Implementing Secure Solutions with Virtual Private Networks (SVPN) Quiz Questions and Answers

Answer :
  • The user is connecting to an IOS VPN gateway configured in Thin Client Mode.

Explanation :

A remote client must download a small, Java-based applet for secure access of TCP applications that use static port numbers. UDP is not supported. Examples include access to POP3, SMTP, IMAP, SSH, and Telnet. The user needs local administrative privileges
Answer :
  • migrate remote-access ssl overwrite

Explanation :

f your IKEv1, or even SSL, configuration already exists, the ASA makes the migration process simple. On the command line, enter the migrate command: migrate {l2l | remote-access {ikev2 | ssl} | overwrite} Things of note: Keyword definitions: l2l - This co
Answer :
  •  Types of applications and application protocols that are supported
  • The local privilege level of the remote user
  • Types of operating systems that are supported on the end-user system

Explanation :

When you design an SSL VPN network, it is important to understand that not all access methods are equal and different access methods can be deployed to achieve different goals. You should ask yourself several questions when you evaluate SSL VPN technology
Answer :
  • The Cisco ASA load balances IPsec VPN, clientless, and Cisco AnyConnect SSL VPN tunnels
  • The Cisco ASA load balances remote-access VPN tunnels only.

Explanation :

Load balancing works with IPsec clients and SSL VPN client and clientless sessions. All other VPN connection types (L2TP, PPTP, L2TP/IPsec), including LAN-to-LAN, can connect to an adaptive security appliance on which load balancing is enabled, but they c
Answer :
  • Increases speed by using a small key

Explanation :

ECC employs a relatively short encryption key -- a value that must be fed into the encryption algorithm to decode an encrypted message. This short key is faster and requires less computing power than other first-generation encryption public key algorithms
Answer :
  • Resistance to quantum attacks

Explanation :

ECC employs a relatively short encryption key -- a value that must be fed into the encryption algorithm to decode an encrypted message. This short key is faster and requires less computing power than other first-generation encryption public key algorithms
Answer :
  • The ssl server publis certificate is untrusted

Explanation :

Clientless SSL VPN enables end users to securely access resources on the corporate network from anywhere using an SSL-enabled Web browser. The user first autehnticates with a Clientless SSL VPN gateway, which then allows the user to access pre-configured
Answer :
  • local authentication method
  • match identity or certificate
  • remote authentication method

Explanation :

Profile is a container for all non-negotiable IKEv2 parameters/settings. Examples : Idenity local or remote Authentication method (RSA, Pre-share , EAP) Keyring/Trustpoint Authorization options, Lifetime (now NOT negotiated) and more
Answer :
  • Diagnostics and reporting tool

Explanation :

DART is the AnyConnect Diagnostics and Reporting Tool that you can use to collect data for troubleshooting AnyConnect installationand connection problems. 
Answer :
  • DTLS

Explanation :

DTLS is used for delay sensitive applications (voice and video) as its UDP based while TLS is TCP based DTLS is supported for AnyConnect VPN not in IKEv2