Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

300-730Free trial

By cisco

Verified

25Q per page

Question 1

DRAG DROP -
Drag and drop the correct commands from the right onto the blanks within the code on the left to implement a design that allow for dynamic spoke-to-spoke communication. Not all commands are used.
Select and Place:

—

Question 2

Which method dynamically installs the network routes for remote tunnel endpoints?

A: policy-based routing
B: CEF
C: reverse route injection
D: route filtering

—

Question 3

Refer to the exhibit.

A TCP based application that should be accessible over the VPN tunnel is not working. Pings to the appropriate IP address are failing. Based on the output, what is a fix for this issue?

A: Add a route on the remote peer for 209.165.201.0/27.
B: Add a route on the local peer for 10.1.1.0/24.
C: Add a permit for TCP traffic going to 10.1.1.0/24.
D: Add a permit for TCP traffic going to 209.165.201.0/27.

—

Question 4

A network engineer must expand a company's Cisco AnyConnect solution. Currently, a Cisco ASA is set up in North America and another will be installed in Europe with a different IP address. Users should connect to the ASA that has the lowest Round Trip Time from their network location as measured by the AnyConnect client. Which solution must be implemented to meet this requirement?

A: VPN Load Balancing
B: IP SLA
C: DNS Load Balancing
D: Optimal Gateway Selection

—

Question 5

Which clientless SSLVPN supported feature works when the http-only-cookie command is enabled?

A: Citrix load balancer
B: port reflector
C: Java rewriter - C. Java plug-ins
D: script browser

—

Question 6

Refer to the exhibit. An engineer is diagnosing an issue that occurred after a router at a branch site was assigned a new address. Based on the debugs, what must be done to resolve this issue?

A: Add the remote peer’s IP address to the server's IKEv2 keyring.
B: Ensure that the correct preshared keys are set on both sides.
C: Ensure that the UDP 500 packets between devices are not dropped.
D: Add the remote peer’s identity to the server’s IKEv2 profile.

—

Question 7

A network engineer is setting up a clientless SSLVPN on a Cisco ASA. Remote users must be able to access an internal webserver via the URL example.com. Which two steps accomplish this task? (Choose two.)

A: Configure a bookmark for the webserver.
B: Configure routing so that the user's computer can reach the webserver.
C: Configure a DNS server that can resolve the webserver URL.
D: Configure a browser plugin on the Cisco ASA.
E: Configure routing so that the Cisco ASA can reach the webserver.

—

Question 8

A network engineer has set up a FlexVPN server to terminate multiple FlexVPN clients. The VPN tunnels are established without issue. However, when a Change of Authorization is issued by the RADIUS server, the FlexVPN server does not update the authorization of connected FlexVPN clients. Which action resolves this issue?

A: Add the aaa server radius dynamic-author command on the FlexVPN clients.
B: Fix the RADIUS key mismatch between the RADIUS server and FlexVPN server.
C: Add the aaa server radius dynamic-author command on the FlexVPN server.
D: Fix the RADIUS key mismatch between the RADIUS server and FlexVPN clients.

—

Question 9

A company needs to ensure only corporate issued laptops and devices are allowed to connect with the Cisco AnyConnect client. The solution should be applicable to multiple operating systems, including Windows, MacOS, and Linux, and should allow for remote remediation if a corporate issued device is stolen. Which solution should be used to accomplish these goals?

A: Use a DAP registry check on the system to determine the relationship with the corporate domain.
B: Use a DAP file check on the system to determine the relationship with the corporate domain.
C: Install and authenticate user certificates on the corporate devices.
D: Install and authenticate machine certificates on the corporate devices

—

Question 10

When a FlexVPN is configured, which two components must be configured for IKEv2? (Choose two.)

A: method
B: profile
C: proposal
D: preference
E: persistence

—

Question 11

A DMVPN spoke router tunnel is up and passing traffic, but it cannot establish an EIGRP neighbor relationship with the hub router. Which solution resolves this issue?

A: Enable EIGRP Split Horizon on the hub tunnel interface.
B: Remove the EIGRP stub configuration on the spoke tunnel interface.
C: Enable the EIGRP next hop self feature on the hub tunnel interface.
D: Configure the dynamic NHRP multicast map on the hub tunnel interface.

—

Question 12

Which command identifies a Cisco AnyConnect profile that was uploaded to the flash of an IOS router?

A: svc import profile SSL_profile flash:simos-profile.xml
B: anyconnect profile SSL_profile flash:simos-profile.xml
C: crypto vpn anyconnect profile SSL_profile flash:simos-profile.xml
D: webvpn import profile SSL_profile flash:simos-profile.xml

—

Question 13

Refer to the exhibit.

An IPsec Cisco AnyConnect client is failing to connect and generates these debugs every time a connection to an IOS headend is attempted. Which action resolves this issue?

A: Correct the DH group setting.
B: Correct the PFS setting.
C: Correct the integrity setting.
D: Correct the encryption setting.

