1. Home
  2. Networking
  3. CCSP Cisco Certified Security Professional Certification

Chapter Review

Chapter Review

This chapter looked at using Cisco VPN 3000 Series Concentrator devices in LAN-to- LAN VPN implementations. The VPN Concentrator works as an endpoint device in these implementations. While the peer device can be a router, PIX firewall, Cisco VPN 3002 hardware client, or third-party VPN device, this chapter and the features that will be tested on the exam assume Cisco VPN Concentrators will be on both ends of the link.

LAN-to-LAN (site-to-site) VPNs are a rapidly expanding alternative or augmentation to leased line or Frame Relay WAN infrastructures. VPNs are used to create secure tunnels between two networks via an insecure public network, such as the Internet. The Cisco Concentrator supports three types of tunnels: Layer 2 Tunneling Protocol (L2TP), Point-to-Point Tunneling Protocol (PPTP), and IPSec.

Two types of LAN-to-LAN VPN implementations exist.

  • Intranet VPNs provide secure connections between branch offices to the enterprise network resources.

  • Extranet VPNs provide secure connections for special third parties, such as business partners, vendors, and customers to the specified enterprise resources.

The Concentrator menu-driven system is used to configure basic LAN-to-LAN VPN parameters, as well as to enable and define features like NAT Transparency and VPN routing features, such as reverse route injection (RRI) and Virtual Router Redundancy Protocol (VRRP).

Questions

1.?

Which one of the following tunnel protocols is not supported on Cisco Concentrators?

  1. Layer 2 Tunneling Protocol (L2TP)

  2. Point-to-Point Tunneling Protocol (PPTP)

  3. IP Security (IPSec)

  4. Layer 2 Forwarding (L2F)

D . Layer 2 Forwarding (L2F)

2.?

Which three ports must be open on the entire data path for standard IPSec VPNs?

  1. Protocol 50

  2. Protocol 55

  3. Protocol 51

  4. UDP 500

A. Protocol 50, C. Protocol 51, and D. UDP 500

3.?

Assuming LAN-to-LAN Network Lists are used, how many lists would a remote branch have in a hub-and-spoke topology?

  1. 1

  2. 2

  3. 1 for each spoke, plus one for the hub

  4. None

B. 2

4.?

Which is an example of a valid Network List entry?

  1. 192.168.10.0/255.255.255.0

  2. 192.168.10.0/24

  3. 192.168.10.0/0.0.0.255

  4. 192.168.10.0-192.168.10.255

C. 192.168.10.0/0.0.0.255

5.?

How many LAN-to-LAN connections can be created with each VPN peer?

  1. 1

  2. 100

  3. 500

  4. 1000

A. 1

6.?

What is the maximum total number of LAN-to-LAN connections supported on the VPN 3060 Concentrator?

  1. 100

  2. 500

  3. 700

  4. 1000

D. 1000

7.?

If the Configuration | System | Tunneling Protocols | IPSec | LAN-to-LAN | No Public Interfaces message is displayed, which statement is false?

  1. You can configure the public interface

  2. The LAN-to-LAN connection failed

  3. You need to go to the Configure | Interfaces screen

  4. The LAN-to-LAN connection must be redone

C. You need to go to the Configure | Interfaces screen

8.?

Which is not an IPSec NAT Transparency feature?

  1. IPSec over TCP

  2. IPSec over PPP

  3. IPSec over UDP

  4. IPSec over NAT Traversal

B. IPSec over PPP

9.?

Which statement is not true about IPSec over TCP?

  1. It supports both VPN Software Client and VPN 3002 Device

  2. Requires v3.5 or higher of the VPN software

  3. It takes precedence over all other IPSec implementations

  4. Supports LAN-to-LAN connections

D. Supports LAN-to-LAN connections

10.?

Which version of the VPN software is required to support NAT Traversal?

  1. 3.2

  2. 3.5

  3. 3.6

  4. 3.7

  5. 11.

C. 3.6

11.?

What is the default port for IPSec over TCP?

  1. 520

  2. 4500

  3. 6300

  4. 10000

D. 10000

12.?

Which of the following could be used to create a LAN-to-LAN VPN connection between two networks with overlapping IP addresses?

  1. NAT one LAN so they are no longer overlapping

  2. Use PAT on the link

  3. NAT both LANs

  4. Renumber one or both LANs

C. NAT both LANs

13.?

Which Concentrator feature allows the VPN Concentrator to add static routes to its routing table, and then to share those routes with connected routers?

  1. Route autodiscovery

  2. VRRP

  3. RRP

  4. RRI

D. RRI

14.?

Which of the following causes the Concentrator to retain routing table entries that might otherwise be dropped because of link inactivity?

  1. Client Reverse Route Injection

  2. Address Pool Hold Down Routes

  3. Network Extension Reverse Route Injection

  4. Generate Hold Down Routes

B. Address Pool Hold Down Routes

15.?

Which feature provides failover protection for VPN Concentrator users?

  1. Route autodiscovery

  2. VRRP

  3. RRP

  4. RRI

B. VRRP

Answers

1.?

D. Layer 2 Forwarding (L2F)

2.?

A. Protocol 50, C. Protocol 51, and D. UDP 500

3.?

B. 2

4.?

C. 192.168.10.0/0.0.0.255

5.?

A. 1

6.?

D. 1000

7.?

C. You need to go to the Configure | Interfaces screen

8.?

B. IPSec over PPP

9.?

D. Supports LAN-to-LAN connections

10.?

C. 3.6

11.?

D. 10000

12.?

C. NAT both LANs

13.?

D. RRI

14.?

B. Address Pool Hold Down Routes

15.?

B. VRRP



BackCover
CCSP - Cisco Certified Security Professional Certification All-in-One Exam Guide
Introduction
Part I: Introduction to Network Security
Part II: Securing the Network Perimeter
Part III: Virtual Private Networks (VPNs)
Chapter 9: Cisco IOS IPSec Introduction
Chapter 10: Cisco IOS IPSec for Preshared Keys
Chapter 11: Cisco IOS IPSec Certificate Authority Support
Chapter 12: Cisco IOS Remote Access Using Cisco Easy VPN
Chapter 13: Cisco VPN Hardware Overview
Chapter 14: Cisco VPN 3000 Remote Access Networks
Chapter 15: Configuring Cisco VPN 3002 Remote Clients
Chapter 16: Cisco VPN 3000 LAN-to-LAN Networks
The VPN Concentrators in LAN-to-LAN VPNs
LAN-to-LAN Networks with Preshared Keys
LAN-to-LAN Networks with Digital Certificates
NAT Issues
NAT Transparency
LAN-to-LAN VPN with Overlapping Network Addresses
LAN-to-LAN Routing
Chapter Review
Part IV: PIX Firewalls
Part V: Intrusion Detection Systems (IDS)
Part VI: Cisco SAFE Implementation
Appendix A: Access Control Lists
Appendix B: About the CD
List of Figures
List of Tables
List of Sidebars