多选题Which three security concerns can be addressed by a tunnel mode IPSec VPN secured by AH?()(Choose three.)Adata integrityBdata confidentialityCdata authenticationDouter IP header confidentialityEouter IP header authentication
题目
data integrity
data confidentiality
data authentication
outer IP header confidentiality
outer IP header authentication
相似考题
更多“多选题Which three security concerns can be addressed by a tunnel mode IPSec VPN secured by AH?()(Choose three.)Adata integrityBdata confidentialityCdata authenticationDouter IP header confidentialityEouter IP header authentication”相关问题
-
第1题:
IPSec VPN is a widely-acknowledged solution for enterprise network. Which three IPsec VPNstatements are true?()
- A、IKE keepalives are unidirectional and sent every ten seconds
- B、IPsec uses the Encapsulating Security Protocol (ESP) or the Authentication Header (AH)protocol for exchanging keys
- C、To establish IKE SA, main mode utilizes six packets while aggressive mode utilizes only threepackets
- D、IKE uses the Diffie-Hellman algorithm to generate symmetrical keys to be used by IPsec peers
正确答案:A,C,D -
第2题:
What is not a difference between VPN tunnel authentication and per-user authentication?()
- A、VPN tunnel authentication is part of the IKE specification.
- B、VPN tunnel authentication does not control which end user can use the IPSec SA (VPN tunnel).
- C、User authentication is used to control access for a specific user ID, and can be used with or without a VPN tunnel for network access authorization.
- D、802.1X with EAP-TLS (X.509 certificates) can be used to authenticate an IPSec tunnel.
正确答案:D -
第3题:
Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by ESP?() (Choose three.)
- A、data integrity
- B、data confidentiality
- C、data authentication
- D、outer IP header confidentiality
- E、outer IP header authentication
正确答案:A,B,C -
第4题:
Which three advanced permit actions within security policies are valid?() (Choose three.)
- A、Mark permitted traffic for firewall user authentication.
- B、Mark permitted traffic for SCREEN options.
- C、Associate permitted traffic with an IPsec tunnel.
- D、Associate permitted traffic with a NAT rule.
- E、Mark permitted traffic for IDP processing.
正确答案:A,C,E -
第5题:
Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by ESP?()
- A、data integrity
- B、data confidentiality
- C、data authentication
- D、outer IP header confidentiality
- E、outer IP header authentication
正确答案:A,B,C -
第6题:
Which three firewall user authentication objects can be referenced in a security policy? ()(Choose three.)
- A、access profile
- B、client group
- C、client
- D、default profile
- E、external
正确答案:A,B,C -
第7题:
多选题Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by ESP?() (Choose three.)Adata integrity
Bdata confidentiality
Cdata authentication
Douter IP header confidentiality
Eouter IP header authentication
正确答案: E,D解析: 暂无解析 -
第8题:
多选题Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by AH?() (Choose three.)Adata integrity
Bdata confidentiality
Cdata authentication
Douter IP header confidentiality
Eouter IP header authentication
正确答案: A,B解析: 暂无解析 -
第9题:
单选题Refer to the exhibit. With an IPSec tunnel established between remote Router A and head-end router B, with Compressed Real-Time Protocol (cRTP) configured on the serial interface of Router A, what impact will the cRTP configuration have on the Voice over IP packets flowing through the IPSec tunnel from a Cisco 7960 IP phone?()ATwenty bytes of header will be replaced with five bytes.
BIf the IPSec transform set includes Authentication Header, the receiving IPSec peer will discard the packets.
CThe IPSec packets will be dropped by Router A's compression logic.
DThe voice packets will not be compressed.
正确答案: D解析: 暂无解析 -
第10题:
单选题Which QoS preclassification option will require the use of the qos pre-classify command for the VPN traffic? ()AVPN traffic needs to be classified based on the Layer2 header information
BVPN traffic needs to be classified based on the IP precedence or DSCP
CVPN traffic needs to be classified based on IP flow or Layer 3 information, such as source and destination IP address
DVPN traffic with Authentication Header (AH) needs to preserve the ToS byte
正确答案: D解析: 暂无解析 -
第11题:
多选题Which three advanced permit actions within security policies are valid?() (Choose three.)AMark permitted traffic for firewall user authentication.
BMark permitted traffic for SCREEN options.
CAssociate permitted traffic with an IPsec tunnel.
DAssociate permitted traffic with a NAT rule.
EMark permitted traffic for IDP processing.
