Firewalls and VPN Features Questions and answers
Questions
|
1. |
Which two of the following are PIX Firewall IPSec
implementations?
-
Remote access
-
Host-to-host
-
Site-to-site
-
Lock and key
|
|
2. |
Which IPSec mode runs between two security gateways, such as
PIX Firewall units?
-
Remote access
-
Transport
-
Tunnel
-
VPN Free Client |
|
3. |
Which command enables IKE on a PIX Firewall?
-
IKE enable
-
isakmp enable
-
isakmp policy
-
isakmp identity |
|
4. |
Which command defines the Diffie–Hellman configuration?
-
Pix(config)# isakmp policy 100 encryption
des
-
Pix(config)# isakmp policy 100 hash md5
-
Pix(config)# isakmp policy 100 authentication
rsa-sig
-
Pix(config)# isakmp policy 100 group 2
|
|
5. |
In the isakmp policy 100 authentication rsa-sig command,
what does rsa-sig mean?
-
Preshared keys will be used for authentication
-
Hash keys will be used for authentication
-
CAs will be used for authentication
-
RSA keys will be used for authentication |
|
6. |
Of the following IKE policies, which is the highest
priority?
-
100
-
200
-
500
-
1000 |
|
7. |
Which VPN feature requires device times to be set to
GMT?
-
Preshared keys
-
Tunnel mode
-
Transport mode
-
CAs |
|
8. |
Which command is not required to
configure IPSec CAs?
-
pixfirewall(config)# hostname Pix
-
Pix(config)# domain-name test.com
-
Pix(config)# ca generate rsa key 512
-
Pix(config)# show ca mypubkey rsa
|
|
9. |
What does the sysopt connection
permit-ipsec command do?
-
Enables IPSec on the PIX unit
-
Logs IPSec connection info to a Syslog server
-
Permits IPSec traffic to pass through the firewall without
inspection by the interface ACLs
-
Activates remote IPSec configuration |
|
10. |
Which is not a function performed by
crypto access lists?
-
Filters inbound traffic and discards any traffic that should
have been protected by IPSec
-
Determines whether to accept requests for IPSec SAs for the
requested dataflows when processing IKE negotiations
-
Deny statements that specify any matching packets will be
discarded
-
Defines the data traffic to be protected by
IPSec |
|
11. |
Which is an example of a Cisco VPN Client
implementation?
-
PIX Remote VPN
-
Easy VPN Remote device
-
Easy VPN Server
-
PIX ISAKMP |
|
12. |
Which command specifies a Syslog server for logging
messages?
-
logging trap
-
logging history
-
logging on
-
logging host |
|
13. |
Which is Cisco’s flagship-integrated security-management
solution?
-
CiscoWorks VMS
-
Cisco Secure Policy Manager (CSPM)
-
AVVID
-
Cisco PIX Device Manager (PDM) |
|
14. |
Point-to-Point Protocol over Ethernet (PPPoE) uses which
default authentication protocol?
-
AAA
-
CHAP
-
PAP
-
MS-CHAP |
|
15. |
Which statement is true about PPPoE on PIX Firewalls?
-
It’s an industry standard that has been supported since PIX
OS 5.1
-
It encapsulates PPP traffic in Ethernet frames to travel
across the LAN
-
It’s only supported on the outside interface of the PIX
-
PPPoE implementation is specifically targeted for larger
links and devices |
Answers
|
1. |
A. and C. Remote access and
Site-to-site |
|
2. |
C. Tunnel |
|
3. |
B. isakmp enable
|
|
4. |
D. Pix(config)# isakmp
policy 100 group 2 |
|
5. |
C. CAs will be used for
authentication |
|
6. |
A. 100 |
|
7. |
D. CAs |
|
8. |
D. Pix(config)# show ca
mypubkey rsa |
|
9. |
C. Permits IPSec traffic to pass through
the firewall without inspection by the interface ACLs |
|
10. |
C. Denies statements that specify any
matching packets will be discarded |
|
11. |
B. Easy VPN Remote device |
|
12. |
D. logging host
|
|
13. |
A. CiscoWorks VMS |
|
14. |
C. PAP |
|
15. |
C. It’s only supported on the outside
interface of the PIX cp22
|
343 times read
|
|
|
Did you enjoy this article?
(total 0 votes)
|
Sections
Comments (0 posted)
Syndication
