Curious about Actual Cisco CCNP (300-730) Exam Questions?

Here are sample Cisco Implementing Secure Solutions with Virtual Private Networks (300-730) Exam questions from real exam. You can get more Cisco CCNP (300-730) Exam premium practice questions at TestInsights.

Page: 1 /
Total 175 questions

Want more questions? Get Premium Access.

Question 1

An administrator is setting up Cisco AnyConnect on a Cisco ASA with the requirement that AnyConnect automatically establishes a VPN when a company-owned laptop is connected to the internet outside of the corporate network. Which configuration meets these requirements?

ASBL with user certificate authentication

BTND with machine certificate authentication

CSBL with machine certificate authentication

DTND with user certificate authentication

Correct : B

Trusted Network Detection (TND) gives you the ability to have AnyConnect automatically disconnect a VPN connection when the user is inside the corporate network (the trusted network) and start the VPN connection when the user is outside the corporate network (the untrusted network). https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect41/administration/guide/b_AnyConnect_Administrator_Guide_4-1/configure-vpn.html#id_100236

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

ASBL with user certificate authentication

BTND with machine certificate authentication

CSBL with machine certificate authentication

DTND with user certificate authentication

0 / 1500

Question 2

Which command must be configured on the tunnel interface of a FlexVPN spoke to receive a dynamic IP address from the hub?

Aip address negotiated

Bip unnumbered

Cip address dhcp

Dip address pool

Correct : A

https://integratingit.wordpress.com/2018/03/31/configuring-flexvpn-external-aaa-with-radius/

interface Tunnel0

ip address negotiated

tunnel source GigabitEthernet1

tunnel mode ipsec ipv4

tunnel destination 1.1.1.5

tunnel protection ipsec profile IPSEC_PROFILE

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

Aip address negotiated

Bip unnumbered

Cip address dhcp

Dip address pool

0 / 1500

Question 3

An engineer is implementing the FlexVPN solution on a Cisco IOS router. The router must only terminate VPN requests and must not initiate them. Additionally, the interface must support VPNs from other routers and Cisco AnyConnect connections. Which interface type must be configured to meet these requirements?

Apoint-to-point GRE tunnel interface

Bmultipoint GRE tunnel interface

Cstatic virtual tunnel interface

Dvirtual template interface

Correct : D

The correct interface type to meet these requirements is the virtual template interface. This interface allows for the creation of multiple virtual access interfaces, which can be used for various types of remote access VPN connections, including site-to-site and AnyConnect VPNs. The virtual template interface can be configured to terminate VPN requests from other routers and allow for dynamic creation of VPN sessions, while also supporting AnyConnect VPN connections.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

Apoint-to-point GRE tunnel interface

Bmultipoint GRE tunnel interface

Cstatic virtual tunnel interface

Dvirtual template interface

0 / 1500

Question 4

Refer to the exhibit.

A network administrator is setting up a phone VPN on a Cisco AS

AThe phone cannot connect and the error is presented in a debug on the Cisco ASA. Which action fixes this issue?

AEnable web-deploy of the posture module so that the module can be downloaded from the Cisco ASA to an IP phone.

BConfigure the Cisco ASA to present an RSA certificate to the phone for authentication.

CDisable Cisco Secure Desktop under the connection profile VPNPhone.

DInstall the posture module on the Cisco ASA.

Correct : C

CSD and IP phones: Currently, IP phones do not support Cisco Secure Desktop (CSD) and do not connect when CSD is enabled for the tunnel group or globally in the ASA.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AThe phone cannot connect and the error is presented in a debug on the Cisco ASA. Which action fixes this issue?

AEnable web-deploy of the posture module so that the module can be downloaded from the Cisco ASA to an IP phone.

BConfigure the Cisco ASA to present an RSA certificate to the phone for authentication.

CDisable Cisco Secure Desktop under the connection profile VPNPhone.

DInstall the posture module on the Cisco ASA.

0 / 1500

Question 5

A network administrator wants to block traffic to a known malware site at https:/www.badsite.com and all subdomains while ensuring no packets from any internal client are sent to that site. Which type of policy must the network administrator use to accomplish this goal?

AAccess Control policy with URL filtering

BPrefilter policy

CDNS policy

DSSL policy
B) Prefilter policy is a type of policy that allows you to perform fast actions on traffic before it reaches the Access Control policy. You can use prefilter rules to drop, fastpath, or trust traffic based on simple criteria, such as IP addresses or ports. However, prefilter rules do not support URL filtering, so you cannot use them to block traffic based on the website domain3.
C) DNS policy is a type of policy that allows you to inspect and modify DNS requests and responses on your network. You can use DNS rules to block, monitor, or sinkhole DNS queries based on the requested domain name or the response IP address. However, DNS policy does not prevent packets from being sent to the malicious site; it only prevents the DNS resolution of the domain name. A client could still access the site if they know the IP address or use an alternative DNS server.
D) SSL policy is a type of policy that allows you to decrypt and inspect encrypted traffic on your network. You can use SSL rules to determine which traffic to decrypt based on various criteria, such as certificate attributes, cipher suites, or URL categories. However, SSL policy does not block traffic; it only decrypts it for further inspection by other policies.

Correct : A

The correct answer is A. Access Control policy with URL filtering. An Access Control policy is a type of policy that allows you to control how traffic is handled on your network based on various criteria, such as source and destination IP addresses, ports, protocols, applications, users, and URLs. URL filtering is a feature that enables you to block or allow traffic based on the URL category or reputation of the website. You can create custom URL objects to specify the exact URLs or domains that you want to block or allow. For example, you can create a URL object for https:/www.badsite.com and set it to block. This will prevent any traffic from reaching that site and any subdomains under it12.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AAccess Control policy with URL filtering

BPrefilter policy

CDNS policy

0 / 1500

Page: 1 / 35
Total 175 questions

Unlock Full
300-730 Exam Features

In Just $49 You can Access

All Official Question Types
Interactive Web-Based Practice Test Software
No Installation or 3rd Party Software Required
Customize your practice sessions (Free Demo)
24/7 Customer Support

Get Full Access Now

Marked Questions
300-730 Exam

300-730 Exam Question 1
300-730 Exam Question 2
300-730 Exam Question 3
300-730 Exam Question 4
300-730 Exam Question 5

Download PDF File Demo

Try Web-Based Exam Practice Software Demo

Commenting

In order to participate in the comments you need to be logged-in.
You can sign-up or login