CCNP Secure FAQ: Deploying GET VPNs
Q1. GET VPNs use which feature to provide large-scale transmission protection that uses the existing routing infrastructure? (Select all that apply.)
a. Tunnel-free
b. X.500
c. Connectionless
d. ISAKMP
e. Encrypted
Q2. GET VPNs use a concept of which of the following to provide transmission protection? (Select all that apply.)
a. Certificates
b. IPsec
c. Key servers
d. Group members
e. None of these answers are correct.
Q3. To implement a GET VPN over the Internet, which type of IP addresses must be used on all networks?
a. Private
b. Class A
c. NAT
d. Routable
e. None of these answers are correct.
Q4. GET VPNs maintain which aspect of the data packet?
a. Original IP header
b. Size
c. MAC address
d. Don’t Fragment bit setting
e. None of these answers are correct.
Q5. Which of the following are the two choices of rekeying used by key servers?
a. Unicast
b. Symmetric
c. Asymmetric
d. Multicast
Q6. Which of the following do you configure to prevent traffic from traversing an untrusted interface unless the group member is registered into a GET VPN?
a. ACL
b. Policy map
c. Fail-closed policy
d. GET VPN key server
e. None of these answers are correct.
Q7. What event might lead to several independent groups of key servers rekeying group members with different session keys?
a. Network split
b. Route reconvergence
c. Network merge
d. None of these answers are correct.
Q8. There can be up to how many key servers on a network?
a. Six
b. Seven
c. Eight
d. Ten
Q9. Reducing _____ on group members is recommended to reduce the load on the key server.
Q10. If the key server fails to get a _____ to a rekey message from the group member after three rekeys, it removes the group member.
Q11. By distributing _____ across multiple key servers and controlling the order of the key servers in the configurations, some load balancing can be achieved.
Q12. The _____ defines the encapsulation and cryptographic settings that will be distributed to the group members by the key server as part of the SA.
Q13. GET VPNs use _____ as the group keying mechanism.
Q14. GET VPNs provide connectionless, tunnel-free encryption that leverages the existing _____ infrastructure.
Q15. GET VPNs are based on GDOI, which is defined in RFC ____.
Q16. GDOI is a standards-based ISAKMP group key management protocol meant to provide secure communication within a _____.
More Resources