A.IKE keepalives are unidirectional and sent every ten seconds
B.IPsec uses the Encapsulating Security Protocol (ESP) or the Authentication Header (AH)protocol for exchanging keys
C.To establish IKE SA, main mode utilizes six packets while aggressive mode utilizes only threepackets
D.IKE uses the Diffie-Hellman algorithm to generate symmetrical keys to be used by IPsec peers
您可能感興趣的試卷
你可能感興趣的試題
Study the exhibit carefully. The Cisco IOS IPsec High Availability (IPsec HA) Enhancementsfeature provides an infrastructure for reliable and secure networks to provide transparent availability of the VPN gateways - that is, Cisco IOS Software-based routers. What are the twooptions that are used to provide High Availability IPsec?()
A.HSRP
B.Dual Router Mode (DRM) IPsec
C.IPsec Backup Peerings
D.RRI
IPSec VPN is a widely-acknowledged solution for enterprise network. What are the four steps tosetup an IPsec VPN?()
A.A
B.B
C.C
D.D
A.The cypto isakmp keepalive command is used to configure the Stateful Switchover (SSO)protocol
B.Reverse Route Injection (RRI) is configured on at the remote site to inject the central sitenetworks
C.Each Hot Standby Routing Protocol (HSRP) standby group has two well-known MACaddresses and a virtual IP address
D.The cypto isakmp keepalive command is used to configure stateless failover
A.The crypto ACL number
B.The IPSEC mode (tunnel or transport)
C.The GRE tunnel interface IP address
D.The GRE tunnel source interface or IP address, and tunnel destination IP address
E.The MTU size of the GRE tunnel interface
Refer to the exhibit. Which two statements about the AAA configuration are true?()
A.A good security practice is to havethe none parameter configured as the final method used toensure that no other authentication method will be used
B.If a TACACS+ server is not available, then a user connecting via the console port would not beable to gain access since no other authentication method has been defined
C.If a TACACS+ server is not available, then the user Bob could be able to enter privileged modeas long as the proper enable password is entered
D.Theaaa new-model command forces the router to override every other authentication methodpreviously configured for the router lines
E.To increase security, group radius should be used instead of group tacacs+
F.Two authentication options are prescribed by the displayedaaa authentication command
最新試題
As a network technician, do you know what is a recommended practice for secure configurationmanagement?()
Study the exhibit carefully.Routers A and B are customer routers. Routers 1, 2, 3 and 4 are provider routers. The routers areoperating with various IOS versions. Which frame mode MPLS configuration statement is true?()
Drag and drop question. The upper gives the MPLS functions, the bottom describes the planes.Drag the above items to the proper location at the below
Study this exhibit carefully. What information can be derived from the SDM firewall configurationdisplayed?()
Which three statements accurately describe IOS Firewall configurations?()
Network Topology Exhibit:Configuration Exhibit:NET(config)# access-list 112 deny icmp any any echo logNET(config)# access-list 112 deny imp any any redirect logNET(config)# access-list 112 deny icmp any any mask-request logNET(config)# access-list 112 permit icmp any 10.1.1.0 0.0.0.255NET(config)# interface Fa0/1NET(config-if)# ip access-group 112 inYou work as a network administrator at networkTut.com, study the exhibit carefully. Theconfiguration has been applied to router NET to mitigate the threat of certain types of ICMPbasedattacks while allowing some ICMP traffic to the corporate LAN to work. However, the configurationis incorrect. On the basis of the information in the exhibit, which configuration option wouldcorrectly configure router NET?()
In computer security, AAA stands for authentication, authorization and accounting. Which optionabout the AAA authentication enable default group radius enable command is correct?()
This item contains several questions that you must answer. You can view these questions byclicking on the Questions button to the left. Changing questions can be accomplished by clickingthe numbers to the left of each question. In order to complete the questions, you will need to referto the SDM and the topology, neither of which is currently visible. To gain access to either thetopology or the SDK click on the button to left side of the screen that corresponds to the sectionyou wish to access. When you have finished viewing the topology the SDK you can return to yourquestions by clicking on the Questions button to the left.Which IPSec rule is used for the Olympia branch and what does it define?()
Drag and drop each management protocol on the above to the correct category on the below.
Router NetworkTut is configured as shown below:Given the above configuration, which statement is true?()