Cisco III - Chapters 8 - VPN and IPsec Concepts

Which choices are available for the Confidentiality function in the IPsec framework? (Choose three.) a. 3DES b. AES c. AH d. DH24 e. PSK f. SEAL g. SHA

3DES AES SEAL

Which algorithm is used with IPsec to provide data confidentiality? a. MD5 b. Diffie-Hellman c. SHA d. AES e. RSA

AES

Which IPsec framework protocol provides data integrity and data authentication, but does not provide data confidentiality? a. AH b. IP protocol 50 c. ESP d. DH

AH

Which choices are available for the IPsec Protocol function in the IPsec framework? (Choose two.) a. AES b. AH c. DH24 d. ESP e. PSK f. RSA g. SHA

AH ESP

Which IPsec function uses pre-shared passwords, digital certificates, or RSA certificates? a. IPsec protocol b. Confidentiality c. Integrity d. Authentication e. Diffie-Hellman

Authentication

What type of protocol is GRE? a. Security protocol b. Passenger protocol c. Carrier protocol d. Transport protocol

Carrier protocol

What type of VPN can be established with a web browser using HTTPS? a. IPsec b. Client-based VPN c. Site-to-site VPN d. Clientless VPN

Clientless VPN

Which VPN benefit allows an enterprise to increase the bandwidth for remote sites without necessarily adding more equipment or WAN links? a. Cost Savings b. Security c. Scalability d. Compatibility

Cost Savings

What are the devices and inside wiring located on the enterprise edge and connect to a carrier link? a. Demarcation Point b. Customer Premises Equipment c. Data Communications Equipment d. Data Terminal Equipment

Customer Premises Equipment

Which Diffie-Hellman group choices are no longer recommended? a. DH groups 1, 2, and 5 b. DH groups 14, 15, and 16 c. DH groups 19, 20, 21 and 24

DH groups 1, 2, and 5

What type of VPN enables an enterprise to rapidly scale secure access across the organization? a. DMVPN b. Remote-access VPN c. Site-to-site VPN d. MPLS VPN

DMVPN

What are devices that put data on the local loop? a. Demarcation Point b. Customer Premises Equipment c. Data Communications Equipment d. Data Terminal Equipment

Data Communications Equipment

What are customer devices that pass the data from a customer network or host computer for transmission over the WAN? a. Data Terminal Equipment b. Customer Premises Equipment c. Data Communications Equipment d. Demarcation Point

Data Terminal Equipment

What is a point that is established in a building or complex to separate customer equipment from service provider equipment? a. Demarcation Point b. Customer Premises Equipment c. Data Communications Equipment d. Data Terminal Equipment

Demarcation Point

Which protocol creates a virtual point-to-point connection to tunnel unencrypted traffic between Cisco routers from a variety of protocols? a. GRE b. IKE c. IPsec d. OSPF

GRE

Which type of VPN allows multicast and broadcast traffic over a secure site-to-site VPN? a. dynamic multipoint VPN b. SSL VPN c. GRE over IPsec d. IPsec virtual tunnel interface

GRE over IPsec

Which type of VPN involves a nonsecure tunneling protocol being encapsulated by IPsec? a. dynamic multipoint VPN b. SSL VPN c. IPsec virtual tunnel interface d. GRE over IPsec

GRE over IPsec

Which type of VPN involves passenger, carrier, and transport protocols? a. dynamic multipoint VPN b. GRE over IPsec c. MPLS VPN d. IPsec virtual tunnel interface

GRE over IPsec

What algorithm is used to provide data integrity of a message through the use of a calculated hash value? a. HMAC b. DH c. RSA d. AES

HMAC

Which VPN solutions are typically managed by an enterprise? (Choose three.) a. MPLS Layer 2 b. MPLS Layer 3 c. IPsec d. SSL e. Frame Relay f. DMVPN

