Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
25 Cards in this Set
- Front
- Back
|
Which action do IPsec peers take during the IKE Phase 2 exchange? |
negotiation of IPsec policy |
|
|
A network administrator plans to deploy an SSL VPN on a Cisco IOS router. Which SSL VPN mode would require the user to download a Java applet to connect to POP3, SMTP, and SSH services? |
thin client mode |
|
|
When CCP Quick Setup is used to configure a VPN-capable router, what is the strongest level of encryption allowed? |
3DES |
|
|
A network administrator is planning to implement centralized management of Cisco VPN devices to simplify VPN deployment for remote offices and teleworkers. Which Cisco IOS feature would provide this solution? |
Cisco Easy VPN |
|
|
What protocol is used by IPsec to calculate shared keys and to negotiate the parameters to be used by IPsec SAs? |
IKE |
|
|
The use of 3DES within the IPsec framework is an example of which of the five IPsec building blocks? |
confidentiality |
|
Refer to the exhibit. How will traffic that does not match that defined by access list 101 be treated by the router? |
It will be sent unencrypted. |
|
|
How many bytes of overhead are added to each IP packet while it is transported through a GRE tunnel? |
24 |
|
|
What VPN solution uses a server to push IPsec policies to mobile clients so that they can access company resources over a secure IPsec tunnel? |
Cisco Easy VPN |
|
|
Which statement describes an important characteristic of a site-to-site VPN? |
It must be statically set up. |
|
|
What is the purpose of the "Generate Mirror..." button in site-to-site VPN wizard of CCP? |
to produce the required CLI commands to configure the router on the other side of the tunnel |
|
|
When configuring an IPsec VPN, what is used to define the traffic that is sent through the IPsec tunnel and protected by the IPsec process? |
crypto ACL |
|
|
Which factor is a drawback of providing remote connectivity and work solutions to employees? |
system security being maintained by employees themselves |
|
|
Which three statements describe the IPsec protocol framework? (Choose three.) |
AH uses IP protocol 51. |
|
Refer to the exhibit. Based on the CCP settings that are shown, which Easy VPN Server component is being configured? |
group policy |
|
|
A network administrator has acquired two different VPN-capable routers that will be installed in a network. Which factor must be verified between two routers prior to configuring a VPN tunnel? |
device interoperability |
|
Refer to the exhibit. A site-to-site VPN is required from R1 to R3. The administrator is using the CCP Site-to-Site VPN wizard on R1. Which IP address should the administrator enter in the highlighted field? |
10.2.2.2 |
|
Refer to the exhibit. Which pair of crypto isakmp key commands would correctly configure PSK on the two routers? |
R1# crypto isakmp key cisco123 address 209.165.200.227 R2# crypto isakmp key cisco123 address 209.165.200.226 |
|
|
What are two characteristics of SSL VPNs? (Choose two.) |
They can use noncompany-managed devices. |
|
|
What can be used as a VPN gateway when setting up a site-to-site VPN? |
Cisco router |
|
|
What is required for a host to use an SSL VPN to connect to a remote network device? |
A web browser must be installed on the host. |
|
|
Which statement describes the operation of the IKE protocol? |
It calculates shared keys based on the exchange of a series of data packets. |
|
|
With the Cisco Easy VPN feature, which process ensures that a static route is created on the Cisco Easy VPN Server for the internal IP address of each VPN client? |
Reverse Route Injection |
|
|
What is the purpose of configuring multiple crypto ACLs when building a VPN connection between remote sites? |
When multiple combinations of IPsec protection are being chosen, multiple crypto ACLs can define different traffic types. |
|
|
Which authentication method is available when specifying a method list for group policy lookup using the CCP Easy VPN Server wizard? |
radius |
