Cisco 300-730試験情報と無料練習テスト問題で合格せよ [Q58-Q81]

Share

Cisco 300-730試験情報と無料練習テスト問題で合格せよ

2024年最新のの問題300-730問題集で更新されたCisco試験問題集を試そう


試験はVPN技術、セキュア通信、エンドポイントセキュリティ、およびネットワークセキュリティを含む広範なトピックをカバーしています。候補者は、Cisco VPNソリューションの構成、トラブルシューティング、および管理能力、セキュリティポリシー、プロトコル、およびベストプラクティスの理解に関してテストされます。試験は60〜70の多肢選択問題で構成され、90分以内に完了する必要があります。


シスコ300-730試験は、仮想プライベートネットワーク(SVPN)を使用したセキュアソリューションの実装に関する知識とスキルを試験する、ネットワークセキュリティエンジニアの認定試験です。この試験は、シスコ認定スペシャリスト-セキュリティVPN実装認定を取得するための要件の1つです。この試験では、VPN技術、VPN構成、リモートアクセスVPN、サイト間VPN、およびVPNのトラブルシューティングなど、幅広いトピックがカバーされます。

 

質問 # 58
What is a requirement for smart tunnels to function properly?

  • A. Stateful failover must not be configured.
  • B. Applications must be UDP.
  • C. The user on the client machine must have admin access.
  • D. Java or ActiveX must be enabled on the client machine.

正解:D


質問 # 59
Over the weekend, an administrator upgraded the Cisco ASA image on the firewalls and noticed that users cannot connect to the headquarters site using Cisco AnyConnect. What is the solution for this issue?

  • A. Upgrade the Cisco AnyConnect Network Access module to be compatible with the Cisco ASA software image.
  • B. Upgrade the Cisco AnyConnect client driver to be compatible with the Cisco ASA software image.
  • C. Upgrade the Cisco AnyConnect client version to be compatible with the Cisco ASA software image.
  • D. Upgrade the Cisco AnyConnect Start Before Logon module to be compatible with the Cisco ASA software image.

正解:C

解説:
https://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asa-vpn-compatibility.html#Cisco_Reference.dita_60cec583-01b8-4cb2-a6e3-2fe87a6b0f82


質問 # 60
Refer to the exhibit.

Based on the configuration output, what is the VPN technology?

  • A. site-to-site
  • B. DMVPN
  • C. L2VPN
  • D. multicast VPN

正解:C


質問 # 61
Refer to the exhibit.

Which type of VPN implementation is displayed?

  • A. IKEv2 load balancer
  • B. IKEv1 cluster
  • C. IKEv2 reconnect
  • D. IKEv2 backup gateway

正解:A

解説:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/xe-16-10/sec-flex-vpn-xe-16-10-book/sec-cfg-clb-supp.html


質問 # 62
An engineer is requesting an SSL certificate for a VPN load-balancing cluster in which two Cisco ASAs provide clientless SSLVPN access. The FQDN that users will enter to access the clientless VPN is asa.example.com, and users will be redirected to either asa1.example.com or asa2.example.com. The cluster FQDN and individual Cisco ASAs FQDNs resolve to IP addresses 192.168.0.1, 192.168.0.2, and 192.168.0.3 respectively. The issued certificate must be able to be used to validate the identity of either ASA in the cluster without returning any certificate validation errors. Which fields must be included in the certificate to meet these requirements?

  • A. CN=asa.example.com, SAN=asa.example.com, asa1.example.com, asa2.example.com
  • B. CN=192.168.0.1, SAN=asa1.example.com, asa2.example.com
  • C. CN=*.example.com, SAN=asa.example.com
  • D. CN=192.168.0.1, SAN=192.168.0.1, 192.168.0.2, 192.168.0.3

正解:A

解説:
https://integratingit.wordpress.com/2020/03/14/asa-vpn-load-balancing/


質問 # 63
A network engineer must implement an SSLVPN Cisco AnyConnect solution that supports 500 concurrent users, ensures all traffic from the client passes through the ASA, and allows users to access all devices on the inside interface subnet (192.168.0.0/24). Assuming all other configuration is set up appropriately, which configuration implements this solution?

