As mentioned in the Introduction, the questions in this book are more difficult than what you should experience on the exam. The questions are designed to ensure your understanding of the concepts discussed in this chapter and adequately prepare you to complete the exam. You should take the simulated exams on the CD to practice for the exam.
| 1. | Why is manual-ipsec not recommended by Cisco? |
| 2. | What is the difference between an access VPN and an intranet VPN? |
| 3. | Which hash algorithm is configured by default for phase 1? |
| 4. | What are the two methods of identifying SA peers? |
| 5. | What happens if you have different ISAKMP policies configured on your potential SA peers, and none of them match? |
| 6. | Where do you define your authentication method? |
| 7. | What is the default lifetime if not defined in isakmp policy? |
| 8. | Do your transform sets have to match exactly on each peer? |
| 9. | What is the difference between the isakmp lifetime and the crypto map lifetime? |
| 10. | What command do you use to delete any active SAs? |
| 11. | What is the command for defining a preshared key? |
| 12. | What is the first thing you should check if you are unable to establish a VPN? |
| 13. | What is the command to apply an access list to a crypto map? |
| 14. | What is the difference between ESP and AH? |