data integrity
data confidentiality
data authentication
outer IP header confidentiality
outer IP header authentication
第1题:
IPSec VPN is a widely-acknowledged solution for enterprise network. Which three IPsec VPNstatements are true?()
第2题:
What is not a difference between VPN tunnel authentication and per-user authentication?()
第3题:
Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by ESP?() (Choose three.)
第4题:
Which three advanced permit actions within security policies are valid?() (Choose three.)
第5题:
Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by ESP?()
第6题:
Which three firewall user authentication objects can be referenced in a security policy? ()(Choose three.)
第7题:
data integrity
data confidentiality
data authentication
outer IP header confidentiality
outer IP header authentication
第8题:
data integrity
data confidentiality
data authentication
outer IP header confidentiality
outer IP header authentication
第9题:
Twenty bytes of header will be replaced with five bytes.
If the IPSec transform set includes Authentication Header, the receiving IPSec peer will discard the packets.
The IPSec packets will be dropped by Router A's compression logic.
The voice packets will not be compressed.
第10题:
VPN traffic needs to be classified based on the Layer2 header information
VPN traffic needs to be classified based on the IP precedence or DSCP
VPN traffic needs to be classified based on IP flow or Layer 3 information, such as source and destination IP address
VPN traffic with Authentication Header (AH) needs to preserve the ToS byte
第11题:
Mark permitted traffic for firewall user authentication.
Mark permitted traffic for SCREEN options.
Associate permitted traffic with an IPsec tunnel.
Associate permitted traffic with a NAT rule.
Mark permitted traffic for IDP processing.
第12题:
hold priority
setup priority
FEC IP address
resource availability
local protection option
第13题:
Which three features are benefits of using GRE tunnels in conjunction with IPsec for building site-to-site VPNs?()
第14题:
Which QoS preclassification option will require the use of the qos pre-classify command for the VPN traffic? ()
第15题:
What is true about Quality of Service (QoS) for VPNs?()
第16题:
Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by AH?() (Choose three.)
第17题:
Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by AH?()
第18题:
You need to design a method of communication between the IT and HR departments. Your solution must meet business requirements. What should you do?()
第19题:
access profile
client group
client
default profile
external
第20题:
data integrity
data confidentiality
data authentication
outer IP header confidentiality
outer IP header authentication
第21题:
VPN tunnel authentication is part of the IKE specification.
VPN tunnel authentication does not control which end user can use the IPSec SA (VPN tunnel).
User authentication is used to control access for a specific user ID, and can be used with or without a VPN tunnel for network access authorization.
802.1X with EAP-TLS (X.509 certificates) can be used to authenticate an IPSec tunnel.
第22题:
data integrity
data confidentiality
data authentication
outer IP header confidentiality
outer IP header authentication
第23题:
allows dynamic routing over the tunnel
supports multi-protocol (non-IP) traffic over the tunnel
reduces IPsec headers overhead since tunnel mode is used
simplifies the ACL used in the crypto map
uses Virtual Tunnel Interface (VTI) to simplify the IPsec VPN configuration
第24题:
IKE keepalives are unidirectional and sent every ten seconds
IPsec uses the Encapsulating Security Protocol (ESP) or the Authentication Header (AH)protocol for exchanging keys
To establish IKE SA, main mode utilizes six packets while aggressive mode utilizes only threepackets
IKE uses the Diffie-Hellman algorithm to generate symmetrical keys to be used by IPsec peers