  • A. Option B
  • B. Option C
  • C. Option A
  • D. Option D

正解:C

解説:
"ensures all traffic from the client passes through the ASA" that is one of the requirements. Meaning all traffic should pass through the tunnel, I know they mention 192.168.0.0 network but that is just to confuse.


質問 # 64
When a FlexVPN is configured, which two components must be configured for IKEv2? (Choose two.)

  • A. preference
  • B. persistence
  • C. method
  • D. profile
  • E. proposal

正解:D、E

解説:
https://www.cisco.com/c/en/us/support/security/flexvpn/products-configuration-examples-list.html


質問 # 65
A user is experiencing delays on audio calls over a Cisco AnyConnect VPN. Which implementation step resolves this issue?

  • A. Install the Cisco AnyConnect 2.3 client for the user to download.
  • B. Change to 3DES Encryption.
  • C. Enable DTLS.
  • D. Shorten the encryption key lifetime.

正解:C


質問 # 66
Which two changes must be made in order to migrate from DMVPN Phase 2 to Phase 3 when EIGRP is configured? (Choose two.)

  • A. Add NHRP redirects on the spoke.
  • B. Add NHRP redirects on the hub.
  • C. Disable EIGRP next-hop-self on the hub.
  • D. Add NHRP shortcuts on the hub.
  • E. Enable EIGRP next-hop-self on the hub.

正解:B、E

解説:
DMVPN disables the EIRGP next-hop-self with "no ip next-hop-self eigrp xxx" in DMVPN phase 2, and to go from Phase 2 to 3 you need use the NHRP protocol, and again enable EIRGP next-hop-self with "ip next-hop-self eigrp 134" under the tunnel interface https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/15-mt/sec-conn-dmvpn-15-mt-book/sec-conn-dmvpn-dmvpn.html#GUID-BF561439-BCC0-4AAF-80D9-1F7876CB7B81


質問 # 67
Refer to the exhibit.

Which type of mismatch is causing the problem with the IPsec VPN tunnel?

  • A. transform set
  • B. Phase 1 policy
  • C. preshared key
  • D. crypto access list

正解:C

解説:
Reference:
https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409- ipsec-debug-00.html#ike


質問 # 68
An engineer is using DMVPN to provide secure connectivity between a data center and remote sites. Which two routing protocols should be used between the routers? (Choose two.)

  • A. IS-IS
  • B. RIPv2
  • C. OSPF
  • D. EIGRP
  • E. BGP

正解:D、E


質問 # 69
A Cisco AnyConnect client establishes a SSL VPN connection with an ASA at the corporate office. An engineer must ensure that the client computer meets the enterprise security policy. Which feature can update the client to meet an enterprise security policy?

  • A. Advanced Endpoint Assessment
  • B. Endpoint Assessment
  • C. Basic Host Scan
  • D. Cisco Secure Desktop

正解:A

解説:
"If the end user disables antivirus or personal firewall after successfully establishing the VPN connection, our Advanced Endpoint Assessment feature attempts to re-enable that application within approximately 60 seconds." https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guide/b_AnyConnect_Administrator_Guide_4-0/configure-posture.html#ID-1407-00000047


質問 # 70
An engineer has configured Cisco AnyConnect VPN using IKEv2 on a Cisco IOS router. The user cannot connect in the Cisco AnyConnect client, but receives an alert message "Use a browser to gain access." Which action does the engineer take to resolve this issue?

  • A. Connect using HTTPS.
  • B. Disable the HTTP server.
  • C. Reset user login credentials.
  • D. Correct the URL address.

