This item contains several questions that you must answer. You can view these questions by clicking on the Questions button to the left. Changing questions can be accomplished by clicking the numbers to the left of each question. In order to complete the questions, you will need to refer to the SDM and the topology, neither of which is currently visible.
To gain access to either the topology or the SDK click on the button to left side of the screen that corresponds to the section you wish to access. When you have finished viewing the topology the SDK you can return to your questions by clicking on the Questions button to the left.
Question 1
Which IPSec rule is used for the Olympia branch and what does it define? (Choose two)
A - 102
B - 116
C - 127
D - IP traffic sourced from 10.10.10.0/24 destined to 10.5.15.0/24 will use the VPN.
E - IP traffic sourced from 10.10.10.0/24 destined to 10.8.28.0/24 will use the VPN.
F - IP traffic sourced from 10.10.10.0/24 destined to 10.5.33.0/24 will use the VPN.
Answer: B E
Explanation:
From the output above, we learn that the IPSec Rule is 116. Next click on "IPSec Rules" and select the Name/Number of 116 to view the rule applied to it. You will see a "permit" rule for traffic from 10.10.10.0/24 to 10.8.28.0/24 (notice that the picture shown the wildcard masks, which are inverse subnet masks)
Question 2
Which defined peer IP address an local subnet belong to Crete? (Choose two)
A - peer address 192.168.55.159
B - peer address 192.168.89.192
C - peer address 192.168.195.23
D - subnet 10.5.15.0/24
E - subnet 10.7.23.0/24
F - subnet 10.4.38.0/24
Answer: A D
Explanation
Question 3
Which algorithm as defined by the transform set is used for providing data confidentiality when connected to Tyre?
A - ESP-3DES-SHA
B - ESP-3DES-SHA1
C - ESP-3DES-SHA2
D- ESP-3DES
E - ESP-SHA-HMAC
Answer: D
Explanation:
In the site-to-site VPN branch we see something like this
but in the Tranform Set sub-branch, we see
so the answer should be ESP-3DES-SHA2 or ESP-3DES?
To answer this question, we should review the concept:
"Data confidentiality is the use of encryption to scramble data as it travels across an insecure media". Data confidentiality therefore means encryption.
"The transform set is a group of attributes that are exchanged together, which eliminates the need to coordinate and negotiate individual parameters". In the picture above, we can see 3 parts of the transform-set ESP-3DES-SHA2:
IPsec protocol: ESP
IPsec encryption type: 3DES
IPsec authentication: SHA2
The question wants to ask which algorithm is used for providing data confidentiality (encryption), therefore the answer should be D - ESP-3DES.
Question 4
Which peer authentication method and which IPSEC mode is used to connect to the branch locations? (Choose two)
A - Digital Certificate
B - Pre-Shared Key
C - Transport Mode
D - Tunnel Mode
E - GRE/IPSEC Transport Mode
F - GRE/IPSEC Tunnel Mode
Answer: B D
Explanation:
