Cisco III - Chapters 8 - VPN and IPsec Concepts
Which choices are available for the Confidentiality function in the IPsec framework? (Choose three.) a. 3DES b. AES c. AH d. DH24 e. PSK f. SEAL g. SHA
3DES AES SEAL
Which algorithm is used with IPsec to provide data confidentiality? a. MD5 b. Diffie-Hellman c. SHA d. AES e. RSA
AES
Which IPsec framework protocol provides data integrity and data authentication, but does not provide data confidentiality? a. AH b. IP protocol 50 c. ESP d. DH
AH
Which choices are available for the IPsec Protocol function in the IPsec framework? (Choose two.) a. AES b. AH c. DH24 d. ESP e. PSK f. RSA g. SHA
AH ESP
Which IPsec function uses pre-shared passwords, digital certificates, or RSA certificates? a. IPsec protocol b. Confidentiality c. Integrity d. Authentication e. Diffie-Hellman
Authentication
What type of protocol is GRE? a. Security protocol b. Passenger protocol c. Carrier protocol d. Transport protocol
Carrier protocol
What type of VPN can be established with a web browser using HTTPS? a. IPsec b. Client-based VPN c. Site-to-site VPN d. Clientless VPN
Clientless VPN
Which VPN benefit allows an enterprise to increase the bandwidth for remote sites without necessarily adding more equipment or WAN links? a. Cost Savings b. Security c. Scalability d. Compatibility
Cost Savings
What are the devices and inside wiring located on the enterprise edge and connect to a carrier link? a. Demarcation Point b. Customer Premises Equipment c. Data Communications Equipment d. Data Terminal Equipment
Customer Premises Equipment
Which Diffie-Hellman group choices are no longer recommended? a. DH groups 1, 2, and 5 b. DH groups 14, 15, and 16 c. DH groups 19, 20, 21 and 24
DH groups 1, 2, and 5
What type of VPN enables an enterprise to rapidly scale secure access across the organization? a. DMVPN b. Remote-access VPN c. Site-to-site VPN d. MPLS VPN
DMVPN
What are devices that put data on the local loop? a. Demarcation Point b. Customer Premises Equipment c. Data Communications Equipment d. Data Terminal Equipment
Data Communications Equipment
What are customer devices that pass the data from a customer network or host computer for transmission over the WAN? a. Data Terminal Equipment b. Customer Premises Equipment c. Data Communications Equipment d. Demarcation Point
Data Terminal Equipment
What is a point that is established in a building or complex to separate customer equipment from service provider equipment? a. Demarcation Point b. Customer Premises Equipment c. Data Communications Equipment d. Data Terminal Equipment
Demarcation Point
Which protocol creates a virtual point-to-point connection to tunnel unencrypted traffic between Cisco routers from a variety of protocols? a. GRE b. IKE c. IPsec d. OSPF
GRE
Which type of VPN allows multicast and broadcast traffic over a secure site-to-site VPN? a. dynamic multipoint VPN b. SSL VPN c. GRE over IPsec d. IPsec virtual tunnel interface
GRE over IPsec
Which type of VPN involves a nonsecure tunneling protocol being encapsulated by IPsec? a. dynamic multipoint VPN b. SSL VPN c. IPsec virtual tunnel interface d. GRE over IPsec
GRE over IPsec
Which type of VPN involves passenger, carrier, and transport protocols? a. dynamic multipoint VPN b. GRE over IPsec c. MPLS VPN d. IPsec virtual tunnel interface
GRE over IPsec
What algorithm is used to provide data integrity of a message through the use of a calculated hash value? a. HMAC b. DH c. RSA d. AES
HMAC
Which VPN solutions are typically managed by an enterprise? (Choose three.) a. MPLS Layer 2 b. MPLS Layer 3 c. IPsec d. SSL e. Frame Relay f. DMVPN
IPsec SSL DMVPN
Which type of VPN routes packets through virtual tunnel interfaces for encryption and forwarding? a. MPLS VPN b. IPsec virtual tunnel interface c. GRE over IPsec d. dynamic multipoint VPN
IPsec virtual tunnel interface
Which type of VPN supports multiple sites by applying configurations to virtual interfaces instead of physical interfaces? a. dynamic multipoint VPN b. IPsec virtual tunnel interface c. MPLS VPN d. GRE over IPsec
IPsec virtual tunnel interface
Which two end points can be on the other side of an ASA site-to-site VPN configured using ASDM? (Choose two.) a. DSL switch b. ISR router c. another ASA d. multilayer switch e. Frame Relay switch
ISR router another ASA
Which two statements describe a remote access VPN? (Choose two.) a. It connects entire networks to each other. b. It requires hosts to send TCP/IP traffic through a VPN gateway. c. It is used to connect individual hosts securely to a company network over the Internet. d. It may require VPN client software on hosts. e. It requires static configuration of the VPN tunnel.
