Question 1

Which IPsec component authenticates TCP/IP packets to ensure data integrity?&#10;A) AH&#10;B) ESP&#10;C) IKE&#10;D) ISAKMP

Accepted Answer

AH (Authentication Header) is an IPsec component that provides authentication of TCP/IP packets to ensure data integrity. It adds authentication information to the packets, which can be used by the receiving node to check the integrity of the data. ESP (Encapsulating Security Payload) is another IPsec component that provides encryption and confidentiality of the data, but it does not authenticate the packets. IKE (Internet Key Exchange) and ISAKMP (Internet Security Association and Key Management Protocol) are used for key exchange and negotiation, but they do not provide authentication of the packets.

Question 2

If you use Windows RRAS for your VPN,you will need a third-party RADIUS server if you want to use RADIUS for authentication.

Accepted Answer

Windows RRAS (Routing and Remote Access Service) can use the built-in Windows Server role called NPS (Network Policy Server) for RADIUS authentication, eliminating the need for a third-party RADIUS server.

Question 3

Hardware VPNs create a gateway-to-gateway VPN.

Accepted Answer

Hardware VPNs create a secure connection between two networks by creating a virtual tunnel over the internet. This connection is typically referred to as a gateway-to-gateway VPN, as it creates a secure tunnel between the two gateways (or routers) that are connecting the two networks.

Question 4

Which of the following is NOT true about a hardware VPN?&#10;A) should be the first choice for fast-growing networks&#10;B) can handle more traffic than software VPNs&#10;C) have more security vulnerabilities than software VPNs&#10;D) create a gateway-to-gateway VPN

Accepted Answer

Hardware VPNs are generally considered to be more secure than software VPNs as they operate on dedicated hardware and often incorporate additional security features such as hardware acceleration for encryption. Therefore, option C is not true as it is the opposite of the general consensus. Option A and B are true statements as hardware VPNs are generally the recommended option for fast-growing networks and can handle more traffic than software VPNs. Option D is also true as hardware VPNs can create a gateway-to-gateway VPN connection.

Question 5

Which of the following is NOT an essential element of a VPN?&#10;A) VPN server&#10;B) tunnel&#10;C) VPN client&#10;D) authentication server

Accepted Answer

Authentication server is not considered an essential element of a VPN, although it is often used for ensuring secure access to the VPN. The three essential elements of a VPN include a VPN server, a tunnel through which data can be securely transmitted, and a VPN client that establishes the connection to the VPN server.

Question 6

Which of the following is true about software VPNs?&#10;A) more cost-effective than hardware VPNs&#10;B) best when all router and firewall hardware is the same&#10;C) usually less flexible than hardware VPNs&#10;D) configuration is easy since there is no OS to rely upon

Accepted Answer

Software VPNs are generally more cost-effective than hardware VPNs as they don't require any additional hardware to be purchased or installed.

Question 7

Which IPsec component is software that handles the tasks of encrypting,authenticating, decrypting,and checking packets?&#10;A) ISAKMP&#10;B) IKE&#10;C) IPsec driver&#10;D) Oakley protocol

Accepted Answer

The IPsec driver is the software component that performs the actual encryption, authentication, decryption, and packet checking tasks. ISAKMP (Internet Security Association and Key Management Protocol) and IKE (Internet Key Exchange) are protocols used for key management in IPsec. Oakley protocol is an older key exchange protocol that is not commonly used anymore.

Question 8

Which of the following is true about using VPNs?&#10;A) more expensive than leased lines&#10;B) can use an existing broadband connection&#10;C) usually higher performance than leased lines&#10;D) not dependent on an ISP

Accepted Answer

VPNs can use an existing broadband connection, making them a cost-effective solution compared to leased lines. They may not necessarily have higher performance than leased lines and may still be dependent on an ISP. They may also be less expensive than leased lines. Therefore, option B is the most relevant and correct choice.

Question 9

Which VPN protocol uses UDP port 1701 and does not provide confidentiality and authentication?&#10;A) IPsec&#10;B) L2TP&#10;C) PPTP&#10;D) SSL

Accepted Answer

L2TP (Layer 2 Tunneling Protocol) uses UDP port 1701. While L2TP itself does not provide confidentiality or authentication, it is often combined with IPsec to provide these security features.

Question 10

What are the two modes in which IPsec can be configured to run?&#10;A) transit and gateway&#10;B) client and server&#10;C) header and payload&#10;D) tunnel and transport

Accepted Answer

IPsec can be configured to run in either tunnel mode or transport mode. In tunnel mode, the entire original IP packet is encapsulated within another IP packet, whereas in transport mode, only the payload is encrypted and the original IP header is left intact.

Question 11

Which of the following is NOT a factor a secure VPN design should address?&#10;A) encryption&#10;B) authentication&#10;C) nonrepudiation&#10;D) performance

Accepted Answer

The answer of Which of the following is NOT a...

Question 12

Standards and protocols used in VPNs are in their infancy and seldom used.

