1. Which type of SSL VPN architecture supports any IP application without application modification?以下哪种类型的SSL VPN架构支持所有的IP应用,并目无需对应用进行修改?
A.Full tunneling完全隧道
B.Split tunneling分割隧道
C.Clientless tunneling无客户端隧道
D.None of these answers are correct. 以上皆不对
A B C D
A
2. Which type of VPN architecture allows remote users URL and CIFS file access to internal resources through a web browser?以下哪种类型的VPN架构允许远程用户通过Web浏览器并使用URL和CIFS文件来访问内部资源?
A.Split tunneling分割隧道
B.Full tunneling完全隧道
C.Clientless无客户端
D.Terminal services终端服务
E.None of these answers are correct. 以上皆不对
A B C D E
C
3. What provides endpoint authentication for both the client and the server?可以同时为客户端和服务器提供终结点认证的是?
A.Web browser Web浏览器
B.SHA-1
C.TCP traffic TCP流量
D.SSL/TLS
E.None of these answers are correct. 以上皆不对
A B C D E
D
4. What can directly influence the strength of protection provided by algorithms such as 3DES or AES?以下哪项能够直接影响加密算法(3DES或AES)所提供的保护强度?
A.Key length密钥长度
B.Firewall rules防火墙规则
C.IPS inspection engine IPS检查引擎
D.Certificate expiration date证书的有效期限
E.None of these answers are correct. 以上皆不对
A B C D E
A
5. What are the two choices of SSL VPNs? SSL VPN的两种访问选择是?
A.Clientless with a web browser使用Web浏览器的无客户端访问
B.Cisco Any Connect VPN client使用Cisco Any Connect VPN客户端访问
C.Proxy mode代理模式
D.None of these answers are correct. 以上皆不对
A B C D
AB
6. After authentication, what does the Cisco ISR apply a set of to the user session?完成认证以后,Cisco ISR将为用户会话应用一系列的?
A.Static routes静态路由
B.Split tunneling routes分割隧道路由
C.Authorization rules授权规则
D.None of these answers are correct. 以上皆不对
A B C D
C
7. The SSL VPN gateway is enabled on the Cisco ISR with which command?以下哪条命令用于激活Cisco ISR的SSL VPN网关服务?
A.inservice
B.ssl vpn enable
C.gateway
D.vpn enable
E.None of these answers are correct. 以上皆不对
A B C D E
A
8. For proper authentication,what must be provisioned to the Cisco ISR?为了提供更为优秀的认证机制,你应当为Cisco ISR选择何种途径?
A.Memory upgrade升级内存
B.IOS upgrade升级IOS
C.Identity certificate身份证书
D.CA ROOT certificate CA根证书
A B C D
C
9. By default, which kind of certificate does the ISR create upon each reboot that will cause client warnings when attempting SSL VPN access because the certificate cannot be verified?默认情况下,ISR会在每次重启之后生成哪种证书?但是由于该证书无法被验证,因此客户端在试图进行SSL VPN访问时会收到证书警告。
A.Certificate authority认证权威机构(CA)
B.Certificate CA CA证书
C.Self-signed X.509 certificate自签名X.509证书
D.ROOT certificate根证书
A B C D
C
10. What is assigned to the client as it connects in full tunnel mode?当客户端使用完全隧道模式连接时,SSL VPN网关会为客户端分配?
A.A unique client ID number唯一的客户端ID号
B.A list of software to install软件安装清单
C.IP address IP地址
D.ROOT certificate根证书
A B C D
C
11. What is required for the initial installation of the Cisco Any Connect client?首次安装Cisco Any Connect客户端时应当具备何种条件?
A.On-site technician技术人员现场支持
B.Terminal services session终端服务会话
C.Administrative privilege管理员特权
D.Memory upgrade升级内存
A B C D
C
12. What can users use to access internal resources with the ISR performing as a proxy to provide internal content on its SSL VPN portal?用户能够使用以下哪种方式来访问内部资源,此时ISR扮演代理,并在其SSL VPN的门户页而上提供资源内容?
