Config Router

  • Google Sheets
  • CCNA Online training
    • CCNA
  • CISCO Lab Guides
    • CCNA Security Lab Manual With Solutions
    • CCNP Route Lab Manual with Solutions
    • CCNP Switch Lab Manual with Solutions
  • Juniper
  • Linux
  • DevOps Tutorials
  • Python Array
You are here: Home / Cisco / CCNP Secure FAQ: Deploying High Availability in Tunnel-Based IPsec VPNs

CCNP Secure FAQ: Deploying High Availability in Tunnel-Based IPsec VPNs

February 2, 2020 by Marques Brownlee

CCNP Secure FAQ: Deploying High Availability in Tunnel-Based IPsec VPNs

Q1. What can be used to mitigate device failure?
a. Single ISP transport networks
b. Multiple ISP transport networks
c. Multiple devices at a site
d. Redundant interfaces on a VPN device

Answer: C

Q2. What can be done to provide high availability when the cost of redundant devices cannot be justified?
a. Use single ISP transport networks
b. Use multiple ISP transport networks
c. Use redundant interfaces
d. Use multiple devices at a site

Answer: C

Q3. When a transport network is not under organizational control, it might be necessary to choose which of the following?
a. A different VPN technology
b. Traditional WAN circuits
c. Point-to-multipoint topology
d. Redundant routers
e. Multiple independent transport networks

Answer: E

Q4. Which interface command can be used to choose the best path when deploying the dynamic routing protocol OSPF?
a. ip ospf cost
b. ip ospf tuning
c. ip ospf path
d. ip ospf router
e. None of these answers are correct.

Answer: A

Q5. In a VTI-based IPsec VPN, traffic that should be protected by the VPN tunnel should be routed how?
a. Carefully
b. Redundantly
c. Dynamically
d. Statically

Answer: D

Q6. What should be used to provide a virtual gateway for clients at the spoke site?
a. IPsec
b. DHCP
c. HSRP
d. AAA
e. None of these answers are correct.

Answer: C

Q7. IPsec shared SAs are enabled with what command?
a. tunnel protection ipsec profile shared
b. ipsec dual SA
c. ip split sa
d. crypto ipsec sa redundant
e. None of these answers are correct.

Answer: A

Q8. Which high-availability scenario provides the highest level of redundancy because it mitigates failures of devices, interfaces, access links, and transport networks?
a. Static VTI-based VPN
b. Single DMVPN
c. Dual DMVPN
d. Dual ISPs

Answer: C

Q9. In the case of redundant DMVPNs with multiple GRE tunnels establishing between the same spokes, it is necessary to use _____ for IPsec SAs to establish properly.

Answer: shared IPsec SAs
ccnp-secure-faq-deploying-high-availability-tunnel-based-ipsec-vpns
Figure: Redundancy with Dual DMVPNs

Q10. The routing protocol detects both device and path failures using its _____.

Answer: keepalives

Q11. You should design the VPN to meet an organization’s requirements for availability. The design should provide a level of high availability that is commensurate with the _____ of meeting availability needs.

Answer: cost 

Q12. If _____ are needed, you should either deploy a completely redundant network path that is under the control of local administration or use multiple-transport networks (two ISPs) and connect them to either redundant interfaces or redundant VPN devices.

Answer: complete redundant paths

Q13. _____ will automatically detect peer failures and path failures and then automatically reroute around the failure if redundant paths and devices are in place.

Answer: Dynamic routing protocols

Q14. In a VTI-based IPsec VPN topology, an interior routing protocol will see the VTIbased VPN tunnel as a _____ link.

Answer: point-to-point

Q15. An interior routing protocol will view a _____ as either point-to-multipoint (for strict hub-and-spoke DMVPNs) or as a broadcast network (partial or full mesh DMVPNs).

Answer: DMVPN 

Q16. To provide redundancy for a DMVPN topology, it is recommended to create two separate DMVPN networks by using _____ and one or two spoke routers at remote sites.

Answer: two hub routers

Q17. Routing protocols can detect both _____ and _____.

Answer: path failures , VPN device failures.

More Resources

  • CCNP Secure FAQ
  • CCNP Secure IPS FAQ
  • CCNP Route Notes
  • CCNP Route Lab Manual with Solutions
  • CCNP Security VPN FAQ
  • CCNP Switch FAQ
  • CCNP Switch Lab Manual with Solutions

Related

Filed Under: Cisco Tagged With: CCNP Secure FAQ, Deploying High Availability in Tunnel-Based IPsec VPNs

Recent Posts

  • How do I give user access to Jenkins?
  • What is docker volume command?
  • What is the date format in Unix?
  • What is the difference between ARG and ENV Docker?
  • What is rsync command Linux?
  • How to Add Music to Snapchat 2021 Android? | How to Search, Add, Share Songs on Snapchat Story?
  • How to Enable Snapchat Notifications for Android & iPhone? | Steps to Turn on Snapchat Bitmoji Notification
  • Easy Methods to Fix Snapchat Camera Not Working Black Screen Issue | Reasons & Troubleshooting Tips to Solve Snapchat Camera Problems
  • Detailed Procedure for How to Update Snapchat on iOS 14 for Free
  • What is Snapchat Spotlight Feature? How to Make a Spotlight on Snapchat?
  • Snapchat Hack Tutorial 2021: Can I hack a Snapchat Account without them knowing?

Copyright © 2023 · News Pro Theme on Genesis Framework · WordPress · Log in