CCNA 4 Chapter 7: Securing Site-to-Site Connectivity

Question 1

How is “tunneling” accomplished in a VPN?

Answer 1

New headers from one or more VPN protocols encapsulate the original packets.

Question 2

Which two scenarios are examples of remote access VPNs? (Choose two.).

Answer 2

1. A mobile sales agent is connecting to the company network via the Internet connection at a hotel.
2. An employee who is working from home uses VPN client software on a laptop in order to connect to the company network.

Question 3

Refer to the exhibit. Which IP address would be configured on the tunnel interface of the destination router?

Answer 3

172.16.1.2

Question 4

Which statement correctly describes IPsec?

Answer 4

IPsec works at Layer 3, but can protect traffic from Layer 4 through Layer 7.

Question 5

What is an IPsec protocol that provides data confidentiality and authentication for IP packets?

Answer 5

ESP

Question 6

Which three statements describe the building blocks that make up the IPsec protocol framework? (Choose three.)

Answer 6

1. IPsec uses encryption algorithms and keys to provide secure transfer of data
2. IPsec uses secret key cryptography to encrypt messages that are sent through a VPN.
3. IPsec uses ESP to provide confidential transfer of data by encrypting IP packets.

Question 7

What key question would help determine whether an organization should use an SSL VPN or an IPsec VPN for the remote access solution of the organization?

Answer 7

Do users need to be able to connect without requiring special VPN software?

Question 8

What is the purpose of a message hash in a VPN connection?

Answer 8

It ensures that the data has not changed while in transit.

Question 9

A network design engineer is planning the implementation of a cost-effective method to interconnect multiple networks securely over the Internet. Which type of technology is required?

Answer 9

a VPN gateway

Question 10

What is one benefit of using VPNs for remote access?

Answer 10

potential for reduced connectivity costs

Question 11

Which statement describes a characteristic of IPsec VPNs?

Answer 11

IPsec works with all Layer 2 protocols

Question 12

What is the purpose of the generic routing encapsulation tunneling protocol?

Answer 12

to manage the transportation of IP multicast and multiprotocol traffic between remote sites

Question 13

Which algorithm is an asymmetrical key cryptosystem?

Answer 13

RSA

Question 14

A network design engineer is planning the implementation of an IPsec VPN. Which hashing algorithm would provide the strongest level of message integrity?

Answer 14

512-bit SHA

Question 15

What two encryption algorithms are used in IPsec VPNs? (Choose two.)

Answer 15

1. . 3DES

2. AES

Question 16

Which statement describes a feature of site-to-site VPNs?

Answer 16

Internal hosts send normal, un-encapsulated packets.

Question 17

Which Cisco VPN solution provides limited access to internal network resources by utilizing a Cisco ASA and provides browser-based access only?

Answer 17

clientless SSL VPN

Question 18

Which two algorithms use Hash-based Message Authentication Code for message authentication? (Choose two.)

Answer 18

1. MD5

2. SHA

Question 19

Which function of IPsec security services allows the receiver to verify that the data was transmitted without being changed or altered in any way?

Answer 19

data integrity

Question 20

Open the PT Activity. Perform the tasks in the activity instructions and then answer the question. What problem is preventing the hosts from communicating across the VPN tunnel?

Answer 20

The tunnel IP addresses are incorrect.

Question 21

What is the purpose of utilizing Diffie-Hellman (DH) algorithms as part of the IPsec standard?

Answer 21

DH algorithms allow two parties to establish a shared secret key that is used by encryption and hash algorithms.

Question 22

Refer to the exhibit. A tunnel was implemented between routers R1 and R2. Which two conclusions can be drawn from the R1 command output? (Choose two.)

Answer 22

1. The data that is sent across this tunnel is not secure.

2. A GRE tunnel is being used.

Question 23

Two corporations have just completed a merger. The network engineer has been asked to connect the two corporate networks without the expense of leased lines. Which solution would be the most cost effective method of providing a proper and secure connection between the two corporate networks?

Answer 23

site-to-site VPN

Question 24

Which remote access implementation scenario will support the use of generic routing encapsulation tunneling?

Answer 24

a central site that connects to a SOHO site without encryption