Chapter 8 Assesment
6
1 Refer to the exhibit. Under the ACL Editor, which option is used to specify the traffic to be encrypted on a secure connection? Access Rules IPsec Rules irewall Rules !"# "efault Rules 2 $hat is the default I%E policy &alue for authentication? #"' !(A R!A si)natures pre*shared +eys R!A encrypted sconces 3 Refer to the exhibit. A networ+ adinistrator is troubleshootin) a -RE P/ tunnel between R0 and R1. Assuin) the R1 -RE confi)uration is correct and based on the runnin) confi)uration of R0, what ust the adinistrator do to fix the proble? chan)e the tunnel source interface to a232
-
Upload
yiannis-neocleous -
Category
Documents
-
view
221 -
download
0
Transcript of Chapter 8 Assesment
8/13/2019 Chapter 8 Assesment
http://slidepdf.com/reader/full/chapter-8-assesment 1/5
1
Refer to the exhibit. Under the ACL Editor, which option is used to specify the traffic to be encrypted on a secure connection?
Access Rules
IPsec Rules
irewall Rules
!"# "efault Rules
2$hat is the default I%E policy &alue for authentication?
#"'
!(A
R!A si)natures
pre*shared +eys
R!A encrypted sconces
3
Refer to the exhibit. A networ+ adinistrator is troubleshootin) a -RE P/ tunnel between R0 and R1. Assuin) the R1-RE confi)uration is correct and based on the runnin) confi)uration of R0, what ust the adinistrator do to fix the proble?
chan)e the tunnel source interface to a232
8/13/2019 Chapter 8 Assesment
http://slidepdf.com/reader/full/chapter-8-assesment 2/5
chan)e the tunnel destination to 041.056.'.0
chan)e the tunnel IP address to 041.056.7.0
chan)e the tunnel destination to 124.05'.122.11'
chan)e the tunnel IP address to 124.05'.120.0
4(ow any bytes of o&erhead are added to each IP pac+et while it is transported throu)h a -RE tunnel?
6
05
18
71
5 $hen usin) E!P tunnel ode, which portion of the pac+et is not authenticated?
E!P header
E!P trailer
new IP header
ori)inal IP header
6$hich re9uireent necessitates usin) the !tep*by*!tep option of the !"# !ite*to*!ite P/ wi:ard instead of the ;uic+ !etup
option?
AE! encryption is re9uired.
7"E! encryption is re9uired.
Pre*shared +eys are to be used.
<he reote peer is a Cisco router.
<he reote peer IP address is un+nown.
7 $hat are two authentication ethods that can be confi)ured usin) the !"# !ite*to*!ite P/ $i:ard? =Choose two.>
#"'
!(A
pre*shared +eys
encrypted nonces
di)ital certificates
8$hat are two benefits of an !!L P/? =Choose two.>
It supports all client3ser&er applications.
It supports the sae le&el of crypto)raphic security as an IPsec P/.
It has the option of only re9uirin) an !!L*enabled web browser.
<he thin client ode functions without re9uirin) any downloads or software.
It is copatible with "#P/s, Cisco I! irewall, IPsec, IP!, Cisco Easy P/, and /A<.
9 $hich U"P port ust be peritted on any IP interface used to exchan)e I%E inforation between security )ateways?
822
'22
522
@22
10$ith the Cisco Easy P/ feature, which process ensures that a static route is created on the Cisco Easy P/ !er&er for theinternal IP address of each P/ client?
Cisco Express orwardin)
/etwor+ Access Control
n*"eand Routin)
Re&erse Path orwardin)
Re&erse Route Inection
11
8/13/2019 Chapter 8 Assesment
http://slidepdf.com/reader/full/chapter-8-assesment 3/5
Refer to the exhibit. Based on the !"# screen, which Easy P/ !er&er coponent is bein) confi)ured?
)roup policy
transfor set
I%E proposal
user authentication
12$hich two stateents accurately describe characteristics of IPsec? =Choose two.>
IPsec wor+s at the application layer and protects all application data.
