CCNA

Home

Chat Room

Forum

Contact

IPSEC related questions and their answers

* Question

Which IPSec rule is used for the Olympia branch and what does it define? (Choose two)

A – 102

B – 116

C – 127

D – IP traffic sourced from 10.10.10.0/24 destined to 10.5.15.0/24 will use the VPN.

E – IP traffic sourced from 10.10.10.0/24 destined to 10.8.28.0/24 will use the VPN.

F – IP traffic sourced from 10.10.10.0/24 destined to 10.5.33.0/24 will use the VPN.

Answer: B E

Explanation:

From the output above, we learn that the IPSec Rule is 116. Next click on “IPSec Rules” and select the Name/Number of 116 to view the rule applied to it. You will see a “permit” rule for traffic from 10.10.10.0/24 to 10.8.28.0/24 (notice that the picture shown the wildcard masks, which are inverse subnet masks)

Question

Which defined peer IP address an local subnet belong to Crete? (Choose two)

A – peer address 192.168.55.159

B – peer address 192.168.89.192

C – peer address 192.168.195.23

D – subnet 10.5.15.0/24

E – subnet 10.7.23.0/24

F – subnet 10.4.38.0/24

Answer: A D

A – ESP-3DES-SHA

B – ESP-3DES-SHA1

C – ESP-3DES-SHA2

D- ESP-3DES

E – ESP-SHA-HMAC

*Answer: D

Explanation:

In the site-to-site VPN branch we see something like this but in the Tranform Set sub-branch, we see

so the answer should be ESP-3DES-SHA2 or ESP-3DES?

To answer this question, we should review the concept:

“Data confidentiality is the use of encryption to scramble data as it travels across an insecure media”. Data confidentiality therefore means encryption.

“The transform set is a group of attributes that are exchanged together, which eliminates the need to coordinate and negotiate individual parameters”. In the picture above, we can see 3 parts of the transform-set ESP-3DES-SHA2:

IPsec protocol: ESP

IPsec encryption type: 3DES

IPsec authentication: SHA2

The question wants to ask which algorithm is used for providing data confidentiality (encryption), therefore the answer should be D – ESP-3DES.