CCNA Security V2

CCNA Security Version 2.0 Chapter 8 Exam Answers

Rate this post
  1. Which statement describes the effect of key length in deterring an attacker from hacking through an encryption key?
    • The length of a key does not affect the degree of security.
    • The shorter the key, the harder it is to break.
    • The length of a key will not vary between encryption algorithms.
    • The longer the key, the more key possibilities exist.
  2. Which statement accurately describes a characteristic of IPsec?
    • IPsec works at the application layer and protects all application data.
    • IPsec is a framework of standards developed by Cisco that relies on OSI algorithms.
    • IPsec is a framework of proprietary standards that depend on Cisco specific algorithms.
    • IPsec works at the transport layer and protects data at the network layer.
    • IPsec is a framework of open standards that relies on existing algorithms.
  3. Which two IPsec protocols are used to provide data integrity?
    • SHA
    • AES
    • DH
    • MD5
    • RSA
  4. Which technique is necessary to ensure a private transfer of data using a VPN?
    • encryption
    • authorization
    • virtualization
    • scalability
  5. Which statement describes a VPN?
    • VPNs use open source virtualization software to create the tunnel through the Internet.
    • VPNs use virtual connections to create a private network through a public network.
    • VPNs use dedicated physical connections to transfer data between remote users.
    • VPNs use logical connections to create public networks through the Internet.
  6. What is the purpose of configuring multiple crypto ACLs when building a VPN connection between remote sites?
    • By applying the ACL on a public interface, multiple crypto ACLs can be built to prevent public users from connecting to the VPN-enabled router.
    • Multiple crypto ACLs can define multiple remote peers for connecting with a VPN-enabled router across the Internet or network.
    • Multiple crypto ACLs can be configured to deny specific network traffic from crossing a VPN.
    • When multiple combinations of IPsec protection are being chosen, multiple crypto ACLs can define different traffic types.
  7. Consider the following configuration on a Cisco ASA:
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    What is the purpose of this command?

    • to define the ISAKMP parameters that are used to establish the tunnel
    • to define the encryption and integrity algorithms that are used to build the IPsec tunnel
    • to define what traffic is allowed through and protected by the tunnel
    • to define only the allowed encryption algorithms
  8. Which transform set provides the best protection?
    • crypto ipsec transform-set ESP-DES-SHA esp-aes-256 esp-sha-hmac
    • crypto ipsec transform-set ESP-DES-SHA esp-3des esp-sha-hmac
    • crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    • crypto ipsec transform-set ESP-DES-SHA esp-aes esp-des esp-sha-hmac
  9. Which three ports must be open to verify that an IPsec VPN tunnel is operating properly? (Choose three.)
    • 168
    • 50
    • 169
    • 501
    • 500
    • 51
  10. Refer to the exhibit. How will traffic that does not match that defined by access list 101 be treated by the router?

    CCNA Security Chapter 8 Exam Answer v2 001

    CCNA Security Chapter 8 Exam Answer v2 001

    • It will be sent unencrypted.
    • It will be sent encrypted.
    • It will be blocked.
    • It will be discarded.
  11. What three protocols must be permitted through the company firewall for establishment of IPsec site-to-site VPNs? (Choose three.)
    • HTTPS
    • SSH
    • AH
    • ISAKMP
    • NTP
    • ESP
  12. In which situation would the Cisco Discovery Protocol be disabled?
    • when a Cisco VoIP phone attaches to a Cisco switch
    • when a Cisco switch connects to another Cisco switch
    • when a Cisco switch connects to a Cisco router
    • when a PC with Cisco IP Communicator installed connects to a Cisco switch
  13. Which two statements accurately describe characteristics of IPsec? (Choose two.)
    • IPsec works at the transport layer and protects data at the network layer.
    • IPsec is a framework of proprietary standards that depend on Cisco specific algorithms.
    • IPsec is a framework of standards developed by Cisco that relies on OSI algorithms.
    • IPsec is a framework of open standards that relies on existing algorithms.
    • IPsec works at the network layer and operates over all Layer 2 protocols.
    • IPsec works at the application layer and protects all application data.
  14. Which action do IPsec peers take during the IKE Phase 2 exchange?
    • exchange of DH keys
    • negotiation of IPsec policy
    • negotiation of IKE policy sets
    • verification of peer identity
  15. Which three statements describe the IPsec protocol framework? (Choose three.)
    • AH provides integrity and authentication.
    • ESP provides encryption, authentication, and integrity.
    • AH uses IP protocol 51.
    • AH provides encryption and integrity.
    • ESP uses UDP protocol 50.
    • ESP requires both authentication and encryption.
  16. When is a security association (SA) created if an IPsec VPN tunnel is used to connect between two sites?
    • after the tunnel is created, but before traffic is sent
    • only during Phase 2
    • only during Phase 1
    • during both Phase 1 and 2
  17. What is the function of the Diffie-Hellman algorithm within the IPsec framework?
    • provides authentication
    • allows peers to exchange shared keys
    • guarantees message integrity
    • provides strong data encryption
  18. Refer to the exhibit. What HMAC algorithm is being used to provide data integrity?

    CCNA Security Chapter 8 Exam Answer v2 002

    CCNA Security Chapter 8 Exam Answer v2 002

    • MD5
    • AES
    • SHA
    • DH
  19. What is needed to define interesting traffic in the creation of an IPsec tunnel?
    • security associations
    • hashing algorithm
    • access list
    • transform set
  20. Refer to the exhibit. What algorithm will be used for providing confidentiality?

    CCNA Security Chapter 8 Exam Answer v2 003

    CCNA Security Chapter 8 Exam Answer v2 003

    • RSA
    • Diffie-Hellman
    • DES
    • AES
  21. Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN?
    • ESP
    • IPsec
    • MD5
    • AES
  22. What is the purpose of NAT-T?
    • enables NAT for PC-based VPN clients
    • permits VPN to work when NAT is being used on one or both ends of the VPN
    • upgrades NAT for IPv4
    • allows NAT to be used for IPv6 addresses
  23. Which term describes a situation where VPN traffic that is is received by an interface is routed back out that same interface?
    • GRE
    • split tunneling
    • MPLS
    • hairpinning
  24. What is an important characteristic of remote-access VPNs?
    • The VPN configuration is identical between the remote devices.
    • Internal hosts have no knowledge of the VPN.
    • Information required to establish the VPN must remain static.
    • The VPN connection is initiated by the remote user.
  25. Which type of site-to-site VPN uses trusted group members to eliminate point-to-point IPsec tunnels between the members of a group?
    • DMVPN
    • GRE
    • GETVPN
    • MPLS
  26. Refer to the exhibit. Which pair of crypto isakmp key commands would correctly configure PSK on the two routers?

    CCNA Security Chapter 8 Exam Answer v2 004

    CCNA Security Chapter 8 Exam Answer v2 004

    • R1(config)# crypto isakmp key cisco123 address 209.165.200.227
      R2(config)# crypto isakmp key cisco123 address 209.165.200.226
    • R1(config)# crypto isakmp key cisco123 address 209.165.200.226
      R2(config)# crypto isakmp key cisco123 address 209.165.200.227
    • R1(config)# crypto isakmp key cisco123 hostname R1
      R2(config)# crypto isakmp key cisco123 hostname R2
    • R1(config)# crypto isakmp key cisco123 address 209.165.200.226
      R2(config)# crypto isakmp key secure address 209.165.200.227

Related Articles

Leave a Reply

avatar
Photo and Image Files
 
 
 
Audio and Video Files
 
 
 
Other File Types
 
 
 

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
Notify of
Back to top button
Close

Send this to a friend