It is used to connect individual hosts securely to a company network over the Internet. It may require VPN client software on hosts.
Which statement describes an important characteristic of a site-to-site VPN? a. It must be statically set up. b. It is ideally suited for use by mobile workers. c. It requires using a VPN client on the host PC. d. After the initial connection is established, it can dynamically change connection information. e. It is commonly implemented over dialup and cable modem networks.
It must be statically set up.
Which is a requirement of a site-to-site VPN? a. It requires hosts to use VPN client software to encapsulate traffic. b. It requires the placement of a VPN server at the edge of the company network. c. It requires a VPN gateway at each end of the tunnel to encrypt and decrypt traffic. d. It requires a client/server architecture.
It requires a VPN gateway at each end of the tunnel to encrypt and decrypt traffic.
Which VPN type is a service provider managed VPN? a. site-to-site VPN b. Layer 3 MPLS VPN c. remote access VPN d. GRE over IPsec VPN
Layer 3 MPLS VPN
IPsec can protect traffic in which four OSI Layers?
Layers 4 thru 7
Which choices are available for the Integrity function in the IPsec framework? (Choose two.) a. AES b. AH c. DH24 d. MD5 e. PSK f. SEAL g. SHA
MD5 SHA
What type of VPN enables an enterprise to emulate an Ethernet multiaccess LAN with remote sites? a. DMVPN b. Remote-access VPN c. Site-to-site VPN d. MPLS VPN
MPLS VPN
Which type of VPN has both Layer 2 and Layer 3 implementations? a. IPsec virtual tunnel interface b. MPLS VPN c. GRE over IPsec d. dynamic multipoint VPN
MPLS VPN
How is "tunneling" accomplished in a VPN? a. All packets between two hosts are assigned to a single physical medium to ensure that the packets are kept private. b. New headers from one or more VPN protocols encapsulate the original packets. c. Packets are disguised to look like other types of traffic so that they will be ignored by potential attackers. d. A dedicated circuit is established between the source and destination devices for the duration of the connection.
New headers from one or more VPN protocols encapsulate the original packets.
Which feature describes SSL VPNS? a. All IP-based applications are supported. b. Only requires a web browser on a host. c. Specific devices with specific configurations can connect. d. Uses two-way authentication with shared keys or digital certificates.
Only requires a web browser on a host.