Accepted Answer

The answer of Standards and protocols used in VPNs are...

Question 13

Which of the following is a type of VPN connection?&#10;A) site-to-server&#10;B) client-to-site&#10;C) server-to-client&#10;D) remote gateway

Accepted Answer

The answer of Which of the following is a type...

Question 14

Another name for a VPN connection is tunnel.

Accepted Answer

The answer of Another name for a VPN connection is...

Question 15

IPsec has become the standard set of protocols for VPN security.

Accepted Answer

The answer of IPsec has become the standard set of...

Question 16

Which VPN protocol works at Layer 3 and can encrypt the entire TCP/IP packet?&#10;A) PPTP&#10;B) L2TP&#10;C) IPsec&#10;D) SSL

Accepted Answer

The answer of Which VPN protocol works at Layer 3...

Question 17

Which activity performed by VPNs encloses a packet within another packet?&#10;A) address translation&#10;B) encryption&#10;C) authentication&#10;D) encapsulation

Accepted Answer

The answer of Which activity performed by VPNs encloses a...

Question 18

Which of the following is defined as a relationship between two or more entities that describes how they will use the security services to communicate?&#10;A) pairing&#10;B) security association&#10;C) internet key exchange&#10;D) tunnel

Accepted Answer

The answer of Which of the following is defined as...

Question 19

Which VPN protocol leverages Web-based applications?&#10;A) PPTP&#10;B) L2TP&#10;C) SSL&#10;D) IPsec

Accepted Answer

The answer of Which VPN protocol leverages Web-based applications?&#10;A) PPTP&#10;B)...

Question 20

Which VPN protocol is a poor choice for high-performance networks with many hosts due to vulnerabilities in MS-CHAP?&#10;A) SSL&#10;B) L2TP&#10;C) IPsec&#10;D) PPTP

Accepted Answer

The answer of Which VPN protocol is a poor choice...

Question 21

The Internet Key ______________ protocol enables computers to make an SA.

Accepted Answer

The answer of The Internet Key ______________ protocol enables computers...

Question 22

TLS splits the input data in half and recombines it using a(n)___________ function.

Accepted Answer

The answer of TLS splits the input data in half...

Question 23

_________________ based VPNs are appropriate when the endpoints are controlled by different organizations and network administrators.

Accepted Answer

The answer of _________________ based VPNs are appropriate when the...

Question 24

MATCHING&#10;f.ISAKMP&#10;g.Kerberos&#10;h.KDC&#10;i.SSL&#10;j.TGT&#10;a set of standard procedures that the IETF developed for enabling secure communication on the Internet

Accepted Answer

The answer of MATCHING&#10;f.ISAKMP&#10;g.Kerberos&#10;h.KDC&#10;i.SSL&#10;j.TGT&#10;a set of standard procedures that the...

Question 25

MATCHING&#10;f.ISAKMP&#10;g.Kerberos&#10;h.KDC&#10;i.SSL&#10;j.TGT&#10;an IPsec protocol that provides authentication of TCP/IP packets to ensure data integrity

Accepted Answer

The answer of MATCHING&#10;f.ISAKMP&#10;g.Kerberos&#10;h.KDC&#10;i.SSL&#10;j.TGT&#10;an IPsec protocol that provides authentication of...

Question 26

Network gateways are ____________ of the VPN connection.

Accepted Answer

The answer of Network gateways are ____________ of the VPN...

Question 27

MATCHING&#10;f.ISAKMP&#10;g.Kerberos&#10;h.KDC&#10;i.SSL&#10;j.TGT&#10;a protocol developed by Netscape Communications Corporation as a way of enabling Web servers and browsers to exchange encrypted information

Accepted Answer

The answer of MATCHING&#10;f.ISAKMP&#10;g.Kerberos&#10;h.KDC&#10;i.SSL&#10;j.TGT&#10;a protocol developed by Netscape Communications Corporation...

Question 28

MATCHING&#10;f.ISAKMP&#10;g.Kerberos&#10;h.KDC&#10;i.SSL&#10;j.TGT&#10;an IETF standard for secure authentication of requests for resource access

Accepted Answer

The answer of MATCHING&#10;f.ISAKMP&#10;g.Kerberos&#10;h.KDC&#10;i.SSL&#10;j.TGT&#10;an IETF standard for secure authentication of...

Question 29

MATCHING&#10;f.ISAKMP&#10;g.Kerberos&#10;h.KDC&#10;i.SSL&#10;j.TGT&#10;Kerberos component that holds secret keys for users,applications,services,or resources

Accepted Answer

The answer of MATCHING&#10;f.ISAKMP&#10;g.Kerberos&#10;h.KDC&#10;i.SSL&#10;j.TGT&#10;Kerberos component that holds secret keys for...

