Chris Bryant (ccie12933) on Twittergreat free widgetsWidgetboxMore info




	More Testimonials >

Visit my blog for free daily Cisco CCNA and CCNP certification questions, my latest free articles and tutorials, and more!

CCNP Practice Exam For ISCW Study:

Virtual Private Networks (Test #3)

Vital Reading And Watching For All Cisco Certification Candidates:

The July 2010 CCNP Changes (And How To Beat Them!)

Here's the third in a series of VPN practice exams to help you pass the ISCW exam and nail your CCNP before the July 2010 exam cutover!

More practice exams for the ISCW, BSCI, ONT, and BCMSN exams await you on our CCNP Practice Exam page!

Join our Twitter conversation and visit our YouTube Cisco Certification Channel for plenty of additional Cisco Certification study resources!

Enjoy the questions!

Chris Bryant

CCIE #12999

"The Computer Certification Bulldog"

chris@thebryantadvantage.com

Question 1:

Identify the true statements regarding tunnel mode.

A. Only the payload is protected

B. More overhead than transport mode

C. Entire packet is protected

D. Less overhead than transport mode

Question 2:

What term is defined as "the ability of the recipient to ensure that the received data is the same as the transmitted data"?

A. Origin Authentication

B. Integrity

C. Hashing

D. Encryption

Question 3:

When configuring GRE over IPSec tunnels, what commands are required on the tunnel interface?

A. tunnel destination

B. tunnel source

C. tunnel broadcast (if broadcasts are in use)

D. tunnel routing protocol

Question 4:

What VPN service allows the data recipient to guarantee the source of the data?

A. Integrity

B. Encryption

C. Origin Authentication

D. Data Security

Question 5:

Name three different methods used to introduce redundancy to site-to-site VPNs.

Question 6:

When you run show crypto isakmp sa, which of the following is what you *do* want to see?

A. MM_KEY_EXCH

B. QM_ACTIVE

C. MM_NO_STATE

D. QM_IDLE

Question 7:

What protocol or service makes it possible to exchange secret keys over a non-secure connection without compromising the keys?

A. Dijkstra

B. Password encryption

C. Authentication Header

D. Diffie-Hellman

E. Bellman-Ford

F. None - this literally isn't possible.

Answers at the bottom of the page!

Earn Your CCNP With The Personal Guarantee Of Chris Bryant, CCIE #12933:

“I GUARANTEE You'll Pass The Current CCNP Exams - BSCI, ONT, ISCW, and BCMSN - Before The July 31, 2010 Cutoff Date With My CCNP Study Packages ...

... And If You Don't Pass FOR ANY REASON Before That Time, I'll Give You a 100% Free CCNP Study Package Download For The New Exam Track!"

You Also Get A FREE CCNA Security Study Package, Valued at $67, With The Purchase Of Any CCNP Study Package!

Answers:

1. "B, C". Tunnel mode protects the entire packet, and in turn this means that tunnel mode has more overhead than transport mode.

2. "B". Data Integrity refers to the data recipient's ability to guarantee that the data was not altered after leaving the sender.

3. "A, B". The required commands are tunnel destination and tunnel source.

4. "C".

5. Our old friend HSRP is a primary method of introducing redundancy to tunnels, as is using Reverse Route Injection and configuring a backup tunnel.

6. "D". QM_IDLE means the SA is in place and is active.

7. "D". The Diffie-Hellman protocol allows the sending of secret keys over a not-yet-secured connection without compromising the keys.