Which device might be installed at a branch office to enable and manage an IPsec site-to-site VPN?() A.Cisco IOS IPsec/SSL VPN clientB.Cisco VPN ClinetC.ISDN terminal adapterD.Cisco Adaptive Security Appliance
Which device might be installed at a branch office to enable and manage an IPsec site-to-site VPN?()
A.Cisco IOS IPsec/SSL VPN client
B.Cisco VPN Clinet
C.ISDN terminal adapter
D.Cisco Adaptive Security Appliance
相关考题:
Which two methods use IPsec to provide secure connectivity from the branch office to the headquarters office?() A. DMVPNB. MPLS VPNC. Virtual Tunnel Interface (VTI)D. SSL VPNE. PPPoE
A virtual (71) network, or VPN, is an encrypted connection over the Internet from a device to a network. The encrypted connection helps ensure that sensitive data is safely (72). It prevents (73) people fromeavesdropping on the traffic and allows the user to conduct work remotely. Traffic on the virtual network is sent securely by establishing an encrypted connection across the Internet known as a (74).A remote access VPN securely connects a device outside the corporate office. A site-to-site VPN connects the corporate office to branch offices over the Internet. Site-to-site VPNs are used when distance makes it impractical to have direct network connections between these offices. Think of site-to-site access as (75) to network. A.encodedB.encryptedC.storedD.transmitted
Which two methods use IPsec to provide secure connectivity from the branch office to the headquarters office?()A、DMVPNB、MPLS VPNC、Virtual Tunnel Interface (VTI)D、SSL VPNE、PPPoE
Which of the following are common issues that should be considered when establishing ortroubleshooting site-to-site VPNs?(Choose all that apply.)()A、User authenticationB、Overlapping IP address spaceC、GRE or IPsec configurationD、MTU sizeE、VPN client softwareF、Authentication server configured ly
Which are three reasons that an organization with multiple branch offices and roaming users might implement a Cisco VPN solution instead of point-to-point WAN links?()A、reduced costB、better throughputC、increased securityD、scalabilityE、reduced latencyF、broadband incompatibility
our company has a main office and one branch office. All servers run Windows Server 2003 Service Pack 2 (SP2). The main office has a third-party gateway device named Gateway1. Gateway1 is connected to the internal network and the Internet. Gateway1 supports IPSec. In the branch office, you have a server named Server1. You create an IPSec policy on Server1. You need to ensure that Server1 can establish an IPSec tunnel to Gateway1. What should you use to configure the IPSec policy?()A、an IP filter that allows only Internet Control Message Protocol (ICMP) trafficB、an IP filter that allows only TCP traffic on port 1701C、a pre-shared key for authenticationD、Kerberos authentication
You are the network consultant from Cisco.com.Your customer has eight sites and will add in thefuture. Branch site to branch site traffic is approaching 30 percent. The customer’s goals are to make iteasier to add branch sites in the future and to reduce traffic through the hub. Which VPN topology should you recommend?()A、 Easy VPNB、 IPsec GRE tunnelingC、 Virtual Tunnel InterfacesD、 Dynamic Multipoint VPN
Which device might be installed at a branch office to enable and manage an IPsec site-to-site VPN?()A、Cisco IOS IPsec/SSL VPN clientB、Cisco VPN ClinetC、ISDN terminal adapterD、Cisco Adaptive Security Appliance
Which security-enabled device is recommended to provide a site-to-site IPsec VPN solution, but not SSL?()A、 Cisco Integrated Service RoutersB、 Cisco ASA 5500 Series Security ApplianceC、 CiscoWebVPN Services ModuleD、 CiscoIPsec VPN Module
Which factor is least likely to affect the scalability of a VPN design?()A、 number of branch officesB、 number of IGP routing peersC、 remote Office and home worker throughput bandwidth requirementsD、 high availability requirementsE、 Supported applications
Which two of these are advantages of placing the VPN device parallel to the firewall?()A、 high scalabilityB、 the design supports a layered security modelC、 firewall addressing does not need to changeD、 IPsec decrypted traffic is inspected by the firewallE、 there is a centralized point for logging and content inspection
