Free 300-730 Questions Attempt

Page: 4 / 12

Question 16

When troubleshooting FlexVPN spoke-to-spoke tunnels, what should be verified first?

Options:

NHRP redirect is enabled on the hub.

The spokes have sent a resolution request.

NHRP cache entries exist on the spoke.

NHO routes exist on the spokes.

Question 17

An engineer is building an IKEv1 tunnel to a peer Cisco ASA, but the tunnel is failing. Based on the configuration in the exhibit, which action must be taken to allow the VPN tunnel to come up?

Options:

Add a route for the 10.7.7.0/24 network to egress the outside interface.

Enable IKEv1 on the outside interface.

Change the IKEv1 policy number to be at least 256.

Change the transform set mode to transport.

Question 18

A network engineer is setting up Cisco AnyConnect 4.9 on a Cisco ASA running ASA software 9.1. Cisco AnyConnect must connect to the Cisco ASA before the user logs on so that login scripts can work successfully. In addition, the VPN must connect without user intervention. Which two key steps accomplish this task? (Choose two.)

Options:

Create a Network Access Manager profile with a client policy set to connect before user logon.

Create a Cisco AnyConnect VPN profile with Start Before Logon set to true.

Issue an identity certificate to the trusted root CA folder in the machine store.

Create a Cisco AnyConnect VPN profile with Always On set to true.

Create a Cisco Anyconnect VPN Management Tunnel profile.

Question 19

A DMVPN spoke is configured with IKEv1 to secure the tunnel. Despite having a configuration similar to other working spokes, the tunnel is not coming up. Packet captures on the spoke show packets leaving the spoke router, but not making it to the hub router. Which solution resolves this issue?