when the remote VPN peer is behind a NAT device
when multiple networks need to be reached across the tunnel and GRE cannot be used
when the remote VPN peer is a dialup or remote access client
when a dynamic routing protocol is required across the VPN and GRE cannot be used
第1题:
When designing remote access to the Enterprise Campus network for teleworkers and mobileworkers, which of the following should the designer consider?()
第2题:
The LAN-side of the Teleworker router is assigned private IP address space (RFC1918), and the VPN topology is IPSec-only (no GRE protocol). When is it required to configure NAT/pNAT on the Teleworker router?()
第3题:
You have a VPN server named Server1 and a file server named Server2. Both servers run Windows Server 2003 Service Pack 2 (SP2). VPN clients report that they cannot access shares on Server2 after connecting to Server1. You confirm that VPN clients receive the appropriate IP configurations and that they have permissions to the shared folders on Server2. You need to ensure that VPN clients can access the shares on Server2 when they connect to the network by using a VPN connection. What should you do? ()
第4题:
Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }
第5题:
Why is NTP an important component when implementing IPSec VPN in a PKI environment?()
第6题:
Regarding a route-based versus policy-based IPsec VPN, which statement is true?()
第7题:
The MAC can only be delivered to a mobile phone and is good for a single use only.
The MAC can be delivered by mobile phone, e-mail, or fax, and it is good for one time authentication only.
The MAC can only be delivered to a mobile phone and it is good until the expiration time is reached, as set by an administrator.
The MAC can be delivered by mobile phone, email, or fax, and it is good until the expiration time is reached, as set by an administrator.
第8题:
when you want to conserve tunnel resources
when the remote peer is a dialup or remote access client
when you want to configure a tunnel policy with an action of deny
when a dynamic routing protocol such as OSPF must be sent across the VPN
第9题:
set policy tunnel-traffic then tunnel remote-vpn
set policy tunnel-traffic then permit tunnel remote-vpn
set policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permit
set policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn
第10题:
dynamic reconfiguration
path MTU discovery
auto setup
remote management
第11题:
when the remote VPN peer is behind a NAT device
when multiple networks need to be reached across the tunnel and GRE cannot be used
when the remote VPN peer is a dialup or remote access client
when a dynamic routing protocol is required across the VPN and GRE cannot be used
第12题:
From the Routing and Remote Access snap-in on Server2, enable IP Routing.
From the Routing and Remote Access snap-in on Server2, enable Link Control Protocol (LCP) extensions.
From Utility Manager on Server1, enable the Start automatically when I log on option.
In the local security policy on Server2, configure the Network Access: Shares that can be accessed anonymously setting.
第13题:
When using the Cisco SDM Quick Setup Siteto-Site VPN wizard, which three parameters do you configure?()
第14题:
A route-based VPN is required for which scenario? ()
第15题:
A policy-based IPsec VPN is ideal for which scenario?()
第16题:
Which VPN management feature would be considered to ensure that the network had the least disruption of service when making topology changes?()
第17题:
An SSL VPN can be used in conjunction with IBM Tivoli Access Manager for Enterprise Single Sign-On to provide remote access to business critical information. Which statement is true about the Mobile ActiveCode (MAC) when it is used with a VPN Solution for remote access?()
第18题:
A route-based VPN is required for which scenario?()
第19题:
Open port 1423 on the firewall
Open port 1723 on the firewall
Open port 3389 on the firewall
Open port 6000 on the firewall
第20题:
when the remote VPN peer is behind a NAT device
when multiple networks need to be reached across the tunnel
when the remote VPN peer is a dialup or remote access client
when a dynamic routing protocol such as OSPF is required across the VPN
第21题:
To ensure the router has the correct time when generating its private/public key pairs.
To ensure the router has the correct time when checking certificate validity from the remote peers
To ensure the router time is sync with the remote peers for encryption keys generation
To ensure the router time is sync with the remote peers during theDH exchange
To ensure the router time is sync with the remote peers when generating the cookies during IKE phase 1
第22题:
A route-based VPN generally uses less resources than a policy-based VPN.
A route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny action.
A route-based VPN is better suited for dialup or remote access compared to a policy-based VPN.
A route-based VPN uses a policy referencing the IPsec VPN; a policy-based VPN policy does not use apolicy referencing the IPsec VPN
第23题:
dynamic reconfiguration
path MTU discovery
auto setup
remote management
第24题:
It is recommended to place the VPN termination device in line with the Enterprise Edge 1
Maintaining access rules, based on the source IP of the client, on an internal firewall drawnfrom a headend RADIUS server is the most secure deployment
VPN Headend routing using Reverse Route Injection (RRI) with distribution is recommended when the remote user community is small and dedicated DHCP scopes are in place
Clientless SSL VPNs provide more granular access control than SSL VPN clients (thin or thick),including at Layer 7