Which choices are available for the Authentication function in the IPsec framework? (Choose two.) a. AES b. AH c. DH24 d. PSK e. RSA f. SEAL g. SHA
PSK RSA
Which type of VPN is used to connect a mobile user? a. Site-to-site b. Remote-access c. GRE d. IPsec
Remote-access
What two algorithms can be part of an IPsec policy to provide encryption and hashing to protect interesting traffic? (Choose two.) a. SHA b. RSA c. DH d. AES e. PSK
SHA AES
What are two hashing algorithms used with IPsec AH to guarantee authenticity? (Choose two.) a. RSA b. SHA c. AES d. MD5 e. DH
SHA MD5
Which type of VPN connects using the Transport Layer Security (TLS) feature? a. SSL VPN b. MPLS VPN c. IPsec virtual tunnel interface d. dynamic multipoint VPN
SSL VPN
Which type of VPN uses the public key infrastructure and digital certificates? a. IPsec virtual tunnel interface b. GRE over IPsec c. SSL VPN d. dynamic multipoint VPN
SSL VPN
Which VPN benefit allows an enterprise to easily add more users to the network? a. Cost Savings b. Security c. Scalability d. Compatibility
Scalability
Which VPN benefit uses advanced encryption and authentication protocols to protect data from unauthorized access? a. Cost Savings b. Security c. Scalability d. Compatibility
Security
Which statement describes the effect of key length in deterring an attacker from hacking through an encryption key? a. The length of a key will not vary between encryption algorithms. b. The length of a key does not affect the degree of security. c. The shorter the key, the harder it is to break. d. The longer the key, the more key possibilities exist.
The longer the key, the more key possibilities exsist.
Which statement describes a VPN? a. VPNs use open source virtualization software to create the tunnel through the internet. b. VPNs use logical connections to create public networks through the internet. c. VPNs use dedicated physical connections to transfer data between remote users. d. VPNs use virtual connections to create a private network through a public network.
VPNs use virtual connections to create a private network through a public network.
What is the function of the Diffie-Hellman algorithm within the IPsec framework? a. guarantees message integrity b. allows peers to exchange shared keys c. provides authentication d. provides strong data encryption
allows peers to exchange shared keys
Which VPN solution allows the use of a web browser to establish a secure, remote-access VPN tunnel to the ASA? a. client-based SSL b. site-to-site using an ACL c. clientless SSL d. site-to-site using a preshared key
clientless SSL
Which two types of VPNs are examples of enterprise-managed remote access VPNs? (Choose two.) a. clientless SSL VPN b. IPsec VPN c. IPsec Virtual Tunnel Interface VPN d. client-based IPsec VPN e. GRE over IPsec VPN
clientless SSL VPN client-based IPsec VPN
The use of 3DES within the IPsec framework is an example of which of the five IPsec building blocks? a. authentication b. confidentiality c. Diffie-Hellman d. integrity e. nonrepudiation
confidentiality
Which technique is necessary to ensure a private transfer of data using a VPN? a. authorization b. encryption c. scalability d. virtualization
encryption
What is the function of the Hashed Message Authentication Code (HMAC) algorithm in setting up an IPsec VPN? a. creates a secure channel for key negotiation b. protects IPsec keys during session negotiation c. authenticates the IPsec peers d. guarantees message integrity
guarantees message integrity
Which IPsec security function provides assurance that the data received via a VPN has not been modified in transit? a. authentication b. confidentiality c. integrity d. secure key exchange
integrity
Which type of VPN may require the Cisco VPN Client software? remote access VPN SSL VPN site-to-site VPN MPLS VPN
remote access VPN
Which two technologies provide enterprise-managed VPN solutions? (Choose two.) a. remote access VPN b. Frame Relay c. Layer 2 MPLS VPN d. site-to-site VPN e. Layer 3 MPLS VPN
remote access VPN site-to-site VPN
Which solution allows workers to telecommute effectively and securely? a. site-to-site VPN b. remote-access VPN c. dial-up connection d. DSL connection
remote-access VPN
What is a type of VPN that is generally transparent to the end user? a. site-to-site b. remote access c. public d. private
site-to-site
What are the two fundamental Dynamic Multipoint VPN tunnel types? (Choose two.) a. spoke-to-spoke b. site-to-site c. hub-to-spoke d. client-to-site e. server-to-client
spoke-to-spoke hub-to-spoke
What are two reasons a company would use a VPN? (Choose two.) a. to increase bandwidth to the network b. to connect remote users to the network c. to test network connections to remote users d. to allow suppliers to access the network e. to eliminate the need of having a gateway
to connect remote users to the network to allow suppliers to access the network