You are the systems engineer for your company. The network consists of a single Active Directory domain. The company has a main office and two branch offices. All servers run Windows Server 2003. All client computers run either Windows XP Professional or Windows 2000 Professional. Each branch office maintains a dedicated 256-Kbps connection to the main office. Each office also maintains a T1 connection to the Internet. Each office has a Microsoft Internet Security and Acceleration (ISA) Server 2000 computer, which provides firewall and proxy services on the Internet connection. Each branch office contains one domain controller and five servers that are not domain controllers. There is minimal administrative staff at the branch offices. A new company policy states that all servers must now be remotely administered by administrators in the main office. The policy states that all remote administration connections must be authenticated by the domain and that all traffic must be encrypted. The policy also states that the remote administration traffic must never be carried in clear text across the Internet. You choose to implement remote administration by enabling Remote Desktop connections on all servers on the network. You decide to use the Internet-connected T1 lines for remote administration connectivity between offices. Because administrative tasks might require simultaneous connections to multiple servers across the network, you need to ensure that administrators do not lose connections to servers in one office when they attempt to connect to servers in another office. What should you do? ()A、 Configure Routing and Remote Access on one server in each branch office. Create L2TP/IPSec VPN ports on these servers. Create new VPN connections on the administrators’ computers to connect to the VPN servers in the branch offices.B、 Configure a VPN server in each branch office. Create connections that use IPSec Authentication Header (AH) in tunnel mode from the main office connect to VPN servers in the branch offices.C、 Configure a local L2TP/IPSec VPN connection on the ISA Server 2000 firewall computer in the main office. Configure the ISA Server 2000 firewall computers at the branch offices as remote L2TP/IPSec VPN servers.D、 Configure a local PPTP VPN connection on the ISA Server 2000 firewall computers in each branch office. Configure the ISA Server 2000 firewall computer at the main office as a remote PPTP VPN server.
Your company has a main office and a branch office.The branch office administrators are the only members of a custom management role group.The role group is configured to allow members to manage recipients. You notice that the branch office administrators can manage recipients in both offices.You need to ensure that the branch office administrators can manage recipients in the branch office only. What should you do?()A、Create and associate a management scope to the role group.B、Create and associate a management role assignment policy to the role group.C、Create a new linked role group, and then add the branch office administrators to the role group.D、Create a new role, and then add management role entries to the role.
You are a network administrator for your company. The company has a main office and a branch office. The branch office has a cable modem connection to the Internet and uses a virtual private network (VPN) connection to access resources on the main office network. The cable modem is connected to a Windows XP Professional computer named Pro1. You configure Internet Connection Sharing (ICS) on Pro1 to allow users in the branch office to use the VPN connection. ICS sets the network adapter to use the IP address 192.168.0.1. Several sales representatives in the branch office use wireless network adapters to share files between their client computers. They need access to the VPN connection to upload sales reports to the main office. You install a wireless network adapter in Pro1 and configure it with the appropriate settings for the wireless LAN. The sales representatives who use the wireless LAN report that they cannot access the VPN connection. However, they are able to connect to resources in the branch office. Users on the wired network do not report any connectivity problems. The sales representatives need to be able to access the VPN. What should you do?() A、Configure the wireless network connection on Pro1 so that it has an IP address of 192. 168. 0. 2.B、Disable and then re-enable Internet Connection Sharing (ICS) on Pro1.C、Create a network bridge between the wired and wireless connections on Pro1. D、Clear the Allow other network users to control or disable the shared Internet connection check box in the advanced properties of the VPN connection.
