- Home
- Networking
- CCNA Security
41.
When an IPsec VPN tunnel is configured, how does the router determine what traffic is to
traverse the VPN tunnel?
- A.Policy map
- B.Access list
- C.Transform set
- D.Tunnel list
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| An access list is used to define interesting traffic, which is the traffic that is allowed to traverse the VPN tunnel. |
42.
Which IPsec protocol does both encryption and authentication?
- A.AH
- B.ESP
- C.PPTP
- D.GRE
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| ESP (Encapsulating Security Payload) does both encryption and authentication. Remember that AH does only the authenticating and no encryption. |
43.
What is the default encryption type when using SDM to configure an IPsec VPN tunnel?
- A.DES
- B.AES
- C.3DES
- D.RSA
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| The default encryption type is 3DES — this is what SDM uses when you choose the default configuration. |
44.
In Cisco Easy VPN, what is the advantage of network extension plus mode over network
extension mode?
- A.A loopback address is configured.
- B.An access list is required.
- C.NATs are in use.
- D.Routable addresses are used.
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| The network extension plus mode allows you to configure a loopback address, which is helpful in troubleshooting connections. |
45.
If you were working in the IOS command - line interface and needed to check on the status
of a VPN tunnel, what command would you enter?
- A.show interface
- B.show access - list
- C.show crypto isakamp
- D.show crypto ipsec sa
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| The command you would enter is show crypto ipsec sa . This displays any IPsec security associations. You can also use this to determine some error conditions to do further troubleshooting. |
|
|
||||||||||||||||||||||||||||
