Categories Top Downloads
Login Register Upload

ccna-security-chapter-8

May 11, 2018 | Author: albertof00 | Category: Virtual Private Network, Transport Layer Security, Cisco Certifications, Computer Network, Information Age
Share Embed Donate
Report this link


Short Description

Download ccna-security-chapter-8...

Description

CCNA Security - Chapter 8 Exam Answers

Home

Exams Cisco

CCNA CCNA Exploration v4 CCNA Security

WEBMESTRE Joomla! Joomla.fr Extensions Une vidéo de

Page 1 of 16

Smartphone

Tablet

Contacts

CCNA Security - Chapter 8 Exam Answers Cisco CCNA Security, chapter 8 Exam. Questions and answers 100% correct. 1. What are two benefits benefits of an SSL VPN? VPN? (Choose two.) two.) It supports all client/server applications.

CHERCHER  DANS LE SITE search... SEARCH

CCIE Security Bo Khawar Butt, famo CCIE Produced 30 Guaranteed www.winnetsystems.co

It supports the same level of cryptographic security as an IPsec VPN. It has the option of only requiring an SSL-enabled

Joomla!

web browser.

Navigateurs

The thin client mode functions without requiring any

Wordpress

downloads or software.

Instant UK VPN £ Low cost, fast VPN media anywhere. B filters. www.streamvia.com

It is compatible with DMVPNs, Cisco IOS Firewall, IPsec, IPS, Cisco Easy VPN, and NAT.

FORMATION DU CEGEP Cisco CCNA Java

LOGIN 2. When verifying verifying IPsec configurations configurations,, which show command displays the encryption algorithm, hash

Username

algorithm, authentication method, and Diffie-Hellman group configured, as well as default settings?

Microsoft SQL

show crypto map

Novell Netware

show crypto ipsec sa

Recherche

show crypto isakmp policy show crypto ipsec transform-set

d'emplois

Password

Remember Me

LOGIN

Linux Ubuntu ASP.Net

3. When configuring a site-to-site IPsec VPN VPN using the CLI, the authentication pre-share command is configured in the ISAKMP policy. Which additional peer

WEB Hébergement BlueHost.com Hébergement 1&1

authentication configuration is required? Configure the message encryption algorithm with the encryptiontype  ISAKMP policy configuration command.

Forgot your password? Forgot your username? Create an account

Configure the DH group identifier with the

groupnumber  ISAKMP policy configuration command.

http://vinet.mobi/en/exams-cisco/19/145-ccna-security-chapter-8-exam-answers

01/02/2011

CCNA Security - Chapter 8 Exam Answers

Page 2 of 16

Configure a hostname with the crypto isakmp

identity hostname global configuration

SONDAGE

command.

Quel type de

Configure a PSK with the crypto isakmp key

téléphone intelli

global configuration command.

possédez-vous? Android

4. Which action do IPsec peers take during the IKE Phase 2 exchange? exchange of DH keys

BlackBerry iPhone

negotiation of IPsec policy

Palm

verification of peer identity

Nokia/Sym

negotiation of IKE policy sets

Windows Mobile

5. A network administrator is planning to implement centralized management of Cisco VPN devices to simplify VPN deployment for remote offices and teleworkers. Which Cisco IOS feature would provide

Je n'ai pas téléphone intelligent.  VOTE

this solution?

RESUL

Cisco Easy VPN Cisco VPN Client Cisco IOS SSL VPN Dynamic Multipoint VPN

6. Which two statements accurately describe characteristics of IPsec? (Choose two.) IPsec works at the application layer and protects all application data. IPsec works at the transport layer and protects data at the network layer. IPsec works at the network layer and operates over all Layer 2 protocols. IPsec is a framework of proprietary standards that depend on Cisco specific algorithms. IPsec is a framework of standards developed by Cisco that relies on OSI algorithms. IPsec is a framework of open standards that relies on existing algorithms.

http://vinet.mobi/en/exams-cisco/19/145-ccna-security-chapter-8-exam-answers

01/02/2011

CCNA Security - Chapter 8 Exam Answers

Page 3 of 16

7.

