Exam CAS-004 All QuestionsBrowse all questions from this exam
Go to Exam
Question 297

SIMULATION

-

An IPSec solution is being deployed. The configuration files for both the VPN concentrator and the AAA server are shown in the diagram.

Complete the configuration files to meet the following requirements:

• The EAP method must use mutual certificate-based authentication (with issued client certificates).

• The IKEv2 cipher suite must be configured to the MOST secure authenticated mode of operation.

• The secret must contain at least one uppercase character, one lowercase character, one numeric character, and one special character, and it must meet a minimum length requirement of eight characters.

INSTRUCTIONS

-

Click on the AAA server and VPN concentrator to complete the configuration. Fill in the appropriate fields and make selections from the drop-down menus.

If at any time you would like to bung back the initial state of the simulation, please click the Reset All button.

    Correct Answer:

Discussion
CoolCat22

yes this looks correct

FrankDy

I wonder aren`t IP adresses are mixed up and the password does not have a numeric character. i suggest: VPN Concentrator: aes-256 gcm-128 / Server: 10.1.2.1 / P@a1sword A-Server: tls /IP: 10.1.10 / P@a1sword

Whip

P@ssw0rd contains 0 (zero) after "w"

weaponxcel

The solution seem right: 1. EAP method must use mutual certificate-based authentication (with issued client certificates): For mutual certificate-based authentication, EAP-TLS (Transport Layer Security) is the preferred method. Thus, for both the VPN concentrator and the AAA server, use TLS as the EAP method. 2. IKEv2 cipher suite must be configured to the MOST secure authenticated mode of operation: Among the options provided, Aes256gcm128 is considered the most secure for IKEv2 cipher suite. AES-256-GCM provides strong encryption and also has an integrated authentication mode. 3. The secret must contain at least one uppercase character, one lowercase character, one numeric character, and one special character, and it must meet a minimum length requirement of eight characters. example password seem correct also.

BRIGADIER

Is server on the VPN correct. What about Ip address on AAA

Delab202

The given answer is correct. Don't complicate this one.

rice3cooker

shouldnt the ip for the vpn and the AAA server be switched? Other than that answer looks correct

userguy890

how come the public IP of 198.134.0.2 isnt used when in the client-conc section?

Anarckii

vpn 10.1.2.1 and 10.1.0.10 everything else is correct

ajfdlhifealiefhaubwiflafeuilb

No the VPN is asking for the Server (10.1.0.10) and the AAA Server is asking for the Client Concentrator (10.1.2.1)

Anarckii

Thanks for the correction I see the mistake I made of overlooking "eap radius {"

Alex_2169

is this correct ?