Do I Know This Already Quiz

The purpose of the "Do I Know This Already?" quiz is to help you decide whether you really need to read the entire chapter. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now.

The 24-question quiz, derived from the major sections in the "Foundation Topics" portion of the chapter, helps you to determine how to spend your limited study time.

Table 13-1 outlines the major topics discussed in this chapter and the "Do I Know This Already?" quiz questions that correspond to those topics.

Table 13-1 "Do I Know This Already?" Foundation Topics Section-to-Question Mapping

Foundation Topics Section

Questions Covered in This Section

Score

Creating a Site-to-Site IPsec VPN

1-6

Site-to-Site IPsec Configuration Steps

7-13

Security Device Manager Features and Interface

14

Configuring a Site-to-Site VPN in SDM

15-22

Monitoring the IPsec VPN Tunnel

23-24

Total Score

CAUTION The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark this question wrong for purposes of self-assessment. Giving yourself credit for an answer that you correctly guess skews your self-assessment results and might provide you with a false sense of security.

1. In IPsec, what does interesting traffic refer to?

a. Traffic that creates but does not travel through an IPsec tunnel b. Traffic that does not create but travels through an IPsec tunnel c. Traffic that both creates and travels through an IPsec tunnel d. Traffic that causes an IPsec tunnel to be torn down e. Traffic that causes a new set of IPsec keys to be exchanged

2. What are the two databases that are used to track IPsec SAs (select two)?

a. Security Association Policy Database (SAPD)

b. Security Association Database (SAD)

c. Security Policy Database (SPD)

d. Security Association Security Database (SASD)

e. Security Association Security Database (SAS)

3. How are IKE transform sets used (select all that apply)?

a. There is one transform set for each IKE parameter.

b. There is one transform set for each IKE neighbor.

c. There is one transform set for each unique group of IKE parameters.

d. There may be multiple transform sets that are used for a single IKE neighbor.

e. One transform set may be used for multiple IKE neighbors.

4. How many secure tunnels are created for a typical IPsec connection?

a. One bidirectional IKE tunnel and two unidirectional IPsec SAs b. Two unidirectional IKE tunnels and one bidirectional IPsec SA

c. One bidirectional IKE tunnel and one bidirectional IPsec SA

d. Two unidirectional IKE tunnels and two bidirectional IPsec SAs e. One bidirectional tunnel for both IKE and IPsec traffic

5. What is the SA lifetime used for?

a. Determines at what time an IPsec SA must be created b. Determines at what time an IPsec SA must be torn down c. Determines at what time an IKE SA must be created d. Defines the conditions when an IKE SA must be torn down e. Defines how long an IPsec SA can operate before it must be torn down

6. Which of the seven different Diffie-Hellman versions are supported by Cisco (select all that apply)?

7. The configure ISAKMP policy IPsec configuration step maps to which generic IPsec step?

a. Specify interesting traffic b. IKE phase 1

c. IKE phase 2

d. Secure data transfer e. IPsec tunnel termination

8. The configure IPsec transform sets IPsec configuration step maps to which generic IPsec step?

a. Specify interesting traffic b. IKE phase 1

c. IKE phase 2

d. Secure data transfer e. IPsec tunnel termination

9. Which of the following IKE parameters are configured within the crypto isakmp policy command (select all that apply)?

a. Encryption algorithm b. Hash algorithm c. Authentication method d. Diffie-Hellman group e. IKE tunnel lifetime

10. Which of the following transform types are configured with the crypto ipsec transform-set command (select all that apply)?

a. AH transform b. AH-ESP transform c. ESP encryption transform d. ESP authentication transform e. AH authentication transform

11. When configuring the ESP encryption transform, which key lengths are available for AES (select all that apply)?

a. 64 bits b. 128 bits c. 192 bits d. 256 bits e. 512 bits

12. Which of the following is the correct interface command to apply the crypto map "test"?

a. crypto map test in b. crypto-map test in c. crypto map test out d. crypto-map test out e. crypto map test

13. Which protocols/ports must be permitted so that IPsec VPNs can be created (select all that apply)?

a. Protocol AHP

b. Protocol ESP

c. Protocol ISAKMP

d. UDP port ESP

e. UDP port AHP

14. Which SDM page is used to access the Site-to-Site VPN Wizard?

a. Home b. Configure c. Monitor d. Refresh e. Save

15. Which options are offered at the start of the Site-to-Site VPN Wizard (select all that apply)?

a. Create a Site to Site GRE Tunnel b. Create a Secure GRE Tunnel c. Create a Site to Site VPN

d. Create a Secure VPN Tunnel e. Create an IPsec VPN Tunnel

16. The first step of the Site-to-Site VPN Wizard is to select a configuration option. Which of the following are available choices (select all that apply)?

a. Quick Setup b. Instant Setup c. Step by Step Setup d. Step by Step Wizard e. Manual Setup

17. In the Quick Setup portion of the Site-to-Site VPN Wizard, what configuration options are possible (select all that apply)?

a. Source interface b. IPsec peer IP address c. IKE policy d. IPsec transform set e. Destination subnet for the interesting traffic

18. Which window in the step-by-step setup of the Site-to-Site VPN Wizard is used to configure the tunnel mode?

a. Connection Settings b. IKE Proposals c. IPSec Transform Sets d. Traffic to Protect e. Summary

19. Which IKE lifetime options are available in SDM (select all that apply)?

a. Hours b. Minutes c. Seconds d. Bytes e. Kilobytes

20. On the IPsec Transform Sets screen, how many IPsec transform sets can be displayed at a time?

a. All transform sets b. Only the active transform sets c. Only the transform sets applied to this IPsec VPN

d. Only the transform set displayed in the pull-down menu e. Only the transform sets that are selected in the pull-down menu

21. When defining interesting traffic in the Quick Setup window, which options are available (select all that apply)?

a. Source IP address b. Source IP subnet c. Destination IP address d. Destination IP subnet e. ACLs for multiple subnets

22. When completing the configuration of the site-to-site VPN tunnel in the Summary window, which options are available (select all that apply)?

a. Return to the configuration with the <Back button b. Advance to the next summary screen with the Next> button c. Complete the configuration with the Finish button d. Edit the configuration with the Edit button e. Abort the configuration with the Cancel button.

23. Which SDM page allows you to view the status of various VPN configurations?

a. Home page b. Configure page c. Monitor page d. VPN page e. Security page

24. In the IOS, what command displays the results of successful IKE phase II negotiations?

a. show crypto isakmp sa b. show crypto ipsec sa c. show crypto ipsec established d. show crypto ike negotiated e. show crypto isakmp established

The answers to the "Do I Know This Already?" quiz are found in Appendix A, "Answers to the 'Do I Know This Already?' Quizzes and Q&A Sections." The suggested choices for your next step are as follows:

■ 16 or fewer overall score—Read the entire chapter. This includes the "Foundation Topics," "Foundation Summary," and "Q&A" sections.

■ 18 or 20 overall score—Begin with the "Foundation Summary" section, and then go to the "Q&A" section.

■ 21 or more overall score—If you want more review on these topics, skip to the "Foundation Summary" section, and then go to the "Q&A" section. Otherwise, move to the next chapter.

Was this article helpful?

0 0

Post a comment