Refer to the exhibit. Which two IPsec framework components are valid options when configuring an IPsec VPN on a Cisco ISR router? (Choose two.) Integrity options include MD5 and RSA. IPsec protocol options include GRE and AH. Confidentiality options include DES, 3DES, and AES. Authentication options include pre-shared key and SHA. Diffie-Hellman options include DH1, DH2, and DH5.

8. With the Cisco Easy VPN feature, which process ensures that a static route is created on the Cisco Easy VPN Server for the internal IP address of each VPN client? Cisco Express Forwarding Network Access Control On-Demand Routing Reverse Path Forwarding Reverse Route Injection

http://vinet.mobi/en/exams-cisco/19/145-ccna-security-chapter-8-exam-answers

01/02/2011

CCNA Security - Chapter 8 Exam Answers

Page 4 of 16

9.

Refer to the exhibit. A site-to-site VPN is required from R1 to R3. The administrator is Site VPN Wizard on R1. Which IP address should the administrator enter in the highlig 10.1.1.1 10.1.1.2 10.2.2.1 10.2.2.2 192.168.1.1 192.168.3.1

10. What is required for a host to use an SSL VPN? VPN client software must be installed. A site-to-site VPN must be preconfigured. The host must be in a stationary location. A web browser must be installed on the host.

11. What are two authentication methods that can be configured using the SDM Site-to-Site VPN Wizard? (Choose two.) MD5 SHA pre-shared keys encrypted nonces digital certificates

http://vinet.mobi/en/exams-cisco/19/145-ccna-security-chapter-8-exam-answers

01/02/2011

CCNA Security - Chapter 8 Exam Answers

Page 5 of 16

12. Which UDP port must be permitted on any IP interface used to exchange IKE information between security gateways? 400 500 600 700

13. Which requirement necessitates using the Step-byStep option of the SDM Site-to-Site VPN wizard instead of the Quick Setup option? AES encryption is required. 3DES encryption is required. Pre-shared keys are to be used. The remote peer is a Cisco router. The remote peer IP address is unknown.

14. Which IPsec protocol should be selected when confidentiality is required? tunnel mode transport mode authentication header encapsulating security payload generic routing encapsulation

15. Which statement describes an important characteristic of a site-to-site VPN? It must be statically set up. It is ideally suited for use by mobile workers. It requires using a VPN client on the host PC. It is commonly implemented over dialup and cable modem networks. After the initial connection is established, it can dynamically change connection information.

http://vinet.mobi/en/exams-cisco/19/145-ccna-security-chapter-8-exam-answers

01/02/2011

CCNA Security - Chapter 8 Exam Answers

Page 6 of 16

16.

Refer to the exhibit. Based on the SDM screen, which Easy VPN Server component i group policy transform set IKE proposal user authentication

17. A user launches Cisco VPN Client software to connect remotely to a VPN service. What does the user select before entering the username and password? the SSL connection type the IKE negotiation process the desired preconfigured VPN server site the Cisco Encryption Technology to be applied

18. What is the default IKE policy value for authentication? MD5 SHA RSA signatures pre-shared keys RSA encrypted sconces

19. When using ESP tunnel mode, which portion of the packet is not authenticated? ESP header ESP trailer new IP header original IP header

http://vinet.mobi/en/exams-cisco/19/145-ccna-security-chapter-8-exam-answers

01/02/2011

CCNA Security - Chapter 8 Exam Answers

Page 7 of 16

20.

Refer to the exhibit. Under the ACL Editor, which option is used to specify the traffic t connection? Access Rules IPsec Rules Firewall Rules SDM Default Rules

http://vinet.mobi/en/exams-cisco/19/145-ccna-security-chapter-8-exam-answers

01/02/2011

CCNA Security - Chapter 8 Exam Answers

Page 8 of 16

21.

