Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • CCNA Guide Chapter 14 Solutions and IPSec Protocols

    Enviado por

    Kaycey Jo
    136 visualizações4 páginas

    Título original

    9781418837051_Sol_ch14.doc

    Direitos autorais

    © © All Rights Reserved

    Formatos disponíveis

    DOC, PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato DOC, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    136 visualizações4 páginas

    CCNA Guide Chapter 14 Solutions and IPSec Protocols

    Enviado por

    Kaycey Jo

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato DOC, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 4

    CCNA Guide to Cisco Networking, Fourth Edition Chapter 14 Solutions

    Chapter 14 Solutions
    Review Questions
    1. Which statement accurately defines IPsec?
    a. IPSec is an authentication protocol
    b. IPSec is a Cisco proprietary suite of protocols that allows for secure
    communication
    c. IPSec is an industry standard suite of protocols that allows for secure
    communication
    d. IPSec supports RADIUS and TACACS+

    2. Which command establishes an SSH key pair?


    a. SshRouter(config)#crypto key generate rsa
    b. SshRouter(config)#crypto-key generate rsa
    c. SshRouter(config)#crypto generate rsa
    d. SshRouter(config)#crypto key-generate rsa

    3. What two methods can be used to configure VPNs on a Cisco router?


    a. IPSec
    b. RADIUS
    c. CLI
    d. SDM
    e. ESP

    4. What services are provided by an IPS? (Choose all that apply)


    a. Examine data packets
    b. Authenticate users
    c. Account for users time on the network
    d. Drop malicious packets

    5. What services are provided by an IDS?


    a. Examine data packets
    b. Authenticate users
    c. Account for users time on the network
    d. Drop malicious packets

    6. What is the correct command sequence to protect all 4 of a routers VTY lines with SSH?
    a. SshRouter(config)#line vty 0 1
    SshRouter(config-line)#transport input ssh
    b. SshRouter(config)#line vty 0 4
    SshRouter(config-line)#transport in ssh
    c. SshRouter(config)#line con 0
    SshRouter(config-line)#transport input ssh
    d. SshRouter(config)#line vty 0 4
    SshRouter(config-line)#transport input ssh

    7. Which two protocols are supported by IPSec?


    a. ESP
    b. 3DES
    c. MD5
    d. SHA
    e. IKE

    1
    CCNA Guide to Cisco Networking, Fourth Edition Chapter 14 Solutions

    f. AH

    8. What two modes are supported by IPSec?


    a. Traversing mode
    b. Forwarding mode
    c. Tunnel mode
    d. Transport mode

    9. Which command successfully sets the SSH Timeout for connections to 1 minute and 30
    seconds?
    a. ip ssh-time-out 90
    b. ip ssh time-out 1min 30sec
    c. ip ssh-time-out 1min 30sec
    d. ip ssh time-out 90

    10. What functionality is supported by the Cisco SDM? (Choose all that apply)
    a. RADIUS
    b. Security Audit
    c. PPTP
    d. VPN configuration

    11. Select the authentication algorithms supported by IPSec. (Choose all that apply)
    a. ESP
    b. 3DES
    c. MD5
    d. SHA
    e. IKE
    f. AH

    12. AES What encryption algorithms are supported by IPSec? (Choose all that apply)
    a. ESP
    b. 3DES
    c. MD5
    d. SHA
    e. IKE
    f. AH
    g. AES

    13. Which tunneling protocols provide a secure tunnel for the data to travel through? (Choose
    all that apply)
    a. AH
    b. IPSec
    c. GRE
    d. L2TP
    e. PPTP

    14. What are the common services that provide authentication services on Cisco routers?
    (Choose all that apply)
    a. SSH
    b. RADIUS
    c. SSL
    d. TACACS+
    e. ESP

    15. The term authentication in Ciscos AAA model provides what service?

    2
    CCNA Guide to Cisco Networking, Fourth Edition Chapter 14 Solutions

    a. The ability to track login and logoff times of users Regulation of a users
    allowable activities on a device.
    b. Process to validate users
    c. The ability to verify data as it traverses the network
    d. The ability to verify data as it traverses the network

    16. The term authorization in Ciscos AAA model provides what service?
    a. The ability to verify data as it traverses the network
    b. The ability to track login and logoff times of users
    c. Process to validate users.
    d. Regulation of a users allowable activities on a device.

    17. The term accounting in Ciscos AAA model provides what service?
    a. Process to validate users.
    b. Regulation of a users allowable activities on a device.
    c. The ability to track login and logoff times of users
    d. The ability to verify data as it traverses the network

    18. What is the key reason for using SSH connections when connecting remotely to a router?
    a. SSH provides authentication services
    b. SSH encrypts data that would be clear text if using telnet
    c. SSH creates a VPN between the two nodes
    d. SSH examines data packets and reports malicious behavior

    19. What are you configuring when building a Cisco VPN with IPSec?
    a. An IPSec transform set
    b. An SSH transform set
    c. An ESP-AH-MD5 transform set
    d. An SSL transform set

    20. After building a default VPN with the SDM your transform set name would be ESP-3DES-
    SHA. What does this tell you about the protocols and algorithms used?
    a. That you are using 3DES as the authentication algorithm and SHA as the
    encryption algorithm
    b. That you are using ESP as the authentication algorithm and SHA as the
    encryption algorithm
    c. That you are using 3DES as the authentication algorithm and SHA as the
    encryption protocol
    d. That you are using 3DES as the encryption algorithm and SHA as the
    authentication algorithm

    Case Projects
    Case Project 1
    The recommendation should be to setup client-to-site VPNs.

    Case Project 2
    Answers vary based on students understanding of firewall technologies. Answers could include:

    Secure VPNs, IPSec protocol, security audit wizard, and access list.

    Case Project 3
    Given the requirements listed students must create the plan. One solution could be patches are

    installed and rotated monthly. For example, in January patches are installed in the Development

    3
    CCNA Guide to Cisco Networking, Fourth Edition Chapter 14 Solutions

    environment. In February the January patches are moved from Development to the QA

    environment. The February release of patches will then be installed into the Development

    environment, etc..

    Você também pode gostar