CCNP Secure FAQ: Deploying Remote Access Solutions Using EZVPN5

CCNP Secure FAQ: Deploying Remote Access Solutions Using EZVPN5

Q1. What enables Cisco Integrated Services Routers to act as VPN gateways?
a. Cisco EZVPN Remote
b. PKI
c. Cisco EZVPN Server
d. None of these answers are correct.

Answer: C

Q2. What can the EZVPN server use to create cryptographic tunnel contexts? (Select all that apply.)
a. VTI
b. IPsec
c. Crypto map
d. B and C
e. None of these answers are correct.

Answer: A and C

Q3. Which of the following is preferred to EZVPN for deploying full tunneling?
a. IPsec tunnels
b. Traditional WAN circuits
c. Client-based tunneling
d. SSL VPNs
e. None of these answers are correct.

Answer: D

Q4. Which is an additional authentication mechanism that can be used in addition to group passwords?
a. XAUTH
b. RADIUS
c. TACACS+
d. IPsec
e. None of these answers are correct.

Answer: A

Q5. Recommended practice dictates limiting the size of which of the following to mitigate the fallout if a group password is compromised?
a. Networks
b. VPNs
c. User databases
d. Groups

Answer: D

Q6. Which type of authentication should you use to make the implementation resistant to a man-in-the-middle attack?
a. One-way
b. Two-way
c. PKI-based
d. Group password–based
e. None of these answers are correct.

Answer: C

Q7. Which of the following is authenticated when using XAUTH with the EZVPN remote hardware device?
a. Rrouter
b. User
c. Network
d. None of these answers are correct.

Answer: A

Q8. Which of the following are modes of operation of the EZVPN Remote feature on hardware clients? (Select all that apply.)
a. Client mode
b. Network extension
c. Network extension plus
d. Client plus

Answer: A, B, and C

9. What issue is mitigated by using certificate-based, rather than group password–based, EZVPN implementations?
a. Man-in-the-middle attack
b. DoS attacks
c. Ping sweep
d. Reconnaissance attack

Answer: A

10. What are the two areas to investigate when troubleshooting VPNs?
a. Session establishment
b. Data flow
c. Your ISP
d. None of the answers are correct.

Answer: A and B

Q11. Hosts behind the remote VPN router are not reachable for a session initiated from the central site in _____ mode.

Answer: client

Q12. The Easy VPN client can be the Cisco VPN client or an Easy VPN Remote hardware device such as the _____.

Answer: Cisco ISR

Q13. The Cisco Easy VPN Server can _____ IPsec tunnels that are initiated by remote users running VPN client software on their systems.

Answer: terminate 

Q14. As the Cisco Easy VPN Remote initiates a VPN tunnel, the Cisco Easy VPN _____ pushes the IP Security (IPsec) policies to the Cisco Easy VPN Remote _____ and creates the corresponding VPN tunnel connection.

Answer: Server,client

Q15. XAUTH takes place _____ IKE phase 1 completes and _____ the IKE phase 2 (IPsec SA) negotiations begin.

Answer: after,before

Q16. Group passwords are very vulnerable to compromise simply because of their _____ nature.

Answer: shared

Q17. Configuring a basic Cisco ISR Easy VPN _____ consists of basic gateway configuration, group authentication, client configuration, and user authentication configuration.

Answer: Server

Q18. The Cisco ISR can be used as an Easy VPN Remote _____.

Answer: hardware client

Q19. You can enhance authentication by using _____ on remote clients and the Easy VPN Server.

Answer: certificates 

More Resources

About the author

Prasanna

Leave a Comment