Cisco CCNA Security Chapter 8 Exam

Embed Size (px)

Citation preview

  • 8/22/2019 Cisco CCNA Security Chapter 8 Exam

    1/7

    Cisco CCNA

    Questions and a

    1. What are two benefits of

    It supports all client/s

    It supports the same l

    It has the option of o

    The thin client mode

    It is compatible with

    and NAT.

    2. When verifying IPsec co

    algorithm, hash algorithconfigured, as well as de

    show crypto map

    show crypto ipsec

    show crypto isak

    show crypto ipsec

    3. When configuring a site-

    share command is confi

    authentication configuraConfigure the mes

    policy configuratio

    Configure the DH

    configuration com

    Configure a hostna

    configuration com

    Configure a PSK

    4. Which action do IPsec p

    exchange of DH k

    negotiation of IPs

    verification of pe

    negotiation of IK

    5. A network administrator

    VPN devices to simplify

    Cisco IOS feature would

    Cisco Easy VPN

    Cisco VPN Client

    Cisco IOS SSL V

    Security, chapter 8

    swers 100% correct.

    an SSL VPN? (Choose two.)

    erver applications.

    evel of cryptographic security as an IPsec V

    ly requiring an SSL-enabled web browser.

    functions without requiring any downloads

    DMVPNs, Cisco IOS Firewall, IPsec, IPS, C

    nfigurations, which show command displays

    , authentication method, and Diffie-Hellmafault settings?

    sa

    p policy

    transform-set

    to-site IPsec VPN using the CLI, the authen

    ured in the ISAKMP policy. Which additio

    ion is required?age encryption algorithm with the encrypti

    n command.

    roup identifier with the groupnumberISA

    and.

    me with the crypto isakmp identity hostna

    and.

    ith the crypto isakmp key global configura

    ers take during the IKE Phase 2 exchange?

    eys

    c policy

    r identity

    policy sets

    is planning to implement centralized manag

    VPN deployment for remote offices and tele

    provide this solution?

    N

    xam.

    N.

    r software.

    isco Easy VPN,

    the encryption

    group

    tication pre-

    al peer

    ntype ISAKMP

    MP policy

    e global

    ion command.

    ment of Cisco

    workers. Which

  • 8/22/2019 Cisco CCNA Security Chapter 8 Exam

    2/7

    Dynamic Multipo

    6. Which two statements a

    IPsec works at the ap

    IPsec works at the trIPsec works at the ne

    IPsec is a framework

    algorithms.

    IPsec is a framework

    algorithms.

    IPsec is a framework

    7.

    Refer to the exhibit. Whi

    configuring an IPsec VP

    Integrity options i

    IPsec protocol op

    Confidentiality oAuthentication op

    Diffie-Hellman o

    8. With the Cisco Easy VP

    on the Cisco Easy VPN

    Cisco Express F

    Network Access

    On-Demand Rou

    Reverse Path Fo

    Reverse Route I

    int VPN

    curately describe characteristics of IPsec? (

    plication layer and protects all application da

    nsport layer and protects data at the networktwork layer and operates over all Layer 2 pr

    of proprietary standards that depend on Cisc

    of standards developed by Cisco that relies

    of open standards that relies on existing alg

    ch two IPsec framework components are val

    N on a Cisco ISR router? (Choose two.)

    nclude MD5 and RSA.

    ions include GRE and AH.

    tions include DES, 3DES, and AES.tions include pre-shared key and SHA.

    tions include DH1, DH2, and DH5.

    feature, which process ensures that a static

    erver for the internal IP address of each VP

    rwarding

    Control

    ting

    wardingjection

    hoose two.)

    ta.

    layer.tocols.

    o specific

    n OSI

    rithms.

    id options when

    route is created

    client?

  • 8/22/2019 Cisco CCNA Security Chapter 8 Exam

    3/7

    9.

