Implementing Secure Solutions with Virtual Private Networks (SVPN) Quiz Questions and Answers

An IOS SSL VPN is configured to forward TCP ports. A remote user cannot access the corporate FTP site with a Web browser. What is a possible reason for the failure?

Answer :
  • The user is connecting to an IOS VPN gateway configured in Thin Client Mode.

Explanation :

A remote client must download a small, Java-based applet for secure access of TCP applications that use static port numbers. UDP is not supported. Examples include access to POP3, SMTP, IMAP, SSH, and Telnet. The user needs local administrative privileges

Which command simplifies the task of converting an SSL VPN to an IKEv2 VPN on a Cisco ASA appliance that has an invalid IKEv2 configuration?

Answer :
  • migrate remote-access ssl overwrite

Explanation :

f your IKEv1, or even SSL, configuration already exists, the ASA makes the migration process simple. On the command line, enter the migrate command: migrate {l2l | remote-access {ikev2 | ssl} | overwrite} Things of note: Keyword definitions: l2l - This co

Which two statements about the Cisco ASA load balancing feature are correct?

Answer :
  • The Cisco ASA load balances IPsec VPN, clientless, and Cisco AnyConnect SSL VPN tunnels
  • The Cisco ASA load balances remote-access VPN tunnels only.

Explanation :

Load balancing works with IPsec clients and SSL VPN client and clientless sessions. All other VPN connection types (L2TP, PPTP, L2TP/IPsec), including LAN-to-LAN, can connect to an adaptive security appliance on which load balancing is enabled, but they c

When deploying clientless SSL VPN advanced application access, the administrator needs to collect information on the end-user systems. Which three input parameters about an end-user system are of major concern for the administrator?

Answer :
  •  Types of applications and application protocols that are supported
  • The local privilege level of the remote user
  • Types of operating systems that are supported on the end-user system

Explanation :

When you design an SSL VPN network, it is important to understand that not all access methods are equal and different access methods can be deployed to achieve different goals. You should ask yourself several questions when you evaluate SSL VPN technology

What is a benefit of ECC as compared to public key cryptography?

Answer :
  • Increases speed by using a small key

Explanation :

ECC employs a relatively short encryption key -- a value that must be fed into the encryption algorithm to decode an encrypted message. This short key is faster and requires less computing power than other first-generation encryption public key algorithms

What is an advantage of using elliptic curve cryptography?

Answer :
  • Resistance to quantum attacks

Explanation :

ECC employs a relatively short encryption key -- a value that must be fed into the encryption algorithm to decode an encrypted message. This short key is faster and requires less computing power than other first-generation encryption public key algorithms

What represents a possible network configuration issue in clientless sslvpn deployments?

Answer :
  • The ssl server publis certificate is untrusted

Explanation :

Clientless SSL VPN enables end users to securely access resources on the corporate network from anywhere using an SSL-enabled Web browser. The user first autehnticates with a Clientless SSL VPN gateway, which then allows the user to access pre-configured

Which three configuration parameters are mandatory for an IKEv2 profile? (Choose three.)

Answer :
  • local authentication method
  • match identity or certificate
  • remote authentication method

Explanation :

Profile is a container for all non-negotiable IKEv2 parameters/settings. Examples : Idenity local or remote Authentication method (RSA, Pre-share , EAP) Keyring/Trustpoint Authorization options, Lifetime (now NOT negotiated) and more

What does DART stand for?

Answer :
  • Diagnostics and reporting tool

Explanation :

DART is the AnyConnect Diagnostics and Reporting Tool that you can use to collect data for troubleshooting AnyConnect installationand connection problems. 

An engineer is configuring SSL VPN for remote access. A real-time application that is sensitive to packet delay will be used. Which feature should the engineer confirm is enabled to avoid latency and bandwidth problems associated with SSL connections?

Answer :
  • DTLS

Explanation :

DTLS is used for delay sensitive applications (voice and video) as its UDP based while TLS is TCP based DTLS is supported for AnyConnect VPN not in IKEv2