CCNP Secure FAQ: Deploying GET VPNs

CCNP Secure FAQ: Deploying GET VPNs

Q1. GET VPNs use which feature to provide large-scale transmission protection that uses the existing routing infrastructure? (Select all that apply.)
a. Tunnel-free
b. X.500
c. Connectionless
e. Encrypted

Answer: A and C

Q2. GET VPNs use a concept of which of the following to provide transmission protection? (Select all that apply.)
a. Certificates
b. IPsec
c. Key servers
d. Group members
e. None of these answers are correct.

Answer: C and D
Figure: GET VPN Configuration of Key Server

Q3. To implement a GET VPN over the Internet, which type of IP addresses must be used on all networks?
a. Private
b. Class A
c. NAT
d. Routable
e. None of these answers are correct.

Answer: D

Q4. GET VPNs maintain which aspect of the data packet?
a. Original IP header
b. Size
c. MAC address
d. Don’t Fragment bit setting
e. None of these answers are correct.

Answer: A

Q5. Which of the following are the two choices of rekeying used by key servers?
a. Unicast
b. Symmetric
c. Asymmetric
d. Multicast

Answer: A and D

Q6. Which of the following do you configure to prevent traffic from traversing an untrusted interface unless the group member is registered into a GET VPN?
a. ACL
b. Policy map
c. Fail-closed policy
d. GET VPN key server
e. None of these answers are correct.

Answer: C

Q7. What event might lead to several independent groups of key servers rekeying group members with different session keys?
a. Network split
b. Route reconvergence
c. Network merge
d. None of these answers are correct.

Answer: A

Q8. There can be up to how many key servers on a network?
a. Six
b. Seven
c. Eight
d. Ten

Answer: C

Q9. Reducing _____ on group members is recommended to reduce the load on the key server.

Answer: IKE lifetimes

Q10. If the key server fails to get a _____ to a rekey message from the group member after three rekeys, it removes the group member.

Answer: response

Q11. By distributing _____ across multiple key servers and controlling the order of the key servers in the configurations, some load balancing can be achieved.

Answer: group members

Q12. The _____ defines the encapsulation and cryptographic settings that will be distributed to the group members by the key server as part of the SA.

Answer: IPsec profile

Q13. GET VPNs use _____ as the group keying mechanism.

Answer: IKE GDOI

Q14. GET VPNs provide connectionless, tunnel-free encryption that leverages the existing _____ infrastructure.

Answer: routing

Q15. GET VPNs are based on GDOI, which is defined in RFC ____.

Answer: 3547

Q16. GDOI is a standards-based ISAKMP group key management protocol meant to provide secure communication within a _____.

Answer: group

More Resources

About the author


Leave a Comment