Home » Cisco » 350-701 v.2 » What should be done in order to support this?
A Cisco FTD engineer is creating a new IKEv2 policy called s2s00123456789 for their organization to allow for additional protocols to terminate network devices with. They currently only have one policy established and need the new policy to be a backup in case some devices cannot support the stronger algorithms listed in the primary policy. What should be done in order to support this?
A. Change the integrity algorithms to SHA* to support all SHA algorithms in the primary policy
B. Make the priority for the new policy 5 and the primary policy 1
C. Change the encryption to AES* to support all AES algorithms in the primary policy
D. Make the priority for the primary policy 10 and the new policy 1
Correct Answer: B
Explanation/Reference:
Explanation:
All IKE policies on the device are sent to the remote peer regardless of what is in the selected policy section.
The first IKE Policy matched by the remote peer will be selected for the VPN connection. Choose which policy is sent first using the priority field. Priority 1 will be sent first.
Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ikeprotocols/215470- site-to-site-vpn-configuration-on-ftd-ma.html
350-701: Implementing and Operating Cisco Security Core Technologies
Free dumps for 350-701 in PDF format.
High quality 350-701 PDF and software. VALID exam to help you pass.
|
|