ExamGecko
Search Search Login
Home Home / Cisco / 350-701
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which compliance status is shown when a configured posture policy requirement is not met?
An engineer is configuring device-hardening on a router in order to prevent credentials from being seen if the router configuration was compromised. Which command should be used?
DRAG DROP Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.
Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware? (Choose two)
Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two)
Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?
An administrator is configuring N I P on Cisco ASA via ASDM and needs to ensure that rogue NTP servers cannot insert themselves as the authoritative time source Which two steps must be taken to accomplish this task? (Choose two)
Which Cisco platform onboards the endpoint and can issue a CA signed certificate while also automatically configuring endpoint network settings to use the signed endpoint certificate, allowing the endpoint to gain network access?
What is a characteristic of Dynamic ARP Inspection?
Which two conditions are prerequisites for stateful failover for IPsec? (Choose two)

Question 24 - 350-701 discussion

Report
Export

Which two conditions are prerequisites for stateful failover for IPsec? (Choose two)

A.

Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically

Answers
A.

Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically

B.

The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device.

Answers
B.

The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device.

C.

The IPsec configuration that is set up on the active device must be duplicated on the standby device

Answers
C.

The IPsec configuration that is set up on the active device must be duplicated on the standby device

D.

Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically.

Answers
D.

Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically.

E.

The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device

Answers
E.

The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device

Suggested answer: C, E

Explanation:

Stateful failover for IP Security (IPsec) enables a router to continue processing and forwarding IPsec packets after a planned or unplanned outage occurs. Customers employ a backup (secondary) router that automatically takes over the tasks of the active (primary) router if the active router loses connectivity for any reason. This failover process is transparent to users and does not require adjustment or reconfiguration of any remote peer.

Stateful failover for IPsec requires that your network contains two identical routers that are available to be either the primary or secondary device. Both routers should be the same type of device, have the same CPU and memory, and have either no encryption accelerator or identical encryption accelerators.

Prerequisites for Stateful Failover for IPsec

Complete, Duplicate IPsec and IKE Configuration on the Active and Standby Devices This document assumes that you have a complete IKE and IPsec configuration.

The IKE and IPsec configuration that is set up on the active device must be duplicated on the standby device.

That is, the crypto configuration must be identical with respect to Internet Security Association and Key Management Protocol (ISAKMP) policy, ISAKMP keys (preshared), IPsec profiles, IPsec transform sets, all crypto map sets that are used for stateful failover, all access control lists (ACLs) that are used in match address statements on crypto map sets, all AAA configurations used for crypto, client configuration groups, IP local pools used for crypto, and ISAKMP profiles.

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnav/configuration/15-mt/sec-vpnavailability-15-mt-book/sec-state-fail-ipsec.htmlAlthough the prerequisites only stated that "Both routers should be the same type of device" but inthe"Restrictions for Stateful Failover for IPsec" section of the link above, it requires "Both the active andstandby devices must run the identical version of the Cisco IOS software" so answer E is better thananswer B.

Show Answer
asked 10/10/2024
Ronald Zegwaard
30 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms