CCNP Secure FAQ: Deploying Remote Access Solutions Using SSL VPNs
Q1. Which type of SSL VPN architecture supports any IP application without application modification?
a. Full tunneling
b. Split tunneling
c. Clientless tunneling
d. None of these answers are correct.
Q2. Which type of VPN architecture allows remote users URL and CIFS file access to internal resources through a web browser?
a. Split tunneling
b. Full tunneling
c. Clientless
d. Terminal services
e. None of these answers are correct.
Q3. What provides endpoint authentication for both the client and the server?
a. Web browser
b. SHA-1
c. TCP traffic
d. SSL/TLS
e. None of these answers are correct.
Q4. What can directly influence the strength of protection provided by algorithms such
as 3DES or AES?
a. Key length
b. Firewall rules
c. IPS inspection engine
d. Certificate expiration date
e. None of these answers are correct.
Q5. What are the two choices of SSL VPNs?
a. Clientless with a web browser
b. Cisco AnyConnect VPN client
c. Proxy mode
d. None of these answers are correct.
Q6. After authentication, what does the Cisco ISR apply a set of to the user session?
a. Static routes
b. Split tunneling routes
c. Authorization rules
d. None of these answers are correct.
Q7. The SSL VPN gateway is enabled on the Cisco ISR with which command?
a. inservice
b. ssl vpn enable
c. gateway
d. vpn enable
e. None of these answers are correct.
Q8. For proper authentication, what must be provisioned to the Cisco ISR?
a. Memory upgrade
b. IOS upgrade
c. Identity certificate
d. CA ROOT certificate
Q9. By default, which kind of certificate does the ISR create upon each reboot that will cause client warnings when attempting SSL VPN access because the certificate cannot be verified?
a. Certificate authority
b. Certificate CA
c. Self-signed X.509 certificate
d. ROOT certificate
Q10. What is assigned to the client as it connects in full tunnel mode?
a. A unique client ID number
b. A list of software to install
c. IP address
d. ROOT certificate
Q11. What is required for the initial installation of the Cisco AnyConnect client?
a. On-site technician
b. Terminal services session
c. Administrative privilege
d. Memory upgrade
Q12. What can users use to access internal resources with the ISR performing as a proxy to provide internal content on its SSL VPN portal?
a. SSH
b. Telnet
c. Web browser
d. Terminal session
Q13. What should be alleviated first as a factor for troubleshooting?
a. Authentication problems
b. Verify that the service is running
c. Connectivity issues
d. Proper authorization
Q14. The ISR uses the identity certificate to _____ itself to remote clients.
Q15. _____ can increase the risk to remote clients and internal resources because the clients can potentially act as a relay between untrusted and trusted networks.
Q16. When terminating a clientless VPN, the ISR acts as a _____ to provide access to internal resources to remote users.
Q17. _____ VPNs require VPN client software to be installed on the remote computer or dedicated VPN devices (hardware clients) to enable full routed IP access to internal resources.
Q18. _____ VPNs are easier to deploy than a full tunneling remote access VPN, but they typically provide limited access to resources when compared to the full tunnel.
Q19. Clientless deployments require that the user open a web browser, which acts as the VPN client, and the VPN gateway acts as a _____ device to the internal resources.
Q20. The recommended algorithms for IKE session encryption are _____ and _____.
Q21. The recommended hash algorithm to provide message authentication and integrity is _____.
Q22. The recommended algorithms for encryption of user traffic are _____ and _____.
Q23. _____ requires administrative privileges because it changes the local host’s file.
More Resources