1. |
The correct answer is false. Site-to-site IPsec VPNs are an evolution of WAN technology. |
2. |
The correct choices are A and B. Authorization and auditing (accounting) are considered parts of a AAA solution. IPsec VPNs provide for Confidentiality, Integrity, Authentication, and Anti-replay (C-I-A-A). |
3. |
Answers B and C are correct. Answer A is incorrect because, although the Cisco IOS SSL VPN solution is proprietary to Cisco, the solution is implemented as a software-only solution as of the course material’s (and this Exam Cram’s) publishing date. The new Cisco 5500 Series ASA adaptive security appliance platforms do support hardware-accelerated encryption. Answer D is incorrect because one of SSL’s biggest strengths is that it uses stateful TCP for transport, making it easier to tolerate across Port Address Translation (PAT) devices, and uses the standard TCP port number for HTTPS. |
4. |
The correct answers are as follows: VPN Type |
5. |
The correct choice is B. Currently, the AnyConnect SSL VPN client is only supported on the Cisco ASA 5500 Series adaptive security appliances. All of the other choices are VPN features of the Cisco VPN-enabled IOS routers. |
6. |
The first two blanks should be B and C, in any order. The last blank is A. Verification is a subset of transformation; therefore, answer D cannot be used. |
7. |
Blowfish is a cipher but is not supported on the router. DUAL is the name for the algorithm that Cisco’s proprietary Enhanced Interior Gateway Routing Protocol (EIGRP) employs and is not a cipher. All the other choices (C, D, E, and F) are supported ciphers for IPsec VPNs. |
8. |
The correct choices are E and D. The other choices are made up. |
9. |
Answers A and C are correct. You can have as many crypto maps as you have interfaces, but only one crypto map per interface. This being the case, that one crypto map may need to support multiple remote-access and site-to-site VPNs. |
10. |
The correct answer is C. One of the strengths of the SDM is that you can perform all the configuration tasks for a VPN with the SDM wizards. For comprehensive troubleshooting, Cisco recommends using certain CLI commands, but the SDM wizard can generate traffic in order to launch the VPN. |