Cisco (300-730-SVPN) Exam Questions And Answers page 8
Under which section must a bookmark or URL list be configured on a Cisco ASA to be available for clientless SSLVPN users?
tunnel-group (webvpn-attributes)
webvpn (group-policy)
webvpn (global configuration)
Architecture and Design
Implement and Troubleshoot Secure Communications
In order to enable FlexVPN to use a AAA attribute list, which two tasks must be performed? (Choose two.)
Define the RADIUS server.
Verify that clients are using the correct authorization policy.
Define the AAA server.
Assign the list to an authorization policy.
Set the maximum segment size.
Implement and Troubleshoot Secure Communications
Secure Communications Architectures and Solutions
Refer to the exhibit. An SSL client is connecting to an ASA headend. The session fails with the message Connection attempt has timed out. Please verify Internet connectivity. Based on how the packet is processed, which phase is causing the failure?
phase 9: rpf-check
phase 5: NAT
phase 4: ACCESS-LIST
phase 3: UN-NAT
Implement and Troubleshoot Secure Communications
Secure Communications Architectures and Solutions
Which parameter is initially used to elect the primary key server from a group of key servers?
code version
highest IP address
highest-priority value
lowest IP address
Implement and Troubleshoot Secure Communications
Secure Communications Architectures and Solutions
Refer to the exhibit. A network engineer is reconfiguring clientless SSLVPN during a maintenance window, and after testing the new configuration, is unable to establish the connection. What must be done to remediate this problem?
Enable client services on the outside interface.
Enable clientless protocol under the group policy.
Enable DTLS under the group policy.
Enable auto sign-on for the user s IP address.
Implement and Troubleshoot Secure Communications
Secure Communications Architectures and Solutions
A network engineer must design a remote access solution to allow contractors to access internal servers. These contractors do not have permissions to install applications on their computers. Which VPN solution should be used in this design?
IKEv2 AnyConnect
Clientless
Port forwarding
SSL AnyConnect
Secure Solutions with Virtual Private Networks
Implement and Troubleshoot Secure Communications
What Are Two Valid Backup Options for an IOS FlexVPN Client?
Multiple Choice
Which two features are valid backup options for an IOS FlexVPN client? (Choose two.)
HSRP stateless failover
DNS-based hub resolution
reactivate primary peer
tunnel pivot
need distractor
Architecture and Design
Implement and Troubleshoot Secure Communications
An administrator is setting up AnyConnect for the first time for a few users. Currently, the router does not have access to a RADIUS server. Which AnyConnect protocol must be used to allow users to authenticate?
EAP-GTC
EAP-MSCHAPv2
EAP-MD5
EAP-AnyConnect
Implement and Troubleshoot Secure Communications
Infrastructure Security
An engineer is configuring clientless SSL VPN. The finance department has a database server that only they should access, but the sales department can currently access it. The finance and the sales departments are configured as separate group-policies. What must be added to the configuration to make sure the users in the sales department cannot access the finance department server?
tunnel group lock
smart tunnel
port forwarding
webtype ACL
Architecture and Design
Implement and Troubleshoot Secure Communications
Refer to the exhibit. A site-to-site tunnel between two sites is not coming up. Based on the debugs, what is the cause of this issue?
An authentication failure occurs on the remote peer.
A certificate fragmentation issue occurs between both sides.
UDP 4500 traffic from the peer does not reach the router.
An authentication failure occurs on the router.
Implement and Troubleshoot Secure Communications
Secure Communications Architectures and Solutions
Comments