cisco 300-730 online test

Implementing Secure Solutions with Virtual Private Networks (SVPN)

What students need to know about the 300-730 exam

  • Total 98 Questions & Answers

Question 1 Topic 1

Topic 1
DRAG DROP
Drag and drop the correct commands from the night onto the blanks within the code on the left to implement a design that
allow for dynamic spoke-to-spoke communication. Not all comments are used.
Select and Place:

Answer:

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/xe-16/sec-conn-dmvpn-xe-16-
book/sec-conn-dmvpn-summ-maps.html

Discussions

Question 2 Topic 1

Topic 1
A second set of traffic selectors is negotiated between two peers using IKEv2. Which IKEv2 packet will contain details of the
exchange?

  • A. IKEv2 IKE_SA_INIT
  • B. IKEv2 INFORMATIONAL
  • C. IKEv2 CREATE_CHILD_SA
  • D. IKEv2 IKE_AUTH
Answer:

B

Discussions

Question 3 Topic 1

Topic 1

Refer to the exhibit. The DMVPN tunnel is dropping randomly and no tunnel protection is configured. Which spoke
configuration mitigates tunnel drops?


  • A. Option A
  • B. Option B
  • C. Option C
  • D. Option D
Answer:

D

Discussions

Question 4 Topic 1

Topic 1
On a FlexVPN hub-and-spoke topology where spoke-to-spoke tunnels are not allowed, which command is needed for the
hub to be able to terminate FlexVPN tunnels?

  • A. interface virtual-access
  • B. ip nhrp redirect
  • C. interface tunnel
  • D. interface virtual-template
Answer:

D

Discussions

Question 5 Topic 1

Topic 1
Which statement about GETVPN is true?

  • A. The configuration that defines which traffic to encrypt originates from the key server.
  • B. TEK rekeys can be load-balanced between two key servers operating in COOP.
  • C. The pseudotime that is used for replay checking is synchronized via NTP.
  • D. Group members must acknowledge all KEK and TEK rekeys, regardless of configuration.
Answer:

A

Discussions

Question 6 Topic 1

Topic 1

Refer to the exhibit. Which two tunnel types produce the show crypto ipsec sa output seen in the exhibit?
(Choose two.)

  • A. crypto map
  • B. DMVPN
  • C. GRE
  • D. FlexVPN
  • E. VTI
Answer:

B E

Discussions

Question 7 Topic 1

Topic 1
Which two changes must be made in order to migrate from DMVPN Phase 2 to Phase 3 when EIGRP is configured?
(Choose two.)

  • A. Add NHRP shortcuts on the hub.
  • B. Add NHRP redirects on the spoke.
  • C. Disable EIGRP next-hop-self on the hub.
  • D. Enable EIGRP next-hop-self on the hub.
  • E. Add NHRP redirects on the hub.
Answer:

C E

Discussions

Question 8 Topic 1

Topic 1

Refer to the exhibit. A customer cannot establish an IKEv2 site-to-site VPN tunnel between two Cisco ASA devices. Based
on the syslog message, which action brings up the VPN tunnel?

  • A. Reduce the maximum SA limit on the local Cisco ASA.
  • B. Increase the maximum in-negotiation SA limit on the local Cisco ASA.
  • C. Remove the maximum SA limit on the remote Cisco ASA.
  • D. Correct the crypto access list on both Cisco ASA devices.
Answer:

B

Discussions

Question 9 Topic 1

Topic 1
Which two parameters help to map a VPN session to a tunnel group without using the tunnel-group list?
(Choose two.)

  • A. group-alias
  • B. certificate map
  • C. optimal gateway selection
  • D. group-url
  • E. AnyConnect client version
Answer:

B D

Discussions

Question 10 Topic 1

Topic 1
Which method dynamically installs the network routes for remote tunnel endpoints?

  • A. policy-based routing
  • B. CEF
  • C. reverse route injection
  • D. route filtering
Answer:

C

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnav/configuration/12-4t/sec-vpnavailability-12-4t-
book/sec-rev-rte-inject.html
Topic 2, Remote access VPNs

Discussions
To page 2