Cisco Secure VPN Exam Certification Guide - Cisco press
.pdf
68 Chapter 2: Overview of VPN and IPSec Technologies
Q&A
As mentioned in Chapter 1, these questions are more difficult than what you should experience on the CCSP exam. The questions do not attempt to cover more breadth or depth than the exam; however, the questions are designed to make sure you know the answer. Rather than allowing you to derive the answer from clues hidden inside the question itself, your understanding and recall of the subject are challenged. Questions from the “Do I Know This Already?” quiz from the beginning of the chapter are repeated here to ensure that you have mastered the chapter’s topic areas. Hopefully, these questions will help limit the number of exam questions on which you narrow your choices to two options and guess!
1What are the Cisco hardware product families that support IPSec VPN technology?
2What are the two IPSec protocols?
3What are the three major VPN categories?
4What is an SEP module used for?
5What are the primary reasons cited for choosing VPN technology?
Q&A 69
6Why are remote access VPNs considered ubiquitous?
7What types of VPNs are typically built across service provider shared network infrastructures?
8Which type of VPNs use a combination of the same infrastructures that are used by the other two types of VPNs?
9What hardware would you use to build intranet and extranet VPNs?
10Which Cisco routers provide support for Cisco EzVPN Remote?
11Which Cisco router series supports VAMs?
12Which Cisco router series supports ISMs?
70 Chapter 2: Overview of VPN and IPSec Technologies
13Which of the Cisco PIX Firewall models are fixed-configuration devices?
14Which Cisco PIX Firewall models offer a failover port for high availability and support VACs?
15Which series of Cisco hardware devices are purpose-built remote access VPN devices?
16Which of the Cisco VPN 3000 Series Concentrators is a fixed-configuration device?
17Which of the Cisco VPN 3000 Series Concentrators can accept SEP modules?
18What feature of the Cisco Unity Client makes it scalable?
19Which of Cisco’s VPN clients can be used with any operating system that communicates in IP?
Q&A 71
20What protocol enables IP-enabled wireless devices such as PDAs and Smart Phones to participate in VPN communications?
21What are the three phases of Cisco Mobile Office?
22What is the distinctive characteristic of Cisco VPN Device Manager?
23What is Cisco’s AAA server, and what AAA systems does it support?
24Which web-based management tool can display a physical representation of each managed device?
25What are the current RFCs that define the IPSec protocols?
72 Chapter 2: Overview of VPN and IPSec Technologies
26What are three shortcomings of IPSec?
27What message encryption protocols does IPSec use?
28What message integrity protocols does IPSec use?
29What methods does IPSec use to provide peer authentication?
30What methods does IPSec use for key management?
31What is the key element contained in the AH or ESP packet header?
32Which IPSec protocol does not provide encryption services?
Q&A 73
33What is the triplet of information that uniquely identifies a Security Association?
34What is an ICV?
35What IPSec protocol must you use when confidentiality is required in your IPSec communications?
36What is the primary difference between the mechanisms used by AH and ESP to modify an IP packet for IPSec use?
37What are the two modes of operation for AH and ESP?
38Which IPSec protocol should you use if your system is using NAT?
74 Chapter 2: Overview of VPN and IPSec Technologies
39You can select to use both authentication and encryption when using the ESP protocol. Which is performed first when you do this?
40How many SAs does it take to establish bidirectional IPSec communications between two peers?
41Which encryption protocol was considered unbreakable at the time of its adoption?
42What process does 3DES use to obtain an aggregate 168-bit key?
43What is a message digest?
44What does HMAC-MD5-96 mean?
Q&A 75
45What does HMAC-SHA1-96 mean?
46How are preshared keys exchanged?
47What does the Diffie-Hellman key agreement protocol permit?
48Why is D-H not used for symmetric key encryption processes?
49What is a CRL?
50What are the five parameters required by IKE Phase 1?
51 What are the valid AH authentication transforms?
76 Chapter 2: Overview of VPN and IPSec Technologies
52What transform set would allow for SHA-1 authentication of both AH and ESP packets and would also provide 3DES encryption for ESP?
53What steps should you take before you begin the task of configuring IPSec on a Cisco device?
54What are the five steps of the IPSec process?
55What is the difference between the deny keyword in a crypto ACL and the deny keyword in an access ACL?