Refer to the exhibit. A network administrator is troubleshooting a GRE VPN tunnel be the R2 GRE configuration is correct and based on the running configuration of R1, w fix the problem? change the tunnel source interface to Fa0/0 change the tunnel destination to 192.168.5.1 change the tunnel IP address to 192.168.3.1 change the tunnel destination to 209.165.200.225 change the tunnel IP address to 209.165.201.1

22. How many bytes of overhead are added to each IP packet while it is transported through a GRE tunnel? 8 16 24 32 ?

Cisco CCNA Security, chapter 8 Exam. Questions and answers 100% correct. 1. What are two benefits of an SSL VPN? (Choose two.) It supports all client/server applications. It supports the same level of cryptographic security as an IPsec VPN. It has the option of only requiring an SSL-enabled web browser.

http://vinet.mobi/en/exams-cisco/19/145-ccna-security-chapter-8-exam-answers

01/02/2011

CCNA Security - Chapter 8 Exam Answers

Page 9 of 16

The thin client mode functions without requiring any downloads or software. It is compatible with DMVPNs, Cisco IOS Firewall, IPsec, IPS, Cisco Easy VPN, and NAT.

2. When verifying IPsec configurations, which show command displays the encryption algorithm, hash algorithm, authentication method, and Diffie-Hellman group configured, as well as default settings? show crypto map show crypto ipsec sa show crypto isakmp policy show crypto ipsec transform-set

3. When configuring a site-to-site IPsec VPN using the CLI, the authentication pre-share command is configured in the ISAKMP policy. Which additional peer authentication configuration is required? Configure the message encryption algorithm with the encryptiontype ISAKMP policy configuration command. Configure the DH group identifier with the groupnumber ISAKMP policy configuration command. Configure a hostname with the crypto isakmp identity hostname global configuration command. Configure a PSK with the crypto isakmp key global configuration command.

4. Which action do IPsec peers take during the IKE Phase 2 exchange? exchange of DH keys negotiation of IPsec policy verification of peer identity negotiation of IKE policy sets

5. A network administrator is planning to implement centralized management of Cisco VPN devices to simplify VPN deployment for remote offices and teleworkers. Which Cisco IOS feature would provide this solution? Cisco Easy VPN Cisco VPN Client Cisco IOS SSL VPN Dynamic Multipoint VPN

http://vinet.mobi/en/exams-cisco/19/145-ccna-security-chapter-8-exam-answers

01/02/2011

CCNA Security - Chapter 8 Exam Answers

Page 10 of 16

6. Which two statements accurately describe characteristics of IPsec? (Choose two.) IPsec works at the application layer and protects all application data. IPsec works at the transport layer and protects data at the network layer. IPsec works at the network layer and operates over all Layer 2 protocols. IPsec is a framework of proprietary standards that depend on Cisco specific algorithms. IPsec is a framework of standards developed by Cisco that relies on OSI algorithms. IPsec is a framework of open standards that relies on existing algorithms.

7.

Refer to the exhibit. Which two IPsec framework components are valid options when configuring an IPsec VPN on a Cisco ISR router? (Choose two.) Integrity options include MD5 and RSA. IPsec protocol options include GRE and AH. Confidentiality options include DES, 3DES, and AES. Authentication options include pre-shared key and SHA.

http://vinet.mobi/en/exams-cisco/19/145-ccna-security-chapter-8-exam-answers

01/02/2011

CCNA Security - Chapter 8 Exam Answers

Page 11 of 16

Diffie-Hellman options include DH1, DH2, and DH5.

8. With the Cisco Easy VPN feature, which process ensures that a static route is created on the Cisco Easy VPN Server for the internal IP address of each VPN client? Cisco Express Forwarding Network Access Control On-Demand Routing Reverse Path Forwarding Reverse Route Injection

9.

