Config Router

  • Google Sheets
  • CCNA Online training
    • CCNA
  • CISCO Lab Guides
    • CCNA Security Lab Manual With Solutions
    • CCNP Route Lab Manual with Solutions
    • CCNP Switch Lab Manual with Solutions
  • Juniper
  • Linux
  • DevOps Tutorials
  • Python Array
You are here: Home / Cisco / CCNP Secure FAQ: Deploying Scalable Authentication in Site-to-Site IPsec VPNs

CCNP Secure FAQ: Deploying Scalable Authentication in Site-to-Site IPsec VPNs

February 2, 2020 by Marques Brownlee

CCNP Secure FAQ: Deploying Scalable Authentication in Site-to-Site IPsec VPNs

Q1. What is the one central trusted introducer called?
a. Identity certificate
b. RSA algorithm
c. Certificate authority
d. X.500 distinguished name
e. None of these answers are correct.

Answer: C
ccnp-secure-faq-deploying-scalable-authentication-site-site-ipsec-vpns
Figure: Showing Where the Trusted Introducer Is (User B)

Q2. A list of all certificates that are no longer valid is called which of the following?
a. Old certificate list
b. Revoked Certificate List
c. Certificate Revocation List (CRL)
d. Invalid Certificate Authority List
e. Expired Certificate List

Answer: C

Q3. Which of the following is something that can cause issues in a PKI system?
a. Synchronized time
b. Variable time
c. Unsynchronized time
d. Manually configured time
e. None of these answers are correct.

Answer: C

Q4. The SCEP interface on a Cisco IOS Software Certificate Server is enabled with what command?
a. ip scep server
b. set scep server enable
c. ip http server
d. crypto server scep
e. None of these answers are correct.

Answer: C

Q5. To integrate PKI-based authentication with site-to-site VPNs, which protocol must be configured to use PKI-based authentication?
a. IKE
b. GRE
c. AAA
d. RSA
e. VPN

Answer: A

Q6. PKI clients can enroll to the Cisco IOS Software Certificate Server using which two types of enrollment?
a. SCEP
b. IKE
c. TACACS
d. Manual

Answer: A and D

Q7. Which storage method is considered the most secure for storing a Cisco IOS Software PKI client’s private key?
a. USB Smart Token
b. NVRAM in clear text
c. Encrypted on an external USB storage
d. Encrypted on NVRAM
e. Private section in NVRAM

Answer: A

Q8. What information does the client send to the CA during the enrollment process?
a. IP address
b. Client’s private key
c. Client’s public key
d. Name of device

Answer: C and D

Q9. By default, what will the IKE process on Cisco IOS Software routers accept if signed by its locally defined trustpoint CA?
a. A client IP address
b. Client’s private key
c. Any valid certificate
d. A new CRL

Answer: C

Q10. _____ is where existing point-to-point key exchanges can be tied together to soften the public key distribution problem.

Answer: Trusted introducing

Q11. When enrolling to a PKI, clients submit their _____ and _____ to the CA.

Answer:  public key , name 

Q12. When deploying PKI-enabled VPNs, one of the major choices is whether to use a _____ PKI or an _____ PKI.

Answer: VPN-only,enterprise

Q13. _____ provides data integrity, data origin authentication, protection against replay, and confidentiality to user traffic.

Answer: Encapsulating Security Payload (ESP)

Q14. Digital signatures are commonly used by many authentication protocols for traffic running over _____ networks.

Answer: untrusted or public 

Q15. To participate in the PKI system, all end users must _____ with the CA, which involves a process in which they submit their public key and their name to the CA.

Answer: enroll

Q16. An _____ is a piece of information that binds a PKI member’s name to its public key and puts it into a standard format.

Answer: identity certificate

Q17. The Cisco IOS Software Certificate Server stores its database on the local _____ of the router.

Answer:  flash memory

More Resources

  • CCNP Secure FAQ
  • CCNP Secure IPS FAQ
  • CCNP Route Notes
  • CCNP Route Lab Manual with Solutions
  • CCNP Security VPN FAQ
  • CCNP Switch FAQ
  • CCNP Switch Lab Manual with Solutions

Related

Filed Under: Cisco Tagged With: CCNP Secure FAQ, Deploying Scalable Authentication in Site-to-Site IPsec VPNs

Recent Posts

  • How do I give user access to Jenkins?
  • What is docker volume command?
  • What is the date format in Unix?
  • What is the difference between ARG and ENV Docker?
  • What is rsync command Linux?
  • How to Add Music to Snapchat 2021 Android? | How to Search, Add, Share Songs on Snapchat Story?
  • How to Enable Snapchat Notifications for Android & iPhone? | Steps to Turn on Snapchat Bitmoji Notification
  • Easy Methods to Fix Snapchat Camera Not Working Black Screen Issue | Reasons & Troubleshooting Tips to Solve Snapchat Camera Problems
  • Detailed Procedure for How to Update Snapchat on iOS 14 for Free
  • What is Snapchat Spotlight Feature? How to Make a Spotlight on Snapchat?
  • Snapchat Hack Tutorial 2021: Can I hack a Snapchat Account without them knowing?

Copyright © 2023 · News Pro Theme on Genesis Framework · WordPress · Log in