Refer to the exhibit.

Cisco 352-011 Question Answer

A customer interconnected hundreds of branch offices into a single DMVPN network, with the HUB in the main data center. Due to security policies, the customer requires that the default route for all Internet traffic from the users at the branches must go through the tunnel and the only connections that are allowed to and from the branch router over the local internet circuit are the DMVPN tunnels. Which two combined actions must you take on the branch router to address these security requirements and keep the solution scalable? (Choose two)

Place the WAN interface in a front-door VRF, leaving the tunnel interface in the default routing instance

Protect the WAN interface by an inbound ACL that permits only IPsec-related traffic

Implement a zone-based firewall that allows only IPsec-related traffic from zone UNTRUSTED to zone TRUSTED

Add a host route for the public IP address of each remote branch and HUB routers that points directly to the local ISP, and add a default route that points to the tunnel

Use a floating default route with the preferred path over the tunnel and a backup path over the Internet natively

Cisco 352-011 View All Questions

Cisco 352-011 Summary

Vendor: Cisco
Product: 352-011
Update on: Jan 7, 2026
Questions: 249

Price: $52.5 ~~$149.99~~

Buy Now 352-011 PDF + Testing Engine Pack

Why is a redundant PIM stub router topology a bad network design decision?

As a part of a network design, you should tighten security to prevent man-in-the-middle.

New Year Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmasmnth

Refer to the exhibit.

The Answer Is:

Cisco 352-011 Summary

Payments We Accept

Contact Us