IPsec SSL DMVPN

Which type of VPN routes packets through virtual tunnel interfaces for encryption and forwarding? a. MPLS VPN b. IPsec virtual tunnel interface c. GRE over IPsec d. dynamic multipoint VPN

IPsec virtual tunnel interface

Which type of VPN supports multiple sites by applying configurations to virtual interfaces instead of physical interfaces? a. dynamic multipoint VPN b. IPsec virtual tunnel interface c. MPLS VPN d. GRE over IPsec

IPsec virtual tunnel interface

Which two end points can be on the other side of an ASA site-to-site VPN configured using ASDM? (Choose two.) a. DSL switch b. ISR router c. another ASA d. multilayer switch e. Frame Relay switch

ISR router another ASA

Which two statements describe a remote access VPN? (Choose two.) a. It connects entire networks to each other. b. It requires hosts to send TCP/IP traffic through a VPN gateway. c. It is used to connect individual hosts securely to a company network over the Internet. d. It may require VPN client software on hosts. e. It requires static configuration of the VPN tunnel.

It is used to connect individual hosts securely to a company network over the Internet. It may require VPN client software on hosts.

Which statement describes an important characteristic of a site-to-site VPN? a. It must be statically set up. b. It is ideally suited for use by mobile workers. c. It requires using a VPN client on the host PC. d. After the initial connection is established, it can dynamically change connection information. e. It is commonly implemented over dialup and cable modem networks.

It must be statically set up.

Which is a requirement of a site-to-site VPN? a. It requires hosts to use VPN client software to encapsulate traffic. b. It requires the placement of a VPN server at the edge of the company network. c. It requires a VPN gateway at each end of the tunnel to encrypt and decrypt traffic. d. It requires a client/server architecture.

It requires a VPN gateway at each end of the tunnel to encrypt and decrypt traffic.

Which VPN type is a service provider managed VPN? a. site-to-site VPN b. Layer 3 MPLS VPN c. remote access VPN d. GRE over IPsec VPN

Layer 3 MPLS VPN

IPsec can protect traffic in which four OSI Layers?

Layers 4 thru 7

Which choices are available for the Integrity function in the IPsec framework? (Choose two.) a. AES b. AH c. DH24 d. MD5 e. PSK f. SEAL g. SHA

MD5 SHA

What type of VPN enables an enterprise to emulate an Ethernet multiaccess LAN with remote sites? a. DMVPN b. Remote-access VPN c. Site-to-site VPN d. MPLS VPN

MPLS VPN

Which type of VPN has both Layer 2 and Layer 3 implementations? a. IPsec virtual tunnel interface b. MPLS VPN c. GRE over IPsec d. dynamic multipoint VPN

MPLS VPN

How is "tunneling" accomplished in a VPN? a. All packets between two hosts are assigned to a single physical medium to ensure that the packets are kept private. b. New headers from one or more VPN protocols encapsulate the original packets. c. Packets are disguised to look like other types of traffic so that they will be ignored by potential attackers. d. A dedicated circuit is established between the source and destination devices for the duration of the connection.

New headers from one or more VPN protocols encapsulate the original packets.

Which feature describes SSL VPNS? a. All IP-based applications are supported. b. Only requires a web browser on a host. c. Specific devices with specific configurations can connect. d. Uses two-way authentication with shared keys or digital certificates.

Only requires a web browser on a host.

Which choices are available for the Authentication function in the IPsec framework? (Choose two.) a. AES b. AH c. DH24 d. PSK e. RSA f. SEAL g. SHA

PSK RSA

Which type of VPN is used to connect a mobile user? a. Site-to-site b. Remote-access c. GRE d. IPsec

Remote-access

What two algorithms can be part of an IPsec policy to provide encryption and hashing to protect interesting traffic? (Choose two.) a. SHA b. RSA c. DH d. AES e. PSK

SHA AES

What are two hashing algorithms used with IPsec AH to guarantee authenticity? (Choose two.) a. RSA b. SHA c. AES d. MD5 e. DH

