Refer to the exhibit. Which three statements about these three show outputs are true? (Choose three.)
Correct Answer: ACD
Explanation/Reference:
Explanation:
Get Latest & Actual 640-554 Exam’s Question and Answers from Passleader.
http://www.passleader.com
Show crypto map Field Descriptions
Peer
Possible peers that are configured for this crypto map entry. Extended IP access list Access list that is used to define the data packets that need to be encrypted. Packets that are denied by this access list are forwarded but not encrypted. The “reverse” of this access list is used to check the inbound return packets, which are also encrypted. Packets that are denied by the “reverse” access list are dropped because they should have been encrypted but were not.
Extended IP access check
Access lists that are used to more finely control which data packets are allowed into or out of the IPsec tunnel.
Packets that are allowed by the “Extended IP access list” ACL but denied by the “Extended IP access list check” ACL are dropped.
Current peer Current peer that is being used for this crypto map entry.
Security association lifetime
Number of bytes that are allowed to be encrypted or decrypted or the age of the security association before new encryption keys must be negotiated.
PFS
(Perfect Forward Secrecy) If the field is marked as `Yes’, the Internet Security Association and Key Management Protocol (ISAKMP) SKEYID-d key is renegotiated each time security association (SA) encryption keys are renegotiated (requires another Diffie-Hillman calculation). If the field is marked as `No’, the same ISAKMP SKEYID-d key is used when renegotiating SA encryption keys. ISAKMP keys are renegotiated on a separate schedule, with a default time of 24 hours.
Transform sets
List of transform sets (encryption, authentication, and compression algorithms) that can be used with this crypto map.
Interfaces using crypto map test Interfaces to which this crypto map is applied. Packets that are leaving from this interface are subject to the rules of this crypto map for encryption. Encrypted packets may enter the router on any interface, and they are decrypted. Nonencrypted packets that are entering the router through this interface are subject to the “reverse” crypto access list check.