Refer to the exhibit. A site-to-site VPN is required from R1 to R3. The administrator is Site VPN Wizard on R1. Which IP address should the administrator enter in the highlig 10.1.1.1 10.1.1.2 10.2.2.1 10.2.2.2 192.168.1.1 192.168.3.1

10. What is required for a host to use an SSL VPN? VPN client software must be installed. A site-to-site VPN must be preconfigured. The host must be in a stationary location.

http://vinet.mobi/en/exams-cisco/19/145-ccna-security-chapter-8-exam-answers

01/02/2011

CCNA Security - Chapter 8 Exam Answers

Page 12 of 16

A web browser must be installed on the host.

11. What are two authentication methods that can be configured using the SDM Site-to-Site VPN Wizard? (Choose two.) MD5 SHA pre-shared keys encrypted nonces digital certificates

12. Which UDP port must be permitted on any IP interface used to exchange IKE information between security gateways? 400 500 600 700

13. Which requirement necessitates using the Step-byStep option of the SDM Site-to-Site VPN wizard instead of the Quick Setup option? AES encryption is required. 3DES encryption is required. Pre-shared keys are to be used. The remote peer is a Cisco router. The remote peer IP address is unknown.

14. Which IPsec protocol should be selected when confidentiality is required? tunnel mode transport mode authentication header encapsulating security payload generic routing encapsulation

15. Which statement describes an important characteristic of a site-to-site VPN? It must be statically set up. It is ideally suited for use by mobile workers. It requires using a VPN client on the host PC. It is commonly implemented over dialup and cable modem networks. After the initial connection is established, it can dynamically change connection information.

http://vinet.mobi/en/exams-cisco/19/145-ccna-security-chapter-8-exam-answers

01/02/2011

CCNA Security - Chapter 8 Exam Answers

Page 13 of 16

16.

Refer to the exhibit. Based on the SDM screen, which Easy VPN Server component i group policy transform set IKE proposal user authentication

17. A user launches Cisco VPN Client software to connect remotely to a VPN service. What does the user select before entering the username and password? the SSL connection type the IKE negotiation process the desired preconfigured VPN server site the Cisco Encryption Technology to be applied

18. What is the default IKE policy value for authentication? MD5 SHA RSA signatures pre-shared keys RSA encrypted sconces

19. When using ESP tunnel mode, which portion of the packet is not authenticated? ESP header ESP trailer new IP header original IP header

http://vinet.mobi/en/exams-cisco/19/145-ccna-security-chapter-8-exam-answers

01/02/2011

CCNA Security - Chapter 8 Exam Answers

Page 14 of 16

20.

Refer to the exhibit. Under the ACL Editor, which option is used to specify the traffic t connection? Access Rules IPsec Rules Firewall Rules SDM Default Rules

http://vinet.mobi/en/exams-cisco/19/145-ccna-security-chapter-8-exam-answers

01/02/2011

CCNA Security - Chapter 8 Exam Answers

Page 15 of 16

21.

Refer to the exhibit. A network administrator is troubleshooting a GRE VPN tunnel be the R2 GRE configuration is correct and based on the running configuration of R1, w fix the problem? change the tunnel source interface to Fa0/0 change the tunnel destination to 192.168.5.1 change the tunnel IP address to 192.168.3.1 change the tunnel destination to 209.165.200.225 change the tunnel IP address to 209.165.201.1

22. How many bytes of overhead are added to each IP packet while it is transported through a GRE tunnel? 8 16 24 32 ?

http://vinet.mobi/en/exams-cisco/19/145-ccna-security-chapter-8-exam-answers

01/02/2011

CCNA Security - Chapter 8 Exam Answers

http://vinet.mobi/en/exams-cisco/19/145-ccna-security-chapter-8-exam-answers

Page 16 of 16

01/02/2011

View more...

Comments

Copyright ©2017 KUPDF Inc.
SUPPORT KUPDF