Exam Prep Questions

Which of the following is not a default Administrator?

• A. admin

• B. mis

• C. itmngr

• D. isp

• E. user

Answer C is correct. The five default administrators are admin, config, mis, isp, and user.

Which of the following is a proper client type and URL for a VPN 3002 Hardware Client?

• A. vpn3002, http://192.168.100.100

• B. VPN3002, tftp://192.168.100.100

• C. windows, tftp://192.168.100.100

• D. vpn3002, tftp://192.168.100.100

Answer D is correct. The auto update for a hardware client is done using TFTP. In addition, the client type field should be vpn3002 and is case sensitive. Answer A is incorrect because the VPN 3002 Hardware Client uses TFTP addresses for auto updates, not HTTP. B is incorrect because the VPN3002 client type is case sensitive and should be in lowercase letters. Answer C is incorrect because the client type is set for the Unity Client as opposed to the VPN 3002 Hardware Client.

Which screen shows you general statistics concerning sessions connecting to the concentrator and allows you to log out those sessions?

• A. Administration | Tunnels

• B. Monitoring | Sessions

• C. Administration | Administer Sessions

• D. Configuration | Tunneling Protocols | Sessions

Answer C is correct. The Administration | Administer Sessions screen shows you statistics, as well as enables you to ping and log out sessions. Answer B is incorrect because the Monitoring | Sessions screen does not let you log out the sessions. Answers A and D are incorrect because they are not actual pages in the VPN Concentrator Manager.

Which rebooting option in the concentrator enables you to set the system back to factory defaults?

• A. Erase Startup-Config

• B. Reboot Without Saving the Active Configuration

• C. Reboot Ignoring the Configuration File

• D. Reboot System to Factory Defaults

Answer C is correct. The Reboot Ignoring the Configuration File option reloads the concentrator and bypasses the configuration, giving you a clean configuration with which to start. Mind you, when any reboot option is chosen, there is no warning message to the administrator about the consequences of the reboot, so choose the options carefully. Answer A is incorrect because that is the command to return a Cisco router or switch to its factory defaults. Answer B is incorrect because that is the default option that reboots the router without saving the configuration to the CONFIG file. This option causes you to only lose any unsaved configurations, not set the concentrator back to factory defaults. Answer D is incorrect because that option does not exist.

What protocol can be used to authenticate admin access to the VPN concentrator and even specify the administrator access rights?

• A. TACACS+

• B. RADIUS

• C. Kerberos

• D. SSH

Answer A is the correct answer. TACACS+ is the only AAA protocol supported for administrator sessions to the concentrator. Answers B and C are incorrect because RADIUS and Kerberos are utilized by the concentrator only for device-level and user authentication for the network, not for administrator access to the concentrator. Answer D is incorrect because SSH is a management protocol used to gain access to the concentrator, not control administrator access.

Which of the following is not a logging method for event logs?

• A. Email

• B. FTP

• C. TFTP

• D. Console

• E. Syslog

Answer C is the correct answer. The VPN 3000 Concentrator can log events to the following: internal log, console, FTP, SNMP, Syslog, and email. TFTP is not a viable logging method for event logs.

Which of the following are true concerning event logging? (Choose all that apply.)

• A. The VPN 3005 Concentrator's internal log buffer can contain up to 256 events.

• B. The VPN Concentrator considers event severity levels 10 13 as debugging levels.

• C. New entries overwrite older entries when the internal log buffer is full.

• D. The VPN Concentrator considers event severity levels 1 6 as normal.

• E. The VPN 3015 Concentrator's internal log buffer can contain up to 256 events.

• F. You can view the event logs in real time.

• G. Event severity levels 1 5 are sent to the console by default.

Answers A, C, D, and F are correct. The VPN 3005 Concentrator can log up to 256 events in its internal buffer. The VPN 3015 3080 can contain up to 2048 events because of their additional Flash memory. When the VPN 3000 Concentrator has reached the maximum event entries in its internal buffer, the older entries are overwritten by the newer event logs. You can view the event logs in real time at the Monitoring | Live Event Log screen. Here you can pause and clear the output on the screen because the entries might scroll quickly across the screen. By default, severity event levels 1 3 are sent to the console; severity levels 1 5 are logged into the internal buffer. Cisco considers severity levels 1 6 as normal, 7 9 as debugging events, and 10 13 as packet decoding hex dumps. Answer B is incorrect because levels 7 9 are debugging events and 10 13 are packet decoding hex dumps. Answer E is incorrect because the VPN 3015 Concentrator's internal log buffer can contain up to 2048 events. Answer G is incorrect because event severity levels 1 3 are sent to the console by default; 1 5 are sent to the concentrator's internal buffer.

Which of the following is the correct Access Control List (ACL) syntax to allow only management workstation 10.2.2.20/24 access to the concentrator?

• A. IP address 10.2.2.20, IP Mask 255.255.255.255, Access Group 1 (admin)

• B. IP address 10.2.2.20, IP Mask 0.0.0.0, Access Group 10 (admin)

• C. IP address 10.2.2.20, IP Mask 255.255.255.0, Access Group 1 (admin)

• D. IP address 10.2.2.20, IP Mask 255.255.255.0, Access Group 0 (admin)

Answer A is correct. The syntax to apply an ACL to the concentrator is to specify the IP address of the workstation followed by an IP mask. You can also specify the access group level that the station contains. Answer B is incorrect because the IP mask is the not a wildcard mask and the Access Group for admin rights is Group 1. Answers C and D are incorrect because the IP Mask is for the entire network as opposed to that particular workstation.

Which of the following are viable ways to back up the configuration file? (Choose all that apply.)

• A. Export the active configuration to a XML file.

• B. Upload the CONFIG fie via the TFTP protocol.

• C. Save the active configuration.

• D. View the configuration file and save the corresponding window as a text file.

• E. Click on the Copy hyperlink of the CONFIG file in the Administration | File Management screen.

Answers A, B, C, D, and E are correct. In the Administration | File Management screen, you can back up your configuration to a file via TFTP, as well as export the configuration to an XML file. In addition, you can view the current contents of the CONFIG and save the contents as a text file on your workstation. As opposed to viewing the configuration, you can also click on the Copy hyperlink and save a copy of the CONFIG file in the Flash memory of the VPN Concentrator. Finally, every time you save the configuration, it automatically backs up the previous CONFIG file as CONFIG.BAK.

Which of the following are ways in which you can send an update notification to a group? (Choose two.)

• A. Click on the Update Group button in the Configuration | User Management | Groups page.

• B. Click on the Upgrade Clients Now button in the Administration | Software Update | Clients page.

• C. Add an update entry after clicking on the Client Update button in the Configuration | User Management | Groups page.

• D. Select the update notification in the individual group configurations in the Update Notification field.

Answers B and C are correct. To send a notification to particular groups, you can click on the Upgrade Clients Now button in the Administration | Software Update | Clients page or add an update entry after clicking on the Client Update button in the Configuration | User Management | Groups page. Answers A and D are incorrect, because those options do not exist in the VPN Concentration Manager.