CCNP Security VPN FAQ: Overview of VPN and IPSec Technologies
Question. Which Cisco hardware product families support IPSec VPN technology?
Question. What are the two IPSec protocols?
Question. Which type of VPNs use a combination of the same infrastructures that are used by the other two types of VPNs?
Question. Which of the Cisco VPN 3000 Series Concentrators is a fixed-configuration device?
Question. What key element is contained in the AH or ESP packet header?
Question. What are the two modes of operation for AH and ESP?
Question. How many Security Associations (SAs) does it take to establish bidirectional IPSec communications between two peers?
Question. What is a message digest?
Question. Which current RFCs define the IPSec protocols?
Question. What message integrity protocols does IPSec use?
Question. What is the triplet of information that uniquely identifies a security association?
uniquely identifies a security association.
Question. You can select to use both authentication and encryption when using the ESP protocol. Which is performed first when you do this?
Question. What five parameters are required by IKE Phase 1?
A. Encryption algorithm
B. Hashing algorithm
C. Authentication method
D. Key exchange method
E. IKE SA lifetime
Question. What is the difference between the deny keyword in a crypto Access Control List (ACL) and the deny keyword in an access ACL?
Question. What transform set would allow SHA-1 authentication of both AH and ESP packets and would also provide Triple Data Encryption Standard (3DES) encryption for ESP?
Question. What are the five steps of the IPSec process?
A. Interesting traffic triggers IPSec process.
B. Authenticate peers and establish IKE SAs (IKE Phase 1).
C. Establish IPSec SAs (IKE Phase 2).
D. Allow secured communications.
E. Terminate VPN.
Question. What are the Cisco hardware product families that support IPSec VPN technology?
Question. What are the two IPSec protocols?
Question. What are the three major VPN categories?
Question. What is an SEP module used for?
Question. What are the primary reasons cited for choosing VPN technology?
Question. Why are remote access VPNs considered ubiquitous?
Question. What types of VPNs are typically built across service provider shared network infrastructures?
Question. Which type of VPNs use a combination of the same infrastructures that are used by the other two types of VPNs?
Question. What hardware would you use to build intranet and extranet VPNs?
Question. Which Cisco routers provide support for Cisco EzVPN Remote?
Question. Which Cisco router series supports VAMs?
Question. Which Cisco router series supports ISMs?
Question. Which of the Cisco PIX Firewall models are fixed-configuration devices?
Question. Which Cisco PIX Firewall models offer a failover port for high availability and support VACs?
Question. Which series of Cisco hardware devices are purpose-built remote access VPN devices?
Question. Which of the Cisco VPN 3000 Series Concentrators is a fixed-configuration device?
Question. Which of the Cisco VPN 3000 Series Concentrators can accept SEP modules?
Question. What feature of the Cisco Unity Client makes it scalable?
Question. Which of Cisco’s VPN clients can be used with any operating system that communicates in IP?
Question. What protocol enables IP-enabled wireless devices such as PDAs and Smart Phones to participate in VPN communications?
Question. What are the three phases of Cisco Mobile Office?
Question. What is the distinctive characteristic of Cisco VPN Device Manager?
Question. What is Cisco’s AAA server, and what AAA systems does it support?
Question. Which web-based management tool can display a physical representation of each managed device?
Question. What are the current RFCs that define the IPSec protocols?
Question. What are three shortcomings of IPSec?
A. IPSec does not support DLSw or SRB.B. IPSec does not support multipoint tunnels.C. IPSec works strictly with unicast IP datagrams only. It does not work with multicast or broadcast IP datagrams.D. IPSec is slower than Cisco Encryption Technology (CET) because IPSec provides per-packet data authentication.E. IPSec provides packet expansion that can cause fragmentation and reassembly of IPSec packets, creating another reason that IPSec is slower than CET.
Question. What message encryption protocols does IPSec use?
Question. What message integrity protocols does IPSec use?
Question. What methods does IPSec use to provide peer authentication?
Question. What methods does IPSec use for key management?
Question. What is the key element contained in the AH or ESP packet header?
Question. Which IPSec protocol does not provide encryption services?
Question. What is the triplet of information that uniquely identifies a Security Association?
Question. What is an ICV?
Question. What IPSec protocol must you use when confidentiality is required in your IPSec communications?
Question. What is the primary difference between the mechanisms used by AH and ESP to modify an IP packet for IPSec use?
Question. What are the two modes of operation for AH and ESP?
Question. Which IPSec protocol should you use if your system is using NAT?
Question. You can select to use both authentication and encryption when using the ESP protocol. Which is performed first when you do this?
Question. How many SAs does it take to establish bidirectional IPSec communications between two peers?
Question. Which encryption protocol was considered unbreakable at the time of its adoption?
Question. What process does 3DES use to obtain an aggregate 168-bit key?
Question. What is a message digest?
which depends on the hashing algorithm used.
Question. What does HMAC-MD5-96 mean?
Question. What does HMAC-SHA1-96 mean?
Question. How are preshared keys exchanged?
Question. What does the Diffie-Hellman key agreement protocol permit?
Question. Why is D-H not used for symmetric key encryption processes?
Question. What is a CRL?
Question. What are the five parameters required by IKE Phase 1?
A. Encryption algorithm
B. Hashing algorithm
C. Authentication method
D. Key exchange method
E. IKE SA lifetime
Question. What are the valid AH authentication transforms?
Question. What transform set would allow for SHA-1 authentication of both AH and ESP packets and would also provide 3DES encryption for ESP?
Question. What steps should you take before you begin the task of configuring IPSec on a Cisco device?
Step 1 Establish an IKE policy.
Step 2 Establish an IPSec policy.
Step 3 Examine the current configuration.
Step 4 Test the network before IPSec.
Step 5 Permit IPSec ports and protocols.
Question. What are the five steps of the IPSec process?
Step 1 Interesting traffic triggers IPSec process.
Step 2 Authenticate peers and establish IKE SAs (IKE Phase 1).
Step 3 Establish IPSec SAs (IKE Phase 2).
Step 4 Allow secured communications.
Step 5 Terminate VPN
Question. What is the difference between the deny keyword in a crypto ACL and the deny keyword in an access ACL?
a crypto ACL, the deny keyword tells the network device to pass the traffic in the
clear without the benefit of IPSec security.