CCNP Secure FAQ: Deploying Remote Access Solutions Using EZVPN5
Q1. What enables Cisco Integrated Services Routers to act as VPN gateways?
a. Cisco EZVPN Remote
b. PKI
c. Cisco EZVPN Server
d. None of these answers are correct.
Q2. What can the EZVPN server use to create cryptographic tunnel contexts? (Select all that apply.)
a. VTI
b. IPsec
c. Crypto map
d. B and C
e. None of these answers are correct.
Q3. Which of the following is preferred to EZVPN for deploying full tunneling?
a. IPsec tunnels
b. Traditional WAN circuits
c. Client-based tunneling
d. SSL VPNs
e. None of these answers are correct.
Q4. Which is an additional authentication mechanism that can be used in addition to group passwords?
a. XAUTH
b. RADIUS
c. TACACS+
d. IPsec
e. None of these answers are correct.
Q5. Recommended practice dictates limiting the size of which of the following to mitigate the fallout if a group password is compromised?
a. Networks
b. VPNs
c. User databases
d. Groups
Q6. Which type of authentication should you use to make the implementation resistant to a man-in-the-middle attack?
a. One-way
b. Two-way
c. PKI-based
d. Group password–based
e. None of these answers are correct.
Q7. Which of the following is authenticated when using XAUTH with the EZVPN remote hardware device?
a. Rrouter
b. User
c. Network
d. None of these answers are correct.
Q8. Which of the following are modes of operation of the EZVPN Remote feature on hardware clients? (Select all that apply.)
a. Client mode
b. Network extension
c. Network extension plus
d. Client plus
9. What issue is mitigated by using certificate-based, rather than group password–based, EZVPN implementations?
a. Man-in-the-middle attack
b. DoS attacks
c. Ping sweep
d. Reconnaissance attack
10. What are the two areas to investigate when troubleshooting VPNs?
a. Session establishment
b. Data flow
c. Your ISP
d. None of the answers are correct.
Q11. Hosts behind the remote VPN router are not reachable for a session initiated from the central site in _____ mode.
Q12. The Easy VPN client can be the Cisco VPN client or an Easy VPN Remote hardware device such as the _____.
Q13. The Cisco Easy VPN Server can _____ IPsec tunnels that are initiated by remote users running VPN client software on their systems.
Q14. As the Cisco Easy VPN Remote initiates a VPN tunnel, the Cisco Easy VPN _____ pushes the IP Security (IPsec) policies to the Cisco Easy VPN Remote _____ and creates the corresponding VPN tunnel connection.
Q15. XAUTH takes place _____ IKE phase 1 completes and _____ the IKE phase 2 (IPsec SA) negotiations begin.
Q16. Group passwords are very vulnerable to compromise simply because of their _____ nature.
Q17. Configuring a basic Cisco ISR Easy VPN _____ consists of basic gateway configuration, group authentication, client configuration, and user authentication configuration.
Q18. The Cisco ISR can be used as an Easy VPN Remote _____.
Q19. You can enhance authentication by using _____ on remote clients and the Easy VPN Server.
More Resources