CCNA 4 R&S: Connecting Networks Chapter 7 v5.0 Exam Answers 0!

4
!. "ow is #t$nne%ing& accomp%ishe' in a ()N* New hea'ers +rom one or more ()N protoco%s encaps$%ate the origina% packets. All packets between two hosts are assigned to a single physical medium to ensure that the packets are kept private. Packets are disguised to look like other types of traffic so that they will be ignored by potential attackers. A dedicated circuit is established between the source and destination devices for the duration of the connection. . ,hich two scenarios are examp%es o+ remote access ()Ns* -Choose two.. A toy manufacturer has a permanent VPN connection to one of its parts suppliers. All users at a large branch office can access company resources through a single VPN connection. A mo/i%e sa%es agent is connecting to the compan0 network via the 1nternet connection at a hote%. A small branch office with three employees has a Cisco ASA that is used to create a VPN connection to the H . An emp%o0ee who is working +rom home $ses ()N c%ient so+tware on a %aptop in or'er to connect to the compan0 network. 2.

Re+er to the exhi/it. ,hich 1) a''ress wo$%' /e con+ig$re' on the t$nne% inter+ace o+ the 'estination ro$ter* !"#.!$.!.! !7 .!3.!. #%&.!$'.#%%.##' #%&.!$'.#%%.##$ 4. ,hich statement correct%0 'escri/es 1)sec*

1)sec works at 4a0er 25 /$t can protect tra++ic +rom 4a0er 4 thro$gh 4a0er 7. (Psec uses algorithms that were developed specifically for that protocol. (Psec implements its own method of authentication. (Psec is a Cisco proprietary standard. 5. ,hat is an 1)sec protoco% that provi'es 'ata con+i'entia%it0 an' a$thentication +or 1) packets* AH ES) )SA (*+ 3. ,hich three statements 'escri/e the /$i%'ing /%ocks that make $p the 1)sec protoco% +ramework* -Choose three.. 1)sec $ses encr0ption a%gorithms an' ke0s to provi'e sec$re trans+er o+ 'ata. (Psec uses ,iffie-Hellman algorithms to encrypt data that is transferred through the VPN. (Psec uses .,+S algorithms to provide the highest level of security for data that is transferred through a VPN. 1)sec $ses secret ke0 cr0ptograph0 to encr0pt messages that are sent thro$gh a ()N. (Psec uses ,iffie-Hellman as a hash algorithm to ensure integrity of data that is transmitted through a VPN. 1)sec $ses ES) to provi'e con+i'entia% trans+er o+ 'ata /0 encr0pting 1) packets. 7. ,hat ke0 6$estion wo$%' he%p 'etermine whether an organi7ation sho$%' $se an SS4 ()N or an 1)sec ()N +or the remote access so%$tion o+ the organi7ation* (s a Cisco router used at the destination of the remote access tunnel/ 0hat applications or network resources do the users need for access/ Are both encryption and authentication re1uired/ 8o $sers nee' to /e a/%e to connect witho$t re6$iring specia% ()N so+tware* 9. ,hat is the p$rpose o+ a message hash in a ()N connection* (t ensures that the data cannot be duplicated and replayed to the destination. (t ensures that the data is coming from the correct source. 1t ens$res that the 'ata has not change' whi%e in transit. (t ensures that the data cannot be read in plain te2t. :. A network 'esign engineer is p%anning the imp%ementation o+ a cost;e++ective metho' to interconnect m$%tip%e networks sec$re%0 over the 1nternet. ,hich t0pe o+ techno%og0 is re6$ire'* a dedicated (SP a ()N gatewa0 a leased line a 3)+ (P tunnel !0. ,hat is one /ene+it o+ $sing ()Ns +or remote access* lower protocol overhead potentia% +or re'$ce' connectivit0 costs increased 1uality of service ease of troubleshooting #

