Cisco CCNA Security Chapter 8 Exam

8/22/2019 Cisco CCNA Security Chapter 8 Exam

1/7

Cisco CCNA

Questions and a

1. What are two benefits of

It supports all client/s

It supports the same l

It has the option of o

The thin client mode

It is compatible with

and NAT.

2. When verifying IPsec co

algorithm, hash algorithconfigured, as well as de

show crypto map

show crypto ipsec

show crypto isak

show crypto ipsec

3. When configuring a site-

share command is confi

authentication configuraConfigure the mes

policy configuratio

Configure the DH

configuration com

Configure a hostna

configuration com

Configure a PSK

4. Which action do IPsec p

exchange of DH k

negotiation of IPs

verification of pe

negotiation of IK

5. A network administrator

VPN devices to simplify

Cisco IOS feature would

Cisco Easy VPN

Cisco VPN Client

Cisco IOS SSL V

Security, chapter 8

swers 100% correct.

an SSL VPN? (Choose two.)

erver applications.

evel of cryptographic security as an IPsec V

ly requiring an SSL-enabled web browser.

functions without requiring any downloads

DMVPNs, Cisco IOS Firewall, IPsec, IPS, C

nfigurations, which show command displays

, authentication method, and Diffie-Hellmafault settings?

sa

p policy

transform-set

to-site IPsec VPN using the CLI, the authen

ured in the ISAKMP policy. Which additio

ion is required?age encryption algorithm with the encrypti

n command.

roup identifier with the groupnumberISA

and.

me with the crypto isakmp identity hostna

and.

ith the crypto isakmp key global configura

ers take during the IKE Phase 2 exchange?

eys

c policy

r identity

policy sets

is planning to implement centralized manag

VPN deployment for remote offices and tele

provide this solution?

N

xam.

N.

r software.

isco Easy VPN,

the encryption

group

tication pre-

al peer

ntype ISAKMP

MP policy

e global

ion command.

ment of Cisco

workers. Which


2/7

Dynamic Multipo

6. Which two statements a

IPsec works at the ap

IPsec works at the trIPsec works at the ne

IPsec is a framework

algorithms.


algorithms.


7.

Refer to the exhibit. Whi

configuring an IPsec VP

Integrity options i

IPsec protocol op

Confidentiality oAuthentication op

Diffie-Hellman o

8. With the Cisco Easy VP

on the Cisco Easy VPN

Cisco Express F

Network Access

On-Demand Rou

Reverse Path Fo

Reverse Route I

int VPN

curately describe characteristics of IPsec? (

plication layer and protects all application da

nsport layer and protects data at the networktwork layer and operates over all Layer 2 pr

of proprietary standards that depend on Cisc

of standards developed by Cisco that relies

of open standards that relies on existing alg

ch two IPsec framework components are val

N on a Cisco ISR router? (Choose two.)

nclude MD5 and RSA.

ions include GRE and AH.

tions include DES, 3DES, and AES.tions include pre-shared key and SHA.

tions include DH1, DH2, and DH5.

feature, which process ensures that a static

erver for the internal IP address of each VP

rwarding

Control

ting

wardingjection

hoose two.)

ta.

layer.tocols.

o specific

n OSI

rithms.

id options when

route is created

client?


3/7

9.

Refer to the exhibit. A si

is using the SDM Site-to

administrator enter in th

10.1.1.1

10.1.1.2

10.2.2.1

10.2.2.2

192.168.1.1

192.168.3.1

10. What is required for a

VPN client softwar

A site-to-site VPN

The host must be in

A web browser mus

11. What are two authentic

Site VPN Wizard? (Ch

MD5

SHA

pre-shared keys

encrypted nonc

te-to-site VPN is required from R1 to R3. Th

-Site VPN Wizard on R1. Which IP address

highlighted field?

ost to use an SSL VPN?

must be installed.

ust be preconfigured.

a stationary location.

t be installed on the host.

ation methods that can be configured using t

ose two.)

s

e administrator

hould the

e SDM Site-to-


4/7

digital certificat

12. Which UDP port must

information between se

400

500

600

700

13. Which requirement nec

Site VPN wizard instea

AES encryptio

3DES encrypti

Pre-shared keys

The remote pee

The remote pee

14. Which IPsec protocol s

tunnel mode

transport mode

authentication h

encapsulating se

generic routing

15. Which statement descri

It must be statically

It is ideally suited f

It requires using a

It is commonly imp

After the initial con

information.

es

e permitted on any IP interface used to exch

curity gateways?

essitates using the Step-by-Step option of th

d of the Quick Setup option?

is required.

n is required.

are to be used.

r is a Cisco router.

r IP address is unknown.

hould be selected when confidentiality is req

ader

curity payload

ncapsulation

bes an important characteristic of a site-to-si

set up.

r use by mobile workers.

PN client on the host PC.

emented over dialup and cable modem netw

ection is established, it can dynamically cha

ange IKE

SDM Site-to-

ired?

e VPN?

rks.

nge connection


5/7

16.

Refer to the exhibit. Bais being configured?

group policy

transform set

IKE proposal

user authenticati

17. A user launches Cisco

What does the user sele

the SSL connec

the IKE negotia

the desired prec

the Cisco Encr

18. What is the default IK

MD5

SHA

RSA signatures

pre-shared keys

RSA encrypted s

19. When using ESP tunne

ESP header

ESP trailer

new IP header

original IP head

sed on the SDM screen, which Easy VPN Se

on

PN Client software to connect remotely to

ct before entering the username and passwor

tion type

tion process

onfigured VPN server site

ption Technology to be applied

policy value for authentication?

conces

mode, which portion of the packet is not au

r

rver component

VPN service.

d?

henticated?


6/7

20.

Refer to the exhibit. Un

traffic to be encrypted

Access

IPsec R

Firewal

SDM D

21.

Refer to the exhibit. A

der the ACL Editor, which option is used to

n a secure connection?

Rules

ulesRules

efault Rules

etwork administrator is troubleshooting a G

specify the

E VPN tunnel


7/7

between R1 and R2. As

the running configurati

change the tunne

change the tunne

change the tunnechange the tunne

change the tunne

22. How many bytes of ov

through a GRE tunnel?

8

16

24

32

suming the R2 GRE configuration is correct

n of R1, what must the administrator do to f

l source interface to Fa0/0

l destination to 192.168.5.1

l IP address to 192.168.3.1l destination to 209.165.200.225

l IP address to 209.165.201.1

rhead are added to each IP packet while it is

and based on

ix the problem?

transported

Documents

Cisco CCNA Security Chapter 8 Exam