—

Question 14

Refer to the exhibit.

An engineer must allow Cisco AnyConnect users to access the outside interface using protocol UDP 500/4500. In addition, these clients must be able to establish an SSL connection to update Cisco AnyConnect software over the same connection. Which two actions must be taken to achieve this goal? (Choose two.)

A: IPsec (IKEv2) Allow Access must be checked on the outside interface.
B: SSL Enable DTLS must be checked on the outside interface.
C: Bypass interface access lists for inbound VPN sessions must be unchecked.
D: IPsec (IKEv2) Enable Client Services must be checked on the outside interface.
E: SSL Allow Access must be checked on the outside interface.

—

Question 15

Refer to the exhibit.

Based on the configuration output, what is the VPN technology?

A: site-to-site
B: DMVPN
C: L2VPN
D: multicast VPN

—

Question 16

A user at a company HQ is having trouble accessing a network share at a branch site that is connected with a L2L IPsec VPN. While troubleshooting, a network security engineer runs a packet tracer on the Cisco ASA to simulate the user traffic and discovers that the encryption counter is increasing but the decryption counter is not. What must be configured to correct this issue?

A: Adjust the routing on the remote peer device to direct traffic back over the tunnel.
B: Adjust the preshared key on the remote peer to allow traffic to flow over the tunnel.
C: Adjust the transform set to allow bidirectional traffic.
D: Adjust the peer IP address on the remote peer to direct traffic back to the ASA.

—

Question 17

A user is experiencing delays on audio calls over a Cisco AnyConnect VPN. Which implementation step resolves this issue?

A: Change to 3DES Encryption.
B: Shorten the encryption key lifetime.
C: Install the Cisco AnyConnect 2.3 client for the user to download.
D: Enable DTLS.

—

Question 18

Users cannot log in to a Cisco ASA using clientless SSLVPN. Troubleshooting reveals the error message "WebVPN session terminated: Client type not supported". Which step does the administrator take to resolve this issue?

A: Enable the Cisco AnyConnect premium license on the Cisco ASA.
B: Have the user upgrade to a supported browser.
C: Increase the simultaneous logins on the group policy.
D: Enable the clientless VPN protocol on the group policy.

—

Question 19

An administrator is setting up a VPN on an ASA for users who need to access an internal RDP server. Due to security restrictions, the Microsoft RDP client is blocked from running on client workstations via Group Policy. Which VPN feature should be implemented by the administrator to allow these users to have access to the RDP server?

A: clientless proxy
B: smart tunneling
C: clientless plug-in
D: clientless rewriter

—

Question 20

An administrator is planning a VPN configuration that will encrypt traffic between multiple servers that will be passing unicast and multicast traffic. This configuration must be able to be implemented without the need to modify routing within the network. Which VPN technology must be used for this task?

A: FlexVPN
B: VTI
C: GETVPN
D: DMVPN

—

Question 21

Refer to the exhibit.

VPN tunnels between a spoke and two DMVPN hubs are not coming up. The network administrator has verified that the encryption, hashing, and DH group proposals for Phase 1 and Phase 2 match on both ends. What is the solution to this issue?

A: Ensure bidirectional UDP 500/4500 traffic.
B: Increase the isakmp phase 1 lifetime.
C: Add NAT statements for VPN traffic.
D: Enable shared tunnel protection.

—

Question 22

A network engineer is configuring a server. The router will terminate encrypted VPN connections on g0/0, which is in the VRF "Internet". The clear-text traffic that must be encrypted before being sent out traverses g0/1, which is in the VRF "Internal". Which two VRF-specific configurations allow VPN traffic to traverse the VRF-aware interfaces? (Choose two.)

A: Under the IKEv2 profile, add the ivrf Internal command.
B: Under the virtual-template interface, add the ip vrf forwarding Internet command.
C: Under the IKEv2 profile, add the match fvrf Internal command.
D: Under the IKEv2 profile, add the match fvrf Internet command.
E: Under the virtual-template interface, add the tunnel vrf Internet command.

—

Question 23

Refer to the exhibit. Which value must be configured in the User Group field when the Cisco AnyConnect Profile is created to connect to an ASA headend with
IPsec as the primary protocol?

A: address-pool
B: group-alias
C: group-policy
D: tunnel-group

—

Question 24

What is a characteristic of GETVPN?

A: An ACL that defines interesting traffic must be configured and applied to the crypto map.
B: Quick mode is used to create an IPsec SA.
C: The remote peer for the IPsec session is configured as part of the crypto map.
D: All peers have one IPsec SPI for inbound and outbound communication.

—

Question 25

Refer to the exhibit.

Users cannot connect via AnyConnect SSLVPN. Which action resolves this issue?

A: Configure the ASA to act as a DHCP server.
B: Configure the HTTP server to listen on port 443.
C: Add an IPsec preshared key to the group policy.
D: Add ssl-client to the allowed list of VPN protocols.

—

Page 1 of 8 • Questions 1-25 of 188

1 2 3 4 5

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!