CCNP Practice Exam For ISCW Study:

Virtual Private Networks (Test #2)

Vital Reading And Watching For All Cisco Certification Candidates:

The July 2010 CCNP Changes (And How To Beat Them!)

More practice exams for the ISCW, BSCI, ONT, and BCMSN exams await you on our CCNP Practice Exam page!

Join our Twitter conversation and visit our YouTube Cisco Certification Channel for plenty of additional Cisco Certification study resources!

Enjoy the questions!

Chris Bryant

CCIE #12999

"The Computer Certification Bulldog"

chris@thebryantadvantage.com

Question 1:

You're creating a site-to-site VPN in Security Device Manager (SDM). What are your options for authentication?

A. pre-shared keys

B. RSA

C. digital certificates

D. local authentication

Question 2:

What's true of GRE over IPSec tunnels?

A. Routing protocols can use them

B. Routing protocols can't use them

C. The crypto ACL identifies protected traffic

D. The crypto ACL identifies unprotected traffic

 

Question 3:

Who issues digital certificates?

A. The data sender

B. The data recipient

C. The CA

D. The ISP

Question 4:

You've configured a site-to-site VPN via SDM on one router. What term describes the config needed for the remote site's ACL?

A. exact match

B. mirror image

C. inverse copy

D. obverse copy

Question 5:

The DPD is the primary method of detecting a down tunnel. Identify a secondary method?

A. Frame map statements not being accepted by the router

B. VPN Hellos not going through

C. Routing protocol timers

D. tunnel pings

 

 

Question 6:

Which of the following statements are true?

A. DES is more easily broken than 3DES.

B. DES uses 56-bit keys.

C. 3DES is more easily broken than DES.

D. DES uses multiple 56-bit keys.

Question 7:

You've configured Split Tunneling on your VPN client. What popular network service may have trouble with split tunneling?

A. Password encryption service

B. NAT

C. Privilege levels

D. IP host name resolution

 

Answers at the bottom of the page!

 

Earn Your CCNP With The Personal Guarantee Of Chris Bryant, CCIE #12933:

“I GUARANTEE You'll Pass The Current CCNP Exams - BSCI, ONT, ISCW, and BCMSN - Before The July 31, 2010 Cutoff Date With My CCNP Study Packages ...

... And If You Don't Pass FOR ANY REASON Before That Time, I'll Give You a 100% Free CCNP Study Package Download For The New Exam Track!"

You Also Get A FREE CCNA Security Study Package, Valued at $67, With The Purchase Of Any CCNP Study Package!

Answers:

1. "A, C". The valid options are pre-shared keys and digital certificates.

 

2. "A, C". The crypto ACL identifies the traffic to be protected (sent over the tunnel), and dynamic routing protocols can easily use the tunnel as well.

 

3. "C". The Certificate Authority issues digital certificates - digital proof that someone is who they say they are.

 

4. "B". You need a mirror image of the local router's config, and you can get that in SDM by clicking Generate Mirror in the Edit VPN section.

 

5. "C". The Dead Peer Detection (DPD) is the primary method of detecting a down tunnel, but if the routing protocol hellos timeout, that's another dead giveaway. (No extra charge for the pun.).

 

6. "A, B ". DES uses 56-bit keys, and a major drawback in its use is that it's considered "easy" to break. 3DES uses multiple 56-bit keys and is harder to break.

 

7. "B". Split Tunneling does not always work well with NAT. Check Cisco's website for documentation and case studies before configuring this in real-world networks.