Cisco
352-011 · Question #18
352-011 Question #18: Real Exam Question with Answer & Explanation
Sign in or unlock 352-011 to reveal the answer and full explanation for question #18. The question stem and answer options stay visible for context.
Question
Refer to the exhibit. A customer interconnected hundreds of branch offices into a single DMVPN network, with the HUB in the main data center. Due to security policies, the customer requires that the default route for all Internet traffic from the users at the branches must go through the tunnel and the only connections that are allowed to and from the branch router over the local internet circuit are the DMVPN tunnels. Which two combined actions must you take on the branch router to address these security requirements and keep the solution scalable? (Choose two)
Exhibit
Options
- APlace the WAN interface in a front-door VRF, leaving the tunnel interface in the default routing
- BProtect the WAN interface by an inbound ACL that permits only IPsec-related traffic
- CImplement a zone-based firewall that allows only IPsec-related traffic from zone UNTRUSTED to
- DAdd a host route for the public IP address of each remote branch and HUB routers that points
- EUse a floating default route with the preferred path over the tunnel and a backup path over the
Unlock 352-011 to see the answer
You've previewed enough free 352-011 questions. Unlock 352-011 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.