問題 #136 Refer to the exhibit. Which type of mismatch is causing the problem with the IPsec VPN tunnel?
A. preshared key
B. crypto access list
C. Phase 1 policy
D. transform set
答案:A 問題 #137 Refer to the exhibit. A site-to-site tunnel between two sites is not coming up. Based on the debugs, what is the cause of this issue?
A. UDP 4500 traffic from the peer does not reach the router.
B. An authentication failure occurs on the remote peer.
C. An authentication failure occurs on the router.
D. A certificate fragmentation issue occurs between both sides.
答案:A
解題說明: Section: Troubleshooting using ASDM and CLI 問題 #138 A network engineer is configuring a server. The router will terminate encrypted VPN connections on g0/0, which is in the VRF "Internet". The clear-text traffic that must be encrypted before being sent out traverses g0/1, which is in the VRF "Internal". Which two VRF-specific configurations allow VPN traffic to traverse the VRF-aware interfaces? (Choose two.)
A. Under the IKEv2 profile, add the ivrf Internal command.
B. Under the virtual-template interface, add the ip vrf forwarding Internet command.
C. Under the IKEv2 profile, add the match fvrf Internal command.
D. Under the virtual-template interface, add the tunnel vrf Internet command.
E. Under the IKEv2 profile, add the match fvrf Internet command.
答案:B,E 問題 #139 A Cisco ASA is configured in active/standby mode. What is needed to ensure that Cisco AnyConnect users can connect after a failover event?
A. Configure a backup server in the XML profile.
B. AnyConnect client must point to the standby IP address.
C. AnyConnect images must be uploaded to both failover ASA devices.
D. The vpnsession-db must be cleared manually.
答案:C
解題說明: Section: Secure Communications Architectures Explanation/Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa90cliconfig/ haactive_standby.html 問題 #140 A router is being configured for IKEv2 AnyConnect using AnyConnect-EAP. How would the administrator separate profiles for administrators and employees so that authorization differs when they connect?
A. Create a certificate map and match on the appropriate certificate fields
B. Define group aliases on the headend and have the user pick the appropriate alias when they connect
C. Define group-urls on the headend and create two XML profiles to match the administrator and user group urls
D. Define key-ids on the headend and create two XML profiles to match the administrator and user key-ids.
答案:B
解題說明: When configuring IKEv2 AnyConnect using AnyConnect-EAP, the administrator can define group aliases on the headend and have the user pick the appropriate alias when they connect. This allows the administrator to separate profiles for administrators and employees so that authorization differs when they connect. 問題 #141 ......
只要你需要考試,我們就可以隨時更新Cisco 300-730認證考試的培訓資料來滿足你的考試需求。PDFExamDumps的培訓資料包含Cisco 300-730考試的練習題和答案,能100%確保你通過Cisco 300-730考試。有了我們為你提供的培訓資料,你可以為你參加考試做更好的準備,而且我們還會為你提供一年的免費的更新服務。
300-730考試心得: https://www.pdfexamdumps.com/300-730_valid-braindumps.html