Tunnel-group SecretCorp_TG general-attributes Refer to the following configuration snippet: Which of the following commands is used to create an IPsec proposal (transform set) in a Cisco ASA?Ĭrypto ipsec ikev2 ipsec-proposal mypolicyĬrypto ipsec ikev2 transform_set mypolicyĦ. The IPsec transform set is negotiated during quick mode. This provides data authentication, confidentially, and integrity. An IPsec transform (proposal) set specifies what type of encryption and hashing to use for the data packets after a secure connection has been established. Which of the following technologies will you choose?ĥ. You are hired to deploy site-to-site VPN tunnels in a Cisco router where the VPN peers are third-party devices from different vendors. Which of the following technologies groups many spokes into a single mGRE interface?Ĥ. Which of the following encryption and hashing protocols will you select for optimal security?ģ. You are hired to configure a site-to-site VPN between a Cisco FTD device and a Cisco IOS-XE router. Which of the following VPN protocols do not provide encryption?Ģ. Giving yourself credit for an answer you incorrectly guess skews your self-assessment results and might provide you with a false sense of security.ġ. If you do not know the answer to a question or are only partially sure of the answer, you should mark that question as wrong for purposes of the self-assessment.
The goal of self-assessment is to gauge your mastery of the topics in this chapter. Table 8-1 “Do I Know This Already?” Section-to-Question Mapping You can find the answers in Appendix A, “ Answers to the ‘Do I Know This Already?’ Quizzes and Q&A Sections.”
Table 8-1 lists the major headings in this chapter and their corresponding “Do I Know This Already?” quiz questions. If you are in doubt about your answers to these questions or your own assessment of your knowledge of the topics, read the entire chapter. The “Do I Know This Already?” quiz allows you to assess whether you should read this entire chapter thoroughly or jump to the “ Exam Preparation Tasks” section. The following SCOR 350-701 exam objectives are covered in this chapter:ġ.3 Describe functions of the cryptography components, such as hashing, encryption, PKI, SSL, IPsec, NAT-T IPv4 for IPsec, pre-shared key, and certificate-based authorizationġ.4 Compare site-to-site VPN and remote-access VPN deployment types such as sVTI, IPsec, Cryptomap, DMVPN, FLEXVPN, including high availability considerations, and An圜onnectĢ.9 Configure and verify site-to-site VPN and remote-access VPNĢ.9.a Site-to-site VPN utilizing Cisco routers and IOSĢ.9.b Remote-access VPN using Cisco An圜onnect Secure Mobility clientĢ.9.c Debug commands to view IPsec tunnel establishment and troubleshooting Virtual Private Network (VPN) Fundamentalsĭeploying and Configuring Site-to-Site VPNs in Cisco RoutersĬonfiguring Site-to-Site VPNs in Cisco ASA FirewallsĬonfiguring Remote-Access VPNs in the Cisco ASAĬonfiguring Clientless Remote-Access SSL VPNs in the Cisco ASAĬonfiguring Client-Based Remote-Access SSL VPNs in the Cisco ASA
This chapter covers the following topics: Chapter 8 Virtual Private Networks (VPNs)