Quản trị mạng Chapter13.
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (35.13 KB, 5 trang )
Dao Xuan Hung - Take Exam
Exam questions
1 . Which command would you use to troubleshoot VPDN operation?
show vpn
debug vpdn event
debug vpdn incoming
show vpdn event
2 . What command troubleshoots VPDN operation?
show vpdn
debug vpn
debug vpdn
debug vpdn op
3 . Two Offices locations are trying to connect to each other over a VPN, but the connection is failing. Which common
problem causes an IPSEC VPN to fail?
ACLs configured in the IPSEC traffic path blocking ISAKMP, ESP, and AH traffic.
Multiple transform sets configured but only one transform set is specified in the crypto map entry.
Crypto ACL configuration errors where permit is used to specify that matching packets must be encrypted.
Multiple interfaces sharing the same crypto map set.
4 . Which statement describes the differences between IPSec and Cisco Encryption Technology(CET)?
CET supports AH, ESP and Anti-Replay, which are not available with IPSec
IPSec supports AH, ESP and Anti-Replay, which are not available with CET
CET is the implementation of IPSec in the Cisco Secure Services package.
IPSec is used to encrypt IP-only packets, whereas CET is used to encrypt only non-IP packets.
5 . What two commands would you use to initiate the VPDN at an ISP?
vpn enable
vpdn outgoing
enable vpdn incoming
enable vpdn outgoing
vpdn enable
enable vpn outgoing
6 . What protocol permits tunneling of link layer frames within a VPDN?
L2F
LZF
L3F
L4F
7 . Router LabA is a Cisco 827 ADSL router configured as a PPPoE client. Part of the configuration of router LabA is
displayed below: "interface dialer 0 ip address negotiated ip nat outside encapsulation ppp dialer pool 1 ppp chap hostname
HanoiCTT ppp chap password ccnp" What is missing under the Interface Dialer0 configuration of LabA?
Request-dialin
Request-dialout
IP mtu 1492
IP mtu 1500
DSL operating-mode auto
Protocol pppoe
8 . HanoiCTT works from home via a Virtual Private Network connection. From her remote Internet connection she enters
an ISP’s login page. Once logged in, the ISP’s owned device creates a secure tunnel straight to the main offices enterprise
network. What kind of VPN is this?
An intranet VPN
An extranet VPN
A client initiated VPN
A Network Access Server initiated VPN
9 . Which of the following technologies permits tunneling of data-link layer frames with VPDN (Virtual Private Dial-up
Network)?
PPP
PPTP
L2F
MPPP
10 . What command displays events that are part of NORMAL tunnel establishment or shutdown in VPDN?
debug vpdn events
show vpdn events
debug vpdn normal events
debug vpdn events normal
11 . Which three are IKE Phase 2 Negotiate parameters in the IPSec protocol within Phase 1?
Negotiating Phase 1 parameters
Encryption
Key Exchange
Integrity checking user hashes
Authentication
Implementing tunnel mode
12 . What command will display 12f protocol errors?
debug vpdn 12f-errors
show vpdn 12f-errors
debug vpdn errors-12f
show vpdn 12f
13 . The HanoiCTT network is using VPNs to allow access to the corporate network. How is a Virtual Private Network
(VPN) connection better then a conventional point-to-point T1 connection? (Choose only one answer)
VPNs can provide reserved bandwidth for the individual user.
VPN users are not tied to a specific fixed location.
VPNs offer more local control of the quality of service.
VPNs offer better queuing mechanisms than T1 connections.
None of the above.
14 . VPN (Virtual Private Networks) enable service providers to:
Buy fewer routers
Increase bandwidth
Replace corporate dialup services
Decrease broadcast traffic
15 . An IPSec tunnel has just been created on the HanoiCTT network, and you wish to verify it. Which command will
display the configured IKE policies?
show crypto isakmp policy
show crypto ipsec
show crypto isakmp
show crypto map
16 . What is the function of the l2f protocol in VPDNs?
Tunneling link level protocols over higher protocols
Network authentication
User authentication
Establish multiple virtual paths to a remote destination
17 . 16. HanoiCTT would like to provide VPN security between its remote sites. After reviewing the HanoiCTT
requirements, you recommend that the HanoiCTT should protect the entire original IP packet by encrypting it and
encapsulating it inside a new, unencrypted IP header. The unencrypted header will be used to route the packet through the
Internet.Which mode will accomplish this?
IPSec Mode
Transport Mode
Channel Mode
Tunnel Mode
Host-to-host Mode
Protect Mode
18 . Which commands would you use to troubleshoot your VPDN operation? Choose two.
show vpn
debug vpdn
show vpdn events
debug vpdn event
19 . Which two statements are true when an IPSec-protected path is configured for transport mode? (Choose two)
The payload of the packet is protected but the original IP address exposed.
The application endpoints must also be the IPSec endpoints.
IPSec gateways provide IPSec services to hosts.
Security is provided for the transport layer and above only.
Encrypted packets are encapsulated in another IP packet for routing.
20 . What is a benefit of choosing an Internet-based VPN over a point-to-point T1 connection?
VPNs offer more local control of the quality of service.
VPN users are not tied to a specific fixed location.
VPNs can provide reserved bandwidth for the individual user.
VPNs offer better queuing mechanisms than T1 connections.
Showing page 1 of 1 :
1
Go!
© 2004 HanoiCTT. All rights reserved.
