IPSEC related questions and their answers

* Question

Which IPSec rule is used for the Olympia branch and what does it define? (Choose two)

A – 102
B – 116
C – 127
D – IP traffic sourced from 10.10.10.0/24 destined to 10.5.15.0/24 will use the VPN.
E – IP traffic sourced from 10.10.10.0/24 destined to 10.8.28.0/24 will use the VPN.
F – IP traffic sourced from 10.10.10.0/24 destined to 10.5.33.0/24 will use the VPN.

 

Answer: B E

Explanation:

From the output above, we learn that the IPSec Rule is 116. Next click on “IPSec Rules” and select the Name/Number of 116 to view the rule applied to it. You will see a “permit” rule for traffic from 10.10.10.0/24 to 10.8.28.0/24 (notice that the picture shown the wildcard masks, which are inverse subnet masks)

IPSec

Question 

Which defined peer IP address an local subnet belong to Crete? (Choose two)

A – peer address 192.168.55.159
B – peer address 192.168.89.192
C – peer address 192.168.195.23
D – subnet 10.5.15.0/24
E – subnet 10.7.23.0/24
F – subnet 10.4.38.0/24

 

Answer: A D

* Question 

Which algorithm as defined by the transform set is used for providing data confidentiality when connected to Tyre?

A – ESP-3DES-SHA
B – ESP-3DES-SHA1
C – ESP-3DES-SHA2
D- ESP-3DES
E – ESP-SHA-HMAC

*Answer: D

Explanation:

In the site-to-site VPN branch we see something like this  but in the Tranform Set sub-branch, we see

so the answer should be ESP-3DES-SHA2 or ESP-3DES?

To answer this question, we should review the concept:

“Data confidentiality is the use of encryption to scramble data as it travels across an insecure media”. Data confidentiality therefore means encryption.

“The transform set is a group of attributes that are exchanged together, which eliminates the need to coordinate and negotiate individual parameters”. In the picture above, we can see 3 parts of the transform-set ESP-3DES-SHA2:

IPsec protocol: ESP
IPsec encryption type: 3DES
IPsec authentication: SHA2

The question wants to ask which algorithm is used for providing data confidentiality (encryption), therefore the answer should be D – ESP-3DES.

Question 

Which peer authentication method and which IPSEC mode is used to connect to the branch locations? (Choose two)

A – Digital Certificate
B – Pre-Shared Key
C – Transport Mode
D – Tunnel Mode
E – GRE/IPSEC Transport Mode
F – GRE/IPSEC Tunnel Mode

 

Answer: B D

Copyright ┬ę2010 - ┬á2018 Ciscoforall.com | Privacy Policy