Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
14 Cards in this Set
- Front
- Back
|
Which of the following could be part of both an IKEv1 Phase 1 and IKEv1 Phase 2 policy? (Choose all that apply.) a. MD5 b. AES c. RSA d. DH
|
a,b, and d
|
|
|
How is it possible that a packet with a private Layer 3 destination address is forwarded over the Internet?
|
It is encapsulated into another packet and the internet only sees the outside valid IP destination address
|
|
|
What is the method for specifying the IKEv1 Phase 2 encryption method?
|
crypto ipsec transform-set
|
|
|
Which of the following potentially could be negotiated during IKEv1 Phase 2? (Choose all that apply.) a. Hashing b. DH group c. Encryption d. Authentication method
|
a,b, and c
|
|
|
Which of the DH groups is the most prudent to use when security is of the utmost importance?
|
Group 5
|
|
|
Which of the following is never part of an IKEv1 Phase 2 process? a. Main mode b. Specifying a hash (HMAC) c. Running DH (PFS) d. Negotiating the transform set to use
|
Main mode
|
|
|
Which encryption method will be used to protect the negotiation of the IPsec (IKEv1 phase 2) tunnel?
|
The one negotiated in the ISAKMP policy.
|
|
|
Which is the most secure method for authentication of IKEv1 Phase 1?
|
RSA signatures, using digital certificates to exchange public keys
|
|
|
Which component is not placed directly in a crypto map? a. Authentication policy b. ACL c. Transform set d. PFS
|
Authentication policy
|
|
|
Which of the following would cause a VPN tunnel using IPsec to never initialize or work correctly? (Choose all that apply.) a. Incompatible IKEv1 Phase 2 transform sets b. Incorrect pre-shared keys or missing digital certificates c. Lack of interesting traffic d. Incorrect routing
|
All
|
|
|
Which of the following IKE versions are supported by the Cisco ASA? (Choose all that apply.) a. IKEv1 b. IKEv2 c. IKEv3 d. IKEv4
|
ALL
|
|
|
What is the purpose of NAT exemption? a. To bypass NAT in the remote peer b. To bypass NAT for all traffic not sent over the IPsec tunnel c. To bypass NAT for traffic in the VPN tunnel d. To never bypass NAT in the local or remote peer
|
To bypass NAT for traffic in the VPN tunnel
|
|
|
Which of the following commands are useful when troubleshooting VPN problems in the Cisco ASA? (Choose all that apply.) a. show isakmp sa detail b. debug crypto ikev1 | ikev2 c. show crypto ipsec sa detail d. show vpn-sessiondb
|
ALL
|
|
|
(True or False) The Cisco ASA cannot be configured with more than one IKEv1 or IKEv2 policy. a. True b. False
|
FALSE
|
