1. What are the three elements of secure data transport? (Choose three.)
- confidentiality
- integrity
- availability
- authorization
- scalability
- accountability
2. What is a characteristic of the IP authentication header?
- the assurance that the original data packet has not been modified during transport
- the provision for data confidentiality, integrity, and authentication
- the use of protocol number 50 located in the IP header
- the encryption of data to ensure it is viewable by only authorized users
3. What is a characteristic of the IPsec ESP tunnel mode?
- It encrypts the entire original packet.
- It encrypts and authenticates only the original packet payload.
- It uses the original IP header to route packets.
- It encrypts both the IPsec and ESP headers.
4. What is the first configuration step required to create pre-shared keys for IPsec protected DMVPN networks?
- creating an IKEv2 keyring
- creating a peer name
- identifying the IP address of peer routers
- defining the pre-shared keys
5. What function does the IKE protocol provide to IPsec VPNs?
- encapsulation methods
- data integrity hashing
- data authorization procedures
- secure key-exchange methods
6. What security mechanism is used to provide origin authentication for data transported through a secure DMVPN tunnel?
- preshared keys
- encryption algorithms
- hashing algorithms
- security associations
7. Which IPsec function uses hashing algorithms to ensure packets are not modified in transit?
- data integrity
- data confidentiality
- replay detection
- origin authentication
8. Which protocol is used by IPsec to transport keys securely across insecure networks?
- IKE
- SSL
- SSH
- HTTPS
9. How much overhead is added to unencrypted DMVPN packets by the GRE flags and header?
- 8 bytes
- 12 bytes
- 24 bytes
- 48 bytes
10. What is the Cisco recommended IPsec replay window-size?
- 32 packets
- 64 packets
- 128 packets
- 1024 packets
11. What IPsec service verifies that the data was not altered during transmission?
- authorization
- confidentiality
- encapsulation
- encryption
- integrity
12. What are three characteristics of IPsec? (Choose three.)
- data integrity
- encapsulation of a number of network layer protocols
- implementation at the transport layer
- origin authentication
- data confidentiality
- forwarding of duplicated packets
“Do I Know This Already?” Quiz Answers:
1. In an MPLS Layer 3 VPN WAN model, data is protected on the SP network because of which mechanism?
- Data confidentiality is protected because MPLS Layer 3 VPNs include encryption on the SP network.
- Data integrity is maintained because MPLS Layer 3 VPNs include checksums on the SP network.
- Data integrity is not protected on the SP network.
- Data confidentiality is dependent on the SP’s processes.
2. Which IPsec security mechanism ensures that if a hacker gains access to a session key, that person cannot maintain access to that session indefinitely?
- Replay detection
- Periodic rekey
- Perfect forward secrecy
- Encapsulating Security Payload
3. True or false: The IKEv2 keyring functionality allows for the pre-shared key to be set on a neighbor-by-neighbor basis.
- True
- False
4. True or false: Enabling IPsec tunnel encryption involves the configuration of the IKEv2 profile and its association to a tunnel interface.
- True
- False
5. Which command enables IPsec encryption on an tunnel interface?
- tunnel protection ipsec profile profile-name
- ipsec protection profile profile-name
- crypto map map-name ipsec-isakmp interface interface-id
- crypto map map-name tunnel tunnel-id ipsec-isakmp
6. A router has just been configured with IPsec DMVPN tunnel protection and needs to have the IPsec packet replay feature set the number of packets to 64. Which command should be used?
- crypto ipsec security-association replay window-size 64
- ipsec security-replay window-size 64
- ipsec window-size 64
- None. The command is not needed.