1. Home
  2. Networking
  3. CCSP Cisco Certified Security Professional Certification

Chapter Review

Chapter Review

This chapter looked at configuring the VPN 3002 client and the VPN 3000 concentrators to support the VPN client features.

The VPN 3002 Hardware Client is a dedicated VPN device that can be used to connect one or more devices, including workstations, servers, hubs, cash registers, printers, and IP telephones to a company’s central network. The 3002 unit eliminates the need to install and configure VPN client software on the local workstation(s), plus it supports workstations running any TCP/IP supporting OS.

Configuring the VPN 3002 can be accomplished using a menu-driven version of the CLI or the more user-friendly Client Manager web-based application. The two systems have virtually identical steps and menu options making it easier to use both as needed.

The Quick Configuration option is used to provide the basic parameters required for connecting to a VPN Concentrator, which will “push” the basic IPSec configuration and security policy features down to the client. A wide variety of features can be configured on the VPN Concentrator to be pushed out to either VPN 3002 or VPN software clients. An auto-update feature facilitates configuration, software, and firmware upgrades.

Questions

1.?

What is another name for VPN PAT mode?

  1. Network Extension mode

  2. Client mode

  3. Network Extension Mode per Group

  4. Split tunnel mode

B. Client mode

2.?

Which of the following is not an IPSec implementation used by the VPN 3002?

  1. IPSec over TCP

  2. IPSec over UTP

  3. IPSec over NAT-T

  4. IPSec over PPTP

D. IPSec over PPTP

3.?

The VPN 3002 CLI is most like which of the following?

  1. Cisco IOS routers

  2. Cisco Catalyst 5000 and 6000 switches

  3. The PIX Firewall

  4. None of the above

D. None of the above. It is menu-driven, somewhat like the old 1900 switches

4.?

Which one of the following is not one of the three main menu sections for the VPN 3002?

  1. Monitoring

  2. Reporting

  3. Configuration

  4. Administration

B. Reporting

5.?

What is the command to upgrade the VPN 3002 software?

  1. copy tftp flash

  2. copy tftp nvram

  3. copy tftp backup

  4. None of the above

D. None of the above. This is a menu-driven process

6.?

Which of the following is a growing protocol for connecting ISPs through broadband connections like DSL/cable systems?

  1. PPP

  2. PPPoE

  3. Ethernet

  4. BGP

B. PPPoE

7.?

What is the first feature(s) set with Quick Configuration?

  1. Upload an Existing Configuration file

  2. Configure the Public Interface

  3. Set the System Time, Date, and Time Zone

  4. Configure DNS

C. Set the System Time, Date, and Time Zone

8.?

Where might the DHCP Server feature be configured on the VPN 3002?

  1. Public interface

  2. Private interface

  3. Public or private interfaces

  4. None of the above

B. Private interface. Where the LAN connects

9.?

In which two cases would PAT always be used on outbound traffic?

  1. Network extension mode

  2. Split tunnels

  3. Client mode

  4. PPPoE

B. Split tunnels, and C. Client mode

10.?

Which feature can be configured on either the VPN 3002 or the Concentrator?

  1. Interactive Unit Authentication

  2. IPSec Server Load Balancing

  3. Individual User Authentication

  4. IPSec backup servers

D. IPSec backup servers

11.?

Which feature requires Virtual Cluster protocol configuration?

  1. Interactive Unit Authentication

  2. IPSec Server load balancing

  3. Individual User Authentication

  4. IPSec backup servers

B. IPSec Server load balancing

12.?

Reverse Route Injection refers to which of the following?

  1. Inserting main network routes in remote network route tables

  2. Making main network routes available to all remote VPN clients

  3. Inserting remote network routes in main network route tables

  4. Exchanging routes both ways between main and branch networks

C. Inserting remote network routes in main network route tables

13.?

Which Cisco protocol allows wireless users to authenticate over VPN links?

  1. NAT Traversal (NAT-T)

  2. LEAP Bypass

  3. RRI

  4. PPPoE

B. LEAP Bypass

14.?

Which of the following is not supported by Client Update features?

  1. VPN Software

  2. Firmware on VPN 3002

  3. Push Banner to VPN 3002

  4. VPN configurations

C. Push Banner to VPN 3002

15.?

Which of the following might create problems for wireless users behind the VPN 3002?

  1. IPSec over NAT-T

  2. Interactive Hardware Client Authentication

  3. Individual User Authentication

  4. AES Support and Diffie-Hellman Group

B. Interactive Hardware Client Authentication. The wireless clients would have to wait for a wired user to authenticate the VPN 3002 to the Concentrator.

Answers

1.?

B. Client mode

2.?

D. IPSec over PPTP

3.?

D. None of the above. It is menu-driven, somewhat like the old 1900 switches

4.?

B. Reporting

5.?

D. None of the above. This is a menu-driven process

6.?

B. PPPoE

7.?

C. Set the System Time, Date, and Time Zone

8.?

B. Private interface. Where the LAN connects

9.?

B. Split tunnels, and C. Client mode

10.?

D. IPSec backup servers

11.?

B. IPSec Server load balancing

12.?

C. Inserting remote network routes in main network route tables

13.?

B. LEAP Bypass

14.?

C. Push Banner to VPN 3002

15.?

B. Interactive Hardware Client Authentication. The wireless clients would have to wait for a wired user to authenticate the VPN 3002 to the Concentrator.



BackCover
CCSP - Cisco Certified Security Professional Certification All-in-One Exam Guide
Introduction
Part I: Introduction to Network Security
Part II: Securing the Network Perimeter
Part III: Virtual Private Networks (VPNs)
Chapter 9: Cisco IOS IPSec Introduction
Chapter 10: Cisco IOS IPSec for Preshared Keys
Chapter 11: Cisco IOS IPSec Certificate Authority Support
Chapter 12: Cisco IOS Remote Access Using Cisco Easy VPN
Chapter 13: Cisco VPN Hardware Overview
Chapter 14: Cisco VPN 3000 Remote Access Networks
Chapter 15: Configuring Cisco VPN 3002 Remote Clients
The VPN 3002 in the Network
Configuring the 3002 Device
Common Configuration Tasks
Basic Configuration for the VPN 3002
Other VPN 3002 Software Features
Auto-Update Feature
Chapter Review
Chapter 16: Cisco VPN 3000 LAN-to-LAN Networks
Part IV: PIX Firewalls
Part V: Intrusion Detection Systems (IDS)
Part VI: Cisco SAFE Implementation
Appendix A: Access Control Lists
Appendix B: About the CD
List of Figures
List of Tables
List of Sidebars