Chat with AI
Deck 11: VPN Concepts
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/50
Play
Full screen (f)
Deck 11: VPN Concepts
1
Which IPsec component authenticates TCP/IP packets to ensure data integrity?
A) AH
B) ESP
C) IKE
D) ISAKMP
A) AH
B) ESP
C) IKE
D) ISAKMP
A
2
If you use Windows RRAS for your VPN,you will need a third-party RADIUS server if you want to use RADIUS for authentication.
False
3
Hardware VPNs create a gateway-to-gateway VPN.
True
4
Which of the following is NOT true about a hardware VPN?
A) should be the first choice for fast-growing networks
B) can handle more traffic than software VPNs
C) have more security vulnerabilities than software VPNs
D) create a gateway-to-gateway VPN
A) should be the first choice for fast-growing networks
B) can handle more traffic than software VPNs
C) have more security vulnerabilities than software VPNs
D) create a gateway-to-gateway VPN
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
5
Which of the following is NOT an essential element of a VPN?
A) VPN server
B) tunnel
C) VPN client
D) authentication server
A) VPN server
B) tunnel
C) VPN client
D) authentication server
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
6
Which of the following is true about software VPNs?
A) more cost-effective than hardware VPNs
B) best when all router and firewall hardware is the same
C) usually less flexible than hardware VPNs
D) configuration is easy since there is no OS to rely upon
A) more cost-effective than hardware VPNs
B) best when all router and firewall hardware is the same
C) usually less flexible than hardware VPNs
D) configuration is easy since there is no OS to rely upon
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
7
Which IPsec component is software that handles the tasks of encrypting,authenticating, decrypting,and checking packets?
A) ISAKMP
B) IKE
C) IPsec driver
D) Oakley protocol
A) ISAKMP
B) IKE
C) IPsec driver
D) Oakley protocol
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
8
Which of the following is true about using VPNs?
A) more expensive than leased lines
B) can use an existing broadband connection
C) usually higher performance than leased lines
D) not dependent on an ISP
A) more expensive than leased lines
B) can use an existing broadband connection
C) usually higher performance than leased lines
D) not dependent on an ISP
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
9
Which VPN protocol uses UDP port 1701 and does not provide confidentiality and authentication?
A) IPsec
B) L2TP
C) PPTP
D) SSL
A) IPsec
B) L2TP
C) PPTP
D) SSL
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
10
What are the two modes in which IPsec can be configured to run?
A) transit and gateway
B) client and server
C) header and payload
D) tunnel and transport
A) transit and gateway
B) client and server
C) header and payload
D) tunnel and transport
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
11
Which of the following is NOT a factor a secure VPN design should address?
A) encryption
B) authentication
C) nonrepudiation
D) performance
A) encryption
B) authentication
C) nonrepudiation
D) performance
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
12
Standards and protocols used in VPNs are in their infancy and seldom used.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
13
Which of the following is a type of VPN connection?
A) site-to-server
B) client-to-site
C) server-to-client
D) remote gateway
A) site-to-server
B) client-to-site
C) server-to-client
D) remote gateway
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
14
Another name for a VPN connection is tunnel.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
15
IPsec has become the standard set of protocols for VPN security.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
16
Which VPN protocol works at Layer 3 and can encrypt the entire TCP/IP packet?
A) PPTP
B) L2TP
C) IPsec
D) SSL
A) PPTP
B) L2TP
C) IPsec
D) SSL
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
17
Which activity performed by VPNs encloses a packet within another packet?
A) address translation
B) encryption
C) authentication
D) encapsulation
A) address translation
B) encryption
C) authentication
D) encapsulation
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
18
Which of the following is defined as a relationship between two or more entities that describes how they will use the security services to communicate?
A) pairing
B) security association
C) internet key exchange
D) tunnel
A) pairing
B) security association
C) internet key exchange
D) tunnel
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
19
Which VPN protocol leverages Web-based applications?
A) PPTP
B) L2TP
C) SSL
D) IPsec
A) PPTP
B) L2TP
C) SSL
D) IPsec
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
20
Which VPN protocol is a poor choice for high-performance networks with many hosts due to vulnerabilities in MS-CHAP?
A) SSL
B) L2TP
C) IPsec
D) PPTP
A) SSL
B) L2TP
C) IPsec
D) PPTP
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
21
The Internet Key ______________ protocol enables computers to make an SA.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
22
TLS splits the input data in half and recombines it using a(n)___________ function.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
23
_________________ based VPNs are appropriate when the endpoints are controlled by different organizations and network administrators.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
24
MATCHING
f.ISAKMP
g.Kerberos
h.KDC
i.SSL
j.TGT
a set of standard procedures that the IETF developed for enabling secure communication on the Internet
f.ISAKMP
g.Kerberos
h.KDC
i.SSL
j.TGT
a set of standard procedures that the IETF developed for enabling secure communication on the Internet
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
25
MATCHING
f.ISAKMP
g.Kerberos
h.KDC
i.SSL
j.TGT
an IPsec protocol that provides authentication of TCP/IP packets to ensure data integrity
f.ISAKMP
g.Kerberos
h.KDC
i.SSL
j.TGT
an IPsec protocol that provides authentication of TCP/IP packets to ensure data integrity
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
26
Network gateways are ____________ of the VPN connection.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
27
MATCHING
f.ISAKMP
g.Kerberos
h.KDC
i.SSL
j.TGT
a protocol developed by Netscape Communications Corporation as a way of enabling Web servers and browsers to exchange encrypted information
f.ISAKMP
g.Kerberos
h.KDC
i.SSL
j.TGT
a protocol developed by Netscape Communications Corporation as a way of enabling Web servers and browsers to exchange encrypted information
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
28
MATCHING
f.ISAKMP
g.Kerberos
h.KDC
i.SSL
j.TGT
an IETF standard for secure authentication of requests for resource access
f.ISAKMP
g.Kerberos
h.KDC
i.SSL
j.TGT
an IETF standard for secure authentication of requests for resource access
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
29
MATCHING
f.ISAKMP
g.Kerberos
h.KDC
i.SSL
j.TGT
Kerberos component that holds secret keys for users,applications,services,or resources
f.ISAKMP
g.Kerberos
h.KDC
i.SSL
j.TGT
Kerberos component that holds secret keys for users,applications,services,or resources
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
30
MATCHING
f.ISAKMP
g.Kerberos
h.KDC
i.SSL
j.TGT
an IPsec-related protocol that enables two computers to agree on security settings and establish a Security Association so that they can use Internet Key Exchange
f.ISAKMP
g.Kerberos
h.KDC
i.SSL
j.TGT
an IPsec-related protocol that enables two computers to agree on security settings and establish a Security Association so that they can use Internet Key Exchange
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
31
While the AH ensures data integrity,confidentiality of data is provided by the __________ component of IPsec.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
32
MATCHING
f.ISAKMP
g.Kerberos
h.KDC
i.SSL
j.TGT
an IPsec protocol that encrypts the header and data components of TCP/IP packets
f.ISAKMP
g.Kerberos
h.KDC
i.SSL
j.TGT
an IPsec protocol that encrypts the header and data components of TCP/IP packets
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
33
MATCHING
f.ISAKMP
g.Kerberos
h.KDC
i.SSL
j.TGT
a nonproprietary tunneling protocol that can encapsulate a variety of Network layer protocols
f.ISAKMP
g.Kerberos
h.KDC
i.SSL
j.TGT
a nonproprietary tunneling protocol that can encapsulate a variety of Network layer protocols
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
34
Which of the following is an improvement of TLS over SSL?
A) requires less processing power
B) uses a single hashing algorithm for all the data
C) uses only asymmetric encryption
D) adds a hashed message authentication code
A) requires less processing power
B) uses a single hashing algorithm for all the data
C) uses only asymmetric encryption
D) adds a hashed message authentication code
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
35
What was created to address the problem of remote clients not meeting an organization's VPN security standards?
A) split tunneling
B) VPN quarantine
C) IPsec filters
D) GRE isolation
A) split tunneling
B) VPN quarantine
C) IPsec filters
D) GRE isolation
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
36
Which VPN topology is also known as a hub-and-spoke configuration?
A) bus
B) partial mesh
C) star
D) full mesh
A) bus
B) partial mesh
C) star
D) full mesh
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
37
MATCHING
f.ISAKMP
g.Kerberos
h.KDC
i.SSL
j.TGT
a form of key exchange used to encrypt and decrypt data as it passes through a VPN tunnel
f.ISAKMP
g.Kerberos
h.KDC
i.SSL
j.TGT
a form of key exchange used to encrypt and decrypt data as it passes through a VPN tunnel
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
38
MATCHING
f.ISAKMP
g.Kerberos
h.KDC
i.SSL
j.TGT
a digital token sent from the Authentication Server to the client
f.ISAKMP
g.Kerberos
h.KDC
i.SSL
j.TGT
a digital token sent from the Authentication Server to the client
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
39
Which of the following is a disadvantage of putting the VPN on a firewall?
A) centralized control of network access security
B) more configuration mistakes
C) VPN and firewall use the same configuration tools
D) Internet and VPN traffic compete for resources
A) centralized control of network access security
B) more configuration mistakes
C) VPN and firewall use the same configuration tools
D) Internet and VPN traffic compete for resources
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
40
Which of the following is true about SSL?
A) it uses shared-key encryption only
B) it uses sockets to communicate between client and server
C) it operates at the Data Link layer
D) it uses IPsec to provide authentication
A) it uses shared-key encryption only
B) it uses sockets to communicate between client and server
C) it operates at the Data Link layer
D) it uses IPsec to provide authentication
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
41
List two reasons IPsec has become the standard set of protocols for VPN security.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
42
Define virtual private network.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
43
How is authentication implemented in a VPN?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
44
Describe a mesh VPN topology.What are advantages and disadvantages?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
45
List two advantages and two disadvantages of VPNs.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
46
What is AES and why is AES a better encryption method to use compared to DES?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
47
Briefly describe the L2TP protocol.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
48
What four events occur when one IPsec-compliant computer connects to another?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
49
List four standard VPN protocols.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
50
What is an advantage of Kerberos authentication with respect to password security? Explain.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
