nerdexam
Exams300-730Questions#114
Cisco

300-730 · Question #114

300-730 Question #114: Real Exam Question with Answer & Explanation

The correct answer is B: profile. IKEv2 in FlexVPN requires two foundational building blocks: 1. IKEv2 Proposal (C) - Defines the cryptographic suite: encryption algorithm (e.g., AES-256), integrity/hash algorithm (e.g., SHA-256), pseudo-random function (PRF), and Diffie-Hellman group. Without a proposal, IKEv2 h

Site-to-site Virtual Private Networks on Routers and Firewalls

Question

When a FlexVPN is configured, which two components must be configured for IKEv2? (Choose two.)

Options

  • Amethod
  • Bprofile
  • Cproposal
  • Dpreference
  • Epersistence

Explanation

IKEv2 in FlexVPN requires two foundational building blocks:

  1. IKEv2 Proposal (C) - Defines the cryptographic suite: encryption algorithm (e.g., AES-256), integrity/hash algorithm (e.g., SHA-256), pseudo-random function (PRF), and Diffie-Hellman group. Without a proposal, IKEv2 has no crypto parameters to negotiate.

  2. IKEv2 Profile (B) - Ties everything together. It references the proposal (via a policy), specifies authentication methods, binds to a keyring for pre-shared keys or certificates, and identifies which peers to match. It is the operational entity applied to a crypto map or virtual template.

The distractors are not valid IKEv2 configuration constructs in Cisco IOS: 'method', 'preference', and 'persistence' do not correspond to crypto ikev2 sub-commands used in FlexVPN.

Topics

#FlexVPN#IKEv2#profile#proposal

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-730 Practice
When a FlexVPN is configured, which two components must be... | 300-730 Q#114 Answer | NerdExam