CCNP Secure FAQ: Deploying DMVPNs

Q1. Which mechanism provides a scalable multiprotocol tunneling framework with optional dynamic routing?
b. IPsec
c. GRE
d. 802.1X
e. None of these answers are correct.

Answer: C

Q2. Which mechanism provides dynamic mutual discovery of spoke devices?
a. GRE
b. IKE
e. Expired Certificate List

Answer: C

Q3. Which mechanism provides key management and transmission protection?
b. GRE
c. mGRE
e. IKE + IPsec

Answer: E

Q4. To integrate PKI-based authentication with site-to-site VPNs, which protocol must be configured to use PKI-based authentication?
a. IKE
b. GRE
c. AAA
d. RSA
e. VPN

Answer: A

Q5. DMVPNs can use pre-shared keys or PKI-based IKE authentication. Either choice is acceptable for a hub-and-spoke network, but which of the following is recommended for a fully meshed network?
a. IPsec
b. DH group 14
c. Pre-shared keys
d. PKI-based authentication

Answer: D
Figure: DMPVN: Hub-and-Spoke Model

Q6. GRE uses which IP protocol in combination with IPsec VPNs to pass routing information between connected networks?
a. 89
b. 50
c. 47
d. 51
e. None of these answers are correct.

Answer: C

Q7. When a spoke router initially connects to a DMVPN, it registers its inner (tunnel) and outer (physical interface) IP address with which of the following?
a. NHRP server
b. DHCP server
c. Cisco ACS Server
d. Cisco Security Manager
e. None of these answers are correct.

Answer: A

Q8. What Cisco IOS Software command designates the tunnel interface as multipoint GRE mode?
a. tunnel source
b. tunnel destination
c. tunnel mode gre multipoint
d. interface gre 0/0 multipoint

Answer: C

Q9. If a DMVPN spoke router is configured with a point-to-point GRE interface, the spoke will only participate in which type of topology?
a. Strict hub-and-spoke
b. Partial mesh
c. Full mesh
d. Token ring
e. None of these answers are correct.

Answer: A

Q10. On the hub, what is the main factor that determines whether the DMVPN will operate as strict hub-and-spoke or as partially/full mesh?
a. Routing protocol functions
b. Network administrator preference
c. Bandwidth to the hub
d. Cisco router hardware model
e. Cisco IOS Software Release

Answer: A

Q11. A _____ cloud is a collection of routers that are configured with either an mGRE interface or a point-to-point GRE interface (or a combination of the two) and that share the same subnet.

Answer: DMVPN

Q12. The _____ created on the mGRE interface on the hub must be large enough to accommodate all the spoke routers’ GRE interfaces.

Answer:  subnet size

Q13. The NHRP network ID must be the same on the NHRP _____ and its NHRP _____.

Answer: server , clients.

Q14. The Cisco DMVPN solution integrates NHRP, _____, and _____.

Answer: GRE, IPsec.

Q15. DMVPN greatly simplifies the configuration requirements on the _____ router.

Answer: hub

Q16. NHRP on the hub provides DMVPN spokes with the ability to locate other _____ routers.

Answer: spoke

Q17. _____ populates each spoke’s routing table so that each spoke knows about the subnets behind the other spokes.

Answer: Dynamic routing

Q18. In a hub-and-spoke deployment, all traffic between spokes must flow through the _____

Answer: hub router

