CCNA Guide to Cisco Networking, Fourth Edition Chapter 14 Solutions

Chapter 14 Solutions
Review Questions
1. Which statement accurately defines IPsec?
a. IPSec is an authentication protocol
b. IPSec is a Cisco proprietary suite of protocols that allows for secure
communication
c. IPSec is an industry standard suite of protocols that allows for secure
communication
d. IPSec supports RADIUS and ACACS!
". Which command esta#lishes an SS$ %ey pair?
a. SshRouter(config)#crypto key generate rsa
b. SshRouter(config)#crypto-key generate rsa
c. SshRouter(config)#crypto generate rsa
d. SshRouter(config)#crypto key-generate rsa
&. What two methods can #e used to confi'ure (P)s on a Cisco router?
a. IPSec
b. RADIUS
c. CLI
d. S!
e. *SP
+. What ser,ices are pro,ided #y an IPS? -Choose all that apply.
a. "#amine data pac$ets
b. Authenticate users
c. Account for users time on the networ%
d. rop malicious pac$ets
/. What ser,ices are pro,ided #y an IDS?
a. "#amine data pac$ets
b. Authenticate users
c. Account for users time on the networ%
d. Drop malicious pac%ets
0. What is the correct command se1uence to protect all + of a router2s (3 lines with SS$?
a. SshRouter(config)#line vty 0 1
SshRouter(config-line)#transport input ssh
b. SshRouter(config)#line vty 0 4
SshRouter(config-line)#transport in ssh
c. SshRouter(config)#line con 0
SshRouter(config-line)#transport input ssh
d. SshRouter(config)#line vty 0 4
SshRouter(config-line)#transport input ssh
4. Which two protocols are supported #y IPSec?
a. "SP
b. &D*S
c. 5D/
d. S$A
e. I6*
1
CCNA Guide to Cisco Networking, Fourth Edition Chapter 14 Solutions
f. %&
7. What two modes are supported #y IPSec?
a. ra,ersin' mode
b. 8orwardin' mode
c. 'unnel mode
d. 'ransport mode
9. Which command successfully sets the SS$ imeout for connections to 1 minute and &:
seconds?
a. ip ssh-time-out 90
b. ip ssh time-out 1min 30sec
c. ip ssh-time-out 1min 30sec
d. ip ssh time-out 90
1:. What functionality is supported #y the Cisco SD5? -Choose all that apply.
a. RADIUS
b. Security %udit
c. PPP
d. (P) confi*uration
11. Select the authentication al'orithms supported #y IPSec. -Choose all that apply.
a. *SP
b. &D*S
c. !+
d. S&%
e. I6*
f. A$
1". A*S What encryption al'orithms are supported #y IPSec? -Choose all that apply.
a. *SP
b. ,"S
c. 5D/
d. S$A
e. I6*
f. A$
*. %"S
1&. Which tunnelin' protocols pro,ide a secure tunnel for the data to tra,el throu'h? -Choose
all that apply.
a. A$
b. IPSec
c. ;R*
d. L-'P
e. PP'P
1+. What are the common ser,ices that pro,ide authentication ser,ices on Cisco routers?
-Choose all that apply.
a. SS$
b. R%I.S
c. SS<
d. '%C%CS/
e. *SP
1/. he term authentication in Cisco2s AAA model pro,ides what ser,ice?
"
CCNA Guide to Cisco Networking, Fourth Edition Chapter 14 Solutions
a. he a#ility to trac% lo'in and lo'off times of users Re'ulation of a user2s
allowa#le acti,ities on a de,ice.
b. Process to validate users
c. he a#ility to ,erify data as it tra,erses the networ%
d. he a#ility to ,erify data as it tra,erses the networ%
10. he term authori=ation in Cisco2s AAA model pro,ides what ser,ice?
a. he a#ility to ,erify data as it tra,erses the networ%
b. he a#ility to trac% lo'in and lo'off times of users
c. Process to ,alidate users.
d. Re*ulation of a user0s allowable activities on a device.
14. he term accountin' in Cisco2s AAA model pro,ides what ser,ice?
a. Process to ,alidate users.
b. Re'ulation of a user2s allowa#le acti,ities on a de,ice.
c. 'he ability to trac$ lo*in and lo*off times of users
d. he a#ility to ,erify data as it tra,erses the networ%
17. What is the %ey reason for usin' SS$ connections when connectin' remotely to a router?
a. SS$ pro,ides authentication ser,ices
b. SS& encrypts data that would be clear te#t if usin* telnet
c. SS$ creates a (P) #etween the two nodes
d. SS$ e>amines data pac%ets and reports malicious #eha,ior
19. What are you confi'urin' when #uildin' a Cisco (P) with IPSec?
a. %n IPSec transform set
b. An SS$ transform set
c. An *SP?A$?5D/ transform set
d. An SS< transform set
":. After #uildin' a default (P) with the SD5 your transform set name would #e *SP?&D*S?
S$A. What does this tell you a#out the protocols and al'orithms used?
a. hat you are usin' &D*S as the authentication al'orithm and S$A as the
encryption al'orithm
b. hat you are usin' *SP as the authentication al'orithm and S$A as the
encryption al'orithm
c. hat you are usin' &D*S as the authentication al'orithm and S$A as the
encryption protocol
d. 'hat you are usin* ,"S as the encryption al*orithm and S&% as the
authentication al*orithm
Case Pro1ects
Case Pro1ect 1
he recommendation should #e to setup client?to?site (P)s.
Case Pro1ect -
Answers ,ary #ased on student2s understandin' of firewall technolo'ies. Answers could include@
Secure (P)sA IPSec protocolA security audit wi=ardA and access list.
Case Pro1ect ,
;i,en the re1uirements listed students must create the plan. Bne solution could #e patches are
installed and rotated monthly. 8or e>ampleA in Canuary patches are installed in the De,elopment
&
CCNA Guide to Cisco Networking, Fourth Edition Chapter 14 Solutions
en,ironment. In 8e#ruary the Canuary patches are mo,ed from De,elopment to the DA
en,ironment. he 8e#ruary release of patches will then #e installed into the De,elopment
en,ironmentA etc..
+