300-730無料問題集「Cisco Implementing Secure Solutions with Virtual Private Networks」

質問 1

What are two functions of ECDH and ECDSA? (Choose two.)

（A）encryption

（B）revocation

（C）nonrepudiation

（D）digital signature

（E）key exchange

正解：D、E 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

A network engineer is implementing a FlexVPN tunnel between two Cisco IOS routers. The FlexVPN tunnels will terminate on encrypted traffic on an interface configured with an IP MTU of
1500, and the company has a security policy to drop fragmented traffic coming into or leaving the network. The tunnel will be used to transfer TFTP data between users and internal servers. When the TFTP traffic is not traversing a VPN, it can have a maximum IP packet size of 1500.
Assuming the encrypted payload will add 90 bytes, which configuration allows TFTP traffic to traverse the FlexVPN tunnel without being dropped?

（A）Set the tunnel tcp adjust-mss to 1460.

（B）Set the tunnel IP MTU to 1400.

（C）Set the tunnel IP MTU to 1500.

（D）Set the tunnel tcp adjust-mss to 1360.

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

Which two features are valid backup options for an IOS FlexVPN client? (Choose two.)

（A）need distractor

（B）tunnel pivot

（C）HSRP stateless failover

（D）reactivate primary peer

（E）DNS-based hub resolution

正解：D、E 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

Which two NHRP functions are specific to DMVPN Phase 3 implementation? (Choose two.)

（A）redirect

（B）resolution reply

（C）registration reply

（D）registration request

（E）resolution request

正解：B、E 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

An engineer has successfully established a Phase 1 and Phase 2 tunnel between two sites. Site A has internal subnet 192.168.0.0/24 and Site B has internal subnet 10.0.0.0/24. The engineer notices that no packets are decrypted at Site B. Pings to 192.168.0.1 from internal Site B devices make it to the Site B router, and the Site A router has incrementing encrypt and decrypt counters.
What must be done to ensure bidirectional communication between both sites?

（A）Allow protocol ESP or AH on the firewall in front of the Site B router.

（B）Modify the routing at Site B so that traffic is sent to Site A.

（C）Enable PFS on the headend device.

（D）Configure the correct DH group on both devices.

正解：A 解答を投票する

質問 6

Refer to the exhibit. An engineer is building an IKEv1 tunnel to a peer Cisco ASA, but the tunnel is failing. Based on the configuration in the exhibit, which action must be taken to allow the VPN tunnel to come up?

（A）Change the transform set mode to transport.

（B）Enable IKEv1 on the outside interface.

（C）Add a route for the 10.7.7.0/24 network to egress the outside interface.

（D）Change the IKEv1 policy number to be at least 256.

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

Refer to the exhibit. Which component must be configured on routers for a GETVPN deployment work properly?

（A）R1: Key Server - Customer 1 CEs: Group Members

（B）Customer 1 CE1: Key Server - R1 and Customer 1 CE2: Group Members

（C）PE3: Key Server - all CEs: Group Members

（D）PE3: Key Server - Customer 2 CEs: Group Members

正解：D 解答を投票する

質問 8

Which command must be configured on the tunnel interface of a FlexVPN spoke to receive a dynamic IP address from the hub?

（A）ip unnumbered

（B）ip address dhcp

（C）ip address negotiated

（D）ip address pool

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

On an ASA with multiple connection profiles for different departments, what is the best design to ensure that AnyConnect users are assigned the correct connection profile based on their department and do not have the ability to choose a different connection profile?

（A）group URL

（B）group alias

（C）certificate mapping

（D）dynamic access policy

正解：A 解答を投票する

質問 10

A network engineer must configure the Cisco ASA so that Cisco AnyConnect clients establishing an SSL VPN connection create an additional tunnel for real-time traffic that is sensitive to packet delays. If this additional tunnel experiences any issues, it must fall back to a TLS connection.
Which two Cisco AnyConnect features must be configured to accomplish this task? (Choose two.)

（A）SSL Rekey

（B）DPD

（C）DSCP Preservation

（D）DTLS

（E）OMTU

正解：B、D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 11

A network administrator is setting up a Cisco ASA to authenticate clientless SSLVPN users using an internal Microsoft Active Directory server. When the configuration is complete and the administrator attempts to connect to the clientless SSLVPN, authentication fails. Which action resolves the issue?

（A）Add the user account the administrator is attempting to log in with to the database.

（B）The administrator must use the correct password for the user account they are attempting to log in with.

（C）Correct the login distinguished name or login password under the aaa-server configuration.

（D）Configure the ASA to connect to the LDAP port being listened to on the Microsoft Active Directory server.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 12

A clientless SSLVPN solution is built for 10 employees on a newly installed Cisco ASA. After a couple of days in production, it has been observed that only the first two users to log in each day are able to connect successfully. The remaining users encounter the message "Login failed".
Which action resolves the issue?

（A）Verify that the users that cannot log in are in the correct AD group with VPN permissions.

（B）Increase the number or IP addresses available in the VPN pool.

（C）Allocate additional Cisco AnyConnect Premium licenses to the ASA.

（D）Increase the vpn-simultaneous-logins parameter to a value of more than 2.

正解：C 解答を投票する

300-730 無料問題集「Cisco Implementing Secure Solutions with Virtual Private Networks」

弊社を連絡する

関連リンク

トップ試験