Ccna certification Practice Tests

Download 8,04 Mb.

Pdf ko'rish

bet	503/559
Sana	28.08.2021
Hajmi	8,04 Mb.
	#157675

1 ... 499 500 501 502 503 504 505 506 ... 559

Bog'liq
dumpccna 200-301 mavzulashtirilgan test

365

70. C. Since you have several remote workers who telecommute, the best connectivity

option would be client SSL/VPN connectivity. A product called Cisco Any Connect

Secure Mobility Client allows for SSL encryption for VPN tunnels back to the main

site. A GRE tunnel is often use for site-to-site connectivity where an IPsec tunnel is also

implemented. Wireless WAN can be used to connect clients to the Internet, but the client-

to-site connection would be a VPN or SSL connection over the Internet. Site-to-site VPN

connections are intended for connecting sites to each other via an encrypted tunnel over

the Internet.

71. B. IPsec uses the Encapsulating Security Payload (ESP) protocol to encrypt data. The

Authentication Headers (AH) protocol is used with IPsec for the integrity of data. Internet

Key Exchange (IKE) is used between two IPsec members so they can build a security

association (SA). Internet Security Association and Key Management Protocol (ISAKMP)

uses IKE to build an SA so that encryption keys can be exchanged in the second phase of

encryption.

72. C. Site-to-site IPsec VPNs offer scalability as a benefit. This is because each remote office

only needs an Internet connection to create a VPN tunnel back to the main office. There is

a certain overhead when using VPN; therefore, higher bandwidth requirements may exist

after deploying site-to-site IPsec VPNs. Latency is affected and will be higher due to the

level of encryption each packet must undergo as it passes through the site-to-site VPN.

Support for multicast is not a common benefit of site-to-site IPsec VPNs.

73. A. Standard access control lists (ACLs) are within the range of 1 to 99. Extended access

control lists are within the range of 100 to 199. All of the other options are incorrect.

74. Standard access control lists (ACLs) can be based upon only the source address of the

packet. Extended access control list conditions can be based on the destination address.

When using standard access control list conditions, the source address can solely be

used to create a condition, but a source port cannot be defined. Extended access control

list conditions allow for combinations of source or destination address and source or

destination port.

75. C. Extended access lists are within the range of 100 to 199. Standard access lists are

within the range of 1 to 99. All of the other options are incorrect.

76. B. At the end of every access list there is a deny any any rule. If a permit is not configured

in the access list, the ACL does not serve a purpose. All ACLs must contain at least

one permit statement to be considered an actionable ACL. All of the other options are

incorrect.

77. B. When packets are compared to an access control list, they are compared in a sequential

order. When the first rule is found to match, the action is acted upon. There is no further

rule processing after the first match. There is an explicit

deny any any rule at the end of

each ACL. Therefore, if none of the conditions matches the packet, it is discarded due to

the conditions matching the

deny any any rule at the end of the list.

Download 8,04 Mb.

Do'stlaringiz bilan baham:

1 ... 499 500 501 502 503 504 505 506 ... 559