Upload
paulina-echeverria
View
220
Download
0
Embed Size (px)
Citation preview
8/22/2019 Cisco CCNA Security Chapter 8 Exam
1/7
Cisco CCNA
Questions and a
1. What are two benefits of
It supports all client/s
It supports the same l
It has the option of o
The thin client mode
It is compatible with
and NAT.
2. When verifying IPsec co
algorithm, hash algorithconfigured, as well as de
show crypto map
show crypto ipsec
show crypto isak
show crypto ipsec
3. When configuring a site-
share command is confi
authentication configuraConfigure the mes
policy configuratio
Configure the DH
configuration com
Configure a hostna
configuration com
Configure a PSK
4. Which action do IPsec p
exchange of DH k
negotiation of IPs
verification of pe
negotiation of IK
5. A network administrator
VPN devices to simplify
Cisco IOS feature would
Cisco Easy VPN
Cisco VPN Client
Cisco IOS SSL V
Security, chapter 8
swers 100% correct.
an SSL VPN? (Choose two.)
erver applications.
evel of cryptographic security as an IPsec V
ly requiring an SSL-enabled web browser.
functions without requiring any downloads
DMVPNs, Cisco IOS Firewall, IPsec, IPS, C
nfigurations, which show command displays
, authentication method, and Diffie-Hellmafault settings?
sa
p policy
transform-set
to-site IPsec VPN using the CLI, the authen
ured in the ISAKMP policy. Which additio
ion is required?age encryption algorithm with the encrypti
n command.
roup identifier with the groupnumberISA
and.
me with the crypto isakmp identity hostna
and.
ith the crypto isakmp key global configura
ers take during the IKE Phase 2 exchange?
eys
c policy
r identity
policy sets
is planning to implement centralized manag
VPN deployment for remote offices and tele
provide this solution?
N
xam.
N.
r software.
isco Easy VPN,
the encryption
group
tication pre-
al peer
ntype ISAKMP
MP policy
e global
ion command.
ment of Cisco
workers. Which
8/22/2019 Cisco CCNA Security Chapter 8 Exam
2/7
Dynamic Multipo
6. Which two statements a
IPsec works at the ap
IPsec works at the trIPsec works at the ne
IPsec is a framework
algorithms.
IPsec is a framework
algorithms.
IPsec is a framework
7.
Refer to the exhibit. Whi
configuring an IPsec VP
Integrity options i
IPsec protocol op
Confidentiality oAuthentication op
Diffie-Hellman o
8. With the Cisco Easy VP
on the Cisco Easy VPN
Cisco Express F
Network Access
On-Demand Rou
Reverse Path Fo
Reverse Route I
int VPN
curately describe characteristics of IPsec? (
plication layer and protects all application da
nsport layer and protects data at the networktwork layer and operates over all Layer 2 pr
of proprietary standards that depend on Cisc
of standards developed by Cisco that relies
of open standards that relies on existing alg
ch two IPsec framework components are val
N on a Cisco ISR router? (Choose two.)
nclude MD5 and RSA.
ions include GRE and AH.
tions include DES, 3DES, and AES.tions include pre-shared key and SHA.
tions include DH1, DH2, and DH5.
feature, which process ensures that a static
erver for the internal IP address of each VP
rwarding
Control
ting
wardingjection
hoose two.)
ta.
layer.tocols.
o specific
n OSI
rithms.
id options when
route is created
client?
8/22/2019 Cisco CCNA Security Chapter 8 Exam
3/7
9.
Refer to the exhibit. A si
is using the SDM Site-to
administrator enter in th
10.1.1.1
10.1.1.2
10.2.2.1
10.2.2.2
192.168.1.1
192.168.3.1
10. What is required for a
VPN client softwar
A site-to-site VPN
The host must be in
A web browser mus
11. What are two authentic
Site VPN Wizard? (Ch
MD5
SHA
pre-shared keys
encrypted nonc
te-to-site VPN is required from R1 to R3. Th
-Site VPN Wizard on R1. Which IP address
highlighted field?
ost to use an SSL VPN?
must be installed.
ust be preconfigured.
a stationary location.
t be installed on the host.
ation methods that can be configured using t
ose two.)
s
e administrator
hould the
e SDM Site-to-
8/22/2019 Cisco CCNA Security Chapter 8 Exam
4/7
digital certificat
12. Which UDP port must
information between se
400
500
600
700
13. Which requirement nec
Site VPN wizard instea
AES encryptio
3DES encrypti
Pre-shared keys
The remote pee
The remote pee
14. Which IPsec protocol s
tunnel mode
transport mode
authentication h
encapsulating se
generic routing
15. Which statement descri
It must be statically
It is ideally suited f
It requires using a
It is commonly imp
After the initial con
information.
es
e permitted on any IP interface used to exch
curity gateways?
essitates using the Step-by-Step option of th
d of the Quick Setup option?
is required.
n is required.
are to be used.
r is a Cisco router.
r IP address is unknown.
hould be selected when confidentiality is req
ader
curity payload
ncapsulation
bes an important characteristic of a site-to-si
set up.
r use by mobile workers.
PN client on the host PC.
emented over dialup and cable modem netw
ection is established, it can dynamically cha
ange IKE
SDM Site-to-
ired?
e VPN?
rks.
nge connection
8/22/2019 Cisco CCNA Security Chapter 8 Exam
5/7
16.
Refer to the exhibit. Bais being configured?
group policy
transform set
IKE proposal
user authenticati
17. A user launches Cisco
What does the user sele
the SSL connec
the IKE negotia
the desired prec
the Cisco Encr
18. What is the default IK
MD5
SHA
RSA signatures
pre-shared keys
RSA encrypted s
19. When using ESP tunne
ESP header
ESP trailer
new IP header
original IP head
sed on the SDM screen, which Easy VPN Se
on
PN Client software to connect remotely to
ct before entering the username and passwor
tion type
tion process
onfigured VPN server site
ption Technology to be applied
policy value for authentication?
conces
mode, which portion of the packet is not au
r
rver component
VPN service.
d?
henticated?
8/22/2019 Cisco CCNA Security Chapter 8 Exam
6/7
20.
Refer to the exhibit. Un
traffic to be encrypted
Access
IPsec R
Firewal
SDM D
21.
Refer to the exhibit. A
der the ACL Editor, which option is used to
n a secure connection?
Rules
ulesRules
efault Rules
etwork administrator is troubleshooting a G
specify the
E VPN tunnel
8/22/2019 Cisco CCNA Security Chapter 8 Exam
7/7
between R1 and R2. As
the running configurati
change the tunne
change the tunne
change the tunnechange the tunne
change the tunne
22. How many bytes of ov
through a GRE tunnel?
8
16
24
32
suming the R2 GRE configuration is correct
n of R1, what must the administrator do to f
l source interface to Fa0/0
l destination to 192.168.5.1
l IP address to 192.168.3.1l destination to 209.165.200.225
l IP address to 209.165.201.1
rhead are added to each IP packet while it is
and based on
ix the problem?
transported