CCNA Security Chapter 8 Exam Answers
1. Refer to the exhibit. How will traffic that does not match that defined by access list 101 be treated by the router?
·
It will be sent
unencrypted.
·
It will be sent encrypted.
·
It will be blocked.
·
It will be discarded.
2.
What three protocols must be permitted
through the company firewall for establishment of IPsec site-to-site VPNs?
(Choose three.)
·
HTTPS
·
SSH
·
AH
·
ISAKMP
·
NTP
·
ESP
3.
Which statement describes the effect of
key length in deterring an attacker from hacking through an encryption key?
·
The length of a key does not affect the
degree of security.
·
The shorter the key, the harder it is to
break.
·
The length of a key will not vary
between encryption algorithms.
·
The longer the key, the
more key possibilities exist.
4.
What is the purpose of configuring
multiple crypto ACLs when building a VPN connection between remote sites?
·
By applying the ACL on a public
interface, multiple crypto ACLs can be built to prevent public users from
connecting to the VPN-enabled router.
·
Multiple crypto ACLs can define multiple
remote peers for connecting with a VPN-enabled router across the Internet or
network.
·
Multiple crypto ACLs can be configured
to deny specific network traffic from crossing a VPN.
·
When multiple
combinations of IPsec protection are being chosen, multiple crypto ACLs can
define different traffic types.
5.
Consider the following configuration on a
Cisco ASA:
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
What is the purpose of this command?
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
What is the purpose of this command?
·
to define the ISAKMP parameters that are
used to establish the tunnel
·
to define the encryption
and integrity algorithms that are used to build the IPsec tunnel
·
to define what traffic is allowed
through and protected by the tunnel
·
to define only the allowed encryption
algorithms
6.
Which transform set provides the best
protection?
·
crypto ipsec
transform-set ESP-DES-SHA esp-aes-256 esp-sha-hmac
·
crypto ipsec transform-set ESP-DES-SHA
esp-3des esp-sha-hmac
·
crypto ipsec transform-set ESP-DES-SHA
esp-des esp-sha-hmac
·
crypto ipsec transform-set ESP-DES-SHA
esp-aes esp-des esp-sha-hmac
7.
Which three ports must be open to verify
that an IPsec VPN tunnel is operating properly? (Choose three.)
·
168
·
50
·
169
·
501
·
500
·
51
8.
When is a security association (SA)
created if an IPsec VPN tunnel is used to connect between two sites?
·
after the tunnel is created, but before
traffic is sent
·
only during Phase 2
·
only during Phase 1
·
during both Phase 1 and
2
9.
In which situation would the Cisco
Discovery Protocol be disabled?
·
when a Cisco VoIP phone attaches to a
Cisco switch
·
when a Cisco switch connects to another
Cisco switch
·
when a Cisco switch connects to a Cisco
router
·
when a PC with Cisco IP
Communicator installed connects to a Cisco switch
10. Which
two statements accurately describe characteristics of IPsec? (Choose two.)
·
IPsec works at the transport layer and
protects data at the network layer.
·
IPsec is a framework of proprietary
standards that depend on Cisco specific algorithms.
·
IPsec is a framework of standards
developed by Cisco that relies on OSI algorithms.
·
IPsec is a framework of
open standards that relies on existing algorithms.
·
IPsec works at the
network layer and operates over all Layer 2 protocols.
·
IPsec works at the application layer and
protects all application data.
11. Which
action do IPsec peers take during the IKE Phase 2 exchange?
·
exchange of DH keys
·
negotiation of IPsec
policy
·
negotiation of IKE policy sets
·
verification of peer identity
12. Which
three statements describe the IPsec protocol framework? (Choose three.)
·
AH provides integrity
and authentication.
·
ESP provides encryption,
authentication, and integrity.
·
AH uses IP protocol 51.
·
AH provides encryption and integrity.
·
ESP uses UDP protocol 50.
·
ESP requires both authentication and
encryption.
13. Which
statement accurately describes a characteristic of IPsec?
·
IPsec works at the application layer and
protects all application data.
·
IPsec is a framework of standards
developed by Cisco that relies on OSI algorithms.
·
IPsec is a framework of proprietary
standards that depend on Cisco specific algorithms.
·
IPsec works at the transport layer and
protects data at the network layer.
·
IPsec is a framework of
open standards that relies on existing algorithms.
14. Which
two IPsec protocols are used to provide data integrity?
·
SHA
·
AES
·
DH
·
MD5
·
RSA
15. What is
the function of the Diffie-Hellman algorithm within the IPsec framework?
·
provides authentication
·
allows peers to exchange
shared keys
·
guarantees message integrity
·
provides strong data encryption
16.
Refer to the exhibit. What HMAC algorithm
is being used to provide data integrity?
·
MD5
·
AES
·
SHA
·
DH
17.
What is needed to define interesting
traffic in the creation of an IPsec tunnel?
·
security associations
·
hashing algorithm
·
access list
·
transform set
18.
Refer to the exhibit. What algorithm will
be used for providing confidentiality?
·
RSA
·
Diffie-Hellman
·
DES
·
AES
19.
Which technique is necessary to ensure a
private transfer of data using a VPN?
·
encryption
·
authorization
·
virtualization
·
scalability
20.
Which statement describes a VPN?
·
VPNs use open source virtualization
software to create the tunnel through the Internet.
·
VPNs use virtual
connections to create a private network through a public network.
·
VPNs use dedicated physical connections
to transfer data between remote users.
·
VPNs use logical connections to create
public networks through the Internet.
21.
Which protocol provides authentication,
integrity, and confidentiality services and is a type of VPN?
·
ESP
·
IPsec
·
MD5
·
AES
22.
What is the purpose of NAT-T?
·
enables NAT for PC-based VPN clients
·
permits VPN to work when
NAT is being used on one or both ends of the VPN
·
upgrades NAT for IPv4
·
allows NAT to be used for IPv6 addresses
23.
Which term describes a situation where VPN
traffic that is is received by an interface is routed back out that same
interface?
·
GRE
·
split tunneling
·
MPLS
·
hairpinning
24.
What is an important characteristic of
remote-access VPNs?
·
The VPN configuration is identical
between the remote devices.
·
Internal hosts have no knowledge of the
VPN.
·
Information required to establish the
VPN must remain static.
·
The VPN connection is
initiated by the remote user.
25.
Which type of site-to-site VPN uses
trusted group members to eliminate point-to-point IPsec tunnels between the
members of a group?
·
DMVPN
·
GRE
·
GETVPN
·
MPLS
26.
Refer to the exhibit. Which pair of crypto
isakmp key commands would correctly configure PSK on the two routers?
·
R1(config)# crypto
isakmp key cisco123 address 209.165.200.227
R2(config)# crypto isakmp key cisco123 address 209.165.200.226
R2(config)# crypto isakmp key cisco123 address 209.165.200.226
·
R1(config)# crypto isakmp key cisco123
address 209.165.200.226
R2(config)# crypto isakmp key cisco123 address 209.165.200.227
R2(config)# crypto isakmp key cisco123 address 209.165.200.227
·
R1(config)# crypto isakmp key cisco123
hostname R1
R2(config)# crypto isakmp key cisco123 hostname R2
R2(config)# crypto isakmp key cisco123 hostname R2
·
R1(config)# crypto isakmp key cisco123
address 209.165.200.226
R2(config)# crypto isakmp key secure address 209.165.200.227
R2(config)# crypto isakmp key secure address 209.165.200.227
0 التعليقات :
إرسال تعليق