CCSP SECUR FAQ : Scaling Management of an Enterprise VPN Environment

CCSP SECUR FAQ : Scaling Management of an Enterprise VPN Environment

Q1. Which of the following is not supported by CiscoWorks 2000?
A. Management and monitoring of PIX firewalls

B. Management and monitoring of the CSIDS

C. Management and monitoring of Cisco HIDS

D. Management and monitoring of syslog servers

E. Web-based interface for the configuration, management, and troubleshooting of VPNs

Answer: D

Q2. Which of the following operating systems support the installation of CiscoWorks 2000? (Choose all that apply)
A. Red Hat Linux
B. Windows 2000 Server
C. Sun Solaris 9
D. Windows 2000 Professional
E. Open BSD

Answer: B, D

Q3. Which server platform is required for the installation of the Router MC? (Choose all that apply)
A. Windows 2000 Advanced Server
B. CiscoWorks 2000
C. Sun Solaris 2.6
D. VPN/Security Management Solution
E. Windows 2000 Server

Answer: B, D

Q4. Where is the “hub” normally located when creating a “hub-and-spoke” network?
A. In the geographic center of the network, to ensure a relatively equal distance between spoke sites

B. In a central location that is primarily determined by the throughput available for each spoke site

C. At the site with the best Internet connection

D. At a location that is logically central to the organization, such as the corporate headquarters

E. At the site with the least complex network

Answer: D

Q5. In a “hub-and-spoke” network design, how do the spoke locations communicate?
A. The spokes do not communicate with each other.
B. All traffic is routed through the “hub.”
C. All spoke sites are configured for a full-mesh VPN.
D. The hub proxies all connections back out to the spokes.
E. None of the above.

Answer: B

Q6. When configuring the hub settings in the context of the VPN and firewall policies, exactly which items are configured?
A. How many VPN connections can be accepted by the hub router
B. The type of router that is used at the hub location
C. The internal interfaces and networks on the “hub side”
D. The central site router that has priority for the connection
E. All of the above

Answer: C

Q7. How long will an activity be available for editing by any user?
A. Until it has been “deployed”
B. Until it has been “submitted”
C. Until it has been “approved”
D. Until it has been “deleted”
E. Until it has been “rejected”

Answer: B, C, D, E

Q8. When configuring the firewall settings of the VPN and firewall policies, what component are you configuring?
B. The PIX firewall
C. Access control lists
D. Cisco Secure ACS
E. All of the above
F. None of the above

Answer: A

Q9. What doe the term “inheritance” mean when talking about the Router MC?
A. Any changes made to the “hub” will affect the “spokes.”

B. Any policies applied to a device will affect the group that the device is assigned to.

C. Any policies applied to a device level group will affect the global group.

D. Policy changes will not affect a device if it is in the “locked group.”

E. None of the above.

Answer: E

Q10. Which components can be used multiple times when configuring the Router MC?
A. Device names
B. Organizational IDs
C. VPN policies
D. Building blocks
E. None of the above

Answer: D

Q11. If you install CiscoWorks 2000 on any Windows platform, which additional packages are required?

Answer: Service Pack 2 and the ODBC Drivers (version 3.510)

Q12. What is the significance of configuring the “hub” of the “hub-and-spoke” network to be located at the corporate headquarters?

Answer: You want all VPNs to terminate at a location that is central to the operation of the company. Also, the headquarters location most likely has the most complex network configuration, whereas the branch offices are les complex.

Q13. What are some of the general settings when configuring the VPN and firewall policies on the Router MC?

Answer: The general settings determine routing, IPSec failover, and fragmentation parameters for the VPN connection.

Q14. What is meant by “device hierarchy and inheritance”?

Answer: Policies that are applied at the global level are inherited by all devices that are configured on the Router MC.

Q15. I have just completed deploying a job and it appears that the VPN is having connectivity issues. What steps can I take to repair the damage?

Answer: Rollback the job.

Q16. What is the method used to capture data about existing devices and send it to the Router MC?

Answer: Device import

Q17. What items are predefined in the Router MC?

Answer: Device groups and policies

Q18. What is the definition of IPSec?

Answer: IPSec is a framework of open standards that provide security services at the IP layer.

Q19. What additional functionality do you get by tunneling IPSec with GRE?

Answer: You can encapsulate routing protocols within GRE to add resiliency to the VPN connection.

Q20. What is defined within the “tunnel policies”?

Answer: The authentication and encryption algorithms for the IPSec tunnel.

Q21. How long can a job remain open?

Answer: Until it has been deployed or rejected.

Q22. What should you do if a job deployment doesn’t “stick”?

Answer: Redeploy the job.

Q23. What CiscoWorks 2000 account has read-only permissions?

Answer: Help Desk

More Resources

About the author


Leave a Comment