IPsec wor+s at the transport layer and protects data at the networ+ layer.
IPsec wor+s at the networ+ layer and operates o&er all Layer 1 protocols.
IPsec is a fraewor+ of proprietary standards that depend on Cisco specific al)oriths.
IPsec is a fraewor+ of standards de&eloped by Cisco that relies on !I al)oriths.
IPsec is a fraewor+ of open standards that relies on existin) al)oriths.
13 $hen &erifyin) IPsec confi)urations, which show coand displays the encryption al)orith, hash al)orith,authentication ethod, and "iffie*(ellan )roup confi)ured, as well as default settin)s?
show crypto map
show crypto ipsec sa
show crypto isakmp policy
show crypto ipsec transform-set
14$hich IPsec protocol should be selected when confidentiality is re9uired?
tunnel ode
transport ode
authentication header
encapsulatin) security payload
)eneric routin) encapsulation
15 $hich action do IPsec peers ta+e durin) the I%E Phase 1 exchan)e?
exchan)e of "( +eys
ne)otiation of IPsec policy
&erification of peer identity
ne)otiation of I%E policy sets
16 $hich stateent describes an iportant characteristic of a site*to*site P/?
It ust be statically set up.
It is ideally suited for use by obile wor+ers.
It re9uires usin) a P/ client on the host PC.
It is coonly ipleented o&er dialup and cable ode networ+s.
8/13/2019 Chapter 8 Assesment
http://slidepdf.com/reader/full/chapter-8-assesment 4/5
After the initial connection is established, it can dynaically chan)e connection inforation.
17$hen confi)urin) a site*to*site IPsec P/ usin) the CLI, the authentication pre-share coand is confi)ured in theI!A%#P policy. $hich additional peer authentication confi)uration is re9uired?
Confi)ure the essa)e encryption al)orith with the encryptiontype I!A%#P policy confi)uration coand.
Confi)ure the "( )roup identifier with the groupnumber I!A%#P policy confi)uration coand.
Confi)ure a hostnae with the crypto isakmp ientity hostname )lobal confi)uration coand.
Confi)ure a P!% with the crypto isakmp key )lobal confi)uration coand.18
Refer to the exhibit. A site*to*site P/ is re9uired fro R0 to R7. <he adinistrator is usin) the !"# !ite*to*!ite P/$i:ard on R0. $hich IP address should the adinistrator enter in the hi)hli)hted field?
02.0.0.0
02.0.0.1
02.1.1.0
02.1.1.1
041.056.0.0
041.056.7.0
19$hat is re9uired for a host to use an !!L P/?
P/ client software ust be installed.
A site*to*site P/ ust be preconfi)ured.
<he host ust be in a stationary location.
A web browser ust be installed on the host.
20
8/13/2019 Chapter 8 Assesment
http://slidepdf.com/reader/full/chapter-8-assesment 5/5
Refer to the exhibit. $hich two IPsec fraewor+ coponents are &alid options when confi)urin) an IPsec P/ on a CiscoI!R router? =Choose two.>
Inte)rity options include #"' and R!A.
IPsec protocol options include -RE and A(.
Confidentiality options include "E!, 7"E!, and AE!.
Authentication options include pre*shared +ey and !(A.
"iffie*(ellan options include "(0, "(1, and "('.
21 A networ+ adinistrator is plannin) to ipleent centrali:ed ana)eent of Cisco P/ de&ices to siplify P/deployent for reote offices and telewor+ers. $hich Cisco I! feature would pro&ide this solution?
Cisco Easy P/
Cisco P/ Client
Cisco I! !!L P/
"ynaic #ultipoint P/
22 A user launches Cisco P/ Client software to connect reotely to a P/ ser&ice. $hat does the user select before enterin)the usernae and password?
the !!L connection type
the I%E ne)otiation process
the desired preconfi)ured P/ ser&er site
the Cisco Encryption <echnolo)y to be applied
