Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : CCSP-Cisco Certified Security Professional : Cisco IOS IPSec for Preshared Keys Questions and Answers

Cisco IOS IPSec for Preshared Keys Questions and Answers

Sep 29,2009 by alperen

small font medium font large font
image

Questions

1. 

Which one of the following is not one of the tasks required to configure IPSec for Preshared Keys?

  1. Configure IPSec

  2. Prepare for IKE and IPSec

  3. Test and verify IPSec

  4. Configure the crypto map

2. 

Which of the following VPN products would be common for mobile users?

  1. Cisco 1700 router

  2. Cisco 900 Cable/DSL router

  3. Cisco VPN Software Client

  4. Cisco VPN Hardware Client


3. 

Which one of the following is a hybrid protocol that implements the Oakley key exchange?

  1. IPSec

  2. Crypto map

  3. IKE

  4. Hash algorithm

4. 

Which of the following is a peer authentication method?

  1. 3DES

  2. SHA-1

  3. MD5

  4. Preshared keys

5. 

Which of the following preparation steps is done using the ping command?

  1. Identify IPSec peers

  2. Check the current configuration

  3. Ensure the network works without encryption

  4. Ensure access control lists are compatible with IPSec

6. 

Which one of the following is not an IKE Phase 1 parameter?

  1. Encryption algorithm

  2. Traffic to protect

  3. Authentication method

  4. DH key exchange group

7. 

To make sure the router ACLs are IPSec-compatible, which is not required to be permitted?

  1. Port 500

  2. Port 510

  3. Protocol 51

  4. Protocol 50

8. 

If the crypto isakmp policy command were used to create policies with the following priorities, which would be processed first?

  1. 1000

  2. 500

  3. 12

  4. 25


9. 

If the crypto isakmp policy lifetime is set to 43,200, to what does the 43,200 refer?

  1. 43,200 bytes of protected throughput

  2. 43,200 hours

  3. half a day

  4. 43,200 lines of protected throughput

10. 

Which command shows the IKE policies and default values?

  1. show running-config

  2. show isakmp policy

  3. show crypto ike policy

  4. show crypto isakmp policy

11. 

A transform set can contain up to how many transforms?

  1. 4

  2. 6

  3. 3

  4. 1

12. 

Which is not a function of a crypto ACL?

  1. Define the dataflow to be protected by IPSec

  2. Discard inbound traffic that should have been protected by IPSec

  3. Filter outbound traffic for access to the Internet

  4. Define the data flow to pass unprotected by IPSec

13. 

Which of the following is not true?

  1. The crypto ACL determines the traffic to be protected

  2. The global crypto map command ties together the IPSec parameters

  3. The interface crypto map command applies the crypto map to an interface

  4. The global crypto map policy command sets the implementation priority

14. 

Which command shows IPSec performance indicators?

  1. show crypto map

  2. show crypto ipsec sa

  3. show crypto ipsec transform-set

  4. show crypto isakmp policy


15. 

Which statement is not true about the ipsec-manual form of the crypto map command?

  1. It doesn’t scale well

  2. The result can be insecure because of difficulty in manually creating secure keying material

  3. It enhances the flexibility of the crypto ACLs

  4. Manually established SAs never expire

Answers

1. 

D. Configure the crypto map

2. 

C. Cisco VPN Software Client

3. 

C. IKE

4. 

D. Preshared keys

5. 

C. Ensure the network works without encryption

6. 

B. Traffic to protect

7. 

B. Port 510

8. 

C. 12

9. 

C. half a day

10. 

D. show crypto isakmp policy

11. 

C. 3

12. 

C. Filter outbound traffic for access to the Internet

13. 

D. The global crypto map policy command sets the implementation priority

14. 

B. show crypto ipsec sa

15. 

C. It enhances the flexibility of the crypto ACLs


463 times read

Related news
» Cisco IOS IPSec for Preshared Keys Review
by alperen posted on Sep 29,2009
» Cisco IOS IPSec Certificate Authority Support Review
by alperen posted on Oct 02,2009
» Configuring IPSec Manually
by alperen posted on Sep 28,2009
» Step 4-4 Display the Configured Crypto Maps
by alperen posted on Sep 27,2009
» Step 1-4 Check the Current Configuration
by alperen posted on Sep 27,2009
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

alperen

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.