!!. ,hich statement 'escri/es a characteristic o+ 1)sec ()Ns* (Psec can secure traffic at 4ayers ! through .. 1)sec works with a%% 4a0er protoco%s. (Psec encryption causes problems with routing. (Psec is a framework of Cisco proprietary protocols ! . ,hat is the p$rpose o+ the generic ro$ting encaps$%ation t$nne%ing protoco%* to support basic unencrypted (P tunneling using multivendor routers between remote sites to provide fi2ed flow-control mechanisms with (P tunneling between remote sites to manage the transportation o+ 1) m$%ticast an' m$%tiprotoco% tra++ic /etween remote sites to provide packet level encryption of (P traffic between remote sites !2. ,hich a%gorithm is an as0mmetrica% ke0 cr0ptos0stem* .,+S ,+S A+S RSA !4. A network 'esign engineer is p%anning the imp%ementation o+ an 1)sec ()N. ,hich hashing a%gorithm wo$%' provi'e the strongest %eve% o+ message integrit0* 5! ;/it S"A A+S SHA-! 5,' !5. ,hat two encr0ption a%gorithms are $se' in 1)sec ()Ns* -Choose two.. (*+ ,H PS* 28ES AES !3. ,hich statement 'escri/es a +eat$re o+ site;to;site ()Ns* 1nterna% hosts sen' norma%5 $nencaps$%ate' packets. VPN client software is installed on each host. 6he VPN connection is not statically defined. (ndividual hosts can enable and disable the VPN connection. !7. ,hich Cisco ()N so%$tion provi'es %imite' access to interna% network reso$rces /0 $ti%i7ing a Cisco ASA an' provi'es /rowser;/ase' access on%0* c%ient%ess SS4 ()N (Psec SS4 client-based SS4 VPN !9. ,hich two a%gorithms $se "ash;/ase' <essage A$thentication Co'e +or message a$thentication* -Choose two.. .

A+S ,+S .,+S <85 S"A !:. ,hich +$nction o+ 1)sec sec$rit0 services a%%ows the receiver to veri+0 that the 'ata was transmitte' witho$t /eing change' or a%tere' in an0 wa0* confidentiality anti-replay protection 'ata integrit0 authentication 0.

=pen the )> Activit0. )er+orm the tasks in the activit0 instr$ctions an' then answer the 6$estion. ,hat pro/%em is preventing the hosts +rom comm$nicating across the ()N t$nne%* 6he +(3)P configuration is incorrect. 6he tunnel destinations addresses are incorrect. >he t$nne% 1) a''resses are incorrect. 6he tunnel source interfaces are incorrect !. ,hat is the p$rpose o+ $ti%i7ing 8i++ie;"e%%man -8". a%gorithms as part o+ the 1)sec stan'ar'*

'

,H algorithms allow unlimited parties to establish a shared public key that is used by encryption and hash algorithms. ,H algorithms allow two parties to establish a shared public key that is used by encryption and hash algorithms. 8" a%gorithms a%%ow two parties to esta/%ish a share' secret ke0 that is $se' /0 encr0ption an' hash a%gorithms. ,H algorithms allow unlimited parties to establish a shared secret key that is used by encryption and hash algorithms. .

Re+er to the exhi/it. A t$nne% was imp%emente' /etween ro$ters R! an' R . ,hich two conc%$sions can /e 'rawn +rom the R! comman' o$tp$t* -Choose two.. >he 'ata that is sent across this t$nne% is not sec$re. 6his tunnel mode provides encryption. 6his tunnel mode does not support (P multicast tunneling. A ?RE t$nne% is /eing $se'. 6his tunnel mode is not the default tunnel interface mode for Cisco (8S software. 2. >wo corporations have @$st comp%ete' a merger. >he network engineer has /een aske' to connect the two corporate networks witho$t the expense o+ %ease' %ines. ,hich so%$tion wo$%' /e the most cost e++ective metho' o+ provi'ing a proper an' sec$re connection /etween the two corporate networks* Cisco AnyConnect Secure 5obility Client with SS4 9rame )elay remote access VPN using (Psec Cisco Secure 5obility Clientless SS4 VPN site;to;site ()N 4. ,hich remote access imp%ementation scenario wi%% s$pport the $se o+ generic ro$ting encaps$%ation t$nne%ing* a mobile user who connects to a S8H8 site a centra% site that connects to a S="= site witho$t encr0ption a branch office that connects securely to a central site a mobile user who connects to a router at a central site $

"