1. Home
  2. Networking
  3. CCSP Cisco Certified Security Professional Certification

Chapter Review

Chapter Review

The Cisco VPN 3000 Concentrator devices are a series of specialty appliances that perform VPN gateway services for organizations of all sizes. The VPN Concentrator can be used in remote access implementations, providing secure connections for mobile users and Small Office/Home Office (SOHO) locations, as well as LAN-to-LAN connections providing VPN access between branch locations. Many networks use the Concentrators for both types of networks.

Concentrator configuration and operations are via a menu-driven architecture, accessed by either a text-based CLI or a web-based interface. Generally, all tasks and functions can be performed using either interface, but the CLI must be used initially to configure an IP address on the private interface to allow web access.

The Concentrator functions and menu options break into three areas: Configuration, Administration, and Monitoring. Configuring the system sets the parameters that govern its use and functionality as a VPN device, but administration involves higher level activities, such as who is allowed to configure the system and what software runs on it. The Monitoring screens can be used to view the status of the many processes and activities essential to system administration and management, as well as the statistics the Concentrator compiles.

Questions

1.?

To make the VPN Concentrator accessible to a web browser, which interface must be configured by the CLI?

  1. Ethernet 0

  2. Ethernet 1

  3. Ethernet 2

  4. Ethernet 3

B. Ethernet 1

2.?

The VPN 3000 Concentrator CLI console connection uses which of the following?

  1. A standard Cisco console kit with cable

  2. A rollover cable with no adapters required

  3. A straight-through serial connection

  4. A straight-through RJ-45 cable with no adapters required

C. A straight-through serial connection

3.?

What is the following screen?

Welcome to

Cisco Systems

?VPN 3000 Concentrator Series

Command Line Interface

Copyright (C) 1998-2003 Cisco Systems, Inc.-- : Set the time on your device. ...

> Time

Quick -> [ 10:13:37 ]

  1. CLI startup menu

  2. Manager startup menu

  3. CLI Quick Configuration

  4. Manager Quick Configuration

C. CLI Quick Configuration

4.?

Which of the following is not one of the Quick Configuration steps?

  1. Define which tunneling protocols and encryption options will be used

  2. Change the admin password to improve system security

  3. Define the method(s) for assigning IP addresses to protected clients

  4. Define the IP routing method to be used

D. Define the IP routing method to be used

5.?

Which of the following wouldn’t a VPN Concentrator normally connect to in a remote access implementation?

  1. VPN 3002 Client

  2. VPN Client software

  3. VPN 3000 Concentrator

  4. PIX Firewall

C. VPN 3000 Concentrator (used for LAN-to-LAN implementations)

6.?

Which is not one of the three types of preshared keys?

  1. Unique

  2. User

  3. Group

  4. Wildcard

B. User

7.?

When using the VPN Concentrator internal authentication server, which is not an accurate maximum number of entries (groups and users combined)?

  1. Model 3005/3015—100

  2. Model 3030—500

  3. Model 3060—800

  4. Model 3080—1,000

C. Model 3060-800 (should be 1,000)

8.?

Which of the following is not one of the four possible methods for the VPN Concentrator to assign IP addresses to the remote users?

  1. Use Address from Authentication Server

  2. Use a DHCP Server

  3. Use NAT inside

  4. Use Address Pools

  5. Use Client Address

C. Use NAT inside

9.?

What does the term split tunneling refer to?

  1. The capability to establish multiple simultaneous VPN connections

  2. The capability to allow multiple users to share a VPN connection

  3. The capability to allow the IPSec client to go directly to the Internet in Cleartext form for those destinations that don’t require encryption

  4. The capability to create different VPN connections based on security requirements

C. Enables the IPSec client to go directly to the Internet in Cleartext form for those destinations that don t require encryption

10.?

Which statement is true about VPN Concentrator client firewall requirements?

  1. Used to require a personal firewall for all VPN clients

  2. Used to configure firewall parameters for VPN Clients running on PIX firewalls

  3. Used to configure firewall parameters for VPN Clients running on non- Windows PCs

  4. Used to configure firewall parameters for VPN Clients running Microsoft Windows

D. Used to configure firewall parameters for VPN Clients running Microsoft Windows

11.?

Which is not a supported type of user authentication server?

  1. RADIUS server

  2. TACACS+ server

  3. Internal server

  4. RSA Security Inc. SecurID (SDI) server

  5. NT Domain server

B. TACACS+ server

12.?

When using the Identity Parameters tab to define a group, which of the following is not included?

  1. User name

  2. Group name

  3. Password

  4. Authentication server type

A. User name

13.?

Which routing method is not supported using Configuration | System | IP Routing?

  1. Static routes

  2. OSPF

  3. Default gateways

  4. EIGRP

D. EIGRP

14.?

Which of the following is not a digital certificate type?

  1. Subordinate certificate

  2. CA certificate

  3. Secondary certificate

  4. Root certificate

  5. Identity certificate

A. Secondary certificate

15.?

Which is not one of the three keywords added to the [Main] section of the vpnclient.ini file for VPN Client Autoinitiation?

  1. AutoInitiationList

  2. AutoInitiationRetryInterval

  3. AutoInitiationNetworks

  4. AutoInitiationEnable

C. AutoInitiationNetworks

Answers

1.?

B. Ethernet 1

2.?

C. A straight-through serial connection

3.?

C. CLI Quick Configuration

4.?

D. Define the IP routing method to be used

5.?

C. VPN 3000 Concentrator (used for LAN-to-LAN implementations)

6.?

B. User

7.?

C. Model 3060—800 (should be 1,000)

8.?

C. Use NAT inside

9.?

C. Enables the IPSec client to go directly to the Internet in Cleartext form for those destinations that don’t require encryption

10.?

D. Used to configure firewall parameters for VPN Clients running Microsoft Windows

11.?

B. TACACS+ server

12.?

A. User name

13.?

D. EIGRP

14.?

A. Secondary certificate

15.?

C. AutoInitiationNetworks



BackCover
CCSP - Cisco Certified Security Professional Certification All-in-One Exam Guide
Introduction
Part I: Introduction to Network Security
Part II: Securing the Network Perimeter
Part III: Virtual Private Networks (VPNs)
Chapter 9: Cisco IOS IPSec Introduction
Chapter 10: Cisco IOS IPSec for Preshared Keys
Chapter 11: Cisco IOS IPSec Certificate Authority Support
Chapter 12: Cisco IOS Remote Access Using Cisco Easy VPN
Chapter 13: Cisco VPN Hardware Overview
Chapter 14: Cisco VPN 3000 Remote Access Networks
VPN Concentrator User Interfaces and Startup
VPN Concentrators in IPSec VPN Implementations
Remote Access VPNs with Preshared Keys
Digital Certificates
Configure Cisco VPN Client Support
VPN Client Autoinitiation Feature
Administer and Monitor Remote Access Networks
Chapter Review
Chapter 15: Configuring Cisco VPN 3002 Remote Clients
Chapter 16: Cisco VPN 3000 LAN-to-LAN Networks
Part IV: PIX Firewalls
Part V: Intrusion Detection Systems (IDS)
Part VI: Cisco SAFE Implementation
Appendix A: Access Control Lists
Appendix B: About the CD
List of Figures
List of Tables
List of Sidebars