| 1 | Assuming that you are using IKE preshared key authentication, and that a unique preshared key is used between each pair of gateways, how many unique preshared keys are required for an IPsec VPN consisting of 10 gateways? How many (end-entity) certificates are required if IKE RSA digital signature authentication is used instead? |
| 2 | What are two common ways to reduce the amount of configuration on gateways in an IPsec VPN? |
| 3 | What protocol does DMVPN rely on to provide direct spoke site-to-spoke site connectivity? |
| 4 | What type of certificate is used for RSA digital signature authentication with IPsec? |
| 5 | What are two methods that a Cisco IOS router can use to check the revocation status of a certificate? |
| |
| 6 | What are the three main ways to configure high availability in an (IOS) IPsec VPN? |
| 7 | Why is fragmentation of IPsec packets undesirable? |
| 8 | What ToS/DS value does an IPsec VPN gateway include in the outer header of an IPsec packet by default? |
| 9 | Why might packets associated with the same IPsec SA be dropped if they are subject to different QoS treatment in an intervening network between IPsec VPN gateways? |
| 10 | What are some common ways to prevent fragmentation of IPsec packets? |
