Home > Articles > Cisco Certification > CCNP Security / CCSP > CCSP Cisco Secure VPN Exam: Remote Access Configuration

CCSP Cisco Secure VPN Exam: Remote Access Configuration

Chapter Description

This chapter discusses the process of implementing Internet Protocol Security (IPSec) using preshared keys on the Cisco VPN 3000 Series Concentrators. You'll read an overview of remote access using preshared keys, learn how to configure the Cisco VPN 3000 Concentrator Series and browsers for remote access, and discover configuration methods for users and groups. You'll also learn how to set up IPSec Windows clients.

Q&A

As mentioned in Chapter 1, "All About the Cisco Certified Security Professional," these questions are more difficult than what you should experience on the CCSP exam. The questions do not attempt to cover more breadth or depth than the exam; however, the questions are designed to make sure you know the answer. Rather than allowing you to derive the answer from clues hidden inside the question itself, your understanding and recall of the subject are challenged. Questions from the "Do I Know This Already?" quiz from the beginning of the chapter are repeated here to ensure that you have mastered the chapter's topic areas. Hopefully, these questions will help limit the number of exam questions on which you narrow your choices to two options and guess!

You can find the answers to these questions in Appendix A, "Answers to the "Do I Know This Already" Quizzes and Q&A Sections."

  1. Where would you normally use unique preshared keys?

  2. To use a web browser to access the VPN Manager application on VPN concentrators, what features must you enable on the browser?

  3. What information is required to configure a LAN interface on the VPN concentrator?

  4. What is the default administrator name and password for the GUI VPN Manager?

  5. What options are available for addressing an IP interface on the IP Interfaces screen?

  6. What is the maximum number of combined groups and users that can be supported on a VPN 3015 Concentrator?

  7. What are the four subcategories under the Configuration option of the VPN Manager's TOC?

  8. On the General tab of a group's Add screen, what options can you select for Access Hours?

  9. What IPSec protocols are available from the default IPSec SA settings on the IPSec tab of the Group Add screen?

  10. What are the nine subcategories under the Configuration | System option in the VPN Manager's table of contents?

  11. Where does the VPN concentrator store system events?

  12. What areas can be configured under the Traffic Management section of the Configuration | Policy Management section?

  13. Where do you enter the preshared key so that a VPN Client can connect to a VPN concentrator?

  14. What are the three types of preshared keys?

  15. What types of interfaces are the Public and Private VPN interfaces?

  16. Which interface do you need to configure using the browser-based VPN Manager?

  17. What would you do if you needed to re-enter the Quick Configuration mode after you have completed the initial configuration of the VPN concentrator?

  18. When the VPN Manager's Main window is displayed, how do you continue with the Quick Configuration that was started at the CLI?

  19. What methods can be selected for assigning IP addresses to the tunnel endpoints from the Quick Configuration Address Assignment screen?

  20. When using the VPN Manager, how can you tell that you have made changes to the active configuration?

  21. What is an external group in the VPN Manager system?

  22. What is the purpose of the SEP card assignment attribute on the General tab of the Group Add screen?

  23. You would like to be able to pass DNS and WINS information from the VPN concentrator to the VPN Client. What Group option can you use to accomplish this?

  24. What dynamic routing protocols are available on the VPN 3000 Concentrators?

  25. What protocol does the VPN concentrator use to update software versions on Cisco VPN 3002 Hardware Clients?

  26. How do you start the Cisco VPN Client installation process?

  27. What methods can you use for user authentication on the Cisco VPN 3000 Series Concentrators?

  28. What is a group preshared key?

  29. When you boot up a Cisco VPN 3000 Concentrator with the default factory configuration, what happens?

  30. If you supply an address of 144.50.30.24 and want to use a 24-bit subnet mask for the Private interface on a VPN concentrator, are you able to accept the default subnet mask offered by the VPN Manager?

  31. What are the three major sections of the VPN Manager system?

  32. The Quick Configuration system has displayed the System Info screen. What information, other than system date and time, can you enter on this screen?

  33. What is the maximum number of combined groups and users that can be supported on a VPN 3060 Concentrator?

  34. From where do users inherit attributes on the VPN concentrator?

  35. What is the default number of simultaneous logins available to group members?

  36. What is the purpose of IKE keepalives?

  37. Where would you configure information for NTP and DHCP servers within the VPN Manager?

  38. What is the most significant event severity level?

  39. What Microsoft Windows operating systems can support the Cisco VPN Client?

  40. What programs are available within the VPN Client installation?

  41. What is a unique preshared key?

  42. What type of cable does the console port require on VPN concentrators?

  43. What is the default administrator name and password for VPN concentrators?

  44. How do you get your web browser to connect to the VPN concentrator's manager application?

  45. What is the first screen that appears when you click the Click here to start Quick Configuration option in the VPN Manager?

  46. If you select Internal Server as the method of user authentication, what additional screen does the Quick Configuration system give you?

  47. When do configuration changes become active on the Cisco VPN 3000 Series Concentrators?

  48. When reviewing the list of attributes for a group, what does it mean when an attribute's Inherit? box is checked?

  49. What is a realm in relation to user authentication?

  50. What is split tunneling?

  51. What management protocols can you configure on the VPN concentrator?

  52. What is the process a VPN Client uses to connect to a VPN concentrator when load balancing is used between two or more VPN concentrators?

  53. What variables can you supply during the installation process of the Cisco VPN Client?

  54. What methods can be used for device authentication between VPN peers?

  55. What is a wildcard preshared key?

  56. What information do you need to supply in the CLI portion of Quick Configuration?

  57. What is the last step you must take before moving from the CLI Quick Configuration mode to the browser-based Quick Configuration mode?

  58. What hot keys are available in the standard toolbar of the VPN Manager?

  59. What tunneling protocols does the VPN concentrator support?

  60. When you select IPSec as the tunneling protocol, what screen does Quick Configuration present?

  61. How many groups can a user belong to in the VPN concentrator's internal database?

  62. What is the size range for user authentication passwords for internal users?

  63. What does the Authentication option RADIUS with Expiry provide?

  64. What tunneling protocol can be configured on the VPN concentrator to support the Microsoft Windows 2000 VPN client?

  65. How does the VPN 3000 Concentrator handle software updates for VPN Software Clients?

  66. How do you start the VPN Client on a Windows system?