Explanation/Reference:
Explanation: Threat Defense
Enabling integrated security in routers, switches, and appliances: Security techniques enabled throughout
the network, not just in point products or locations
Secure Connectivity
VPN Description VPN Name
Use AH and ESP to secure data; requires endpoints have IPsec software Standard IPsec Secure
encrypted point-to-point GRE tunnels; on-demand spoke-tospoke connectivity
Cisco DMVPN
Enables routing and multicast traffic across an IPsec VPN; non-IP protocol and QoS support Cisco GRE-
based
VPN
Encryption integration on IP and MPLS WANs; simplifies encryption management using group keying; any-
to-any connectivity Cisco GET VPN
Simplifies hub-and-spoke VPNs; need to reduce VPN management Cisco Easy VPN Trust
Trust is the relationship between two or more network entities that are permitted to communicate.
Security policy decisions are largely based on this premise of trust. If you are trusted, you are allowed to
communicate as needed. However, sometimes security controls need to apply restraint to trust
relationships by limiting or preventing access to the designated privilege level. Trust relationships can be
explicit or implied by the organization. Some trust relationships can be inherited or passed down from one
system to another. However, keep in mind that these trust relationships can also be abused.
Identity
Identity is the "who" of a trust relationship. These can be users, devices, organizations, or all of the above.
Network entities are validated by credentials. Authentication of the identity is based on the following
attributes:
Cisco 640-864 Exam
Something the subject knows: Knowledge of a secret, password, PIN, or private key Something the subject
has: Possession of an item such as a token card, smartcard, or hardware key
Something the subject is: Human characteristics, such as a fingerprint, retina scan, or voice recognition
Generally, identity credentials are checked and authorized by requiring passwords, pins, tokens, or
certificates.