You are the systems engineer for your company. The company has a main office in Los Angeles and two branch offices, one in Chicago and one in New York. The offices are connected to one another by dedicated T1 lines. Each office has its own local IT department and administrative staff. The company network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. All servers support firmware-based console redirection by means of the serial port. The server hardware does not support any other method of console redirection and cannot be upgraded to do so. The company is currently being reorganized. The IT departments from each branch office are being relocated to a new central data center in the Los Angeles office. Several servers from each branch office are also being relocated to the Los Angeles data center. Each branch office will retain 10 servers. A new written security policy includes the following requirements: • All servers must be remotely administered for all administrative tasks. • All servers must be administered from the Los Angeles office. • All remote administration connections must be authenticated and encrypted. Your current network configuration already adheres to the new written security policy for day-to-day server administration tasks performed on the servers. You need to plan a configuration for out-of-band management tasks for each office that meets the new security requirements. Which three actions should you take?()A、 Connect each server’s serial port to a terminal concentrator. Connect the terminal concentrator to the network.B、 Connect a second network adapter to each server. Connect the second network adapter in each server to a separate network switch. Connect the management port on the switch to a WAN port on the office router. Enable IPSec on the router.C、 Enable Routing and Remote Access on a server in each branch office, and configure it as an L2TP/IPSec VPN server. Configure a remote access policy to allow only authorized administrative staff to make a VPN connection.D、 On each server, enable the Telnet service with a startup parameter of Automatic. Configure Telnet on each server to use only NTLM authentication. Apply the Server (Request Security) IPSec policy to all servers.E、 On each server, enable Emergency Management Services console redirection and the Emergency Management Services Special Administration Console (SAC).
Your company has a main office and a branch office. All branch office administrators are members of a custom management role group.The role group is configured to allow members to manage recipients.The branch office administrators are also members of The Domain Admins security group. The organization contains one Exchange Server 2010 server. You discover that the branch office administrators can manage recipients in both offices. You need to ensure that the branch office administrators can manage recipients in their assigned branch office only.What should you do?()A、Create a new management role entry for the role group.B、Create a management role assignment policy and associate the policy to the role group.C、Create a management scope and associate the scope to the role group.Set a recipient filter for the management scope.D、Remove the branch office administrators from the Domain Admins group.Add the branch office recipients to the role group.
单选题Which security-enabled device is recommended to provide a site-to-site IPsec VPN solution, but not SSL?()A Cisco Integrated Service RoutersB Cisco ASA 5500 Series Security ApplianceC CiscoWebVPN Services ModuleD CiscoIPsec VPN Module
多选题Which three features are benefits of using GRE tunnels in conjunction with IPsec for building site-to-site VPNs?()Aallows dynamic routing over the tunnelBsupports multi-protocol (non-IP) traffic over the tunnelCreduces IPsec headers overhead since tunnel mode is usedDsimplifies the ACL used in the crypto mapEuses Virtual Tunnel Interface (VTI) to simplify the IPsec VPN configuration
多选题Which two methods use IPsec to provide secure connectivity from the branch office to the headquarters office?()ADMVPNBMPLS VPNCVirtual Tunnel Interface (VTI)DSSL VPNEPPPoE
多选题You are the systems engineer for your company. The company has a main office in Los Angeles and two branch offices, one in Chicago and one in New York. The offices are connected to one another by dedicated T1 lines. Each office has its own local IT department and administrative staff. The company network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. All servers support firmware-based console redirection by means of the serial port. The server hardware does not support any other method of console redirection and cannot be upgraded to do so. The company is currently being reorganized. The IT departments from each branch office are being relocated to a new central data center in the Los Angeles office. Several servers from each branch office are also being relocated to the Los Angeles data center. Each branch office will retain 10 servers. A new written security policy includes the following requirements: • All servers must be remotely administered for all administrative tasks. • All servers must be administered from the Los Angeles office. • All remote administration connections must be authenticated and encrypted. Your current network configuration already adheres to the new written security policy for day-to-day server administration tasks performed on the servers. You need to plan a configuration for out-of-band management tasks for each office that meets the new security requirements. Which three actions should you take?()AConnect each server’s serial port to a terminal concentrator. Connect the terminal concentrator to the network.BConnect a second network adapter to each server. Connect the second network adapter in each server to a separate network switch. Connect the management port on the switch to a WAN port on the office router. Enable IPSec on the router.CEnable Routing and Remote Access on a server in each branch office, and configure it as an L2TP/IPSec VPN server. Configure a remote access policy to allow only authorized administrative staff to make a VPN connection.DOn each server, enable the Telnet service with a startup parameter of Automatic. Configure Telnet on each server to use only NTLM authentication. Apply the Server (Request Security) IPSec policy to all servers.EOn each server, enable Emergency Management Services console redirection and the Emergency Management Services Special Administration Console (SAC).
