Home
Blog
Hobbies
Movies
Recipes
Dogs
Videos
CCNA Security
Engineering
Forum
Submit
CCNA Security
Home
Chapters
Search
VPN Technologies Quiz
Managing a Secure Network
Question 1 of 12
GRE (Generic Routing Encapsulation) tunnels provide which of the following by default?
Select the best answer:
Encryption and authentication of the tunnel payload
Multiprotocol encapsulation with no built-in encryption or authentication
Automatic IKE key negotiation for the tunnel
End-to-end AES-256 encryption between tunnel endpoints
IPsec IKE Phase 1 establishes:
Select the best answer:
The IPsec SA used to encrypt actual data traffic
A secure ISAKMP SA (management channel) to protect Phase 2 negotiations
The GRE tunnel endpoints and keep-alive timers
The AES encryption keys for the data plane
IPsec IKE Phase 2 (Quick Mode) negotiates:
Select the best answer:
The Diffie-Hellman group for key exchange
The IPsec SAs that protect the actual data traffic
The ISAKMP policy for peer authentication
The GRE encapsulation type for the tunnel
IPsec AH (Authentication Header) provides:
Select the best answer:
Encryption and authentication of the payload only
Authentication and integrity of the packet but NO encryption
Encryption of the entire IP packet including headers
Both encryption and authentication equivalent to ESP
IPsec ESP (Encapsulating Security Payload) provides:
Select the best answer:
Authentication of the outer IP header only, no encryption
Confidentiality (encryption), integrity, and optional authentication of the payload
Only integrity checking — no encryption support
End-to-end encryption without any authentication capability
In IPsec tunnel mode, which portion of the original packet is encrypted?
Select the best answer:
Only the TCP/UDP payload — the original IP header is left intact
The entire original IP packet, including its header
Only the IP header — the data payload is transmitted in cleartext
The outer IP header added by GRE encapsulation
Cisco Easy VPN simplifies IPsec VPN deployment by:
Select the best answer:
Automatically negotiating IKE Phase 1 without any pre-shared key
Centrally pushing VPN policy from a server to clients, reducing manual configuration
Replacing IPsec with SSL to simplify certificate management
Eliminating the need for any encryption on the VPN tunnel
SSL VPN (WebVPN) differs from IPsec VPN primarily because:
Select the best answer:
SSL VPN encrypts only application layer data; IPsec encrypts all layers
SSL VPN operates through a web browser without requiring a dedicated VPN client
SSL VPN is less secure than IPsec because it uses symmetric keys only
SSL VPN requires an IPsec tunnel as its underlying transport
What is the purpose of a Pre-Shared Key (PSK) in an IPsec VPN?
Select the best answer:
To encrypt the data payload in the IPsec ESP tunnel
To authenticate IPsec peers during IKE Phase 1 negotiation
To generate session keys for IKE Phase 2
To define the encryption algorithm for the ISAKMP SA
Which Cisco command initiates IPsec VPN peer authentication using a pre-shared key?
Select the best answer:
crypto ipsec key <key> peer <ip>
crypto isakmp key <key> address <peer-ip>
ip vpn preshared-key <key>
tunnel protection ipsec key <key>
In an IPsec VPN, a "transform set" defines:
Select the best answer:
The IKE Phase 1 policy for peer authentication
The encryption and authentication algorithms used to protect IPsec traffic
The IP addresses of the VPN peers and the tunnel interface
The Diffie-Hellman group number for key generation
DMVPN (Dynamic Multipoint VPN) improves on traditional hub-and-spoke IPsec VPNs by:
Select the best answer:
Replacing IPsec with GRE-only tunnels to reduce overhead
Enabling spoke sites to dynamically establish direct IPsec tunnels to each other
Centralizing all VPN key management at a single CA server
Eliminating the need for IKE by using static pre-shared keys
Previous
Next
Submit Quiz