正解:B

解説:
https://www.cisco.com/c/en/us/support/docs/security/flexvpn/115755-flexvpn-ike-eap-00.html


質問 # 71
Refer to the exhibit.

The customer can establish a Cisco AnyConnect connection without using an XML profile. When the host "ikev2" is selected in the AnyConnect drop down, the connection fails. What is the cause of this issue?

  • A. The IP address is incorrect.
  • B. UserGroup must match connection profile.
  • C. Primary protocol should be SSL.
  • D. The HostName is incorrect.

正解:B


質問 # 72
In a FlexVPN deployment, the spokes successfully connect to the hub, but spoke-to-spoke tunnels do not form. Which troubleshooting step solves the issue?

  • A. Verify the hub configuration to check if the NHRP shortcut is enabled.
  • B. Verify that the spoke receives redirect messages and sends resolution requests.
  • C. Verify the spoke configuration to check if the NHRP redirect is enabled.
  • D. Verify that the tunnel interface is contained within a VRF.

正解:B

解説:
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/15-mt/sec-conn- dmvpn-15-mt-book/sec-conn-dmvpn-summ-maps.pdf


質問 # 73
Under which section must a bookmark or URL list be configured on a Cisco ASA to be available for clientless SSLVPN users?

  • A. tunnel-group (webvpn-attributes)
  • B. webvpn (group-policy)
  • C. webvpn (global configuration)
  • D. tunnel-group (general-attributes)

正解:C

解説:
Section: Remote access VPNs


質問 # 74
A router is being configured for IKEv2 AnyConnect using AnyConnect-EAP. How would the administrator separate profiles for administrators and employees so that authorization differs when they connect?

  • A. Create a certificate map and match on the appropriate certificate fields
  • B. Define group-urls on the headend and create two XML profiles to match the administrator and user group urls
  • C. Define group aliases on the headend and have the user pick the appropriate alias when they connect
  • D. Define key-ids on the headend and create two XML profiles to match the administrator and user key-ids.

正解:B

解説:
According to the document Configure FlexVPN: AnyConnect IKEv2 Remote Access with Local User Database, one way to separate profiles for administrators and employees is to use group-urls on the headend and create two XML profiles to match the administrator and user group urls. This allows the headend to assign different group-policies and tunnel-groups based on the group-url that the user connects to. For example:
webvpn enable outside anyconnect image disk0:/anyconnect-win-4.6.03049-webdeploy-k9.pkg 1 anyconnect enable tunnel-group-list enable group-policy Admin internal group-policy Admin attributes vpn-tunnel-protocol ikev2 ssl-client address-pools value AdminPool group-policy User internal group-policy User attributes vpn-tunnel-protocol ikev2 ssl-client address-pools value UserPool tunnel-group Admin type remote-access tunnel-group Admin general-attributes default-group-policy Admin tunnel-group Admin webvpn-attributes group-url https://10.0.0.1/Admin enable tunnel-group User type remote-access tunnel-group User general-attributes default-group-policy User tunnel-group User webvpn-attributes group-url https://10.0.0.1/User enable The XML profiles can be created with the AnyConnect Profile Editor and uploaded to the headend. The profile for administrators should have the server list entry as:
<ServerList> <HostEntry> <HostName>Admin</HostName> <HostAddress>10.0.0.1</HostAddress> <PrimaryProtocol>IPsec</PrimaryProtocol> <UserGroup>Admin</UserGroup> </HostEntry> </ServerList> The profile for users should have the server list entry as:
<ServerList> <HostEntry> <HostName>User</HostName> <HostAddress>10.0.0.1</HostAddress> <PrimaryProtocol>IPsec</PrimaryProtocol> <UserGroup>User</UserGroup> </HostEntry> </ServerList> This way, when the user connects to the headend, they can choose either Admin or User from the drop-down list and get the appropriate authorization based on their group-url.


質問 # 75
Which command automatically initiates a smart tunnel when a user logs in to the WebVPN portal page?