SHA MD5

Which type of VPN connects using the Transport Layer Security (TLS) feature? a. SSL VPN b. MPLS VPN c. IPsec virtual tunnel interface d. dynamic multipoint VPN

SSL VPN

Which type of VPN uses the public key infrastructure and digital certificates? a. IPsec virtual tunnel interface b. GRE over IPsec c. SSL VPN d. dynamic multipoint VPN

SSL VPN

Which VPN benefit allows an enterprise to easily add more users to the network? a. Cost Savings b. Security c. Scalability d. Compatibility

Scalability

Which VPN benefit uses advanced encryption and authentication protocols to protect data from unauthorized access? a. Cost Savings b. Security c. Scalability d. Compatibility

Security

Which statement describes the effect of key length in deterring an attacker from hacking through an encryption key? a. The length of a key will not vary between encryption algorithms. b. The length of a key does not affect the degree of security. c. The shorter the key, the harder it is to break. d. The longer the key, the more key possibilities exist.

The longer the key, the more key possibilities exsist.

Which statement describes a VPN? a. VPNs use open source virtualization software to create the tunnel through the internet. b. VPNs use logical connections to create public networks through the internet. c. VPNs use dedicated physical connections to transfer data between remote users. d. VPNs use virtual connections to create a private network through a public network.

VPNs use virtual connections to create a private network through a public network.

What is the function of the Diffie-Hellman algorithm within the IPsec framework? a. guarantees message integrity b. allows peers to exchange shared keys c. provides authentication d. provides strong data encryption

allows peers to exchange shared keys

Which VPN solution allows the use of a web browser to establish a secure, remote-access VPN tunnel to the ASA? a. client-based SSL b. site-to-site using an ACL c. clientless SSL d. site-to-site using a preshared key

clientless SSL

Which two types of VPNs are examples of enterprise-managed remote access VPNs? (Choose two.) a. clientless SSL VPN b. IPsec VPN c. IPsec Virtual Tunnel Interface VPN d. client-based IPsec VPN e. GRE over IPsec VPN

clientless SSL VPN client-based IPsec VPN

The use of 3DES within the IPsec framework is an example of which of the five IPsec building blocks? a. authentication b. confidentiality c. Diffie-Hellman d. integrity e. nonrepudiation

confidentiality

Which technique is necessary to ensure a private transfer of data using a VPN? a. authorization b. encryption c. scalability d. virtualization

encryption

What is the function of the Hashed Message Authentication Code (HMAC) algorithm in setting up an IPsec VPN? a. creates a secure channel for key negotiation b. protects IPsec keys during session negotiation c. authenticates the IPsec peers d. guarantees message integrity

guarantees message integrity

Which IPsec security function provides assurance that the data received via a VPN has not been modified in transit? a. authentication b. confidentiality c. integrity d. secure key exchange

integrity

Which type of VPN may require the Cisco VPN Client software? remote access VPN SSL VPN site-to-site VPN MPLS VPN

remote access VPN

Which two technologies provide enterprise-managed VPN solutions? (Choose two.) a. remote access VPN b. Frame Relay c. Layer 2 MPLS VPN d. site-to-site VPN e. Layer 3 MPLS VPN

remote access VPN site-to-site VPN

Which solution allows workers to telecommute effectively and securely? a. site-to-site VPN b. remote-access VPN c. dial-up connection d. DSL connection

remote-access VPN

What is a type of VPN that is generally transparent to the end user? a. site-to-site b. remote access c. public d. private

site-to-site

What are the two fundamental Dynamic Multipoint VPN tunnel types? (Choose two.) a. spoke-to-spoke b. site-to-site c. hub-to-spoke d. client-to-site e. server-to-client

spoke-to-spoke hub-to-spoke

What are two reasons a company would use a VPN? (Choose two.) a. to increase bandwidth to the network b. to connect remote users to the network c. to test network connections to remote users d. to allow suppliers to access the network e. to eliminate the need of having a gateway

to connect remote users to the network to allow suppliers to access the network