ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-730 All Questions

View all questions & answers for the 300-730 exam
Go to Exam

Exam 300-730 topic 1 question 144 discussion

Actual exam question from Cisco's 300-730
Question #: 144
Topic #: 1
[All 300-730 Questions]

A router is being configured for IKEv2 AnyConnect using AnyConnect-EAP. How would the administrator separate profiles for administrators and employees so that authorization differs when they connect?

  • A. Define group aliases on the headend and have the user pick the appropriate alias when they connect
  • B. Define group-urls on the headend and create two XML profiles to match the administrator and user group urls
  • C. Create a certificate map and match on the appropriate certificate fields
  • D. Define key-ids on the headend and create two XML profiles to match the administrator and user key-ids.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by red_sparrow_Gr at Jan. 29, 2023, 8:32 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ms997
8 months, 1 week ago
Correct is D for sure.
upvoted 1 times
...
pfrank
12 months ago
Selected Answer: D
Step 7. Create an IKEv2 profile for AnyConnect-EAP method of client authentication. crypto ikev2 profile AnyConnect-EAP match identity remote key-id *$AnyConnectClient$* authentication local rsa-sig authentication remote anyconnect-eap aggregate pki trustpoint IKEv2-TP aaa authentication anyconnect-eap a-eap-authen-local aaa authorization group anyconnect-eap list a-eap-author-grp ikev2-auth-policy aaa authorization user anyconnect-eap cached virtual-template 100 anyconnect profile acvpn https://www.cisco.com/c/en/us/support/docs/security/flexvpn/200555-FlexVPN-AnyConnect-IKEv2-Remote-Access.html#toc-hId-936641904
upvoted 3 times
...
kylesam2017
1 year, 1 month ago
"C" seems to be the correct answer here.
upvoted 1 times
...
mlv_2023
1 year, 3 months ago
Selected Answer: C
C is the only option that ensure the user can only connect to the group he is intended to.
upvoted 2 times
...
red_sparrow_Gr
2 years ago
I suspect that D might be the correct one ….
upvoted 1 times
Stardec
1 year, 10 months ago
Yes, it is. AnyConnect uses '*$AnyConnectClient$*' as its default IKE identity of type key-id. However, this identity can be manually changed in the AnyConnect profile to match deployment needs. https://www.cisco.com/c/en/us/support/docs/security/flexvpn/200555-FlexVPN-AnyConnect-IKEv2-Remote-Access.html
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel