CCNA 4 Chapter 7 v5.02 Exam Answers

 CCNA 4 v5.02 Chapter 7 Exam Answers 2017

  1. A network design engineer is planning the implementation of a cost-effective method to interconnect multiple networks securely over the Internet. Which type of technology is required?
    • a GRE IP tunnel
    • a leased line
    • a VPN gateway
    • a dedicated ISP
  2. What is the purpose of a message hash in a VPN connection?
    • It ensures that the data cannot be read in plain text.
    • It ensures that the data has not changed while in transit.
    • It ensures that the data is coming from the correct source.
    • It ensures that the data cannot be duplicated and replayed to the destination.
  3. Which two algorithms use Hash-based Message Authentication Code for message authentication? (Choose two.)
    • 3DES
    • DES
    • AES
    • MD5
    • SHA
  4. What key question would help determine whether an organization should use an SSL VPN or an IPsec VPN for the remote access solution of the organization?
    • Is a Cisco router used at the destination of the remote access tunnel?
    • What applications or network resources do the users need for access?
    • Are both encryption and authentication required?
    • Do users need to be able to connect without requiring special VPN software?
  5. Which Cisco VPN solution provides limited access to internal network resources by utilizing a Cisco ASA and provides browser-based access only?
    • clientless SSL VPN
    • client-based SSL VPN
    • SSL
    • IPsec
  6. Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.
    What problem is preventing the hosts from communicating across the VPN tunnel?

    • The EIGRP configuration is incorrect.
    • The tunnel IP addresses are incorrect.
    • The tunnel source interfaces are incorrect.
    • The tunnel destinations addresses are incorrect.
  7. What two encryption algorithms are used in IPsec VPNs? (Choose two.)
    • DH
    • PSK
    • IKE
    • AES
    • 3DES
  8. A network design engineer is planning the implementation of an IPsec VPN. Which hashing algorithm would provide the strongest level of message integrity?
    • SHA-1
    • MD5
    • AES
    • 512-bit SHA
  9. Which algorithm is an asymmetrical key cryptosystem?
    • RSA
    • AES
    • 3DES
    • DES
  10. What is the purpose of utilizing Diffie-Hellman (DH) algorithms as part of the IPsec standard?
    • DH algorithms allow unlimited parties to establish a shared public key that is used by encryption and hash algorithms.
    • DH algorithms allow two parties to establish a shared secret key that is used by encryption and hash algorithms.
    • DH algorithms allow unlimited parties to establish a shared secret key that is used by encryption and hash algorithms.
    • DH algorithms allow two parties to establish a shared public key that is used by encryption and hash algorithms.
  11. Which three statements describe the building blocks that make up the IPsec protocol framework? (Choose three.)
    • IPsec uses encryption algorithms and keys to provide secure transfer of data.
    • IPsec uses Diffie-Hellman algorithms to encrypt data that is transferred through the VPN.
    • IPsec uses 3DES algorithms to provide the highest level of security for data that is transferred through a VPN.
    • IPsec uses secret key cryptography to encrypt messages that are sent through a VPN.
    • IPsec uses Diffie-Hellman as a hash algorithm to ensure integrity of data that is transmitted through a VPN.
    • IPsec uses ESP to provide confidential transfer of data by encrypting IP packets.
  12. Which statement describes a characteristic of IPsec VPNs?
    • IPsec is a framework of Cisco proprietary protocols.
    • IPsec can secure traffic at Layers 1 through 3.
    • IPsec encryption causes problems with routing.
    • IPsec works with all Layer 2 protocols.
  13. What is an IPsec protocol that provides data confidentiality and authentication for IP packets?
    • AH
    • ESP
    • RSA
    • IKE
  14. Which statement correctly describes IPsec?
    • IPsec works at Layer 3, but can protect traffic from Layer 4 through Layer 7.
    • IPsec uses algorithms that were developed specifically for that protocol.
    • IPsec implements its own method of authentication.
    • IPsec is a Cisco proprietary standard.
  15. Which function of IPsec security services allows the receiver to verify that the data was transmitted without being changed or altered in any way?
    • anti-replay protection
    • authentication
    • data integrity
    • confidentiality
  16. Two corporations have just completed a merger. The network engineer has been asked to connect the two corporate networks without the expense of leased lines. Which solution would be the most cost effective method of providing a proper and secure connection between the two corporate networks?
    • Cisco AnyConnect Secure Mobility Client with SSL
    • Cisco Secure Mobility Clientless SSL VPN
    • Frame Relay
    • remote access VPN using IPsec
    • site-to-site VPN
  17. Which two scenarios are examples of remote access VPNs? (Choose two.)
    • A toy manufacturer has a permanent VPN connection to one of its parts suppliers.
    • All users at a large branch office can access company resources through a single VPN connection.
    • A mobile sales agent is connecting to the company network via the Internet connection at a hotel.
    • A small branch office with three employees has a Cisco ASA that is used to create a VPN connection to the HQ.
    • An employee who is working from home uses VPN client software on a laptop in order to connect to the company network.
  18. Which statement describes a feature of site-to-site VPNs?
    • The VPN connection is not statically defined.
    • VPN client software is installed on each host.
    • Internal hosts send normal, unencapsulated packets.
    • Individual hosts can enable and disable the VPN connection.
  19. What is one benefit of using VPNs for remote access?
    • lower protocol overhead
    • ease of troubleshooting
    • potential for reduced connectivity costs
    • increased quality of service
  20. How is “tunneling” accomplished in a VPN?
    • New headers from one or more VPN protocols encapsulate the original packets.
    • All packets between two hosts are assigned to a single physical medium to ensure that the packets are kept private.
    • Packets are disguised to look like other types of traffic so that they will be ignored by potential attackers.
    • A dedicated circuit is established between the source and destination devices for the duration of the connection.
  21. What is the purpose of the generic routing encapsulation tunneling protocol?
    • to provide packet level encryption of IP traffic between remote sites
    • to manage the transportation of IP multicast and multiprotocol traffic between remote sites
    • to support basic unencrypted IP tunneling using multivendor routers between remote sites
    • to provide fixed flow-control mechanisms with IP tunneling between remote sites
  22. Which remote access implementation scenario will support the use of generic routing encapsulation tunneling?
    • a mobile user who connects to a router at a central site
    • a branch office that connects securely to a central site
    • a mobile user who connects to a SOHO site
    • a central site that connects to a SOHO site without encryption
  23. Refer to the exhibit. Which IP address would be configured on the tunnel interface of the destination router?
    aq9
    • 172.16.1.1
    • 172.16.1.2
    • 209.165.200.225
    • 209.165.200.226
  24. Refer to the exhibit. A tunnel was implemented between routers R1 and R2. Which two conclusions can be drawn from the R1 command output? (Choose two.)
    aq10
    • This tunnel mode is not the default tunnel interface mode for Cisco IOS software.
    • This tunnel mode provides encryption.
    • The data that is sent across this tunnel is not secure.
    • This tunnel mode does not support IP multicast tunneling.
    • A GRE tunnel is being used.

Comments

comments