Đang tải... (xem toàn văn)
Quản trị mạng
Dao Xuan Hung - Take Exam Exam questions 1 . Which command would you use to troubleshoot VPDN operation? show vpn debug vpdn event debug vpdn incoming show vpdn event 2 . What command troubleshoots VPDN operation? show vpdn debug vpn debug vpdn debug vpdn op 3 . Two Offices locations are trying to connect to each other over a VPN, but the connection is failing. Which common problem causes an IPSEC VPN to fail? ACLs configured in the IPSEC traffic path blocking ISAKMP, ESP, and AH traffic. Multiple transform sets configured but only one transform set is specified in the crypto map entry. Crypto ACL configuration errors where permit is used to specify that matching packets must be encrypted. Multiple interfaces sharing the same crypto map set. 4 . Which statement describes the differences between IPSec and Cisco Encryption Technology(CET)? CET supports AH, ESP and Anti-Replay, which are not available with IPSec IPSec supports AH, ESP and Anti-Replay, which are not available with CET CET is the implementation of IPSec in the Cisco Secure Services package. IPSec is used to encrypt IP-only packets, whereas CET is used to encrypt only non-IP packets. 5 . What two commands would you use to initiate the VPDN at an ISP? vpn enable vpdn outgoing enable vpdn incoming enable vpdn outgoing vpdn enable enable vpn outgoing 6 . What protocol permits tunneling of link layer frames within a VPDN? L2F LZF L3F L4F 7 . Router LabA is a Cisco 827 ADSL router configured as a PPPoE client. Part of the configuration of router LabA is displayed below: "interface dialer 0 ip address negotiated ip nat outside encapsulation ppp dialer pool 1 ppp chap hostname HanoiCTT ppp chap password ccnp" What is missing under the Interface Dialer0 configuration of LabA? Request-dialin Request-dialout IP mtu 1492 IP mtu 1500 DSL operating-mode auto Protocol pppoe 8 . HanoiCTT works from home via a Virtual Private Network connection. From her remote Internet connection she enters an ISP’s login page. Once logged in, the ISP’s owned device creates a secure tunnel straight to the main offices enterprise network. What kind of VPN is this? An intranet VPN An extranet VPN A client initiated VPN A Network Access Server initiated VPN 9 . Which of the following technologies permits tunneling of data-link layer frames with VPDN (Virtual Private Dial-up Network)? PPP PPTP L2F MPPP 10 . What command displays events that are part of NORMAL tunnel establishment or shutdown in VPDN? debug vpdn events show vpdn events debug vpdn normal events debug vpdn events normal 11 . Which three are IKE Phase 2 Negotiate parameters in the IPSec protocol within Phase 1? Negotiating Phase 1 parameters Encryption Key Exchange Integrity checking user hashes Authentication Implementing tunnel mode 12 . What command will display 12f protocol errors? debug vpdn 12f-errors show vpdn 12f-errors debug vpdn errors-12f show vpdn 12f 13 . The HanoiCTT network is using VPNs to allow access to the corporate network. How is a Virtual Private Network (VPN) connection better then a conventional point-to-point T1 connection? (Choose only one answer) VPNs can provide reserved bandwidth for the individual user. VPN users are not tied to a specific fixed location. VPNs offer more local control of the quality of service. VPNs offer better queuing mechanisms than T1 connections. None of the above. 14 . VPN (Virtual Private Networks) enable service providers to: Buy fewer routers Increase bandwidth Replace corporate dialup services Decrease broadcast traffic 15 . An IPSec tunnel has just been created on the HanoiCTT network, and you wish to verify it. Which command will display the configured IKE policies? show crypto isakmp policy show crypto ipsec show crypto isakmp show crypto map 16 . What is the function of the l2f protocol in VPDNs? Tunneling link level protocols over higher protocols Network authentication User authentication Establish multiple virtual paths to a remote destination 17 . 16. HanoiCTT would like to provide VPN security between its remote sites. After reviewing the HanoiCTT requirements, you recommend that the HanoiCTT should protect the entire original IP packet by encrypting it and encapsulating it inside a new, unencrypted IP header. The unencrypted header will be used to route the packet through the Internet.Which mode will accomplish this? IPSec Mode Transport Mode Channel Mode Tunnel Mode Host-to-host Mode Protect Mode 18 . Which commands would you use to troubleshoot your VPDN operation? Choose two. show vpn debug vpdn show vpdn events debug vpdn event 19 . Which two statements are true when an IPSec-protected path is configured for transport mode? (Choose two) The payload of the packet is protected but the original IP address exposed. The application endpoints must also be the IPSec endpoints. IPSec gateways provide IPSec services to hosts. Security is provided for the transport layer and above only. Encrypted packets are encapsulated in another IP packet for routing. 20 . What is a benefit of choosing an Internet-based VPN over a point-to-point T1 connection? VPNs offer more local control of the quality of service. VPN users are not tied to a specific fixed location. VPNs can provide reserved bandwidth for the individual user. VPNs offer better queuing mechanisms than T1 connections. Showing page 1 of 1 : 1Go! © 2004 HanoiCTT. All rights reserved.