Get ready to pass the 300-730 Exam right now using our CCNP Security Exam Package
A fully updated 2021 300-730 Exam Dumps exam guide from training expert TorrentValid
NEW QUESTION 38
Refer to the exhibit.
Which value must be configured in the User Group field when the Cisco AnyConnect Profile is created to connect to an ASA headend with IPsec as the primary protocol?
- A. tunnel-group
- B. group-alias
- C. group-policy
- D. address-pool
Answer: A
NEW QUESTION 39
After a user configures a connection profile with a bookmark list and tests the clientless SSLVPN connection, all of the bookmarks are grayed out. What must be done to correct this behavior?
- A. Specify the correct port for the web server under the bookmark.
- B. Verify HTTP/HTTPS connectivity between the Cisco ASA and the web server.
- C. Configure a DNS server on the Cisco ASA and verify it has a record for the web server.
- D. Apply the bookmark to the correct group policy.
Answer: C
NEW QUESTION 40
Which parameter is initially used to elect the primary key server from a group of key servers?
- A. code version
- B. highest IP address
- C. highest-priority value
- D. lowest IP address
Answer: C
NEW QUESTION 41
Under which section must a bookmark or URL list be configured on a Cisco ASA to be available for clientless SSLVPN users?
- A. tunnel-group (webvpn-attributes)
- B. webvpn (group-policy)
- C. tunnel-group (general-attributes)
- D. webvpn (global configuration)
Answer: D
NEW QUESTION 42 
Refer to the exhibit. Based on the exhibit, why are users unable to access CCNP Webserver bookmark?
- A. The user cannot access the URL.
- B. The ASA cannot resolve the URL.
- C. The bookmark has been disabled.
- D. The URL is being blocked by a WebACL.
Answer: C
Explanation:
Section: Remote access VPNs
NEW QUESTION 43
Which redundancy protocol must be implemented for IPsec stateless failover to work?
- A. SSO
- B. HSRP
- C. GLBP
- D. VRRP
Answer: B
Explanation:
Section: Secure Communications Architectures
Explanation/Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike- protocols/17826-ipsec-feat.html
NEW QUESTION 44
Cisco AnyConnect clients need to transfer large files over the VPN sessions. Which protocol provides the best throughput?
- A. SSL/TLS
- B. IPsec IKEv1
- C. L2TP
- D. DTLS
Answer: D
Explanation:
Section: Secure Communications Architectures
NEW QUESTION 45
Refer to the exhibit.
Based on the debug output, which type of mismatch is preventing the VPN from coming up?
- A. interesting traffic
- B. preshared key
- C. lifetime
- D. PFS
Answer: C
Explanation:
If the responder's policy does not allow it to accept any part of the proposed Traffic Selectors, it responds with a TS_UNACCEPTABLE Notify message.
NEW QUESTION 46
A company's remote locations connect to the data centers via MPLS. A new request requires that unicast and multicast traffic that exits in the remote locations be encrypted. Which non-tunneled technology should be used to satisfy this requirement?
- A. SSL
- B. FlexVPN
- C. GETVPN
- D. DMVPN
Answer: C
NEW QUESTION 47
Which requirement is needed to use local authentication for Cisco AnyConnect Secure Mobility Clients that connect to a FlexVPN server?
- A. use of certificates instead of username and password
- B. AnyConnect profile
- C. EAP query-identity
- D. EAP-AnyConnect
Answer: B
Explanation:
Section: Remote access VPNs
Explanation
Explanation/Reference: https://www.cisco.com/c/en/us/support/docs/security/flexvpn/200555-FlexVPN-AnyConnect-IKEv2- Remote-Access.html
NEW QUESTION 48
On a FlexVPN hub-and-spoke topology where spoke-to-spoke tunnels are not allowed, which command is needed for the hub to be able to terminate FlexVPN tunnels?
- A. interface virtual-template
- B. ip nhrp redirect
- C. interface tunnel
- D. interface virtual-access
Answer: A
NEW QUESTION 49
What are two purposes of the key server in Cisco IOS GETVPN? (Choose two.)
- A. to authenticate group members
- B. to download encryption keys
- C. to encrypt data traffic
- D. to maintain encryption policies
- E. to distribute routing information
Answer: A,D
NEW QUESTION 50
Which parameter is initially used to elect the primary key server from a group of key servers?
- A. code version
- B. highest IP address
- C. highest-priority value
- D. lowest IP address
Answer: C
Explanation:
Section: Secure Communications Architectures
Explanation/Reference: https://www.cisco.com/c/en/us/products/collateral/security/group-encrypted-transport-vpn/ deployment_guide_c07_554713.html
NEW QUESTION 51
Refer to the exhibit.
Which VPN technology is used in the exhibit?
- A. VTI
- B. DVTI
- C. DMVPN
- D. GRE
Answer: A
Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/zZ-Archive/ IPsec_Virtual_Tunnel_Interface.html#GUID-EB8C433B-2394-42B9-997F-B40803E58A91
NEW QUESTION 52
Refer to the exhibit.
Which type of Cisco VPN is shown for group Cisc012345678?
- A. GETVPN
- B. Clientless SSLVPN
- C. Cisco AnyConnect Client VPN
- D. DMVPN
Answer: C
NEW QUESTION 53
Which VPN does VPN load balancing on the ASA support?
- A. Cisco AnyConnect
- B. L2TP over IPsec
- C. IPsec site-to-site tunnels
- D. VTI
Answer: A
Explanation:
Section: Secure Communications Architectures
NEW QUESTION 54
......
Master 2021 Latest The Questions CCNP Security and Pass 300-730 Real Exam!: https://www.torrentvalid.com/300-730-valid-braindumps-torrent.html
Practice To 300-730 - TorrentValid Remarkable Practice On your Implementing Secure Solutions with Virtual Private Networks Exam: https://drive.google.com/open?id=1FfCsGOtyY2OMbxC_tqefAZKyc_dwnUfU