Cisco
352-001 · Question #513
352-001 Question #513: Real Exam Question with Answer & Explanation
Sign in or unlock 352-001 to reveal the answer and full explanation for question #513. The question stem and answer options stay visible for context.
Designing Security
Question
Refer to the exhibit. A customer interconnected hundreds of branch offices into a single DMVPN network, with the HUB in the main data center. Due to security policies, the customer requires that the default route for all Internet traffic from the users at the branches must go through the tunnel and the only connections that are allowed to and from the branch router over the local internet circuit are the DMVPN tunnels. Which two combined actions must you take on the branch router to address these security requirements and keep the solution scalable? (Choose two)
Exhibit
Options
- APlace the WAN interface in a front-door VRF, leaving the tunnel interface in the default routing
- BProtect the WAN interface by an inbound ACL that permits only IPsec-related traffic
- CImplement a zone-based firewall that allows only IPsec-related traffic from zone UNTRUSTED to
- DAdd a host route for the public IP address of each remote branch and HUB routers that points
- EUse a floating default route with the preferred path over the tunnel and a backup path over the
Unlock 352-001 to see the answer
You've previewed enough free 352-001 questions. Unlock 352-001 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#DMVPN#front-door VRF#IPsec#branch security