多选题IPSec VPN is a widely-acknowledged solution for enterprise network. Which three IPsec VPNstatements are true?()AIKE keepalives are unidirectional and sent every ten secondsBIPsec uses the Encapsulating Security Protocol (ESP) or the Authentication Head
题目
IKE keepalives are unidirectional and sent every ten seconds
IPsec uses the Encapsulating Security Protocol (ESP) or the Authentication Header (AH)protocol for exchanging keys
To establish IKE SA, main mode utilizes six packets while aggressive mode utilizes only threepackets
IKE uses the Diffie-Hellman algorithm to generate symmetrical keys to be used by IPsec peers
相似考题
更多“IPSec VPN is a widely-acknowledged solution for enterprise n”相关问题
-
第1题:
Which device might be installed at a branch office to enable and manage an IPsec site-to-site VPN?()A.Cisco IOS IPsec/SSL VPN client
B.Cisco VPN Clinet
C.ISDN terminal adapter
D.Cisco Adaptive Security Appliance
参考答案:D
-
第2题:
IPSec VPN is a widely-acknowledged solution for enterprise network. Which three IPsec VPNstatements are true?()
- A、IKE keepalives are unidirectional and sent every ten seconds
- B、IPsec uses the Encapsulating Security Protocol (ESP) or the Authentication Header (AH)protocol for exchanging keys
- C、To establish IKE SA, main mode utilizes six packets while aggressive mode utilizes only threepackets
- D、IKE uses the Diffie-Hellman algorithm to generate symmetrical keys to be used by IPsec peers
正确答案:A,C,D -
第3题:
提供加密传输VPN 包括IPSec VPN、SSL VPN、DVPN 1.0、DVPN 2.0。
正确答案:错误 -
第4题:
下列VPN技术中,属于第三层VPN的有()。
- A、L2TP VPN
- B、BGP/MPLS VPN
- C、VLL
- D、IPSec VPN
正确答案:B,D -
第5题:
列举写出IPSec VPN的型号系列
正确答案:P5100、S5100、M5100、M5100-P、M5400、M5400-P、M5500、M5600、M5800、M5900。 -
第6题:
远程接入型的IP VPN业务有L2TP、IPSEC VPN、VPDN等。
正确答案:正确 -
第7题:
You are an experienced network administrator in an international corporation. During your working hours, you are asked to deploy the Cisco SSL VPN AIM module in a Cisco 1800 Series Router. The beneficial reason for that deployment is to:()
- A、improve performance up to 300% for both IPsec and SSL VPN applications
- B、improve performance for both IPsec and SSL VPN applications with IPsec encryption taking place in hardware
- C、improve performance up to 300% for both IPsec and SSL VPN applications with SSL encryption taking place in hardware
- D、improve performance up to 200% for both IPsec and SSL VPN applications with encryption taking place in hardware
- E、improve performance exclusively for SSL VPN applications
正确答案:D -
第8题:
Which security-enabled device is recommended to provide a site-to-site IPsec VPN solution, but not SSL?()
- A、 Cisco Integrated Service Routers
- B、 Cisco ASA 5500 Series Security Appliance
- C、 CiscoWebVPN Services Module
- D、 CiscoIPsec VPN Module
正确答案:A -
第9题:
Regarding a route-based versus policy-based IPsec VPN, which statement is true?()
- A、A route-based VPN generally uses less resources than a policy-based VPN.
- B、A route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny action.
- C、A route-based VPN is better suited for dialup or remote access compared to a policy-based VPN.
- D、A route-based VPN uses a policy referencing the IPsec VPN; a policy-based VPN policy does not use apolicy referencing the IPsec VPN
正确答案:A -
第10题:
Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2. The network contains 100 servers and 5,000 client computers. The client computers run either Windows XP Service Pack 1 or Windows 7. You need to plan a VPN solution that meets the following requirements: èStores VPN passwords as encrypted text èSupports Suite B cryptographic algorithms èSupports automatic enrollment of certificates èSupports client computers that are configured as members of a workgroup What should you include in your plan?()
- A、Upgrade the client computers to Windows XP Service Pack 3. Implement a stand-alone certification authority (CA). Implement an IPsec VPN that uses certificate-based authentication.
- B、Upgrade the client computers to Windows XP Service Pack 3. Implement an enterprise certification authority (CA) that is based on Windows Server?2008 R2. Implement an IPsec VPN that uses Kerberos authentication.
- C、Upgrade the client computers to Windows 7. Implement an enterprise certification authority (CA) that is based on Windows Server 2008 R2. Implement an IPsec VPN that uses pre-shared keys.
- D、Upgrade the client computers to Windows 7. Implement an enterprise certification authority (CA) that is based on Windows Server 2008 R2. Implement an IPsec VPN that uses certificate-based authentication.
正确答案:D -
第11题:
单选题Regarding a route-based versus policy-based IPsec VPN, which statement is true?()AA route-based VPN generally uses less resources than a policy-based VPN.
BA route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny action.
CA route-based VPN is better suited for dialup or remote access compared to a policy-based VPN.
DA route-based VPN uses a policy referencing the IPsec VPN; a policy-based VPN policy does not use apolicy referencing the IPsec VPN
正确答案: A解析: 暂无解析 -
第12题:
多选题What is a key characteristic of the Cisco Business Ready Teleworker solution which is different from traditional software-client based Teleworker solutions?()Aall traffic is encrypted using IPSec and the Triple-DES algorithm
Bfull support for all Enterprise applications, including data, voice, and video
Cthousands of Teleworker VPN tunnels can be aggregated to a headquarters location
Dthe VPN tunnel is an always on site-to-site VPN connection
Eportability for use while traveling
Fused with broadband Cable/DSL subscriptions
正确答案: D,C解析: 暂无解析 -
第13题:
When designing the routing for an Enterprise Campus network it is important to keep while of thefollowing filtering aspects in mind?()
- A、 Filtering is only useful when combined with route summarization
- B、 It is best to filter (allow) the default and summary prefixes only in the Enterprise Edge to remotesites or site-to-site IPsec VPN networks
- C、 IGPs (for example EIGRP or OSPF) are superior to route filtering in avoiding in inappropriatetransit traffic through remote nodes or inaccurate or inappropriate routing updates
- D、 The primary limitation of router filtering is that it can only be applied on outbound updates
正确答案:D -
第14题:
二层MPLS VPN可分为()
- A、VLL
- B、VPLS
- C、VPDN
- D、IPsec VPN
正确答案:A,B -
第15题:
通过哪个工具可以简化IPSec VPN的配置()
- A、VPN Manager
- B、VMS
- C、SMS
- D、XLOG
正确答案:A -
第16题:
防火墙IPSEC VPN特性支持哪些支持()
- A、IPSEC VPN热备功能
- B、支持IPSEC VPN隧道化功能
- C、支持IKEV2和基于域名的协商功能
- D、支持手机、PAD上自带的IPSEC VPN软件进行连接
正确答案:A,B,C,D -
第17题:
简述IPsec在支持VPN方面的缺陷。
正确答案:(1)不支持基于用户的认证
(2)不支持动态地址和多种VPN应用模式
(3)不支持多协议
(4)关于IKE的问题
(5)关于服务质量保证问题 -
第18题:
Which device might be installed at a branch office to enable and manage an IPsec site-to-site VPN?()
- A、Cisco IOS IPsec/SSL VPN client
- B、Cisco VPN Clinet
- C、ISDN terminal adapter
- D、Cisco Adaptive Security Appliance
正确答案:D -
第19题:
You are considering deploying the Cisco SSL VPN AIM module in a Cisco 1800 Series Router.Which benefit should you expect?()
- A、to improve performance exclusively for SSL VPN applications
- B、to improve performance up to 300% for both IPsec and SSL VPN applications
- C、to improve performance for both IPsec and SSL VPN applications with IPsec encryption taking place in hardware
- D、to improve performance up to 200% for both IPsec and SSL VPN applications with encryption taking place in hardware
- E、to improve performance up to 300% for both IPsec and SSL VPN applications with SSL encryption taking place in hardware
正确答案:D -
第20题:
An Enterprise customer wants to reduce the configuration effort for their Teleworker router deployments. What is one way to simplify the IPSec-related configuration in the remote routers?()
- A、CiscoWorks VPN Manager
- B、deploy Linksys routers with menu-driven configuration
- C、Easy VPN client mode
- D、disable 802.1x and Auth Proxy on the Teleworker router
正确答案:C -
第21题:
You need to design a remote access strategy for the customer support users when they work from home. Your solution must meet security requirements. What should you do?()
- A、Deploy an L2TP/IPsec VPN server in each call center. Configure the portable computers as L2TP VPN clients
- B、Create IPSec tunnel mode connections between the customer support users home and the company’s Internet-facing routers
- C、Create IP packet filters on the company’s Internet-facing routers to allow the Remote Desktop Protocol (RDP).Create IPSec filters on the terminal servers to allow only connections that use RDP
- D、Create IP packet filters on the company’s Internet-facing routers to allow the IPSec protocols. Assign the Secure Server (Require Security) IPSec policy to the terminal servers. Assign the Client (Respond only) IPSec policy to the portable computers
正确答案:A -
第22题:
单选题Which security-enabled device is recommended to provide a site-to-site IPsec VPN solution, but not SSL?()ACisco Integrated Service Routers
BCisco ASA 5500 Series Security Appliance
CCiscoWebVPN Services Module
DCiscoIPsec VPN Module
正确答案: B解析: 暂无解析 -
第23题:
单选题You are considering deploying the Cisco SSL VPN AIM module in a Cisco 1800 Series Router.Which benefit should you expect?()Ato improve performance exclusively for SSL VPN applications
Bto improve performance up to 300% for both IPsec and SSL VPN applications
Cto improve performance for both IPsec and SSL VPN applications with IPsec encryption taking place in hardware
Dto improve performance up to 200% for both IPsec and SSL VPN applications with encryption taking place in hardware
Eto improve performance up to 300% for both IPsec and SSL VPN applications with SSL encryption taking place in hardware
正确答案: D解析: 暂无解析