CCNACH8 Exam

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

Which three ports must be open to verify that an IPsec VPN tunnel is operating properly? (Choose three.)

50 500 51

Which two protocols must be allowed for an IPsec VPN tunnel is operate properly? (Choose two.)

51 50

Which statement describes a VPN?

VPNs use virtual connections to create a private network through a public network

Consider the following configuration on a Cisco ASA:crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmacWhat is the purpose of this command?

to define the encryption and integrity algorithms that are used to build the IPsec tunnel

n which situation would the Cisco Discovery Protocol be disabled?

when a PC with Cisco IP Communicator installed connects to a Cisco switch

Refer to the exhibit. What algorithm will be used for providing confidentiality?

AES

What three protocols must be permitted through the company firewall for establishment of IPsec site-to-site VPNs?

AH ISAKMP ESP

Which three statements describe the IPsec protocol framework? (Choose three.)

AH provides integrity and authentication. ESP provides encryption, authentication, and integrity. AH uses IP protocol 51

Which type of site-to-site VPN uses trusted group members to eliminate point-to-point IPsec tunnels between the members of a group?

GETVPN

Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN?

IPsec

Which statement accurately describes a characteristic of IPsec?

IPsec is a framework of open standards that relies on existing algorithms

Which two statements accurately describe characteristics of IPsec? (Choose two.)

IPsec is a framework of open standards that relies on existing algorithms IPsec works at the network layer and operates over all Layer 2 protocols.

Refer to the exhibit. How will traffic that does not match that defined by access list 101 be treated by the router?

It will be sent unencrypted

Refer to the exhibit. Which pair of crypto isakmp key commands would correctly configure PSK on the two routers?

R1(config)# crypto isakmp key cisco123 address 209.165.200.227 R2(config)# crypto isakmp key cisco123 address 209.165.200.226

Refer to the exhibit. What HMAC algorithm is being used to provide data integrity?

SHA

Which two IPsec protocols are used to provide data integrity?

SHA MD5

What is an important characteristic of remote-access VPNs?

The VPN connection is initiated by the remote user.

Which statement describes the effect of key length in deterring an attacker from hacking through an encryption key?

The longer the key, the more key possibilities exist

What is the purpose of configuring multiple crypto ACLs when building a VPN connection between remote sites?

When multiple combinations of IPsec protection are being chosen, multiple crypto ACLs can define different traffic types

What is needed to define interesting traffic in the creation of an IPsec tunnel?

access list

What is the function of the Diffie-Hellman algorithm within the IPsec framework?

allows peers to exchange shared keys

Which transform set provides the best protection?

crypto ipsec transform-set ESP-DES-SHA esp-aes-256 esp-sha-hmac

When is a security association (SA) created if an IPsec VPN tunnel is used to connect between two sites?

during both Phase 1 and 2

Which technique is necessary to ensure a private transfer of data using a VPN?

encryption

Which term describes a situation where VPN traffic that is is received by an interface is routed back out that same interface?

hairpinning

Which action do IPsec peers take during the IKE Phase 2 exchange?

negotiation of IPsec policy

What is the purpose of NAT-T?

permits VPN to work when NAT is being used on one or both ends of the VPN


संबंधित स्टडी सेट्स

6.1 Anatomy of the Endocrine System

View Set

eBook_ Bone, Cartilage, and Long Bone

View Set

Advanced Communications: Wireless Comms

View Set