  • A. auto-upgrade
  • B. auto-start
  • C. auto-connect
  • D. auto-run

正解:B

解説:
Section: Remote access VPNs
Explanation/Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/vpn/ asa_91_vpn_config/webvpn-configure-policy-group.html


質問 # 76
Over the weekend, an administrator upgraded the Cisco ASA image on the firewalls and noticed that users cannot connect to the headquarters site using Cisco AnyConnect. What is the solution for this issue?

  • A. Upgrade the Cisco AnyConnect client driver to be compatible with the Cisco ASA software image.
  • B. Upgrade the Cisco AnyConnect Start Before Logon module to be compatible with the Cisco ASA software image.
  • C. Upgrade the Cisco AnyConnect client version to be compatible with the Cisco ASA software image.
  • D. Upgrade the Cisco AnyConnect Network Access module to be compatible with the Cisco ASA software image.

正解:D


質問 # 77
Refer to the exhibit.

An SSL client is connecting to an ASA headend. The session fails with the message "Connection attempt has timed out. Please verify Internet connectivity." Based on how the packet is processed, which phase is causing the failure?

  • A. phase 4: ACCESS-LIST
  • B. phase 5: NAT
  • C. phase 9: rpf-check
  • D. phase 3: UN-NAT

正解:D


質問 # 78
A Cisco AnyConnect client establishes a SSL VPN connection with an ASA at the corporate office. An engineer must ensure that the client computer meets the enterprise security policy. Which feature can update the client to meet an enterprise security policy?

  • A. Advanced Endpoint Assessment
  • B. Endpoint Assessment
  • C. Basic Host Scan
  • D. Cisco Secure Desktop

正解:A

解説:
Section: Remote access VPNs


質問 # 79
A network engineer must configure the Cisco ASA so that Cisco AnyConnect clients establishing an SSL VPN connection create an additional tunnel for real-time traffic that is sensitive to packet delays. If this additional tunnel experiences any issues, it must fall back to a TLS connection. Which two Cisco AnyConnect features must be configured to accomplish this task? (Choose two.)

  • A. DTLS
  • B. DSCP Preservation
  • C. DPD
  • D. SSL Rekey
  • E. OMTU

正解:A、C

解説:
https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/vpn/asa-96-vpn-config/vpn-anyconnect.html Configure Dead Peer Detection Dead Peer Detection (DPD) ensures that the ASA (gateway) or the client can quickly detect a condition where the peer is not responding, and the connection has failed. To enable dead peer detection (DPD) and set the frequency with which either the AnyConnect client or the ASA gateway performs DPD, do the following: Before you begin This feature applies to connectivity between the ASA gateway and the AnyConnect SSL VPN Client only. It does not work with IPsec since DPD is based on the standards implementation that does not allow padding, and CLientless SSL VPN is not supported. If you enable DTLS, enable Dead Peer Detection (DPD) also. DPD enables a failed DTLS connection to fallback to TLS. Otherwise, the connection terminates.


質問 # 80
Refer to the exhibit.

The VPN tunnel between the FlexVPN spoke and FlexVPN hub 192.168.0.12 is failing. What should be done to correct this issue?

  • A. Add the match fvrf any command to the IKEv2 policy.
  • B. Add the address 192.168.0.12 255.255.255.255 command to the keyring configuration.
  • C. Add the tunnel mode gre ip command to the tunnel configuration.
  • D. Add the aaa authorization group psk list Flex_AAA Flex_Auth command to the IKEv2 profile configuration.

正解:D


質問 # 81
......

最新の300-730試験問題集でCisco試験が合格できます:https://jp.fast2test.com/300-730-premium-file.html

合格できるCisco 300-730のPDF問題集で最近更新された177問あります:https://drive.google.com/open?id=18_bzoqBYIMyzdnElLtA8hUcmkr8z-XFT


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어