CCNA Security Chapter 8 Exam v2

CCNA Security Chapter 8 Exam Answer v2

  1. Refer to the exhibit. How will traffic that does not match that defined by access list 101 be treated by the router?

    CCNA Security Chapter 8 Exam Answer v2 001

    CCNA Security Chapter 8 Exam Answer v2 001

    • It will be sent unencrypted.
    • It will be sent encrypted.
    • It will be blocked.
    • It will be discarded.
  2. What three protocols must be permitted through the company firewall for establishment of IPsec site-to-site VPNs? (Choose three.)

    • HTTPS
    • SSH
    • AH
    • ISAKMP
    • NTP
    • ESP
  3. Which statement describes the effect of key length in deterring an attacker from hacking through an encryption key?

    • The length of a key does not affect the degree of security.
    • The shorter the key, the harder it is to break.
    • The length of a key will not vary between encryption algorithms.
    • The longer the key, the more key possibilities exist.
  4. What is the purpose of configuring multiple crypto ACLs when building a VPN connection between remote sites?

    • By applying the ACL on a public interface, multiple crypto ACLs can be built to prevent public users from connecting to the VPN-enabled router.
    • Multiple crypto ACLs can define multiple remote peers for connecting with a VPN-enabled router across the Internet or network.
    • Multiple crypto ACLs can be configured to deny specific network traffic from crossing a VPN.
    • When multiple combinations of IPsec protection are being chosen, multiple crypto ACLs can define different traffic types.
  5. Consider the following configuration on a Cisco ASA:

    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

    What is the purpose of this command?

    • to define the ISAKMP parameters that are used to establish the tunnel
    • to define the encryption and integrity algorithms that are used to build the IPsec tunnel
    • to define what traffic is allowed through and protected by the tunnel
    • to define only the allowed encryption algorithms
  6. Which transform set provides the best protection?

    • crypto ipsec transform-set ESP-DES-SHA esp-aes-256 esp-sha-hmac
    • crypto ipsec transform-set ESP-DES-SHA esp-3des esp-sha-hmac
    • crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    • crypto ipsec transform-set ESP-DES-SHA esp-aes esp-des esp-sha-hmac
  7. Which three ports must be open to verify that an IPsec VPN tunnel is operating properly? (Choose three.)

    • 168
    • 50
    • 169
    • 501
    • 500
    • 51
  8. When is a security association (SA) created if an IPsec VPN tunnel is used to connect between two sites?

    • after the tunnel is created, but before traffic is sent
    • only during Phase 2
    • only during Phase 1
    • during both Phase 1 and 2
  9. In which situation would the Cisco Discovery Protocol be disabled?

    • when a Cisco VoIP phone attaches to a Cisco switch
    • when a Cisco switch connects to another Cisco switch
    • when a Cisco switch connects to a Cisco router
    • when a PC with Cisco IP Communicator installed connects to a Cisco switch
  10. Which two statements accurately describe characteristics of IPsec? (Choose two.)

    • IPsec works at the transport layer and protects data at the network layer.
    • IPsec is a framework of proprietary standards that depend on Cisco specific algorithms.
    • IPsec is a framework of standards developed by Cisco that relies on OSI algorithms.
    • IPsec is a framework of open standards that relies on existing algorithms.
    • IPsec works at the network layer and operates over all Layer 2 protocols.
    • IPsec works at the application layer and protects all application data.
  11. Which action do IPsec peers take during the IKE Phase 2 exchange?

    • exchange of DH keys
    • negotiation of IPsec policy
    • negotiation of IKE policy sets
    • verification of peer identity
  12. Which three statements describe the IPsec protocol framework? (Choose three.)

    • AH provides integrity and authentication.
    • ESP provides encryption, authentication, and integrity.
    • AH uses IP protocol 51.
    • AH provides encryption and integrity.
    • ESP uses UDP protocol 50.
    • ESP requires both authentication and encryption.
  13. Which statement accurately describes a characteristic of IPsec?

    • IPsec works at the application layer and protects all application data.
    • IPsec is a framework of standards developed by Cisco that relies on OSI algorithms.
    • IPsec is a framework of proprietary standards that depend on Cisco specific algorithms.
    • IPsec works at the transport layer and protects data at the network layer.
    • IPsec is a framework of open standards that relies on existing algorithms.
  14. Which two IPsec protocols are used to provide data integrity?

    • SHA
    • AES
    • DH
    • MD5
    • RSA
  15. What is the function of the Diffie-Hellman algorithm within the IPsec framework?

    • provides authentication
    • allows peers to exchange shared keys
    • guarantees message integrity
    • provides strong data encryption
  16. Refer to the exhibit. What HMAC algorithm is being used to provide data integrity?

    CCNA Security Chapter 8 Exam Answer v2 002

    CCNA Security Chapter 8 Exam Answer v2 002

    • MD5
    • AES
    • SHA
    • DH
  17. What is needed to define interesting traffic in the creation of an IPsec tunnel?

    • security associations
    • hashing algorithm
    • access list
    • transform set
  18. Refer to the exhibit. What algorithm will be used for providing confidentiality?

    CCNA Security Chapter 8 Exam Answer v2 003

    CCNA Security Chapter 8 Exam Answer v2 003

    • RSA
    • Diffie-Hellman
    • DES
    • AES
  19. Which technique is necessary to ensure a private transfer of data using a VPN?

    • encryption
    • authorization
    • virtualization
    • scalability
  20. Which statement describes a VPN?

    • VPNs use open source virtualization software to create the tunnel through the Internet.
    • VPNs use virtual connections to create a private network through a public network.
    • VPNs use dedicated physical connections to transfer data between remote users.
    • VPNs use logical connections to create public networks through the Internet.
  21. Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN?

    • ESP
    • IPsec
    • MD5
    • AES
  22. What is the purpose of NAT-T?

    • enables NAT for PC-based VPN clients
    • permits VPN to work when NAT is being used on one or both ends of the VPN
    • upgrades NAT for IPv4
    • allows NAT to be used for IPv6 addresses
  23. Which term describes a situation where VPN traffic that is is received by an interface is routed back out that same interface?

    • GRE
    • split tunneling
    • MPLS
    • hairpinning
  24. What is an important characteristic of remote-access VPNs?

    • The VPN configuration is identical between the remote devices.
    • Internal hosts have no knowledge of the VPN.
    • Information required to establish the VPN must remain static.
    • The VPN connection is initiated by the remote user.
  25. Which type of site-to-site VPN uses trusted group members to eliminate point-to-point IPsec tunnels between the members of a group?

    • DMVPN
    • GRE
    • GETVPN
    • MPLS
  26. Refer to the exhibit. Which pair of crypto isakmp key commands would correctly configure PSK on the two routers?

    CCNA Security Chapter 8 Exam Answer v2 004

    CCNA Security Chapter 8 Exam Answer v2 004

    • R1(config)# crypto isakmp key cisco123 address 209.165.200.227
      R2(config)# crypto isakmp key cisco123 address 209.165.200.226
    • R1(config)# crypto isakmp key cisco123 address 209.165.200.226
      R2(config)# crypto isakmp key cisco123 address 209.165.200.227
    • R1(config)# crypto isakmp key cisco123 hostname R1
      R2(config)# crypto isakmp key cisco123 hostname R2
    • R1(config)# crypto isakmp key cisco123 address 209.165.200.226
      R2(config)# crypto isakmp key secure address 209.165.200.227

Comments

comments