Scribd Logo
Upload

Welcome to Scribd!

  • CCNA Security - Test 8 (100 %)

    Uploaded by

    Ronald Bruce Paccieri Berzain
    1K views9 pages
    A site-to-site VPN is commonly implemented over dialup and cable modem networks. It is ideally suited for use by mobile workers. It requires using a VPN client on the host PC.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    A site-to-site VPN is commonly implemented over dialup and cable modem networks. It is ideally suited for use by mobile workers. It requires using a VPN client on the host PC.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    1K views9 pages

    CCNA Security - Test 8 (100 %)

    Uploaded by

    Ronald Bruce Paccieri Berzain
    A site-to-site VPN is commonly implemented over dialup and cable modem networks. It is ideally suited for use by mobile workers. It requires using a VPN client on the host PC.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 9

    1 Principio del formulario

    Which statement describes an important characteristic of a site-to-site VPN?

    It must be statically set up.

    It is ideally suited for use by mobile workers.

    It requires using a VPN client on the host PC.

    It is commonly implemented over dialup and cable modem networks.

    After the initial connection is established, it can dynamically change connection information.

    Final del formulario

    2 Principio del formulario


    When configuring a site-to-site IPsec VPN using the CLI, the authentication pre-share command is configured in the ISAKMP poli
    Which additional peer authentication configuration is required?

    Configure the message encryption algorithm with the encryptiontype ISAKMP policy configuration command.

    Configure the DH group identifier with the groupnumber ISAKMP policy configuration command.

    Configure a hostname with the crypto isakmp identity hostname global configuration command.

    Configure a PSK with the crypto isakmp key global configuration command.

    Final del formulario

    3 Principio del formulario


    What are two authentication methods that can be configured using the SDM Site-to-Site VPN Wizard? (Choose two.)

    MD5

    SHA

    pre-shared keys

    encrypted nonces

    digital certificates

    Final del formulario

    4 Principio del formulario


    A network administrator is planning to implement centralized management of Cisco VPN devices to simplify VPN deployment for rem
    offices and teleworkers. Which Cisco IOS feature would provide this solution?

    Cisco Easy VPN


    Cisco VPN Client

    Cisco IOS SSL VPN

    Dynamic Multipoint VPN

    Final del formulario

    5 Principio del formulario


    Which IPsec protocol should be selected when confidentiality is required?

    tunnel mode

    transport mode

    authentication header

    encapsulating security payload

    generic routing encapsulation

    Final del formulario

    6 Principio del formulario


    What is required for a host to use an SSL VPN?

    VPN client software must be installed.

    A site-to-site VPN must be preconfigured.

    The host must be in a stationary location.

    A web browser must be installed on the host.

    Final del formulario

    7 Principio del formulario


    Refer to the exhibit. A site-to-site VPN is required from R1 to R3. The administrator is using the SDM Site-to-Site VPN Wizard on R1
    Which IP address should the administrator enter in the highlighted field?

    10.1.1.1

    10.1.1.2

    10.2.2.1

    10.2.2.2

    192.168.1.1

    192.168.3.1

    Final del formulario

    8 Principio del formulario


    Which action do IPsec peers take during the IKE Phase 2 exchange?

    exchange of DH keys

    negotiation of IPsec policy

    verification of peer identity


    negotiation of IKE policy sets

    Final del formulario

    9 Principio del formulario

    Refer to the exhibit. A network administrator is troubleshooting a GRE VPN tunnel between R1 and R2. Assuming the R2 GRE
    configuration is correct and based on the running configuration of R1, what must the administrator do to fix the problem?

    change the tunnel source interface to Fa0/0

    change the tunnel destination to 192.168.5.1

    change the tunnel IP address to 192.168.3.1

    change the tunnel destination to 209.165.200.225

    change the tunnel IP address to 209.165.201.1

    Final del formulario

    10 Principio del formulario


    What are two benefits of an SSL VPN? (Choose two.)

    It supports all client/server applications.

    It supports the same level of cryptographic security as an IPsec VPN.

    It has the option of only requiring an SSL-enabled web browser.


    The thin client mode functions without requiring any downloads or software.

    It is compatible with DMVPNs, Cisco IOS Firewall, IPsec, IPS, Cisco Easy VPN, and NAT.

    Final del formulario

    11 Principio del formulario

    Refer to the exhibit. Under the ACL Editor, which option is used to specify the traffic to be encrypted on a secure connection?

    Access Rules

    IPsec Rules

    Firewall Rules

    SDM Default Rules

    Final del formulario

    12 Principio del formulario


    Which UDP port must be permitted on any IP interface used to exchange IKE information between security gateways?

    400
    500

    600

    700

    Final del formulario

    13 Principio del formulario


    When verifying IPsec configurations, which show command displays the encryption algorithm, hash algorithm, authentication metho
    and Diffie-Hellman group configured, as well as default settings?

    show crypto map

    show crypto ipsec sa

    show crypto isakmp policy

    show crypto ipsec transform-set

    Final del formulario

    14 Principio del formulario


    What is the default IKE policy value for authentication?

    MD5

    SHA

    RSA signatures

    pre-shared keys

    RSA encrypted sconces

    Final del formulario

    15 Principio del formulario


    When using ESP tunnel mode, which portion of the packet is not authenticated?

    ESP header

    ESP trailer

    new IP header

    original IP header

    Final del formulario

    16 Principio del formulario


    Which two statements accurately describe characteristics of IPsec? (Choose two.)

    IPsec works at the application layer and protects all application data.

    IPsec works at the transport layer and protects data at the network layer.

    IPsec works at the network layer and operates over all Layer 2 protocols.

    IPsec is a framework of proprietary standards that depend on Cisco specific algorithms.

    IPsec is a framework of standards developed by Cisco that relies on OSI algorithms.

    IPsec is a framework of open standards that relies on existing algorithms.

    Final del formulario

    17 Principio del formulario


    How many bytes of overhead are added to each IP packet while it is transported through a GRE tunnel?

    16

    24

    32

    Final del formulario

    18 Principio del formulario


    Which requirement necessitates using the Step-by-Step option of the SDM Site-to-Site VPN wizard instead of the Quick Setup optio

    AES encryption is required.

    3DES encryption is required.

    Pre-shared keys are to be used.

    The remote peer is a Cisco router.

    The remote peer IP address is unknown.

    Final del formulario

    19 Principio del formulario


    With the Cisco Easy VPN feature, which process ensures that a static route is created on the Cisco Easy VPN Server for the interna
    address of each VPN client?

    Cisco Express Forwarding


    Network Access Control

    On-Demand Routing

    Reverse Path Forwarding

    Reverse Route Injection

    Final del formulario

    20 Principio del formulario

    Refer to the exhibit. Which two IPsec framework components are valid options when configuring an IPsec VPN on a Cisco ISR route
    (Choose two.)

    Integrity options include MD5 and RSA.

    IPsec protocol options include GRE and AH.

    Confidentiality options include DES, 3DES, and AES.

    Authentication options include pre-shared key and SHA.

    Diffie-Hellman options include DH1, DH2, and DH5.

    Final del formulario


    21 Principio del formulario

    Refer to the exhibit. Based on the SDM screen, which Easy VPN Server component is being configured?

    group policy

    transform set

    IKE proposal

    user authentication

    Final del formulario

    22 Principio del formulario


    A user launches Cisco VPN Client software to connect remotely to a VPN service. What does the user select before entering the
    username and password?

    the SSL connection type

    the IKE negotiation process

    the desired preconfigured VPN server site

    the Cisco Encryption Technology to be applied

    Final del formulario

    You might also like