VPN and stuff Flashcards
What are 3 vital functions of VPNs?
Answer -
A) Data origin authentication.
B) Encryption.
C) Data Integrity.
What are 3 vital functions of VPNs?
Answer -
A) Data origin authentication.
B) Encryption, Data Integrity.
C) Data Integrity.
What two features are benefits of using GRE tunnels with IPsec over using IPsec tunnel alone for building site-to-site VPNs? (Choose two)
A) allows dynamic routing securely over the tunnel.
B) IKE keepalives are unidirectional and sent every ten seconds.
C) reduces IPsec headers overhead since tunnel mode is used.
D) supports non-IP traffic over the tunnel.
E) uses Virtual Tunnel Interface (VTI)to simplify the IPsec VPN configuration.
Answer -
A) allows dynamic routing securely over the tunnel.
D) supports non-IP traffic over the tunnel.
Which statement is true about an IPsec/GRE tunnel?
A) The GRE tunnel source and destination addresses are specified within the IPsec transform set.
B) An IPsec/GRE tunnel must use IPsec tunnel mode.
C) GRE encapsulation occurs before the IPsec encryption process.
D) Crypto map ACL is not needed to match which traffic will be protected.
Answer -
C) GRE encapsulation occurs before the IPsec encryption process.
Which of the following is a GRE Tunnel characteristic?
A) GRE impose more CPU overhead than IPSec on VPN gateways.
B) GRE tunnels can run through IPsec tunnels.
C) GRE Tunnel doesn’t have support for IPv6.
D) GRE consists of two sub-protocols: Encapsulated. Security Payload (ESP) and Authentication Header (AH).
Answer -
B) GRE tunnels can run through IPsec tunnels.
What is a key benefit of using a GRE tunnel to provide connectivity between branch offices and headquarters?
A) authentication, integrity checking, and confidentiality. B) less overhead. C) dynamic routing over the tunnel. D) granular QoS support. E) open standard. F) scalability.
Answer -
C) dynamic routing over the tunnel.
What are the four main steps in configuring a GRE tunnel over IPsec on Cisco routers? (Choose four)
A) Configure a physical interface or create a loopback interface to use as the tunnel endpoint.
B) Create the GRE tunnel interfaces.
C) Add the tunnel interfaces to the routing process so that it exchanges routing updates across that interface.
D) Add the tunnel subnet to the routing process so that it exchanges routing updates across that interface.
E) Add all subnets to the crypto access-list, so that IPsec encrypts the GRE tunnel traffic.
F) Add GRE traffic to the crypto access-list, so that IPsec encrypts the GRE tunnel traffic.
Answer -
A) Configure a physical interface or create a loopback interface to use as the tunnel endpoint.
B) Create the GRE tunnel interfaces.
D) Add the tunnel subnet to the routing process so that it exchanges routing updates across that interface.
F) Add GRE traffic to the crypto access-list, so that IPsec encrypts the GRE tunnel traffic.
A network administrator uses GRE over IPSec to connect two branches together via VPN tunnel. Which one of the following is the reason for using GRE over IPSec?
A) GRE over IPSec provides better QoS mechanism and is faster than other WAN technologies.
B) GRE over IPSec decreases the overhead of the header.
C) GRE supports use of routing protocol, while IPSec supports encryption.
D) GRE supports encryption, while IPSec supports use of routing protocol.
Answer -
C) GRE supports use of routing protocol, while IPSec supports encryption.
For a GRE tunnel to be up between two routers, which of the following must be configured?
A) Loopback interface.
B) IP reachability between the loopback interfaces.
C) Dynamic Routing between routers.
D) Tunnel interfaces must be in the same subnet.
Answer -
A) Loopback interface.
D) Tunnel interfaces must be in the same subnet.
Which two methods use IPsec to provide secure connectivity from the branch office to the headquarters office? (Choose two)
A) DMVPN. B) MPLS VPN. C) Virtual Tunnel Interface (VTI). D) SSL VPN. E) PPPoE.
Answer -
A) DMVPN.
C) Virtual Tunnel Interface (VTI).
Name a major drawback of both GRE & L2TP?
Answer -
No encryption
Name 3 protocols used to create tunnels?
Answer -
A)Generic Routing Encapsulation (GRE) (RFC1701).
B) Layer 2 Tunneling Protocol (L2TP)(RFC2661).
C) IP Security (IPSec).
Name 2 types of remote access VPNs?
Answer -
A) Client initiated (Remote access).
B) Network Access Server initiated (site-to-site).
Name a major drawback of IPSec?
Answer -
IPSec only supports unicast IP traffic.
What is the difference between client-initiated and NAS-initiated VPNs?
Answer -
Client-initiated uses a client application to create the tunnel, NAS-initiated is where the user dials into a NAS device that creates the tunnel.