CAS-004 Exam QuestionsBrowse all questions from this exam
Go to Exam

CAS-004 Exam - Question 297

SIMULATION

-

An IPSec solution is being deployed. The configuration files for both the VPN concentrator and the AAA server are shown in the diagram.

Complete the configuration files to meet the following requirements:

• The EAP method must use mutual certificate-based authentication (with issued client certificates).

• The IKEv2 cipher suite must be configured to the MOST secure authenticated mode of operation.

• The secret must contain at least one uppercase character, one lowercase character, one numeric character, and one special character, and it must meet a minimum length requirement of eight characters.

INSTRUCTIONS

-

Click on the AAA server and VPN concentrator to complete the configuration. Fill in the appropriate fields and make selections from the drop-down menus.

If at any time you would like to bung back the initial state of the simulation, please click the Reset All button.

Show Answer
Correct Answer:

Discussion

7 comments
Sign in to comment
CoolCat22
Sep 12, 2023

yes this looks correct

FrankDy
Nov 20, 2023

I wonder aren`t IP adresses are mixed up and the password does not have a numeric character. i suggest: VPN Concentrator: aes-256 gcm-128 / Server: 10.1.2.1 / P@a1sword A-Server: tls /IP: 10.1.10 / P@a1sword

Whip
Mar 24, 2024

P@ssw0rd contains 0 (zero) after "w"

weaponxcel
Oct 23, 2023

The solution seem right: 1. EAP method must use mutual certificate-based authentication (with issued client certificates): For mutual certificate-based authentication, EAP-TLS (Transport Layer Security) is the preferred method. Thus, for both the VPN concentrator and the AAA server, use TLS as the EAP method. 2. IKEv2 cipher suite must be configured to the MOST secure authenticated mode of operation: Among the options provided, Aes256gcm128 is considered the most secure for IKEv2 cipher suite. AES-256-GCM provides strong encryption and also has an integrated authentication mode. 3. The secret must contain at least one uppercase character, one lowercase character, one numeric character, and one special character, and it must meet a minimum length requirement of eight characters. example password seem correct also.

BRIGADIER
Oct 24, 2023

Is server on the VPN correct. What about Ip address on AAA

Delab202
Jan 14, 2024

The given answer is correct. Don't complicate this one.

Alex_2169
Sep 11, 2023

is this correct ?

Anarckii
Dec 15, 2023

vpn 10.1.2.1 and 10.1.0.10 everything else is correct

ajfdlhifealiefhaubwiflafeuilb
Dec 30, 2023

No the VPN is asking for the Server (10.1.0.10) and the AAA Server is asking for the Client Concentrator (10.1.2.1)

Anarckii
Jan 4, 2024

Thanks for the correction I see the mistake I made of overlooking "eap radius {"

userguy890
Feb 14, 2024

how come the public IP of 198.134.0.2 isnt used when in the client-conc section?

rice3cooker
Jul 16, 2024

shouldnt the ip for the vpn and the AAA server be switched? Other than that answer looks correct