    Refer to the exhibit. A si

    is using the SDM Site-to

    administrator enter in th

    10.1.1.1

    10.1.1.2

    10.2.2.1

    10.2.2.2

    192.168.1.1

    192.168.3.1

    10. What is required for a

    VPN client softwar

    A site-to-site VPN

    The host must be in

    A web browser mus

    11. What are two authentic

    Site VPN Wizard? (Ch

    MD5

    SHA

    pre-shared keys

    encrypted nonc

    te-to-site VPN is required from R1 to R3. Th

    -Site VPN Wizard on R1. Which IP address

    highlighted field?

    ost to use an SSL VPN?

    must be installed.

    ust be preconfigured.

    a stationary location.

    t be installed on the host.

    ation methods that can be configured using t

    ose two.)

    s

    e administrator

    hould the

    e SDM Site-to-

  • 8/22/2019 Cisco CCNA Security Chapter 8 Exam

    4/7

    digital certificat

    12. Which UDP port must

    information between se

    400

    500

    600

    700

    13. Which requirement nec

    Site VPN wizard instea

    AES encryptio

    3DES encrypti

    Pre-shared keys

    The remote pee

    The remote pee

    14. Which IPsec protocol s

    tunnel mode

    transport mode

    authentication h

    encapsulating se

    generic routing

    15. Which statement descri

    It must be statically

    It is ideally suited f

    It requires using a

    It is commonly imp

    After the initial con

    information.

    es

    e permitted on any IP interface used to exch

    curity gateways?

    essitates using the Step-by-Step option of th

    d of the Quick Setup option?

    is required.

    n is required.

    are to be used.

    r is a Cisco router.

    r IP address is unknown.

    hould be selected when confidentiality is req

    ader

    curity payload

    ncapsulation

    bes an important characteristic of a site-to-si

    set up.

    r use by mobile workers.

    PN client on the host PC.

    emented over dialup and cable modem netw

    ection is established, it can dynamically cha

    ange IKE

    SDM Site-to-

    ired?

    e VPN?

    rks.

    nge connection

  • 8/22/2019 Cisco CCNA Security Chapter 8 Exam

    5/7

    16.

    Refer to the exhibit. Bais being configured?

    group policy

    transform set

    IKE proposal

    user authenticati

    17. A user launches Cisco

    What does the user sele

    the SSL connec

    the IKE negotia

    the desired prec

    the Cisco Encr

    18. What is the default IK

    MD5

    SHA

    RSA signatures

    pre-shared keys

    RSA encrypted s

    19. When using ESP tunne

    ESP header

    ESP trailer

    new IP header

    original IP head

    sed on the SDM screen, which Easy VPN Se

    on

    PN Client software to connect remotely to

    ct before entering the username and passwor

    tion type

    tion process

    onfigured VPN server site

    ption Technology to be applied

    policy value for authentication?

    conces

    mode, which portion of the packet is not au

    r

    rver component

    VPN service.

    d?

    henticated?

  • 8/22/2019 Cisco CCNA Security Chapter 8 Exam

    6/7

    20.

    Refer to the exhibit. Un

    traffic to be encrypted

    Access

    IPsec R

    Firewal

    SDM D

    21.

    Refer to the exhibit. A

    der the ACL Editor, which option is used to

    n a secure connection?

    Rules

    ulesRules

    efault Rules

    etwork administrator is troubleshooting a G

    specify the

    E VPN tunnel

  • 8/22/2019 Cisco CCNA Security Chapter 8 Exam

    7/7

    between R1 and R2. As

    the running configurati

    change the tunne

    change the tunne

    change the tunnechange the tunne

    change the tunne

    22. How many bytes of ov

    through a GRE tunnel?

    8

    16

    24

    32

    suming the R2 GRE configuration is correct

    n of R1, what must the administrator do to f

    l source interface to Fa0/0

    l destination to 192.168.5.1

    l IP address to 192.168.3.1l destination to 209.165.200.225

    l IP address to 209.165.201.1

    rhead are added to each IP packet while it is

    and based on

    ix the problem?

    transported