🔔If you experience any difficulties before or after finalizing your order, please reach out to us through email at support@ciscoforall.com

IPSEC related questions and their answers

in New CCNA 200-120 on July 30, 2011

* Question

Which IPSec rule is used for the Olympia branch and what does it define? (Choose two)

A – 102
B – 116
C – 127
D – IP traffic sourced from destined to will use the VPN.
E – IP traffic sourced from destined to will use the VPN.
F – IP traffic sourced from destined to will use the VPN.


Answer: B E


From the output above, we learn that the IPSec Rule is 116. Next click on “IPSec Rules” and select the Name/Number of 116 to view the rule applied to it. You will see a “permit” rule for traffic from to (notice that the picture shown the wildcard masks, which are inverse subnet masks)



Which defined peer IP address an local subnet belong to Crete? (Choose two)

A – peer address
B – peer address
C – peer address
D – subnet
E – subnet
F – subnet


Answer: A D

* Question 

Which algorithm as defined by the transform set is used for providing data confidentiality when connected to Tyre?


*Answer: D


In the site-to-site VPN branch we see something like this  but in the Tranform Set sub-branch, we see

so the answer should be ESP-3DES-SHA2 or ESP-3DES?

To answer this question, we should review the concept:

“Data confidentiality is the use of encryption to scramble data as it travels across an insecure media”. Data confidentiality therefore means encryption.

“The transform set is a group of attributes that are exchanged together, which eliminates the need to coordinate and negotiate individual parameters”. In the picture above, we can see 3 parts of the transform-set ESP-3DES-SHA2:

IPsec protocol: ESP
IPsec encryption type: 3DES
IPsec authentication: SHA2

The question wants to ask which algorithm is used for providing data confidentiality (encryption), therefore the answer should be D – ESP-3DES.


Which peer authentication method and which IPSEC mode is used to connect to the branch locations? (Choose two)

A – Digital Certificate
B – Pre-Shared Key
C – Transport Mode
D – Tunnel Mode
E – GRE/IPSEC Transport Mode
F – GRE/IPSEC Tunnel Mode


Answer: B D

Cart (0)

  • Your cart is empty.