Cisco Data Center Solutions and Virtualization (server, storage, network)

“Do I Know This Already?” Quiz – Cisco Virtual Private Network (VPN)

by

Virtualization
in ,

“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz enables you to assess whether you should read this entire chapter thoroughly or jump to the “Exam Preparation Tasks” section. If you are in doubt about your answers to these questions or your own assessment of your knowledge of the topics, read the entire chapter. Table 19-1 lists the major headings in this chapter and their corresponding “Do I Know This Already?” quiz questions. You can find the answers in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes.”

  

Table 19-1 “Do I Know This Already?” Section-to-Question Mapping

Foundation Topics Section

Questions

VPN Essentials

1

IPsec Essentials

2, 3, 4, 5

Site-to-Site VPN Deployment

6

Remote Access VPN Deployment

7

Caution

The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark that question as wrong for purposes of the self-assessment. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might provide you with a false sense of security.

1. Which site-to-site VPN network topology is supported by Cisco Secure Firewall?

  1. Point-to-Point
  2. Hub and Spoke
  3. Full Mesh
  4. All of these answers are correct.

2. Which protocol is not part of the IPsec framework?

  1. Authentication Header (AH)
  2. Generic Routing Encapsulation (GRE)
  3. Internet Key Exchange (IKE)
  4. Encapsulating Security Payload (ESP)

3. Which of the following protocols is used for encryption?

  1. AES
  2. ECDH
  3. DH
  4. SHA

4. Which of the following protocols is used for data integrity?

  1. AES
  2. ECDH
  3. SHA
  4. DH

5. Which of the following protocols is used to exchange secret keys?

  1. IKE
  2. ISAKMP
  3. ECDH
  4. All of these answers are correct.

6. For site-to-site VPN deployment on Secure Firewall, which of the following is true?

  1. When you are registering a management center with Cisco Smart Software Licensing, the export-controlled functionality must be allowed for stronger encryption algorithms.
  2. Secure Firewall supports the configuration of a site-to-site virtual private network using both IKEv1 and IKEv2 protocols.
  3. If an interface of the threat defense is configured with NAT and VPN, you need to exempt the internal traffic from being translated.
  4. All of these answers are correct.

7. For a remote access VPN deployment of Secure Firewall, which of the following is false?

  1. Secure Firewall supports the SSL protocol only to establish a secure connection with remote users.
  2. The Simple Certificate Enrollment Protocol (SCEP) allows a threat defense to act as a CA server for a remote user.
  3. When connecting to a remote access VPN, the remote user connects to the organization’s authentication server directly for credential validation.
  4. All of these answers are correct.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *