Professional Documents
Culture Documents
2. When verifying IPsec configurations, which show command displays the encryption
algorithm, hash algorithm, authent ication method, and Diffie -Hellman group
configured, as well as default settings?
show crypto map
show crypto ipsec sa
show crypto isakmp policy
show crypto ipsec transform-set
3. When configuring a site-to-site IPsec VPN using the CLI, the authentication pre-
share command is configured in the ISAKMP policy. Which additional peer
authentication configuration is required?
Configure the message encryption algor ithm with the encryptiontype
ISAKMP policy configuration command.
Configure the DH group identifier with the groupnumber ISAKMP policy
configuration command.
Configure a hostname with the crypto isakmp identity hostname global
configuration command.
Configure a PSK with the crypto isakmp key global configuration command.
4. Which action do IPsec peers take during the IKE Phase 2 exchange?
exchange of DH keys
negotiation of IPsec policy
verification of peer identity
negotiation of IKE policy sets
7.
Refer to the exhibit. Which two IPsec framework components are valid options when
configuring an IPsec VPN on a Cisco ISR router? (Choose two.)
Integrity options include MD5 and RSA.
IPsec protocol options include GRE and AH.
Confidentiality options include DES, 3DES, and AES.
Authentication options include pre -shared key and SHA.
Diffie-Hellman options include DH1, DH2, and DH5.
8. With the Cisco Easy VPN feature, which process ensures that a static route is created
on the Cisco Easy VPN Server for the internal IP address of each VPN client?
Cisco Express Forwarding
Network Access Control
On-Demand Routing
Reverse Path Forwarding
Reverse Route Injection
9
.
Refer to the exhibit. A site -to-site VPN is required from R1 to R3. The administrator
is using the SDM Site-to-Site VPN Wizard on R1. Which IP address should t he
administrator enter in the highlighted field?
10.1.1.1
10.1.1.2
10.2.2.1
10.2.2.2
192.168.1.1
192.168.3.1
11. What are two authentication methods that can be configured usi ng the SDM Site-to-
Site VPN Wizard? (Choose two.)
MD5
SHA
pre-shared keys
encrypted nonces
digital certificates
12. Which UDP port must be permitted on any IP interface used to exchange IKE
information between security gateways?
400
500
600
700
13. Which requirement necessitates using the Step -by-Step option of the SDM Site -to-
Site VPN wizard instead of the Quick Setup option?
AES encryption is required.
3DES encryption is required.
Pre-shared keys are to be used.
The remote peer is a Cisco router.
The remote peer IP address is unknown.
16.
Refer to the exhibit. Based on the SDM screen, which Easy VPN Server component
is being configured?
group policy
transform set
IKE proposal
user authentication
17. A user launches Cisco VPN Client software to connect remotely to a VPN service.
What does the user select before entering the username and password?
the SSL connection type
the IKE negotiation process
the desired preconfigured VPN server site
the Cisco Encryption Technology to be applied
19. When using ESP tunnel mode, which portion of the packet is not authenticated?
ESP header
ESP trailer
new IP header
original IP header
20
.
Refer to the exhibit. Under the ACL Editor, which o ption is used to specify the
traffic to be encrypted on a secure connection?
Access Rules
IPsec Rules
Firewall Rules
SDM Default Rules
21
.
22. How many bytes of overhead are added to each IP packet while it is transported
through a GRE tunnel?
8
16
24
32