CCNP Secure FAQ: Deploying Remote Access Solutions Using SSL VPNs

CCNP Secure FAQ: Deploying Remote Access Solutions Using SSL VPNs

Q1. Which type of SSL VPN architecture supports any IP application without application modification?
a. Full tunneling
b. Split tunneling
c. Clientless tunneling
d. None of these answers are correct.

Answer: A
Figure: Full Tunneling Scenario

Q2. Which type of VPN architecture allows remote users URL and CIFS file access to internal resources through a web browser?
a. Split tunneling
b. Full tunneling
c. Clientless
d. Terminal services
e. None of these answers are correct.

Answer: C

Q3. What provides endpoint authentication for both the client and the server?
a. Web browser
b. SHA-1
c. TCP traffic
e. None of these answers are correct.

Answer: D

Q4. What can directly influence the strength of protection provided by algorithms such
as 3DES or AES?
a. Key length
b. Firewall rules
c. IPS inspection engine
d. Certificate expiration date
e. None of these answers are correct.

Answer: A

Q5. What are the two choices of SSL VPNs?
a. Clientless with a web browser
b. Cisco AnyConnect VPN client
c. Proxy mode
d. None of these answers are correct.

Answer: A and B

Q6. After authentication, what does the Cisco ISR apply a set of to the user session?
a. Static routes
b. Split tunneling routes
c. Authorization rules
d. None of these answers are correct.

Answer: C

Q7. The SSL VPN gateway is enabled on the Cisco ISR with which command?
a. inservice
b. ssl vpn enable
c. gateway
d. vpn enable
e. None of these answers are correct.

Answer: A

Q8. For proper authentication, what must be provisioned to the Cisco ISR?
a. Memory upgrade
b. IOS upgrade
c. Identity certificate
d. CA ROOT certificate

Answer: C

Q9. By default, which kind of certificate does the ISR create upon each reboot that will cause client warnings when attempting SSL VPN access because the certificate cannot be verified?
a. Certificate authority
b. Certificate CA
c. Self-signed X.509 certificate
d. ROOT certificate

Answer: C

Q10. What is assigned to the client as it connects in full tunnel mode?
a. A unique client ID number
b. A list of software to install
c. IP address
d. ROOT certificate

Answer: C

Q11. What is required for the initial installation of the Cisco AnyConnect client?
a. On-site technician
b. Terminal services session
c. Administrative privilege
d. Memory upgrade

Answer: C

Q12. What can users use to access internal resources with the ISR performing as a proxy to provide internal content on its SSL VPN portal?
a. SSH
b. Telnet
c. Web browser
d. Terminal session

Answer: C

Q13. What should be alleviated first as a factor for troubleshooting?
a. Authentication problems
b. Verify that the service is running
c. Connectivity issues
d. Proper authorization

Answer: C

Q14. The ISR uses the identity certificate to _____ itself to remote clients.

Answer: identify

Q15. _____ can increase the risk to remote clients and internal resources because the clients can potentially act as a relay between untrusted and trusted networks.

Answer: Split tunneling

Q16. When terminating a clientless VPN, the ISR acts as a _____ to provide access to internal resources to remote users.

Answer: proxy

Q17. _____ VPNs require VPN client software to be installed on the remote computer or dedicated VPN devices (hardware clients) to enable full routed IP access to internal resources.

Answer: Full tunneling

Q18. _____ VPNs are easier to deploy than a full tunneling remote access VPN, but they typically provide limited access to resources when compared to the full tunnel.

Answer: Clientless

Q19. Clientless deployments require that the user open a web browser, which acts as the VPN client, and the VPN gateway acts as a _____ device to the internal resources.

Answer: proxy

Q20. The recommended algorithms for IKE session encryption are _____ and _____.

Answer: AES-128, 3DES.

Q21. The recommended hash algorithm to provide message authentication and integrity is _____.

Answer: SHA-1 HMAC.

Q22. The recommended algorithms for encryption of user traffic are _____ and _____.

Answer: AES-128 , 3DES.

Q23. _____ requires administrative privileges because it changes the local host’s file.

Answer: Port forwarding

More Resources

About the author


Leave a Comment