Home   | CCNA Certification  |   CCNP Training   | CompTIA |  Boot Camps  |  Free Tutorials   | MS Vista | About Me
 

Get My Exclusive FREE 7-Part Report,
"How To Pass The CCNA", Daily FREE
Cisco And CompTIA Exam Questions,
And All The Latest Certification News
In My Daily Newsletter!

Privacy Policy

Name:
Email:
  More Testimonials >
Visit my blog for free daily Cisco CCNA and CCNP certification questions, my latest free articles and tutorials, and more!


 

CCNA Security Certification Exam Training Questions

10 Questions On VPNs

By Chris Bryant, CCIE #12933

To help you prepare for success on your Cisco CCNA Security exam, here's another set of practice exam questions for you!

Today's questions deal with Virtual Private Networks. Answers can be found at the bottom of the page.

I'm Paying It Forward - To You.

Get CCNA Security Certified Today - For $20.

CCNA Security Study Package

Here are today's questions...answers are at the bottom of the page. Enjoy!

1. What term refers to the data recipient's ability to ensure that the data was not altered in any fashion as the data was sent across the VPN?

A. encryption

B. integrity

C. authentication

D. origin authentication

 

2. What protocol sometimes used for routing is also used to allow the exchange of secret keys over a non-secure communications channel?

A. DUAL

B. EIGRP

C. OSPF

D. Diffie-Hellman

E. Dijkstra

 

3. Which of the following does Authentication Header NOT offer?

A. data origin authentication

B. data integrity

C. anti-replay protection

D. data confidentiality

 

4. When creating an IKE policy, which of the following encryption options is the default?

R1(config-isakmp)#encryption ?
  3des  Three key triple DES
  aes   AES - Advanced Encryption Standard.
  des   DES - Data Encryption Standard (56 bit keys).

 

5. Which of the following Diffie-Hellman groups is the default?

R1(config-isakmp)#group ?
  1  Diffie-Hellman group 1
  2  Diffie-Hellman group 2
  5  Diffie-Hellman group 5


6. What will our two options be for the following command? Which is the default?

R1(config-isakmp)#hash ?

 

7. For two routers to successfully negotiate the IKE Phase 1 policy, which of the following does NOT have to be an exact match?

A. DH group number

B. authentication method

C. encryption method

D. lifetime

E. hash algorithm

 

8. You have an outbound crypto ACL applied to an interface. What happens to traffic that does not match this ACL?

A. That traffic will not be sent.

B. That traffic will be sent, but not encrypted.

C. That traffic will be sent in an encrypted format using the weakest encryption available.

D. That traffic will be sent in an encrypted format, since crypto ACLs have nothing to do with what traffic should and should not be encrypted.

 

9. You've just run the show crypto isakmp sa command, and each of your SAs are showing a status of QM_IDLE. What should you do?

A. Nothing - that's the status you want.

B. Check for a mismatched authentication message.

C. Make sure the line protocols are up - this message indicates that the SA is operational, but that traffic is not being sent.

D. Check the physical layer.

E. Check for a mismatch in the lifetime value.

F. Check for a mismatch in the hash algorithm.

 

10. You're working in SDM and have just selected Create Site-To-Site VPN. What was the other option you could have chosen?

The answers are just below!

 

I'm Paying It Forward - To You.

Get CCNA Security Certified Today - For $20.

CCNA Security Study Package

 

1. (B). Data integrity assures that the data was not altered during transmission.

 

2. (D). The Diffie-Hellman protocol isn't just for routing - it also allows secret keys to be exchanged over a non-secure communications channel.

 

3. (D). AH does not offer data confidentiality.

 

4. The encryption default is DES.

 

5. The Diffie-Hellman default group is Group 1.

 

6. The hash options are MD5 and SHA, with SHA being the default.

 

7. (D). The lifetime value doesn't have to be an exact match, but the other four values do.

 

8. (B). The traffic will still be sent, but it will not be encrypted.

 

9. (A). QM_IDLE is the desired state.

 

10. You could also build a GRE over IPSec tunnel, also known as a secure GRE tunnel, as verified by this screen shot from my CCNA Security Study Package:

SDM Creating VPNs For CCNA Security Exam

 

I'm Paying It Forward - To You.

Get CCNA Security Certified Today - For $20.

CCNA Security Study Package

 

 

Chris Bryant

CCIE #12933

"The Computer Certification Bulldog"

chris@thebryantadvantage.com

 

 

The Ultimate CCNA Study Package | The Ultimate CCNA Study Guide

Binary Math And Subnetting Mastery

Cisco Rack Rentals

CCNP BSCI Exam Study Package

CCNP BCMSN Exam Study Package

CCNP BCRAN Exam Study Package

CCNP CIT Exam Study Package | CCNP BSCI Exam Study Guide

CCNA CBT Video Boot Camp | CCNP BSCI Video Boot Camp

Cisco Training Tutorials And Cisco Certification Articles

CCNP CBT BCMSN Video Boot Camp | CCNP CBT BCRAN Video Boot Camp

CompTIA Network+ Exam Study Package

CompTIA Security+ Exam Study Package

CompTIA A + Certification Exam Study Package

CCNA Training Store | CCNP Certification Training Store

CompTIA Certification Training Store

Cisco Lab Router And Switch Home Lab Help

Site Map | Home Page | Testimonials

Microsoft Windows Vista Certification Updates And News

The Bryant Advantage Blog | About Chris Bryant, CCIE #12933