多选题Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by AH？（）Adata integrityBdata confidentialityCdata authenticationDouter IP header confidentialityEouter IP header authentication

第1题：

What is the port number of the IPsec Authentication Header packet？（）

• A、IP protocol 50
• B、TCP port 51
• C、UDP port 50
• D、IP protocol 51
• E、UDP port 51
• F、TCP port 50

第2题：

You need to configure a GRE tunnel on a IPSec router. When you are using the SDM to configurea GRE tunnel over IPsec， which two parameters are required when defining the tunnel interfaceinformation？（）

• A、The crypto ACL number
• B、The IPSEC mode （tunnel or transport）
• C、The GRE tunnel interface IP address
• D、The GRE tunnel source interface or IP address， and tunnel destination IP address
• E、The MTU size of the GRE tunnel interface

第3题：

What is not a difference between VPN tunnel authentication and per-user authentication?（）

• A、VPN tunnel authentication is part of the IKE specification. 
• B、VPN tunnel authentication does not control which end user can use the IPSec SA (VPN tunnel).
• C、User authentication is used to control access for a specific user ID, and can be used with or without a VPN tunnel for network access authorization. 
• D、802.1X with EAP-TLS (X.509 certificates) can be used to authenticate an IPSec tunnel.

第4题：

Which two configuration elements are required for a policy-based VPN？（）

• A、IKE gateway
• B、secure tunnel interface
• C、security policy to permit the IKE traffic
• D、security policy referencing the IPsec VPN tunnel

第5题：

What is true about Quality of Service （QoS） for VPNs？（）

• A、QoS preclassification is only supported on generic routing encapsulation （GRE） and IPsec VPNs
• B、QoS preclassification is not required in Layer 2 Tunneling Protocol （L2TP）， Layer2 Forwarding （L2F）， and Point-to-Point Tunneling Protocol （PPTP） VPNs
• C、QoS preclassification is supported on IPsec AH VPNs， but not on IPsec ESP VPNs
• D、the QoS-for-VPNs feature （QoS preclassification） is designed for VPN transport interfaces
• E、with IPsec tunnel mode， the type of service （ToS） byte value is copied automatically from the original IP header to the tunnel header

第6题：

Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by ESP？（）

• A、data integrity
• B、data confidentiality
• C、data authentication
• D、outer IP header confidentiality
• E、outer IP header authentication

第7题：

You need to design a method of communication between the IT and HR departments. Your solution must meet business requirements. What should you do？（）

• A、Design a custom IPSec policy to implement Encapsulating Security Payload （ESP） for all IP traffic Design the IPSec policy to use certificate-based authentication between the two departments’ computers
• B、Design a customer IPSec policy to implement Authentication Header （AH） for all IP traffic. Desing the IPSec policy to use preshared key authentication between the two departments’ computers
• C、Design a customer IPSec policy to implement Encapsulating Payload （ESP） for all IP traffic. Desing the IPSec policy to use preshared key authentication between the two departments’ computers
• D、Design a customer IPSec policy to implement Authentication Header （AH） for all IP traffic. Desing the IPSec policy to use certificate-based authentication between the two departments’ computers

第8题：

第9题：

第10题：

第11题：

第12题：

第13题：

IPSec VPN is a widely-acknowledged solution for enterprise network. Which three IPsec VPNstatements are true？（）

• A、IKE keepalives are unidirectional and sent every ten seconds
• B、IPsec uses the Encapsulating Security Protocol （ESP） or the Authentication Header （AH）protocol for exchanging keys
• C、To establish IKE SA, main mode utilizes six packets while aggressive mode utilizes only threepackets
• D、IKE uses the Diffie-Hellman algorithm to generate symmetrical keys to be used by IPsec peers

第14题：

Which three features are benefits of using GRE tunnels in conjunction with IPsec for building site-to-site VPNs？（）

• A、allows dynamic routing over the tunnel
• B、supports multi-protocol （non-IP） traffic over the tunnel
• C、reduces IPsec headers overhead since tunnel mode is used
• D、simplifies the ACL used in the crypto map
• E、uses Virtual Tunnel Interface （VTI） to simplify the IPsec VPN configuration

第15题：

Which QoS preclassification option will require the use of the qos pre-classify command for the VPN traffic？ （）

• A、VPN traffic needs to be classified based on the Layer2 header information
• B、VPN traffic needs to be classified based on the IP precedence or DSCP
• C、VPN traffic needs to be classified based on IP flow or Layer 3 information， such as source and destination IP address
• D、VPN traffic with Authentication Header （AH） needs to preserve the ToS byte

第16题：

Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by ESP?（） (Choose three.)

• A、data integrity
• B、data confidentiality
• C、data authentication
• D、outer IP header confidentiality
• E、outer IP header authentication

第17题：

Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by AH?（） (Choose three.)

• A、data integrity
• B、data confidentiality
• C、data authentication
• D、outer IP header confidentiality
• E、outer IP header authentication

第18题：

Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by AH？（）

• A、data integrity
• B、data confidentiality
• C、data authentication
• D、outer IP header confidentiality
• E、outer IP header authentication

第19题：

第20题：

第21题：

第22题：

第23题：