Vce 300-730 Questions Latest

Page: 5 / 12

Question 20

Users are getting untrusted server warnings when they connect to the URL from their browsers. This URL resolves to 192.168.10.10, which is the IP address for a Cisco ASA configured for a clientless VPN. The VPN was recently set up and issued a certificate from an internal CA server. Users can connect to the VPN by ignoring the message, however, when users access other webservers that use certificates issued by the same internal CA server, they do not experience this issue. Which action resolves this issue?

Options:

Import the CA that signed the certificate into the machine trusted root CA store.

Reissue the certificate with asa.lab in the subject alternative name field.

Import the CA that signed the certificate into the user trusted root CA store.

Reissue the certificate with 192.168.10.10 in the subject common name field.

Question 21

Refer to the exhibit.

A Cisco ASA is configured as a client to a router running as a FlexVPN server. The router is configured with a virtual template to terminate FlexVPN clients. Traffic between networks 192.168.0.0/24 and 172.16.20.0/24 does not work as expected. Based on the show crypto ikev2 sa output collected from the Cisco ASA in the exhibit, what is the solution to this issue?

Options:

Modify the crypto ACL on the router to permit network 192.168.0.0/24 to network 172.16.20.0/24.

Modify the crypto ACL on the ASA to permit network 192.168.0.0/24 to network 172.16.20.0/24.

Modify the crypto ACL on the ASA to permit network 172.16.20.0/24 to network 192.168.0.0/24.

Modify the crypto ACL on the router to permit network 172.16.20.0/24 to network 192.168.0.0/24.

Question 22

Refer to the exhibit.

Upon setting up a tunnel between two sites, users are complaining that connections to applications over the VPN are not working consistently. The output of show crypto ipsec sa was collected on one of the VPN devices. Based on this output, what should be done to fix this issue?