单选题our company has a main office and one branch office. All servers run Windows Server 2003 Service Pack 2 (SP2). The main office has a third-party gateway device named Gateway1. Gateway1 is connected to the internal network and the Internet. Gateway1 supports IPSec. In the branch office, you have a server named Server1. You create an IPSec policy on Server1. You need to ensure that Server1 can establish an IPSec tunnel to Gateway1. What should you use to configure the IPSec policy?()Aan IP filter that allows only Internet Control Message Protocol (ICMP) trafficBan IP filter that allows only TCP traffic on port 1701Ca pre-shared key for authenticationDKerberos authentication
单选题Your network has a main office and a branch office. The branch office has five client computers that runWindows 7 and a server that runs Windows Server 2008 R2. The branch office server is enabled for branchCache. You need to configure Windows Firewall on each client computer so that cached content canbe retrieved from the branch office server. Which firewall rule should you enable on the client computers?()ABranchCache - Content Retrieval (Uses HTTP)BBranchCache - Hosted Cache Server (Uses HTTPS)CBranchCache - Peer Discovery (Uses WSD)DFile and Printer Sharing
单选题Your company has a main office and two branch offices. The main office is located in Montreal. The branch offices are located in Seattle and Winnipeg. In the Montreal office, you have a server named Server1 that runs Windows Server 2003 Web Edition Service Pack 2 (SP2). Server1 is configured as a VPN router. In the Seattle office, you have a VPN server named Server2. In the Winnipeg office, you have a VPN server named Server3. On Server1, you configure a L2TP/IPSec demand-dial interface for each branch office. On each branch office server, you create a single demand-dial interface that uses L2TP/IPSec to connect to the main office. All demand-dial interfaces are configured to use a pre-shared key. You discover that only one branch office can connect to the main office at a time. You need to ensure that both branch offices can connect to the main office simultaneously. What should you do?()AAdd two more demand-dial interfaces on Server1.BInstall a computer certificate on Server1, Server2, and Server3.CUpgrade Server1 to Windows Server 2003 Standard Edition SP2.DAdd an additional demand-dial interface on Server2 and Server3.
单选题Which factor is least likely to affect the scalability of a VPN design?()A number of branch officesB number of IGP routing peersC remote Office and home worker throughput bandwidth requirementsD high availability requirementsE Supported applications
单选题Your network contains several branch offices. All servers run Windows Server 2008 R2. Each branch office contains a domain controller and a file server. The DHCP Server server role is installed on the branch office domain controllers. Each office has a branch office administrator. You need to delegate the administration of DHCP to meet the following requirements: èAllow branch office administrators to manage DHCP scopes for their own office èPrevent the branch office administrators from managing DHCP scopes in other offices èMinimize administrative effort. What should you do?()AIn the Active Directory domain, add the branch office administrators to the Server Operators built-in local group.BIn the Active Directory domain,add the branch office administrators to the NetworkConfiguration Operators built-in local group.CIn each branch office, migrate the DHCP Server server role to the file server. On each fileserver, add the branch office administrator to the DHCP Administrators local group.D n each branch office, migrate the DHCP Server server role to the file server. In the Active Directory domain, add the branch office administrators to the DHCP Administrators domain local group.
单选题You are the network consultant from Cisco.com.Your customer has eight sites and will add in thefuture. Branch site to branch site traffic is approaching 30 percent. The customer’s goals are to make iteasier to add branch sites in the future and to reduce traffic through the hub. Which VPN topology should you recommend?()A Easy VPNB IPsec GRE tunnelingC Virtual Tunnel InterfacesD Dynamic Multipoint VPN
多选题Which are three reasons that an organization with multiple branch offices and roaming users might implement a Cisco VPN solution instead of point-to-point WAN links?()Areduced costBbetter throughputCincreased securityDscalabilityEreduced latencyFbroadband incompatibility