CCNA 4 CH 7
Which Cisco VPN solution provides limited access to internal network resources by utilizing a Cisco ASA and provides browser-based access only?
clientless SSL VPN
Refer to the exhibit. Which IP address would be configured on the tunnel interface of the destination router? HQ# show interface Tunnel0 Tunnel0 is up, line protocol is up (connected) Hardware is Tunnel Internet address is 172.16.1.1 /30 MTU 17916 bytes, BW 100 Kbit/sec, DLY 5000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation TUNNEL, loopback not set Keepalive not set Tunnel source 209.165.200.225, destination 209.165.200.226 Tunnel protocol/transport GRE/IP Key disabled, sequencing disabled Checksumming of packets disabled Tunnel TTL 255 Fast tunneling enabled <output omitted>
172.16.1.2
A network design engineer is planning the implementation of an IPsec VPN. Which hashing algorithm would provide the strongest level of message integrity?
512-bit SHA
Which two scenarios are example of remote access VPNs? (Choose two)
A mobile sales agent is connecting to the company network via the Internet connection at a hotel An employee who is working from home uses VPN client software on a laptop in order to connect to the company network.
What two encryption algorithms are used in IPsec VPNs? (Choose two)
AES 3DES
What is the purpose of utilizing Diffie-Hellman (DH) algorithms as part of the IPsec standard?
DH algorithms allow two parties to establish a shared secret key that is used by encryption and hash algorithms.
What key question would help determine whether an organization should use an SSL VPN or an IPsec VPN for the remote access solution of the organization?
Do users need to be able to connect without requiring special VPN software?
What is an IPsec protocol that provides data confidentiality and authentication for IP packets?
ESP
Which two algorithms use Hash-based Message Authentication Code for message authentication? (Choose two)
MD5 SHA
Which 3 statements describe the building blocks that make up the IPsec protocol framework? (choose three)
IPsec uses encryption algorithms and keys to provide secure transfer of data. IP sec uses secret key cryptography to encrypt messages that are sent through a VPN. IPsec uses ESP to provide confidential transfer of data by encrypting IP packets.
Which statement correctly describes IPsec?
IPsec works at Layer 3, but can protect traffic from Layer 4 through Layer 7
Which statement describes a characteristic of IPsec VPNs?
IPsec works with all Layer 2 protocols
Which statement describes a feature of site-to-site VPNs?
Internal hosts send normal, unencapsulated packets
What is the purpose of a message hash in a VPN connection?
It ensures that the data has not changed while in transit.
How is "tunneling accomplished in a VPN?"
New headers from one or more VPN protocols encapsulate the original packets
Which algorithm is an asymmetrical key cryptosystem?
RSA
Refer to the exhibit. A tunnel was implemented between routers R1 and R2. Which two conclusions can be drawn from the R1 command output? (Choose two.) R1# show interface Tunnel 0 Tunnel0 is up, line protocol is up Hardware is Tunnel Internet address is 172.16.1.1/24 MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation TUNNEL, loopback not set Keepalive not set Tunnel source 209.165.200.1, destination 209.165.200.2 Tunnel protocol/transport GRE/IP <output omitted>
The data that is sent across this tunnel is not secure. A GRE tunnel is being used.
Open the PT Activity. Perform the tasks in the activity instructions and then answer the question. What problem is preventing the hosts from communicating across the VPN tunnel?
The tunnel IP addresses are incorrect
A network design engineer is planning the implementation of a cost-effective method to interconnect multiple networks securely over the Internet. Which type of technology is required?
a VPN gateway
Which remote access implementation scenario will support the use of generic routing encapsulation tunneling?
a central site that connects to a SOHO site without encryption
Which function of IPsec security services allows the receiver to verify that the data was transmitted without being changed or altered in any way?
data integrity
What is one benefit of using VPNs for remote access?
potential for reduced connectivity costs
Two corporations have just completed a merger. The network engineer has been asked to connect the two corporate networks without the expense of leased lines. Which solution would be the most cost effective method of providing a proper and secure connection between the two corporate networks?
site-to-site VPN
What is the purpose of the generic routing encapsulation tunneling protocol?
to manage the transportation of IP multicast and multiprotocol traffic between remote sites