CISCO - test 6 (VPN, IPsec, SNMP, Netflow...)
Which Cisco VPN solution provides limited access to internal network resources by utilizing a Cisco ASA and provides browser-based access only?
clientless SSL VPN
When SNMPvl or SNMPv2 is being used, which feature provides secure access to MIB objects?
community strings
What is one benefit of using VPNs for remote access?
potential for reduced connectivity costs
Refer to the exhibit. Which IP address would be configured on the tunnel interface of the destination router?
172.16.1.2
What is the purpose of a message hash in a VPN connection?
It ensures that the data has not changed while in transit.
The _____ protocol uses UDP port 514 and is the most common method to access system messages provided by networking devices.
syslog
What two encryption algorithms are used in IPsec VPNs? (Choose two.)
3DES AES
A network design engineer is planning the implementation of an IPsec VPN. Which hashing algorithm would provide the strongest level of message integrity?
512-bit SHA
Which two scenarios are examples of remote access VPNs? (Choose two.)
A mobile sales agent is connecting to the company network via the Internet connection at a hotel. An employee who is working from home uses VPN client software on a laptop in order to connect to the company network.
Which statement describes SNMP operation?
A set request is used by the NMS to change configuration variables in the agent device.
Refer to the exhibit. What can be concluded from the produced output?
An ACL was configured to restrict SNMP access to an SNMP manager.
A network technician has issued the service timestamps log datetime command in the configuration of the branch router. Which additional command is required to include the date and time in logged events?
Branch1# clock set 08:00:00 05 AUG 2015
What is the purpose of utilizing Diffie-Hellman (DH) algorithms as part of the IPsec standard?
DH algorithms allow two parties to establish a shared secret key that is used by encryption and hash algorithms.
How can SNMP access be restricted to a specific SNMP manager?
Define an ACL and reference it by using the snmp-server community command.
What key question would help determine whether an organization should use an SSL VPN or an IPsec
Do users need to be able to connect without requiring special VPN software?
What key question would help determine whether an organization should use an SSL VPN or an IPsec VPN for the remote access solution of the organization?
Do users need to be able to connect without requiring special VPN software?
What is an IPsec protocol that provides data confidentiality and authentication for IP packets?
ESP
When logging is used, which severity level indicates that a device is unusable?
Emergency-Level 0
Which three statements describe the building blocks that make up the IPsec protocol framework? (Choose three.)
IPsec uses encryption algorithms and keys to provide secure transfer of data. IPsec uses secret key cryptography to encrypt messages that are sent through a VPN. IPsec uses ESP to provide confidential transfer of data by encrypting IP packets.
Which statement correctly describes IPsec?
IPsec works at Layer 3, but can protect traffic from Layer 4 through Layer 7.
Which statement describes a characteristic of IPsec VPNs?
IPsec works with all Layer 2 protocols.
A network administrator issues two commands on a router: R1(config)# snmp-server host 10.10.50.25 version 2c campus R1(config)# snmp-server enable traps What can be concluded after the commands are entered?
If an interface comes up, a trap is sent to the server.
Which statement describes a feature of site-to-site VPNs?
Internal hosts send normal, unencapsulated packets.
A network administrator has issued the snmp-server user adminl admin v3 encrypted auth md5 abc789 priv des 256 key99 command. What are two features of this command? (Choose two.)
It uses the MD5 authentication of the SNMP messages. It adds a new user to the SNMP group.
Which two algorithms use Hash-based Message Authentication Code for message authentication? (Choose two.)
MD5 SHA
What is a difference between SNMP and NetFlow?
NetFlow collects more detailed traffic statistics on IP networks than SNMP does.
Which two statements describe items to be considered in configuring NetFlow? (Choose two.)
Netflow can only be used in a unidirectional flow. Netflow consumes additional memory.
How is "tunneling" accomplished in a VPN?
New headers from one or more VPN protocols encapsulate the original packets.
How does NetFlow function on a Cisco router or multilayer switch?
One user connection to an application exists as two NetFlow flows.
How does NetFlow function on a Cisco router or multilayer switch? Netflow captures and analyzes traffic.
One user connection to an application exists as two NetFlow flows.
Which algorithm is an asymmetrical key cryptosystem?
RSA
Which SNMP feature provides a solution to the main disadvantage of SNMP polling?
SNMP trap messages
Refer to the exhibit. A tunnel was implemented between routers R1 and R2. Which two conclusions can be drawn from the R1 command output? (Choose two.)
The data that is sent across this tunnel is not secure. A GRE tunnel is being used.
A network administrator has issued the logging trap 4 global configuration mode command. What is the result of this command?
The syslog client will send to the syslog server any event message that has a severity level of 4 and lower.
Refer to the exhibit. Which two conclusions can be drawn from the syslog message that was generated by the router? (Choose two.)
This message is a level 5 notification message. This message indicates that service timestamps have been configured.
Refer to the exhibit. While planning an upgrade, a network administrator uses the Cisco NetFlow utility to analyze data flow in the current network. Which protocol used the greatest amount of network time?
UDP-other
A network design engineer is planning the implementation of a cost-effective method to interconnect multiple networks securely over the Internet. Which type of technology is required?
a VPN gateway
Which remote access implementation scenario will support the use of generic routing encapsulation tunneling?
a central site that connects to a SOHO site without encryption
Which destination do Cisco routers and switches use by default when sending syslog messages for all severity levels?
console
Which function of IPsec security services allows the receiver to verify that the data was transmitted without being changed or altered in any way?
data integrity
What are the most common syslog messages?
linkup and link down messages
Refer to the exhibit. From what location have the syslog messages been retrieved?
router RAM
Two corporations have just completed a merger. The network engineer has been asked to connect the two corporate networks without the expense of leased lines. Which solution would be the most cost effective method of providing a proper and secure connection between the two corporate networks?
site-to-site VPN
Which type of information can an administrator obtain with the show ip cache flow command?
the protocol that uses the largest volume of traffic
Refer to the exhibit. What does the number 17:46:26.143 represent?
the time when the syslog message was issued
What is the purpose of the generic routing encapsulation tunneling protocol?
to manage the transportation of IP multicast and multiprotocol traffic between remote sites
What is the most common purpose of implementing NetFlow in a networked environment?
to support accounting and monitoring with consumer applications
What are SNMP trap messages?
unsolicited messages that are sent by the SNMP agent and alert the NMS to a condition on the network