A. crypto access list
  • B. Phase 1 policy
  • C. transform set
  • D. preshared key


Answer : D

Reference:
https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug-00.html#ike


Refer to the exhibit. What is a result of this configuration?

  • A. Spoke 1 fails the authentication because the authentication methods are incorrect.
  • B. Spoke 2 passes the authentication to the hub and successfully proceeds to phase 2.
  • C. Spoke 2 fails the authentication because the remote authentication method is incorrect.
  • D. Spoke 1 passes the authentication to the hub and successfully proceeds to phase 2.


Answer : A


Refer to the exhibit. Client 1 cannot communicate with client 2. Both clients are using Cisco AnyConnect and have established a successful SSL VPN connection to the hub ASA. Which command on the ASA is missing?

  • A. dns-server value 10.1.1.2
  • B. same-security-traffic permit intra-interface
  • C. same-security-traffic permit inter-interface
  • D. dns-server value 10.1.1.3


Answer : B


Refer to the exhibit. An SSL client is connecting to an ASA headend. The session fails with the message `Connection attempt has timed out. Please verify Internet connectivity.` Based on how the packet is processed, which phase is causing the failure?

  • A. phase 9: rpf-check
  • B. phase 5: NAT
  • C. phase 4: ACCESS-LIST
  • D. phase 3: UN-NAT


Answer : D

Which redundancy protocol must be implemented for IPsec stateless failover to work?

  • A. SSO
  • B. GLBP
  • C. HSRP
  • D. VRRP


Answer : C

Reference:
https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/17826-ipsec-feat.html

Which technology works with IPsec stateful failover?

  • A. GLBP
  • B. HSRP
  • C. GRE
  • D. VRRP


Answer : B

Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/12_2y/12_2yx11/feature/guide/ft_vpnha.html#wp1122512

What are two functions of ECDH and ECDSA? (Choose two.)

  • A. nonrepudiation
  • B. revocation
  • C. digital signature
  • D. key exchange
  • E. encryption


Answer : CD

Reference:
https://tools.cisco.com/security/center/resources/next_generation_cryptography

What uses an Elliptic Curve key exchange algorithm?

  • A. ECDSA
  • B. ECDHE
  • C. AES-GCM
  • D. SHA


Answer : B

Reference:
https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/

Which two remote access VPN solutions support SSL? (Choose two.)

  • A. FlexVPN
  • B. clientless
  • C. EZVPN
  • D. L2TP
  • E. Cisco AnyConnect


Answer : BE

Page:    1 / 13   
Exam contains 188 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy