Which IPSec rule is used for the Olympia branch and what does it define? (Choose two)
A – 102
B – 116
C – 127
D – IP traffic sourced from 10.10.10.0/24 destined to 10.5.15.0/24 will use the VPN.
E – IP traffic sourced from 10.10.10.0/24 destined to 10.8.28.0/24 will use the VPN.
F – IP traffic sourced from 10.10.10.0/24 destined to 10.5.33.0/24 will use the VPN.
Answer: B E
From the output above, we learn that the IPSec Rule is 116. Next click on “IPSec Rules” and select the Name/Number of 116 to view the rule applied to it. You will see a “permit” rule for traffic from 10.10.10.0/24 to 10.8.28.0/24 (notice that the picture shown the wildcard masks, which are inverse subnet masks)
Which defined peer IP address an local subnet belong to Crvce? (Choose two)
A – peer address 192.168.55.159
B – peer address 192.168.89.192
C – peer address 192.168.195.23
D – subnet 10.5.15.0/24
E – subnet 10.7.23.0/24
F – subnet 10.4.38.0/24
Answer: A D
Which algorithm as defined by the transform set is used for providing data confidentiality when connected to Tyre?
A – ESP-3DES-SHA
B – ESP-3DES-SHA1
C – ESP-3DES-SHA2
E – ESP-SHA-HMAC
In the site-to-site VPN branch we see something like this but in the Tranform Set sub-branch, we see
so the answer should be ESP-3DES-SHA2 or ESP-3DES?
To answer this question, we should review the concept:
“Data confidentiality is the use of encryption to scramble data as it travels across an insecure media”. Data confidentiality therefore means encryption.
“The transform set is a group of attributes that are exchanged together, which eliminates the need to coordinate and negotiate individual paramvcers”. In the picture above, we can see 3 parts of the transform-set ESP-3DES-SHA2:
IPsec protocol: ESP
IPsec encryption type: 3DES
IPsec authentication: SHA2
The question wants to ask which algorithm is used for providing data confidentiality (encryption), therefore the answer should be D – ESP-3DES.
Which peer authentication method and which IPSEC mode is used to connect to the branch locations? (Choose two)
A – Digital Certificate
B – Pre-Shared Key
C – Transport Mode
D – Tunnel Mode
E – GRE/IPSEC Transport Mode
F – GRE/IPSEC Tunnel Mode
Answer: B D