A route-based VPN is required for which scenario? （）A、when the remote VPN peer is behind a NAT deviceB、when multiple networks need to be reached across the tunnelC、when the remote VPN peer is a dialup or remote access clientD、when a dynamic routing protoc

第1题：

When using the Cisco SDM Quick Setup Siteto-Site VPN wizard， which three parameters do you configure？（）

• A、Source interface where encrypted traffic originates
• B、IP address for the remote peer
• C、Transform set for the IPsec tunnel
• D、Interface for the VPN connection

第2题：

You have a VPN server named Server1 and a file server named Server2. Both servers run Windows Server 2003 Service Pack 2 (SP2). VPN clients report that they cannot access shares on Server2 after connecting to Server1. You confirm that VPN clients receive the appropriate IP configurations and that they have permissions to the shared folders on Server2. You need to ensure that VPN clients can access the shares on Server2 when they connect to the network by using a VPN connection.  What should you do? （）

• A、From the Routing and Remote Access snap-in on Server2， enable IP Routing.
• B、From the Routing and Remote Access snap-in on Server2， enable Link Control Protocol （LCP） extensions.
• C、From Utility Manager on Server1， enable the Start automatically when I log on option.
• D、In the local security policy on Server2， configure the Network Access： Shares that can be accessed anonymously setting.

第3题：

A policy-based IPsec VPN is ideal for which scenario？（）

• A、when you want to conserve tunnel resources
• B、when the remote peer is a dialup or remote access client
• C、when you want to configure a tunnel policy with an action of deny
• D、when a dynamic routing protocol such as OSPF must be sent across the VPN

第4题：

When configuring a Cisco Adaptive Security Appliance in multiple context mode， which of the follow capabilities are supported？（）

• A、 Multicastis supported
• B、 Dynamic routing protocols are supported
• C、 VPN configurations are supported
• D、 Static routes are supported

第5题：

An SSL VPN can be used in conjunction with IBM Tivoli Access Manager for Enterprise Single Sign-On to provide remote access to business critical information. Which statement is true about the Mobile ActiveCode （MAC） when it is used with a VPN Solution for remote access？（）

• A、The MAC can only be delivered to a mobile phone and is good for a single use only.
• B、The MAC can be delivered by mobile phone， e-mail， or fax， and it is good for one time authentication only.
• C、The MAC can only be delivered to a mobile phone and it is good until the expiration time is reached， as set by an administrator.
• D、The MAC can be delivered by mobile phone， email， or fax， and it is good until the expiration time is reached， as set by an administrator.

第6题：

A route-based VPN is required for which scenario？（）

• A、when the remote VPN peer is behind a NAT device
• B、when multiple networks need to be reached across the tunnel and GRE cannot be used
• C、when the remote VPN peer is a dialup or remote access client
• D、when a dynamic routing protocol is required across the VPN and GRE cannot be used

第7题：

You are designing a remote access strategy to meet the business and technical Requirement.  What should you do？（）

• A、 Configure each server running Routing and Remote Access as a RADIUS Client.
• B、 Add a Remote Access policy to each server running Routing and Remote Access. Configure the Access method as VPN access.
• C、 Add a Remote Access policy to each server running Routing and Remote Access. Configure the Access method as dialup access.
• D、 Add a Remote Access policy to each server running Routing and Remote Access. Configure the Access method as wireless access.

第8题：

第9题：

第10题：

第11题：

第12题：

第13题：

The LAN-side of the Teleworker router is assigned private IP address space (RFC1918), and the VPN topology is IPSec-only (no GRE protocol). When is it required to configure NAT/pNAT on the Teleworker router?（）

• A、when all access to the Internet is through the IPSec tunnel
• B、when there is direct Internet access via split-tunneling
• C、when there is no Internet access configured through the Teleworker router
• D、whenever you have IOS-Firewall (CBAC) configured

第14题：

Your company has a single active directory domain. The company network is protected by a firewall. Remote users connect to your network through a VPN server by using PPTP. When the users try to connect to the VPN server， they receive the following error message： Error 721： The remote computer is not responding. You need to ensure that users can establish a VPN connection. What should you do？ （）

• A、Open port 1423 on the firewall
• B、Open port 1723 on the firewall
• C、Open port 3389 on the firewall
• D、Open port 6000 on the firewall

第15题：

Which VPN management feature would be considered to ensure that the network had the least disruption of service when making topology changes?（）

• A、dynamic reconfiguration
• B、path MTU discovery
• C、auto setup
• D、remote management

第16题：

Why is NTP an important component when implementing IPSec VPN in a PKI environment？（）

• A、 To ensure the router has the correct time when generating its private/public key pairs.
• B、 To ensure the router has the correct time when checking certificate validity from the remote peers
• C、 To ensure the router time is sync with the remote peers for encryption keys generation
• D、 To ensure the router time is sync with the remote peers during theDH exchange
• E、 To ensure the router time is sync with the remote peers when generating the cookies during IKE phase 1

第17题：

Regarding a route-based versus policy-based IPsec VPN， which statement is true？（）

• A、A route-based VPN generally uses less resources than a policy-based VPN.
• B、A route-based VPN cannot have a deny action in a policy； a policy-based VPN can have a deny action.
• C、A route-based VPN is better suited for dialup or remote access compared to a policy-based VPN.
• D、A route-based VPN uses a policy referencing the IPsec VPN； a policy-based VPN policy does not use apolicy referencing the IPsec VPN

第18题：

You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains Windows Server 2003 file servers. The network also contains a Windows Server 2003 computer named Server1 that runs Routing and Remote Access and Internet Authentication Service （IAS）. Server1 provides VPN access to the network for users’ home computers.   You suspect that an external unauthorized user is attempting to access the network through Server1. You want to log the details of access attempts by VPN users when they attempt to access the network. You want to compare the IP addresses of users’ home computers with the IP addresses used in the access attempts to verify that the users are authorized.  You need to configure Server1 to log the details of access attempts by VPN users.   What should you do？  （）

• A、 Configure the system event log to Do not overwrite.
• B、 In IAS， in Remote Access Logging， enable the Authentication requests setting.
• C、 Configure the Remote Access server to Log all events.
• D、 Create a custom remote access policy and configure it for Authentication-Type.

第19题：

第20题：

第21题：

第22题：

第23题：