Modules 18 - 19: VPNs

Which statement describes the effect of key length in deterring an attacker from hacking through an encryption key?

The longer the key, the more key possibilities exist.

What is needed to define interesting traffic in the creation of an IPsec tunnel?

access list

What are the two modes used in IKE Phase 1? (Choose two.)

main aggressive

Refer to the exhibit. What show command displays whether the securityk9 software is installed on the router and whether the EULA license has been activated?

show version

Two corporations have just completed a merger. The network engineer has been asked to connect the two corporate networks without the expense of leased lines. Which solution would be the most cost effective method of providing a proper and secure connection between the two corporate networks?

site-to-site VPN

What is a function of the GRE protocol?

to encapsulate multiple OSI Layer 3 protocol packet types inside an IP tunnel

What type of traffic is supported by IPsec?

IPsec only supports unicast traffic.

Which two statements describe the IPsec protocol framework? (Choose two.)

AH uses IP protocol 51. AH provides integrity and authentication.

What technology is used to negotiate security associations and calculate shared keys for an IPsec VPN tunnel?

IKE

Which statement accurately describes a characteristic of IPsec?

IPsec is a framework of open standards that relies on existing algorithms.

What takes place during IKE Phase 2 when establishing an IPsec VPN?

IPsec security associations are exchanged.

Router R1 has configured ISAKMP policies numbered 1, 5, 9, and 203. Router R2 only has default policies. How will R1 attempt to negotiate the IKE Phase 1 ISAKMP tunnel with R2? TERM ENGLISH

R1 will attempt to match policy #1 with the most secure matching policy on R2.

Refer to the exhibit. A VPN tunnel is configured on the WAN between R1 and R2. On which R1 interface(s) would a crypto map be applied in order to create a VPN between R1 and R2?

S0/0/0

Refer to the exhibit. What HMAC algorithm is being used to provide data integrity?

SHA

When the CLI is used to configure an ISR for a site-to-site VPN connection, what is the purpose of the crypto map command in interface configuration mode?

to bind the interface to the ISAKMP policy

Consider the following configuration on a Cisco ASA:crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmacWhat is the purpose of this command?

to define the encryption and integrity algorithms that are used to build the IPsec tunnel

Which two scenarios are examples of remote access VPNs? (Choose two.)

A mobile sales agent is connecting to the company network via the Internet connection at a hotel. An employee who is working from home uses VPN client software on a laptop in order to connect to the company network.

Which protocol creates a virtual point-to-point connection to tunnel unencrypted traffic between Cisco routers from a variety of protocols?

GRE

Which two statements describe a remote access VPN? (Choose two.)

It may require VPN client software on hosts. It is used to connect individual hosts securely to a company network over the Internet.

Which is a requirement of a site-to-site VPN?

It requires a VPN gateway at each end of the tunnel to encrypt and decrypt traffic.

How is "tunneling" accomplished in a VPN?

New headers from one or more VPN protocols encapsulate the original packets.