Exam Prep Questions

Question 1

graphics/trick_icon.gif

What is the default IP address of the Private Interface of a VPN 3002 Hardware Client?

  • A. 192.168.1.10

  • B. 192.168.100.1

  • C. 192.168.10.1

  • D. 192.1.168.1

A1:

Answer C is correct. The private interface comes with the IP address of 192.168.10.1 with a subnet mask of 255.255.255.0. A, B, and D are all incorrect IP addresses.

Question 2

Which operating mode would be synonymous with PAT mode?

  • A. Network Extension mode

  • B. Network Extending mode

  • C. Interactive authentication

  • D. Client mode

A2:

Answer D is correct. Client mode utilizes PAT by translating users' IP addresses into the assigned internal IP address. Network Extension mode does not utilize PAT for tunneled traffic. Answers B and D are not actual modes of the VPN 3002 Hardware Client.

Question 3

Which are valid in regards to Individual Authentication? (Choose two.)

  • A. Configuration must be done on the VPN 3002 Hardware Client.

  • B. Configuration must be done on the VPN 3000 Concentrator.

  • C. Individual authentication is enabled by default.

  • D. Individual authentication is disabled by default.

A3:

Answer B and D are correct. To configure Individual authentication, you configure all parameters on the VPN 3000 Concentrator. Specifically, on the HW Client tab, fill in the Require Individual User Authentication check box. This feature is disabled by default. Answer A is incorrect because the configuration does not take place on the hardware client. Answer C is incorrect because Interactive and Individual authentication are disabled by default.

Question 4

Which two can bypass Individual logins? (Choose two.)

  • A. Aironet Wireless Devices supporting LEAP

  • B. Administrators with bypass privileges

  • C. TACACS+ queries

  • D. TFTP

  • E. Cisco IP Phones

A4:

Answers A and E are correct. The only two devices that can bypass the Individual authentication feature are Cisco Aironet wireless devices using LEAP for wireless authentication and Cisco IP phones on tunnels running in Network Extension mode. Answers B, C, and D are incorrect because the only devices and protocols that can bypass the Individual login feature are Cisco IP phones and Cisco wireless devices utilizing LEAP.

Question 5

Which of the following is not a management protocol used to configure the hardware client?

  • A. HTTP

  • B. TFTP

  • C. SSH

  • D. Telnet

A5:

Answer B is correct. The hardware client supports HTTP and HTTPS (if a certificate is installed in browser) for the HTML-based VPN 3002 Hardware Client Manager. You can also access the CLI by using Telnet and SSH, as well as using the RJ-45 console port. Only TFTP is used by the concentrator to utilize the auto-update feature.

Question 6

graphics/trick_icon.gif

In which two instances will the hardware client prompt you with the Individual login screen? (Choose two.)

  • A. When you access any data service on the central site's network

  • B. When you browse to the VPN 3000 Concentrator's Private Interface

  • C. When you browse to the VPN 3002 Hardware Client's Private Interface

  • D. When the admin logs out of the hardware client

A6:

Answers B and C are correct. The hardware client prompts you to perform individual authentication when you browse to the hardware client's Private Interface and use the Connection/Login Status hyperlink. In addition, you are prompted for a login when you browse to any Web page on the concentrator's network (including the concentrator's private interface). A is incorrect because it must be some form of Web browsing that prompts the login. D is incorrect because it does not matter who is logged in to the hardware client.

Question 7

How many tunnels does the VPN 3002 Hardware Client support?

  • A. 253

  • B. 5

  • C. 1

  • D. 100

A7:

Answer C is correct. The hardware client supports a single tunnel to a destination. It also supports 253 users to traverse that tunnel. Answers A, B, and D are incorrect because the 3002 supports only a single tunnel.

Question 8

What are the default states of the private and public interfaces on the VPN 3002 Hardware Client?

  • A. Public and private interfaces act as DHCP servers.

  • B. Public interface is a DHCP client; private interface acts as a DHCP server.

  • C. Public and private interfaces are DHCP clients.

  • D. Private interface is a DHCP client; public interface acts as a DHCP server.

A8:

Answer B is correct. The private interface default configuration is to act as a DHCP server. The IP address of the interface is 192.168.10.1, and the DHCP server distributes IPs 192.168.10.2 192.168.10.128. The public interface is defaulted to a DHCP client, so it receives an IP from a DHCP server on the public network. Answer A is incorrect because the public interface does not act as a DHCP server. Answer C is incorrect because the private interface has a static IP address of 192.168.10.1. Answer D is incorrect because it is the exact opposite; the private interface acts as a DHCP server and the public interface acts as a DHCP client.

Question 9

graphics/trick_icon.gif

How many LAN-to-LAN tunnels are supported on the VPN 3002 Hardware Client?

  • A. 1

  • B. 2

  • C. 253

  • D. 0

A9:

Answer D is correct. The hardware client does not support LAN-to-LAN tunnels. Although Network Extension mode is similar to a LAN-to-LAN tunnel, the hardware client is still acting as a client and must be configured in the User Management section of the VPN 3000 Concentrator. Answers A, B, and C are incorrect because the VPN 3002 does not support LAN-to-LAN tunnels.

Question 10

Which policy is not pushed down to the VPN 3002 from the VPN 3000 Concentrator?

  • A. Firewall policy

  • B. Split tunneling policy

  • C. Authentication feature policy

  • D. Update policy

A10:

Answer A is correct. The hardware client obtains WINS, DNS, default domain name information, and split tunneling policies. In addition, the concentrator can push an auto-update policy to upgrade the software of the hardware client. Interactive and Individual Authentication policies are also pushed configurations sent from the central concentrator. The 3002 does not receive any firewall policies from the VPN 3000 Concentrator.




CSVPN Exam Cram 2 (Exam 642-511)
CCSP CSVPN Exam Cram 2 (Exam Cram 642-511)
ISBN: 078973026X
EAN: 2147483647
Year: 2002
Pages: 185

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net