Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CCNA Online Security > CCNA Chapter 8 Online > Flashcards

CCNA Chapter 8 Online Flashcards

1
Q

What are two benefits of an SSL VPN? (Choose two.)

A
  1. It has the option of only requiring an SSL-enabled web browser.
  2. It is compatible with DMVPNs, Cisco IOS Firewall, IPsec, IPS, Cisco Easy VPN, and NAT.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When verifying IPsec configurations, which show command displays the encryption algorithm, hash algorithm, authentication method, and Diffie-Hellman group configured, as well as default settings?

A

show crypto isakmp policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

When configuring a site-to-site IPsec VPN using the CLI, the authentication pre-share command is configured in the ISAKMP policy. Which additional peer authentication configuration is required?

A

Configure a PSK with the crypto isakmp key global configuration command.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which action do IPsec peers take during the IKE Phase 2 exchange?

A

negotiation of IPsec policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A network administrator is planning to implement centralized management of Cisco VPN devices to simplify VPN deployment for remote offices and teleworkers. Which Cisco IOS feature would provide this solution?

A

Cisco Easy VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which two statements accurately describe characteristics of IPsec? (Choose two.)

A
  1. IPsec works at the network layer and operates over all Layer 2 protocols.
  2. IPsec is a framework of open standards that relies on existing algorithms.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Refer to the exhibit. Which two IPsec framework components are valid options when configuring an IPsec VPN on a Cisco ISR router? (Choose two.)

A
  1. Confidentiality options include DES, 3DES, and AES.

2. Diffie-Hellman options include DH1, DH2, and DH5.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

With the Cisco Easy VPN feature, which process ensures that a static route is created on the Cisco Easy VPN Server for the internal IP address of each VPN client?

A

Reverse Route Injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Refer to the exhibit. A site-to-site VPN is required from R1 to R3. The administrator is using the SDM Site-to-Site VPN Wizard on R1. Which IP address should the administrator enter in the highlighted field?

A

10.2.2.2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is required for a host to use an SSL VPN?

A

A web browser must be installed on the host.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are two authentication methods that can be configured using the SDM Site-to-Site VPN Wizard? (Choose two.)

A
  1. pre-shared keys.

2. digital certificates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which UDP port must be permitted on any IP interface used to exchange IKE information between security gateways?

A

500

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which requirement necessitates using the Step-by-Step option of the SDM Site-to-Site VPN wizard instead of the Quick Setup option?

A

AES encryption is required

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which IPsec protocol should be selected when confidentiality is required?

A

encapsulating security payload

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which statement describes an important characteristic of a site-to-site VPN?

A

It must be statically set up.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Refer to the exhibit. Based on the SDM screen, which Easy VPN Server component is being configured?

A

group policy

17
Q

A user launches Cisco VPN Client software to connect remotely to a VPN service. What does the user select before entering the username and password?

A

the desired preconfigured VPN server site

18
Q

What is the default IKE policy value for authentication?

A

RSA signatures

19
Q

When using ESP tunnel mode, which portion of the packet is not authenticated?

A

new IP header

20
Q

Refer to the exhibit. Under the ACL Editor, which option is used to specify the traffic to be encrypted on a secure connection?

A

IPsec Rules

21
Q

Refer to the exhibit. A network administrator is troubleshooting a GRE VPN tunnel between R1 and R2. Assuming the R2 GRE configuration is correct and based on the running configuration of R1, what must the administrator do to fix the problem?

A

change the tunnel destination to 209.165.200.225

22
Q

How many bytes of overhead are added to each IP packet while it is transported through a GRE tunnel?

A

24

23
Q

What can be used as a VPN gateway when setting up a site-to-site VPN?

A

Cisco router

24
Q

Which three statements describe the IPsec protocol framework? (Choose three.)

A
  1. AH uses IP protocol 51.
  2. ESP uses UDP protocol 50.
  3. ESP provides encryption, authentication, and integrity.
25
Q

Which statement describes the operation of the IKE protocol?

A

It uses IPsec to establish the key exchange process

26
Q

What is the purpose of the “Generate Mirror…” button in site-to-site VPN wizard of CCP?

A

to produce the required CLI commands to configure the router on the other side of the tunnel

27
Q

Refer to the exhibit. Which pair of crypto isakmp key commands would correctly configure PSK on the two routers?

A

R1# crypto isakmp key cisco123 address 209.165.200.227.

R2# crypto isakmp key cisco123 address 209.165.200.226.

28
Q

Refer to the exhibit. How will traffic that does not match that defined by access list 101 be treated by the router?

A

It will be sent encrypted.

29
Q

Which factor is a drawback of providing remote connectivity and work solutions to employees?

A

system security being maintained employees themselves.

30
Q

What are two characteristics of SSL VPNs? (Choose two.)

A
  1. They require only a web browser on the client computer.

2. They require specific client software installed on the client device.

31
Q

What VPN solution uses a server to push IPsec policies to mobile clients so that they can access company resources over a secure IPsec tunnel?

A

Cisco Easy VPN

32
Q

Which authentication method is available when specifying a method list for group policy lookup using the CCP Easy VPN server wizard?

A

RADIUS

33
Q

A network administrator has acquired two different VPN-capable routers that will be installed in a network. Which factor must be verified between two routers prior to configuring a VPN tunnel?

A

device interoperability

34
Q

The use of 3DES within the IPsec framework is an example of which of the five IPsec building blocks?

A

confidentiality

35
Q

What protocol is used by IPsec to calculate shared keys and to negotiate the parameters to be used by IPsec SAs?

A

IKE

36
Q

What is the purpose of configuring multiple crypto ACLs when building a VPN connection between remote sites?

A

When multiple combinations of IPsec protection are being chosen, multiple crypto ACLs can define different traffic types.

37
Q

When CCP Quick Setup is used to configure a VPN-capable router, what is the strongest level of encryption allowed?

A

3DES

38
Q

A network administrator plans to deploy an SSL VPN on a Cisco IOS router. Which SSL VPN mode would require the user to download a Java applet to connect to POP3, SMTP, and SSH services?

A

thin client mode

CCNA Online Security (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions