CCNA4 Chapter 7 Exam (v5.03) 2016

CCNA4 Chapter 7 Exam (v5.03) Answer 2016

  1. A network design engineer is planning the implementation of a cost-effective method to interconnect multiple networks securely over the Internet. Which type of technology is required?

    • a GRE IP tunnel
    • a leased line
    • a VPN gateway
    • a dedicated ISP
  2. How is “tunneling” accomplished in a VPN?

    • New headers from one or more VPN protocols encapsulate the original packets.
    • All packets between two hosts are assigned to a single physical medium to ensure that the packets are kept private.
    • Packets are disguised to look like other types of traffic so that they will be ignored by potential attackers.
    • A dedicated circuit is established between the source and destination devices for the duration of the connection.
  3. How can the use of VPNs in the workplace contribute to lower operating costs?

    • High-speed broadband technology can be replaced with leased lines.
    • VPNs can be used across broadband connections rather than dedicated WAN links.
    • VPNs prevents connectivity to SOHO users.
    • VPNs require a subscription from a specific Internet service provider that specializes in secure connections.
  4. Two corporations have just completed a merger. The network engineer has been asked to connect the two corporate networks without the expense of leased lines. Which solution would be the most cost effective method of providing a proper and secure connection between the two corporate networks?

    • Cisco AnyConnect Secure Mobility Client with SSL
    • Cisco Secure Mobility Clientless SSL VPN
    • Frame Relay
    • remote access VPN using IPsec
    • site-to-site VPN
  5. Which two scenarios are examples of remote access VPNs? (Choose two.)

    • A toy manufacturer has a permanent VPN connection to one of its parts suppliers.
    • All users at a large branch office can access company resources through a single VPN connection.
    • A mobile sales agent is connecting to the company network via the Internet connection at a hotel.
    • A small branch office with three employees has a Cisco ASA that is used to create a VPN connection to the HQ.
    • An employee who is working from home uses VPN client software on a laptop in order to connect to the company network.
  6. Which statement describes a feature of site-to-site VPNs?

    • The VPN connection is not statically defined.
    • VPN client software is installed on each host.
    • Internal hosts send normal, unencapsulated packets.
    • Individual hosts can enable and disable the VPN connection.
  7. Which remote access implementation scenario will support the use of generic routing encapsulation tunneling?

    • a mobile user who connects to a router at a central site
    • a branch office that connects securely to a central site
    • a mobile user who connects to a SOHO site
    • a central site that connects to a SOHO site without encryption
  8. Refer to the exhibit. A tunnel was implemented between routers R1 and R2. Which two conclusions can be drawn from the R1 command output? (Choose two.)

    CCNA4 Chapter 7 Exam (v5.03) 001

    CCNA4 Chapter 7 Exam (v5.03) 001

    • This tunnel mode is not the default tunnel interface mode for Cisco IOS software.
    • This tunnel mode provides encryption.
    • The data that is sent across this tunnel is not secure.
    • This tunnel mode does not support IP multicast tunneling.
    • A GRE tunnel is being used.
  9. Refer to the exhibit. Which IP address would be configured on the tunnel interface of the destination router?

    CCNA4 Chapter 7 Exam (v5.03) 001

    CCNA4 Chapter 7 Exam (v5.03) 001

    • 172.16.1.1
    • 172.16.1.2
    • 209.165.200.225
    • 209.165.200.226
  10. Which statement correctly describes IPsec?

    • IPsec works at Layer 3, but can protect traffic from Layer 4 through Layer 7.
    • IPsec uses algorithms that were developed specifically for that protocol.
    • IPsec implements its own method of authentication.
    • IPsec is a Cisco proprietary standard.
  11. Which critical function that is provided by IPsec ensures that data has not been changed in transit between the source and destination?

    • confidentiality
    • integrity
    • authentication
    • anti-replay protection
  12. Which service of IPsec verifies that secure connections are formed with the intended sources of data?

    • authentication
    • confidentiality
    • data integrity
    • encryption
  13. What is an IPsec protocol that provides data confidentiality and authentication for IP packets?

    • AH
    • ESP
    • RSA
    • IKE
  14. Which algorithm is an asymmetrical key cryptosystem?

    • RSA
    • AES
    • 3DES
    • DES
  15. Which two algorithms use Hash-based Message Authentication Code for message authentication? (Choose two.)

    • 3DES
    • DES
    • AES
    • MD5
    • SHA
  16. A network design engineer is planning the implementation of an IPsec VPN. Which hashing algorithm would provide the strongest level of message integrity?

    • SHA-1
    • MD5
    • AES
    • 512-bit SHA
  17. What is the purpose of utilizing Diffie-Hellman (DH) algorithms as part of the IPsec standard?

    • DH algorithms allow unlimited parties to establish a shared public key that is used by encryption and hash algorithms.
    • DH algorithms allow two parties to establish a shared secret key that is used by encryption and hash algorithms.
    • DH algorithms allow unlimited parties to establish a shared secret key that is used by encryption and hash algorithms.
    • DH algorithms allow two parties to establish a shared public key that is used by encryption and hash algorithms.
  18. What is the purpose of a message hash in a VPN connection?

    • It ensures that the data cannot be read in plain text.
    • It ensures that the data has not changed while in transit.
    • It ensures that the data is coming from the correct source.
    • It ensures that the data cannot be duplicated and replayed to the destination.
  19. What key question would help determine whether an organization should use an SSL VPN or an IPsec VPN for the remote access solution of the organization?

    • Is a Cisco router used at the destination of the remote access tunnel?
    • What applications or network resources do the users need for access?
    • Are both encryption and authentication required?
    • Do users need to be able to connect without requiring special VPN software?
  20. What is an advantage of using the Cisco Secure Mobility Clientless SSL VPN?

    • Any device can connect to the network without authentication.
    • Clients use SSH to access network resources.
    • Security is provided by prohibiting network access through a browser.
    • Clients do not require special software.
  21. Which two characteristics describe IPsec VPNs? (Choose two.)

    • IPsec is specifically designed for web-enabled applications.
    • Specific PC client configuration is required to connect to the VPN.
    • IPsec authenticates by using shared secrets or digital certificates.
    • IPsec authentication is one-way or two-way.
    • Key lengths range from 40 bits to 256 bits.
  22. Fill in the blank.

    Generic Routing Encapsulation   is a site-to-site tunnel protocol developed by Cisco to allow multiprotocol and IP multicast traffic between two or more sites.

  23. The PT initialization was skipped. You will not be able to view the PT activity.

    Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.

    What problem is preventing the hosts from communicating across the VPN tunnel?

    • The EIGRP configuration is incorrect.
    • The tunnel IP addresses are incorrect.
    • The tunnel source interfaces are incorrect.
    • The tunnel destinations addresses are incorrect.

Comments

comments