Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

300-730Free trial

By cisco

Verified

25Q per page

Question 26

An administrator must guarantee that remote access users are able to reach printers on their local LAN after a VPN session is established to the headquarters. All other traffic should be sent over the tunnel. Which split-tunnel policy reduces the configuration on the ASA headend?

A: include specified
B: exclude specified
C: tunnel specified
D: dynamic exclude

—

Question 27

Refer to the exhibit.

Given the output of the show ip route command, which remote access VPN technology is in use?

A: Reverse Route Injection
B: FlexVPN
C: Dynamic Crypto Map
D: DMVPN

—

Question 28

A network engineer is installing Cisco AnyConnect on company laptops so that users can access corporate resources remotely. The VPN concentrator is a Cisco router running IOS-XE 16.9.1 code and configured as a FlexVPN server that uses local authentication and $Cisc431089017$ as the key-id for the IKEv2 profile. Which two steps must be taken on the computer to allow a successful AnyConnect connection to the router? (Choose two.)

A: In the Cisco AnyConnect XML profile, set the IPsec Authentication method to EAP-AnyConnect.
B: In the Cisco AnyConnect XML profile, add the hostname and host address to the server list.
C: In the Cisco AnyConnect XML profile, set the user group field to DefaultAnyConnectClientGroup.
D: In the Cisco AnyConnect Local Policy, set the BypassDownloader option in the local to true.
E: In the Cisco AnyConnect Local Policy, add the router IP address to the Update Policy.

—

Question 29

A network engineer is setting up Cisco AnyConnect 4.9 on a Cisco ASA running ASA software 9.1. Cisco AnyConnect must connect to the Cisco ASA before the user logs on so that login scripts can work successfully. In addition, the VPN must connect without user intervention. Which two key steps accomplish this task? (Choose two.)

A: Create a Network Access Manager profile with a client policy set to connect before user logon.
B: Create a Cisco AnyConnect VPN profile with Start Before Logon set to true.
C: Issue an identity certificate to the trusted root CA folder in the machine store.
D: Create a Cisco AnyConnect VPN profile with Always On set to true.
E: Create a Cisco Anyconnect VPN Management Tunnel profile.

—

Question 30

A network engineer has almost finished setting up a clientless VPN that allows remote users to access internal HTTP servers. Users must enter their username and password twice: once on the clientless VPN web portal and again to log in to internal HTTP servers. The Cisco ASA and the HTTP servers use the same Active Directory server to authenticate users. Which next step must be taken to allow users to enter their password only once?

A: Use LDAPS and add password management to the clientless tunnel group.
B: Configure auto-sign-on using NTLM authentication.
C: Set up the Cisco ASA to authenticate users via a SAML 2.0 IDP.
D: Create smart tunnels for the HTTP servers.

—

Question 31

What must be configured in a FlexVPN deployment to allow for direct communication between spokes connected to different hubs?

A: EIGRP must be used as routing protocol.
B: Hub routers must be on same Layer 2 network.
C: Load balancing must be disabled.
D: A GRE tunnel must exist between hub routers.

—

Question 32

Refer to the exhibit.

An engineer has configured a spoke to connect to a FlexVPN hub. The tunnel is up, but pings fail when the engineer attempts to reach host 192.168.200.10 behind the spoke, and traffic is sourced from host 192.168.100.3, which is behind the FlexVPN server. Based on packet captures, the engineer discovers that host 192.168.200.10 receives the icmp echo and sends an icmp reply that makes it to the inside interface of the spoke. Based on the output in the exhibit captured on the spoke by the engineer, which action resolves this issue?

A: Add the aaa authorization group cert list default default command to the spoke ikev2 profile.
B: Add the route set remote ipv4 192.168.200.0 255.255.255.0 command to the hub authorization policy.
C: Add the aaa authorization group cert list default default command to the hub ikev2 profile.
D: Add the route set remote ipv4 192.168.100.0 255.255.255.0 command to the spoke authorization policy.

—

Question 33

Which DMVPN feature allows spokes to be deployed with dynamically assigned public IP addresses?

A: 2547oDMVPN
B: NHRP
C: OSPF
D: NAT Traversal

—

Question 34

Refer to the exhibit. What is configured as a result of this command set?

A: FlexVPN client profile for IPv6
B: FlexVPN server to authorize groups by using an IPv6 external AAA
C: FlexVPN server for an IPv6 dVTI session
D: FlexVPN server to authenticate IPv6 peers by using EAP

—

Question 35

Refer to the exhibit.

An engineer is building an IKEv1 tunnel to a peer Cisco ASA, but the tunnel is failing. Based on the configuration in the exhibit, which action must be taken to allow the VPN tunnel to come up?

A: Add a route for the 10.7.7.0/24 network to egress the outside interface.
B: Enable IKEv1 on the outside interface.
C: Change the IKEv1 policy number to be at least 256.
D: Change the transform set mode to transport.

—

Question 36

An engineer has successfully established a Phase 1 and Phase 2 tunnel between two sites. Site A has internal subnet 192.168.0.0/24 and Site B has internal subnet 10.0.0.0/24. The engineer notices that no packets are decrypted at Site B. Pings to 192.168.0.1 from internal Site B devices make it to the Site B router, and the Site A router has incrementing encrypt and decrypt counters. What must be done to ensure bidirectional communication between both sites?

A: Modify the routing at Site B so that traffic is sent to Site A.
B: Configure the correct DH group on both devices.
C: Allow protocol ESP or AH on the firewall in front of the Site B router.
D: Enable PFS on the headend device.

—

Question 37

Refer to the exhibit.

A Cisco ASA is configured as a client to a router running as a FlexVPN server. The router is configured with a virtual template to terminate FlexVPN clients. Traffic between networks 192.168.0.0/24 and 172.16.20.0/24 does not work as expected. Based on the show crypto ikev2 sa output collected from the Cisco ASA in the exhibit, what is the solution to this issue?

A: Modify the crypto ACL on the router to permit network 192.168.0.0/24 to network 172.16.20.0/24.
B: Modify the crypto ACL on the ASA to permit network 192.168.0.0/24 to network 172.16.20.0/24.
C: Modify the crypto ACL on the ASA to permit network 172.16.20.0/24 to network 192.168.0.0/24.
D: Modify the crypto ACL on the router to permit network 172.16.20.0/24 to network 192.168.0.0/24.

—

Question 38

A user is trying to log in to a Cisco ASA using the clientless SSLVPN feature and receives the error message "clientless (browser) SSLVPN access is not allowed". Which step should the Cisco ASA administrator take to resolve this issue?

A: Enable the clientless VPN protocol on the group policy.
B: Validate that the correct license is in use on the ASA for WebVPN.
C: Increase the number of simultaneous logins allowed on the group policy.
D: Verify that a user account exists in the local AAA database for the user.

—

That’s the end of your free questions

You’ve reached the preview limit for 300-730

Consider upgrading to gain full access!

Page 2 of 8 • Questions 26-50 of 188

←

1 2 3 4 5

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!