Q1
What is defined by an ISAKMP policy?
Options:
A) The preshared keys that will be exchanged between IPsec peers
B) Access lists that identify interesting traffic
C) The IP addresses of IPsec peers
D) The security associations that IPsec peers are willing to use
Answer: D) The security associations that IPsec peers are willing to use
1/7
| Term | Definition |
|---|---|
| Q1 What is defined by an ISAKMP policy? Options: A) The preshared keys that will be exchanged between IPsec peers B) Access lists that identify interesting traffic C) The IP addresses of IPsec peers D) The security associations that IPsec peers are willing to use | Answer: D) The security associations that IPsec peers are willing to use |
| Q2 Which are the five security associations to configure in ISAKMP policy configuration mode? Options: A) Hash, Accounting, Group, Lifetime, ESP B) Hash, Authentication, GRE, Lifetime, ESP C) Hash, Authorization, Group, Lifetime, Encryption D) Hash, Authentication, Group, Lifetime, Encryption | Answer: D) Hash, Authentication, Group, Lifetime, Encryption |
| Q3 What command or action will verify that a VPN tunnel has been established? Options: A) Send interesting traffic from the VPN router interface. B) Issue a show crypto isakmp sa command. C) Issue a show crypto map command. D) Issue a show ip interface command. | Answer: B) Issue a show crypto isakmp sa command. |
| Q4 What three protocols must be permitted through the company firewall for establishment of IPsec site-to-site VPNs? (Choose three.) Options: A) AH B) NTP C) SSH D) ESP E) ISAKMP F) HTTPS | Answer: A) AH D) ESP E) ISAKMP |
| Q6 What is negotiated in the establishment of an IPsec tunnel between two IPsec hosts during IKE Phase 1? Options: A) DH groups B) Interesting traffic C) Transform sets D) ISAKMP SA policy | Answer: D) ISAKMP SA policy |
| Q7 A network analyst is configuring a crypto map and has just bound the ACL and the transform set to the map, and set the IPsec tunnel lifetime. What other step completes the configuration of the crypto map? Options: A) Define the interesting traffic. B) Apply the map to an interface. C) Configure the SA policy. D) Configure the DH group. | Answer: B) Apply the map to an interface. |
| Q8 What is the first step in establishing an IPsec VPN? Options: A) Creation of an IPsec tunnel between two IPsec peers B) Creation of a secure tunnel to negotiate a security association policy C) Negotiation of ISAKMP policies D) Detection of interesting traffic | Answer: D) Detection of interesting traffic |