Home » Cisco » 350-701 v.2 » Which command on the hub will allow the administrator to accomplish this?
An administrator is establishing a new site-to-site VPN connection on a Cisco IOS router. The organization needs to ensure that the ISAKMP key on the hub is used only for terminating traffic from the IP address of 172.19.20.24. Which command on the hub will allow the administrator to accomplish this?
A. crypto ca identity 172.19.20.24
B. crypto isakmp key Cisco0123456789 172.19.20.24
C. crypto enrollment peer address 172.19.20.24
D. crypto isakmp identity address 172.19.20.24
Correct Answer: B
Explanation/Reference:
Explanation:
The command “crypto isakmp identity address 172.19.20.24” is not valid. We can only use “crypto isakmp identity {address | hostname}. The following example uses preshared keys at two peers and sets both their ISAKMP identities to the IP address.
At the local peer (at 10.0.0.1) the ISAKMP identity is set and the preshared key is specified: crypto isakmp identity address crypto isakmp key sharedkeystring address 192.168.1.33 At the remote peer (at 192.168.1.33) the ISAKMP identity is set and the same preshared key is specified: crypto isakmp identity address crypto isakmp key sharedkeystring address 10.0.0.1
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/seccrc4.html#wp3880782430The command “crypto enrollment peer address” is not valid either.
The command “crypto ca identity …” is only used to declare a trusted CA for the router and puts you in the caidentity configuration mode. Also it should be followed by a name, not an IP address. For example: “crypto ca identity CA-Server” -> Answer A is not correct.
Only answer B is the best choice left.
350-701: Implementing and Operating Cisco Security Core Technologies
Free dumps for 350-701 in PDF format.
High quality 350-701 PDF and software. VALID exam to help you pass.
|
|