A.SSH
B.Telnet
C.Web browser Web浏览器
D.Terminal session终端会话
A B C D
C
13. What should be alleviated first as a factor for troubleshooting?对于SSL VPN的故障排除而言,首当其冲地应当关注的因素是?
A.Authentication problems认证故障
B.Verify that the service is running验证服务是否正常运行
C.Connectivity issues连通性问题
D.Proper authorization正确的授权
A B C D
C
14. What enables Cisco Integrated Services Routers to act as VPN gateways?以下哪项特性使得Cisco集成多业务路由器能够扮演一台VPN网关?
A.Cisco EZVPN Remote Cisco EZVPN远程特性
B.PKI
C.Cisco EZVPN Server Cisco EZVPN服务器特性
D.None of these answers are correct. 以上答案皆不对
A B C D
C
15. What can the EZVPN server use to create cryptographic tunnel contexts? (Select all that apply.)EZVPN服务器可以使用哪些内容来创建加密隧道的环境?(选择所有正确的选项)
A.VTI
B.IPsec
C.Crypto map加密图
D.B and C B和C
E.None of these answers are correct. 以上答案皆不对
A B C D E
AC
16. Which of the following is preferred to EZVPN for deploying full tunneling?如果计划部署完全隧道,那么应当优先选择以下哪种解决方案?
A.IPsec tunnels IPSec隧道
B.Traditional WAN circuits传统WAN电路
C.Client-based tunneling基于客户端的隧道
D.SSL VPNs SSL VPN
E.None of these answers are correct. 以上答案皆不对
A B C D E
D
17. Which is an additional authentication mechanism that can be used in addition to group passwords?除了使用组密码认证以外,以下哪项可以作为额外的认证机制?
A.XAUTH
B.RADIUS
C.TACACS+
D.IPsec
E.None of these answers are correct. 以上答案皆不对
A B C D E
A
18. Recommended practice dictates limiting the size of which of the following to mitigate the fallout if a group password is compromised?如果组密码被泄露,那么推荐做法是限制以下哪项的大小,从而尽可能地降低受影响的程度?
A.Networks网络
B.VPNs VPN
C.User databases用户数据库
D.Groups组
A B C D
D
19. Which type of authentication should you use to make the implementation resistant to a man-in-the-middle attack?你应当使用哪种类型的认证来加强实施的安全性,从而有效地抵御中间人攻击?
A.One-way单向
B.Two-way双向
C.PKI-based基于PKI
D.Group password-based基于组密码
E.None of these answers are correct. 以上答案皆不对
A B C D E
C
20. Which of the following is authenticated when using XAUTH with the EZVPN remote hardware device?当EZVPN远程硬件设备使用XAUTH时,实际的被认证者是?
A.Rrouter路由器
B.User用户
C.Network网络
D.None of these answers are correct. 以上答案皆不对
A B C D
A
21. Which of the following are modes of operation of the EZVPN Remote feature on hardware clients?(Select all that apply.)以下哪些是硬件客户端EZVPN远程特性的操作模式?(选择所有正确的选项)
A.Client mode客户端模式
B.Network extension网络扩展模式
C.Network extension plus增强型的网络扩展模式
D.Client plus增强型的客户端
A B C D
ABC
22. What issue is mitigated by using certificate-based, rather than group password-based, EZVPN implementations?在EZVPN的实施中,使用基于证书的认证比使用基于组密码的认证能够更好地抵御哪种攻击?