正确答案: B,D解析: 暂无解析 -
第12题:
多选题Which three can be specified within an RSVP session attribute object?() (Choose three.)Ahold priority
Bsetup priority
CFEC IP address
Dresource availability
Elocal protection option
正确答案: E,C解析: 暂无解析 -
第13题:
Which three features are benefits of using GRE tunnels in conjunction with IPsec for building site-to-site VPNs?()
- A、allows dynamic routing over the tunnel
- B、supports multi-protocol (non-IP) traffic over the tunnel
- C、reduces IPsec headers overhead since tunnel mode is used
- D、simplifies the ACL used in the crypto map
- E、uses Virtual Tunnel Interface (VTI) to simplify the IPsec VPN configuration
正确答案:A,B,D -
第14题:
Which QoS preclassification option will require the use of the qos pre-classify command for the VPN traffic? ()
- A、VPN traffic needs to be classified based on the Layer2 header information
- B、VPN traffic needs to be classified based on the IP precedence or DSCP
- C、VPN traffic needs to be classified based on IP flow or Layer 3 information, such as source and destination IP address
- D、VPN traffic with Authentication Header (AH) needs to preserve the ToS byte
正确答案:C -
第15题:
What is true about Quality of Service (QoS) for VPNs?()
- A、QoS preclassification is only supported on generic routing encapsulation (GRE) and IPsec VPNs
- B、QoS preclassification is not required in Layer 2 Tunneling Protocol (L2TP), Layer2 Forwarding (L2F), and Point-to-Point Tunneling Protocol (PPTP) VPNs
- C、QoS preclassification is supported on IPsec AH VPNs, but not on IPsec ESP VPNs
- D、the QoS-for-VPNs feature (QoS preclassification) is designed for VPN transport interfaces
- E、with IPsec tunnel mode, the type of service (ToS) byte value is copied automatically from the original IP header to the tunnel header
正确答案:C -
第16题:
Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by AH?() (Choose three.)
- A、data integrity
- B、data confidentiality
- C、data authentication
- D、outer IP header confidentiality
- E、outer IP header authentication
正确答案:A,C,E -
第17题:
Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by AH?()
- A、data integrity
- B、data confidentiality
- C、data authentication
- D、outer IP header confidentiality
- E、outer IP header authentication
正确答案:A,C,E -
第18题:
You need to design a method of communication between the IT and HR departments. Your solution must meet business requirements. What should you do?()
- A、Design a custom IPSec policy to implement Encapsulating Security Payload (ESP) for all IP traffic Design the IPSec policy to use certificate-based authentication between the two departments’ computers
- B、Design a customer IPSec policy to implement Authentication Header (AH) for all IP traffic. Desing the IPSec policy to use preshared key authentication between the two departments’ computers
- C、Design a customer IPSec policy to implement Encapsulating Payload (ESP) for all IP traffic. Desing the IPSec policy to use preshared key authentication between the two departments’ computers
- D、Design a customer IPSec policy to implement Authentication Header (AH) for all IP traffic. Desing the IPSec policy to use certificate-based authentication between the two departments’ computers
正确答案:A -
第19题:
多选题Which three firewall user authentication objects can be referenced in a security policy? ()(Choose three.)Aaccess profile
Bclient group
Cclient
Ddefault profile
Eexternal
正确答案: A,C解析: 暂无解析 -
第20题:
多选题Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by AH?()Adata integrity
Bdata confidentiality
Cdata authentication
Douter IP header confidentiality
Eouter IP header authentication
正确答案: C,E解析: 暂无解析 -
第21题:
单选题What is not a difference between VPN tunnel authentication and per-user authentication?()AVPN tunnel authentication is part of the IKE specification.
BVPN tunnel authentication does not control which end user can use the IPSec SA (VPN tunnel).
CUser authentication is used to control access for a specific user ID, and can be used with or without a VPN tunnel for network access authorization.
D802.1X with EAP-TLS (X.509 certificates) can be used to authenticate an IPSec tunnel.
正确答案: A解析: 暂无解析 -
第22题:
多选题Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by ESP?()Adata integrity
Bdata confidentiality
Cdata authentication
Douter IP header confidentiality
Eouter IP header authentication
正确答案: E,A解析: 暂无解析 -
第23题:
多选题Which three features are benefits of using GRE tunnels in conjunction with IPsec for building site-to-site VPNs?()Aallows dynamic routing over the tunnel
Bsupports multi-protocol (non-IP) traffic over the tunnel
Creduces IPsec headers overhead since tunnel mode is used
Dsimplifies the ACL used in the crypto map
Euses Virtual Tunnel Interface (VTI) to simplify the IPsec VPN configuration
正确答案: B,E解析: 暂无解析 -
第24题:
多选题IPSec VPN is a widely-acknowledged solution for enterprise network. Which three IPsec VPNstatements are true?()AIKE keepalives are unidirectional and sent every ten seconds
BIPsec uses the Encapsulating Security Protocol (ESP) or the Authentication Header (AH)protocol for exchanging keys
CTo establish IKE SA, main mode utilizes six packets while aggressive mode utilizes only threepackets
DIKE uses the Diffie-Hellman algorithm to generate symmetrical keys to be used by IPsec peers
正确答案: D,B解析: 暂无解析