300-730 exam

Which statement about GETVPN is true?A . The configuration that defines which traffic to encrypt originates from the key server.B . TEK rekeys can be load-balanced between two key servers operating in COOP.C . The pseudotime that is used for replay checking is synchronized via NTP.D . Group members must...

What uses an Elliptic Curve key exchange algorithm?A . ECDSAB . ECDHEC . AES-GCMD . SHAView AnswerAnswer: B Explanation: Reference: https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/

Refer to the exhibit. Based on the debug output, which type of mismatch is preventing the VPN from coming up?A . interesting trafficB . lifetimeC . preshared keyD . PFSView AnswerAnswer: A Explanation: The first of the two TS payloads is known as TSi (Traffic Selector- initiator). The second is...

Under which section must a bookmark or URL list be configured on a Cisco ASA to be available for clientless SSLVPN users?A . tunnel-group (general-attributes)B . tunnel-group (webvpn-attributes)C . webvpn (group-policy)D . webvpn (global configuration)View AnswerAnswer: C Explanation: https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/vpn/asa-97-vpn-config/webvpn-configure-policy-groups.html says clearly: In group-policy webvpn configuration mode, you can specify (list...

Refer to the exhibit. Which two commands under the tunnel-group webvpn-attributes result in a Cisco AnyConnect user receiving the AnyConnect prompt in the exhibit? (Choose two.)A . group-url https://172.16.31.10/General enableB . group-policy General internalC . authentication aaaD . authentication certificateE . group-alias General enableView AnswerAnswer: CE Explanation: https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98580-enable-group-dropdown.html

Which two commands help determine why the NHRP registration process is not being completed even after the IPsec tunnel is up? (Choose two.)A . show crypto isakmp saB . show ip trafficC . show crypto ipsec saD . show ip nhrp trafficE . show dmvpn detailView AnswerAnswer: AD Explanation: https://www.cisco.com/c/en/us/support/docs/security/dynamic-multipoint-vpn-dmvpn/111976-dmvpn-troubleshoot-00.html

A second set of traffic selectors is negotiated between two peers using IKEv2. Which IKEv2 packet will contain details of the exchange?A . IKEv2 IKE_SA_INITB . IKEv2 INFORMATIONALC . IKEv2 CREATE_CHILD_SAD . IKEv2 IKE_AUTHView AnswerAnswer: C Explanation: The IKEv2 CREATE_CHILD_SA packet is used to establish a new security association (SA)...

Refer to the exhibit. An engineer is troubleshooting a new GRE over IPsec tunnel. The tunnel is established but the engineer cannot ping from spoke 1 to spoke 2. Which type of traffic is being blocked?A . ESP packets from spoke2 to spoke1B . ISAKMP packets from spoke2 to spoke1C...

Refer to the exhibit. Which type of mismatch is causing the problem with the IPsec VPN tunnel?A . crypto access listB . Phase 1 policyC . transform setD . preshared keyView AnswerAnswer: D Explanation: IKE Message from X.X.X.X Failed its Sanity Check or is Malformed This debug error appears if...

Refer to the exhibit. A site-to-site tunnel between two sites is not coming up. Based on the debugs, what is the cause of this issue?A . An authentication failure occurs on the remote peer.B . A certificate fragmentation issue occurs between both sides.C . UDP 4500 traffic from the peer...