Question 30

MATCHING&#10;f.ISAKMP&#10;g.Kerberos&#10;h.KDC&#10;i.SSL&#10;j.TGT&#10;an IPsec-related protocol that enables two computers to agree on security settings and establish a Security Association so that they can use Internet Key Exchange

Accepted Answer

The answer of MATCHING&#10;f.ISAKMP&#10;g.Kerberos&#10;h.KDC&#10;i.SSL&#10;j.TGT&#10;an IPsec-related protocol that enables two computers...

Question 31

While the AH ensures data integrity,confidentiality of data is provided by the __________ component of IPsec.

Accepted Answer

The answer of While the AH ensures data integrity,confidentiality of...

Question 32

MATCHING&#10;f.ISAKMP&#10;g.Kerberos&#10;h.KDC&#10;i.SSL&#10;j.TGT&#10;an IPsec protocol that encrypts the header and data components of TCP/IP packets

Accepted Answer

The answer of MATCHING&#10;f.ISAKMP&#10;g.Kerberos&#10;h.KDC&#10;i.SSL&#10;j.TGT&#10;an IPsec protocol that encrypts the header...

Question 33

MATCHING&#10;f.ISAKMP&#10;g.Kerberos&#10;h.KDC&#10;i.SSL&#10;j.TGT&#10;a nonproprietary tunneling protocol that can encapsulate a variety of Network layer protocols

Accepted Answer

The answer of MATCHING&#10;f.ISAKMP&#10;g.Kerberos&#10;h.KDC&#10;i.SSL&#10;j.TGT&#10;a nonproprietary tunneling protocol that can encapsulate...

Question 34

Which of the following is an improvement of TLS over SSL?&#10;A) requires less processing power&#10;B) uses a single hashing algorithm for all the data&#10;C) uses only asymmetric encryption&#10;D) adds a hashed message authentication code

Accepted Answer

The answer of Which of the following is an improvement...

Question 35

What was created to address the problem of remote clients not meeting an organization's VPN security standards?&#10;A) split tunneling&#10;B) VPN quarantine&#10;C) IPsec filters&#10;D) GRE isolation

Accepted Answer

The answer of What was created to address the problem...

Question 36

Which VPN topology is also known as a hub-and-spoke configuration?&#10;A) bus&#10;B) partial mesh&#10;C) star&#10;D) full mesh

Accepted Answer

The answer of Which VPN topology is also known as...

Question 37

MATCHING&#10;f.ISAKMP&#10;g.Kerberos&#10;h.KDC&#10;i.SSL&#10;j.TGT&#10;a form of key exchange used to encrypt and decrypt data as it passes through a VPN tunnel

Accepted Answer

The answer of MATCHING&#10;f.ISAKMP&#10;g.Kerberos&#10;h.KDC&#10;i.SSL&#10;j.TGT&#10;a form of key exchange used to...

Question 38

MATCHING&#10;f.ISAKMP&#10;g.Kerberos&#10;h.KDC&#10;i.SSL&#10;j.TGT&#10;a digital token sent from the Authentication Server to the client

Accepted Answer

The answer of MATCHING&#10;f.ISAKMP&#10;g.Kerberos&#10;h.KDC&#10;i.SSL&#10;j.TGT&#10;a digital token sent from the Authentication...

Question 39

Which of the following is a disadvantage of putting the VPN on a firewall?&#10;A) centralized control of network access security&#10;B) more configuration mistakes&#10;C) VPN and firewall use the same configuration tools&#10;D) Internet and VPN traffic compete for resources

Accepted Answer

The answer of Which of the following is a disadvantage...

Question 40

Which of the following is true about SSL?&#10;A) it uses shared-key encryption only&#10;B) it uses sockets to communicate between client and server&#10;C) it operates at the Data Link layer&#10;D) it uses IPsec to provide authentication

Accepted Answer

The answer of Which of the following is true about...

Question 41

List two reasons IPsec has become the standard set of protocols for VPN security.

Accepted Answer

The answer of List two reasons IPsec has become the...

Question 42

Define virtual private network.

Accepted Answer

The answer of Define virtual private network....

Question 43

How is authentication implemented in a VPN?

Accepted Answer

The answer of How is authentication implemented in a VPN?...

Question 44

Describe a mesh VPN topology.What are advantages and disadvantages?

Accepted Answer

The answer of Describe a mesh VPN topology.What are advantages...

Question 45

List two advantages and two disadvantages of VPNs.

Accepted Answer

The answer of List two advantages and two disadvantages of...

Question 46

What is AES and why is AES a better encryption method to use compared to DES?

Accepted Answer

The answer of What is AES and why is AES...

Question 47

Briefly describe the L2TP protocol.

Accepted Answer

The answer of Briefly describe the L2TP protocol....

Question 48

What four events occur when one IPsec-compliant computer connects to another?

Accepted Answer

The answer of What four events occur when one IPsec-compliant...

Question 49

List four standard VPN protocols.

Accepted Answer

The answer of List four standard VPN protocols....

Question 50

What is an advantage of Kerberos authentication with respect to password security? Explain.

Accepted Answer

The answer of What is an advantage of Kerberos authentication...

Deck 11: VPN Concepts