Exam Prep Questions

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Exam Prep Questions

True or false. Site-to-site IPsec VPNs are an evolution of dial-up networking.

Which of the following is not considered a feature that can be configured as part of an IPsec VPN? (Choose all that apply.)

	A.	Authorization
	B.	Auditing
	C.	Confidentiality
	D.	Integrity
	E.	Authentication

What are two disadvantages of Cisco IOS SSL VPNs when compared with IPsec VPNs?

	A.	Hardware-only. The solution is implemented in hardware on either the VPN gateway or the client making the solution Cisco-proprietary.
	B.	Software-only. The solution is implemented in software on the VPN gateway and client.
	C.	Cryptographic security. Does not support the same level of encryption security as IPsec.
	D.	Incompatibility. Creating rules to allow SSL VPN traffic over intermediate routers and other gateways is difficult.
	E.	None of the above.

Fill in the following table with the letter corresponding to the most correct answer for devices’ role in the context of remote-access and site-to-site VPNs. (The same letter can be used more than once.)

VPN Type

Choices:

A. Primary role

B. Secondary role

C. Complements firewall role

D. Yes, but IT Security manages the VPN

E. Supports VPN 3000 Series Concentrator features

Which of the following list is not considered to be a VPN feature of Cisco VPN-enabled IOS routers? (Choose all that apply.)

	A.	Stateful Switchover (SSO)
	B.	AnyConnect standalone SSL VPN client
	C.	IPsec Stateful Failover
	D.	Voice and Video Enabled VPN (V3PN)
	E.	Cisco Easy VPN Remote

Fill in the blanks in the description below with choices from the list. (A choice may only be used once.)

At a high-level, IKE Phase I handles all _____ and _____ between VPN peers, whereas the main task of IKE Phase II is the transmission and _____ of data by applying confidentiality, integrity, authentication, and anti-replay services to it.

Choices:

A. Transformation

B. Authentication

C. Negotiation

D. Verification

Which of the following encryption algorithms (ciphers) is supported on VPN-enabled Cisco IOS routers? (Choose all that apply.)

	A.	Blowfish
	B.	DUAL
	C.	SEAL
	D.	3DES
	E.	AES
	F.	RSA

Fill in the blanks in the paragraph below with a letter corresponding to the correct choice from the list:

IKE Phase I uses a _____ to group elements together, whereas IKE Phase II groups ciphers and HMACs and other parameters in a _____.

Choices:

	A.	Negotiation set
	B.	Encryption set
	C.	HMAC (Hashing Media Authentication Code) set
	D.	Transform set
	E.	Policy set

Which of the following is true about a crypto map? (Choose all that apply.)

	A.	You can only have one crypto map per interface.
	B.	You can only have one crypto map per router.
	C.	A single crypto map can support multiple peers.
	D.	A single crypto map can support only one peer.
	E.	Crypto maps group all the policy elements of a transform set.

10.

Which of the following statements is true about using the Cisco SDM VPN Wizard? (Choose one.)

	A.	You cannot configure to the same level of granularity as with the CLI.
	B.	There is no SDM item to test the VPN once it is created, and you must use the CLI to generate traffic to launch the VPN.
	C.	You can test the VPN once it is created and use the SDM to generate traffic to launch the VPN if needed.
	D.	The SDM cannot create a site-to-site VPN. This must be accomplished through the CLI, though a new version of the SDM is planned that will have wizards to accomplish this task.
	E.	None of the above.

Answers to Exam Prep Questions

1.	The correct answer is false. Site-to-site IPsec VPNs are an evolution of WAN technology.
2.	The correct choices are A and B. Authorization and auditing (accounting) are considered parts of a AAA solution. IPsec VPNs provide for Confidentiality, Integrity, Authentication, and Anti-replay (C-I-A-A).
3.	Answers B and C are correct. Answer A is incorrect because, although the Cisco IOS SSL VPN solution is proprietary to Cisco, the solution is implemented as a software-only solution as of the course material’s (and this Exam Cram’s) publishing date. The new Cisco 5500 Series ASA adaptive security appliance platforms do support hardware-accelerated encryption. Answer D is incorrect because one of SSL’s biggest strengths is that it uses stateful TCP for transport, making it easier to tolerate across Port Address Translation (PAT) devices, and uses the standard TCP port number for HTTPS.
4.	The correct answers are as follows: VPN Type
5.	The correct choice is B. Currently, the AnyConnect SSL VPN client is only supported on the Cisco ASA 5500 Series adaptive security appliances. All of the other choices are VPN features of the Cisco VPN-enabled IOS routers.
6.	The first two blanks should be B and C, in any order. The last blank is A. Verification is a subset of transformation; therefore, answer D cannot be used.
7.	Blowfish is a cipher but is not supported on the router. DUAL is the name for the algorithm that Cisco’s proprietary Enhanced Interior Gateway Routing Protocol (EIGRP) employs and is not a cipher. All the other choices (C, D, E, and F) are supported ciphers for IPsec VPNs.
8.	The correct choices are E and D. The other choices are made up.
9.	Answers A and C are correct. You can have as many crypto maps as you have interfaces, but only one crypto map per interface. This being the case, that one crypto map may need to support multiple remote-access and site-to-site VPNs.
10.	The correct answer is C. One of the strengths of the SDM is that you can perform all the configuration tasks for a VPN with the SDM wizards. For comprehensive troubleshooting, Cisco recommends using certain CLI commands, but the SDM wizard can generate traffic in order to launch the VPN.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Exam Prep Questions

Create new playlist

Sign In

Sign Up

Exam Prep Questions

Answers to Exam Prep Questions

Table of Contents for
Exam Prep Questions