A.Man-in-the-middle attack中间人攻击
B.DoS attacks DoS攻击
C.Ping sweep Ping扫描
D.Reconnaissance attack探测攻击
A B C D
A
23. What are the two areas to investigate when troubleshooting VPNs?当对VPN进行故障排除时,需要重点留意的两个区域是?
A.Session establishment会话建立
B.Data flow数据流
C.Your ISP当前的ISP
D.None of the answers are correct. 以上答案皆不对
A B C D
AB
二、填空题
1. The ISR uses the identity certificate to ______ itself to remote clients. ISR使用身份证书向远程客户端来______自己。
谁认证
2. ______ can increase the risk to remote clients and internal resources because the clients can potentially act as a relay between untrusted and trusted networks. ______会给远程客户端和内部资源带来风险,因为客户端可能成为不可信任网络和可信任网络之间的中继设备。
分割隧道
3. When terminating a clientless VPN, the ISR acts as a ______ to provide access to internal resources to remote users. 当使用无客户端VPN时,ISR扮演一台______设备,从而为远程用户提供内部资源的访问。
代理
4. ______ VPNs require VPN client software to be installed on the remote computer or dedicated VPN devices (hardware clients) to enable full routed IP access to internal resources. ______VPN需要在远程计算机或专用VPN设备(硬件客户端)上安装VPN客户端软件,从而启用去往内部资源的完全路由的IP访问。
完全隧道
5. ______ VPNs are easier to deploy than a full tunneling remote access VPN,but they typically provide limited access to resources when compared to the full tunnel. ______ VPN比完全隧道远程访问VPN的部署要简单,但是相比于完全隧道VPN,这种模式只能提供有限的资源访问。
无客户端
6. Clientless deployments require that the user open a web browser, which acts as the VPN client, and the VPN gateway acts as a ______ device to the internal resources. 无客户端VPN的部署需要用户使用Web浏览器作为VPN客户端,而VPN网关扮演一台连接到内部资源的 ______ 设备。
代理
7. The recommended algorithms for IKE session encryption are ______ and ______. 用于IKE会话加密的推荐算法是______和______。
AES-128 3DES
8. The recommended hash algorithm to provide message authentication and integrity is ______. 用于提供消息认证和完整性的推荐散列算法是______。
SHA-1 HMAC
9. The recommended algorithms for encryption of user traffic are ______ and ______. 用于加密用户流量的推荐算法是______和______。
AES-128 3DES
10. ______ requires administrative privileges because it changes the local host's file. ______需要获取远程客户端操作系统的管理员特权,因为该特性需要修改本地主机的系统文件。
端口转发
11. Hosts behind the remote VPN router are not reachable for a session initiated from the central site in ______ mode. 在______模式下,如果中心站点作为会话的发起方,那么它将无法与远程VPN路由器身后的主机进行通信。
客户端
12. The Easy VPN client can be the Cisco VPN client or an Easy VPN Remote hardware device such as the ______. EZVPN客户端可以是Cisco VPN客户端软件,或是EZVPN远程硬件设备,如______。
Cisco ISR
13. The Cisco Easy VPN Server can ______ IPsec tunnels that are initiated by remote users running VPN client software on their systems. Cisco EZVPN服务器能够______那些由运行VPN客户端软件的远程用户发起的IPSec隧道。
终结
14. As the Cisco Easy VPN Remote initiates a VPN tunnel, the Cisco Easy VPN ______ pushes the IP Security (IPsec) policies to the Cisco Easy VPN Remote ______ and creates the corresponding VPN tunnel connection. 当Cisco EZVPN远程特性发起VPN隧道时,Cisco EZVPN ______可以向Cisco EZVPN远程______推送IPSec策略,并建立相关的VPN隧道连接。
服务器 客户端
15. XAUTH takes place ______ IKE phase 1 completes and ______ the IKE phase 2 (IPsec SA) negotiations begin. XAUTH特性作用于IKE阶段1协商完成______和IKE阶段2(IPSec SA)协商开始______。
之后 之前
16. Group passwords are very vulnerable to compromise simply because of their ______ nature. 由于组密码具有______的特点,因此它非常容易遭到窃取和泄露。
共享
17. Configuring a basic Cisco ISR Easy VPN ______ consists of basic gateway configuration, group authentication, client configuration, and user authentication configuration. 配置基础的Cisco ISR EZVPN______,包括基础的网关配置、组认证、客户端配置及用户认证配置。
服务器
18. The Cisco ISR can be used as an Easy VPN Remote ______. Cisco ISR能够配置扮演一台EZVPN远程______。
硬件客户端
19. You can enhance authentication by using ______ on remote clients and the Easy VPN Server. 你可以通过使用______来增强远程客户端与EZVPN服务器之间的认证。