The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark this question wrong for purposes of the self-assessment. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might provide you with a false sense of security.

1 Which of the following are not show crypto commands?

a. show crypto ca certificates b. show crypto isakmp policy c. show crypto engine connections d. show crypto ipsec map e. show crypto ipsec security-association lifetime f. show crypto key mypubkey rsa

2. What does the clear command do when utilized for IPsec?

a. Clears out the IPsec counters b. Resets the VPN parameters c. Clears the IOS screen d. Resets bad configuration and negotiation e. Resets the IPsec settings f. None of the above

3. To show the global IPsec policy used, which command do you need to use?

a. show crypto isakmp policy b. show crypto policy c. show crypto isakmp map policy d. show crypto policy map e. show crypto policy isakmp f. None of the above

4. What optional commands for the show crypto ipsec sa commands provide more granular details? (Select four.)

a. address b. tunnel c. interface d. map e. encryption f. peer

5. Which command enables you to get information on the configured crypto maps?

a. show ipsec b. show crypto c. show ipsec encryption d. show crypto map e. show map f. None of the above

6. What is the rest of the command that you need to display the public keys configured on the router? show crypto key_

a. mypubkey b. string rsa c. pubkey rsa d. pubkey e. mypubkey rsa f. None of the above

7. Which command enables you to get a dump of events that shows the source, destination, ESP, and lifetime information of an IPsec connection?

a. debug crypto sa b. debug crypto log c. debug crypto ipsec d. debug crypto log e. debug crypto f. None of the above

8. Use the debug crypto pki transactions command to show which kind of communication?

a. Communication between peer and CA

b. Interaction between CA and router c. Peer-to-peer communication d. Host-to-peer communication e. None of the above

9. Which specific optional commands can you use with the clear crypto sa command? (Select four.)













10. What does the clear crypto isakmp command do?

a. Clears IKE connections b. Resets the IKE peers c. Resets the IKE crypto map d. Clears the IKE crypto map e. Clears IKE security associations f. None of the above

The answers to the "Do I Know This Already?" quiz are found in the appendix. The suggested choices for your next step are as follows:

• 8 or less overall score Read the entire chapter. This includes the "Foundation Topics" and "Foundation Summary" sections and the "Q&A" section.

• 9 or 10 overall score If you want more review on these topics, skip to the "Foundation Summary" section and then go to the "Q&A" section. Otherwise, move on to Chapter 22,



0 0

Post a comment