ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 297 discussion

Actual exam question from CompTIA's CAS-004
Question #: 297
Topic #: 1
[All CAS-004 Questions]

SIMULATION
-

An IPSec solution is being deployed. The configuration files for both the VPN concentrator and the AAA server are shown in the diagram.

Complete the configuration files to meet the following requirements:

• The EAP method must use mutual certificate-based authentication (with issued client certificates).
• The IKEv2 cipher suite must be configured to the MOST secure authenticated mode of operation.
• The secret must contain at least one uppercase character, one lowercase character, one numeric character, and one special character, and it must meet a minimum length requirement of eight characters.


INSTRUCTIONS
-

Click on the AAA server and VPN concentrator to complete the configuration. Fill in the appropriate fields and make selections from the drop-down menus.

If at any time you would like to bung back the initial state of the simulation, please click the Reset All button.





Show Suggested Answer Hide Answer
Suggested Answer:
by Alex_2169 at Sept. 11, 2023, 2:23 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
weaponxcel
Highly Voted 1 year, 4 months ago
The solution seem right: 1. EAP method must use mutual certificate-based authentication (with issued client certificates): For mutual certificate-based authentication, EAP-TLS (Transport Layer Security) is the preferred method. Thus, for both the VPN concentrator and the AAA server, use TLS as the EAP method. 2. IKEv2 cipher suite must be configured to the MOST secure authenticated mode of operation: Among the options provided, Aes256gcm128 is considered the most secure for IKEv2 cipher suite. AES-256-GCM provides strong encryption and also has an integrated authentication mode. 3. The secret must contain at least one uppercase character, one lowercase character, one numeric character, and one special character, and it must meet a minimum length requirement of eight characters. example password seem correct also.
upvoted 6 times
BRIGADIER
1 year, 4 months ago
Is server on the VPN correct. What about Ip address on AAA
upvoted 1 times
...
...
CoolCat22
Highly Voted 1 year, 6 months ago
yes this looks correct
upvoted 6 times
FrankDy
1 year, 3 months ago
I wonder aren`t IP adresses are mixed up and the password does not have a numeric character. i suggest: VPN Concentrator: aes-256 gcm-128 / Server: 10.1.2.1 / P@a1sword A-Server: tls /IP: 10.1.10 / P@a1sword
upvoted 2 times
Whip
11 months, 3 weeks ago
P@ssw0rd contains 0 (zero) after "w"
upvoted 2 times
...
...
...
rice3cooker
Most Recent 8 months ago
shouldnt the ip for the vpn and the AAA server be switched? Other than that answer looks correct
upvoted 1 times
...
userguy890
1 year ago
how come the public IP of 198.134.0.2 isnt used when in the client-conc section?
upvoted 1 times
...
Delab202
1 year, 1 month ago
The given answer is correct. Don't complicate this one.
upvoted 3 times
...
Anarckii
1 year, 2 months ago
vpn 10.1.2.1 and 10.1.0.10 everything else is correct
upvoted 1 times
ajfdlhifealiefhaubwiflafeuilb
1 year, 2 months ago
No the VPN is asking for the Server (10.1.0.10) and the AAA Server is asking for the Client Concentrator (10.1.2.1)
upvoted 7 times
Anarckii
1 year, 2 months ago
Thanks for the correction I see the mistake I made of overlooking "eap radius {"
upvoted 3 times
...
...
...
Alex_2169
1 year, 6 months ago
is this correct ?
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago