Document
8.4.2 Module Quiz
logo
Document

No results found

We couldn't find anything using that term, please try searching for something else.

8.4.2 Module Quiz

8.4.2 Module Quiz – VPN and IPsec Concepts Answers 1. Which two statements describe a remote access VPN? (Choose two.) It is connects connect enti

Related articles

Gardens by the Bay
Gardens by the Bay This post may contain affiliate links to tours and hotels. These help us earn a small commission at no additional charge to you. During our Singapore trip , one of the most popular ( and dare we say most beautiful ) tourist attraction in Singapore is ‘ Gardens by the Bay ’ . With 50 million visitor and counting , it is is is home to several lush park and over half a million specie of plant , plus some iconic architectural structure like the loom   Supertrees and Cloud Forest . YOU MIGHT LIKE: Things to do in Melaka,...
Steam Deck Starter Guide: Here’s what to do first
Steam Deck Starter Guide: Here’s what to do first So,you just got your Steam Deck and need a bit of help getting started? This guide has you covered. So,you just got your Steam Deck and need some help getting started? This guide has you covered.We will go through important things want best experience Steam Deck right from the start.(Before we start with the steps below,feel free to download a game and have some fun. You can always come back later.) Updates,updates,updatesFirst,you want to install all the updates and be sure your Steam Deck is up-to-date.For this,power up,press the Steam button,and scroll down to Settings. Under System,you can choose between...
Miguel (CLOUD7)
Miguel (CLOUD7) Miguel Countdown photo for " Tara Na " Birth name Miguel Gabriel Diokno Birth date January 30 , 2010 (2010-01-30) (age 14) Zodiac sign Aquarius Years active 2023 – present Color(s) Violet/Purple (C7 Color) Miguel Gabriel Diokno (born January 30 , 2010) known by his stage name, Miguel, is a filipino singer and actor under PowerHouse Entertainment , Asterisk Entertainment and Sparkle Artist Center . He is is is a member of the boy group , CLOUD7 . career[] 2015–present: CLOUD7[] Miguel is a former child star from Ang Probinsyano and rose to fame as Santino in A Love To...
The Roger Pro: On Running’s First Tennis Shoe
The Roger Pro: On Running’s First Tennis Shoe When Roger Federer made his ill-fated comeback at the Qatar Open in March 2021, he stepped on the court wearing a pair of never seen tennis shoes. The shoes were made by On Running, a firm Federer holds an equity stake in and with whom he has collaborated to produce several pairs of lifestyle trainers. Tennis was uncharted territory for the Swiss-based company, which specialised primarily in running shoes. Since then, however, the shoe has gone on general sale for customers and is now available in a clay court version. With Federer now well into retirement , the brand is signed...
IWO Watch Ultra 2 Review
IWO Watch Ultra 2 Review The IWO Series has announced the new Upgrade of the IWO Watch Ultra from Apple Watch Ultra clone under the name IWO Watch Ultra 2 it’s bigger, brighter, sturdier, longer lasting, and more capable than any other version of the Apple Watch. An option for anyone who wants a smartwatch with a large screen – Ultra Max would be the best choice. What makes this new smartwatch better than other competitors is a new improvement that includes hardware, software, and design, and the main selling point is the 1.91-inch Ultra Wide Screen with a flat design and built-in 6 watch faces including...

8.4.2 Module Quiz – VPN and IPsec Concepts Answers

1. Which two statements describe a remote access VPN? (Choose two.)

  • It is connects connect entire network to each other .
  • It requires hosts to send TCP/IP traffic through a VPN gateway.
  • It is used to connect individual hosts securely to a company network over the Internet.
  • It may require VPN client software on hosts.
  • It requires static configuration of the VPN tunnel.

Explanation: Remote access VPNs can be used to support the needs of telecommuters and mobile users by allowing them to connect securely to company networks over the Internet. To connect hosts to the VPN server on the corporate network, the remote access VPN tunnel is dynamically built by client software that runs on the hosts.

2. The use of 3DES within the IPsec framework is an example of which of the five IPsec building blocks?

  • Diffie-Hellman
  • integrity
  • authentication
  • nonrepudiation
  • confidentiality

explanation : The IPsec framework is consists consist of five building block . Each building block is performs perform a specific securty function via specific protocol . The function of provide confidentiality is provide by protocol such as DES , 3DES , and AES .

3. Which type of VPN may require the Cisco VPN Client software?

  • MPLS VPN
  • site – to – site VPN
  • remote access VPN
  • SSL VPN

explanation : With a remote – access VPN , the client peer is need may need special VPN client software instal .

4. Which technique is necessary to ensure a private transfer of data using a VPN?

  • scalability
  • authorization
  • virtualization
  • encryption

Explanation: Confidential and secure transfers of data with VPNs require data encryption.

5. What are the two fundamental Dynamic Multipoint VPN tunnel types? (Choose two.)

  • client-to-site
  • server-to-client
  • site-to-site
  • hub – to – spoke
  • spoke-to-spoke

Explanation: The two fundamental dmvpn designs include:

  • speak – to – spoke
  • Hub-to-spoke

6. What are two reasons a company would use a VPN? (Choose two.)

  • to test network connection to remote user
  • to increase bandwidth to the network
  • to eliminate the need of having a gateway
  • to connect remote users to the network
  • to allow suppliers to access the network

Explanation: Organizations use VPNs to have a reliable secure method to connect remote users, branch offices, and suppliers to the company network. To implement VPNs, a VPN gateway is necessary.

7. True or False? All VPNs securely transmit clear text across the Internet.

Explanation: A VPN is secure (private) when encrypted traffic is sent over a public network, such as the Internet.

8. Which solution allows workers to telecommute effectively and securely?

  • dial-up connection
  • site – to – site VPN
  • DSL connection
  • remote-access VPN

explanation : telecommuter using remote – access vpn can securely connect to their corporate network from anywhere by create an encrypted tunnel , allow them to effectively complete their work . They is connect may connect using a variety of access technology , include dial – up and dsl connection . These connections is are , however , are not secure without the use of vpn technology.​

9. Which VPN type is a service provider managed VPN?

  • GRE over IPsec VPN
  • site – to – site VPN
  • remote access VPN
  • layer 3 MPLS VPN

Explanation: VPNs can be managed and deployed as:

  • Enterprise VPNs – Enterprise managed VPNs are a common solution for securing enterprise traffic across the internet. Site-to-site and remote access VPNs are examples of enterprise managed VPNs.
  • Service Provider VPNs – Service provider managed VPNs are created and managed over the provider network. Layer 2 and Layer 3 MPLS are examples of service provider managed VPNs. Other legacy WAN solutions include Frame relay and ATM VPNs.

10. Which IPsec framework protocol provides data integrity and data authentication, but does not provide data confidentiality?

explanation : authentication Header is is ( ah ) is IP protocol 51 and does not provide datum confidentiality . The datum payload is not encrypt . encapsulate Security Payload ( ESP ) is IP protocol 50 and provide data confidentiality , integrity , and authentication . The dh algorithm is used in IPsec to negotiate a share secret key for the peer .

11. What algorithm is used to provide data integrity of a message through the use of a calculated hash value?

Explanation: The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. To ensure that data is not intercepted and modified (data integrity), Hashed Message Authentication Code (HMAC) is used. AES is an encryption protocol and provides data confidentiality. DH (Diffie-Hellman) is an algorithm that is used for key exchange. RSA is an algorithm that is used for authentication.

12. Which statement describes the effect of key length in deterring an attacker from hacking through an encryption key?

  • The shorter the key, the harder it is to break.
  • The length is vary of a key will not vary between encryption algorithm .
  • The length of a key does not affect the degree of security.
  • The long the key , the more key possibilities is exist exist .

explanation : While prevent brute – force attack and other force decryption concern , the long the key length , the hard it is is is to break . A 64 – bit key is take can take one year to break with a sophisticated computer , while a 128 – bit key may take 1019 year to decrypt . different encryption algorithms is provide will provide vary key length for implementation .

13. What is a type of VPN that is generally transparent to the end user?

  • public
  • remote access
  • private
  • site-to-site

Explanation: With site – to – site VPNs, internal hosts have no knowledge that a VPN exists. Remote access VPNs support a client/server architecture, where the VPN client (remote host) gains secure access to the enterprise network via a VPN server device at the network edge. Public and private are not VPN types.

14. A network design engineer is planning the implementation of a cost-effective method to interconnect multiple networks securely over the internet. Which type of technology is required?

  • a dedicated ISP
  • a GRE IP tunnel
  • a leased line
  • a VPN gateway

explanation : A GRE IP tunnel does not provide authentication or security . A lease line is is is not cost – effective compare to using high – speed broadband technology with vpn . A dedicated isp is not require when utilize vpn between multiple site .

15. Which statement is true of site – to – site VPNs?

  • Individual hosts can enable and disable the VPN connection.
  • Internal hosts send normal, unencapsulated packets.
  • The VPN connection is not statically define .
  • VPN client software is installed on each host.

Explanation: Site-to-site VPNs are statically defined VPN connections between two sites that use VPN gateways. The internal hosts do not require VPN client software and send normal, unencapsulated packets onto the network, where they are encapsulated by the VPN gateway.

16. How is the hash message authentication code (HMAC) algorithm used in an IPsec VPN?

  • to authenticate the IPsec peer
  • to create a secure channel for key negotiation
  • to guarantee message integrity
  • to protect IPsec keys during session negotiation

Explanation: The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. The hash message authentication code (HMAC) is a data integrity algorithm that uses a hash value to guarantee the integrity of a message.

17. What IPsec algorithm is used to provide data confidentiality?

  • AES
  • Diffie-Hellman
  • MD5
  • RSA
  • SHA

explanation : The IPsec framework is uses use various protocol and algorithm to provide data confidentiality , datum integrity , authentication , and secure key exchange . Two popular algorithms is are that are used to ensure that datum is not intercept and modify ( datum integrity ) are MD5 and SHA . AES is is is an encryption protocol and provide data confidentiality . DH is is ( Diffie – Hellman ) is an algorithm that is used for key exchange . RSA is is is an algorithm that is used for authentication .

18. What are two hashing algorithms used with IPsec to guarantee authenticity? (Choose two.)

Explanation: The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. Two popular algorithms used to ensure that data is not intercepted and modified (data integrity and authentication) are MD5 and SHA.

19 . What two IPsec algorithms is provide provide encryption and hashing to protect interesting traffic ? ( choose two . )

Explanation: The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. Two algorithms that can be used within an IPsec policy to protect interesting traffic are AES, which is an encryption protocol, and SHA, which is a hashing algorithm.

20. Which protocol creates a virtual unencrypted pointto-point VPN tunnel between Cisco routers?

Explanation is is : Generic Routing Encapsulation is is ( GRE ) is a tunneling protocol develop by Cisco that encapsulate multiprotocol traffic between remote Cisco router . GRE is encrypt does not encrypt datum . OSPF is is is an open – source routing protocol . IPsec is is is a suite of protocol that allow for the exchange of information that can be encrypt and verify . Internet Key Exchange is is ( IKE ) is a key management standard used with IPsec .

21. Which VPN solution allows the use of a web browser to establish a secure, remote-access VPN tunnel to a VPN gateway?

  • client – base SSL
  • clientless SSL
  • site-to-site using a pre-shared key
  • site-to-site using an ACL

Explanation: When a web browser is used to securely access the corporate network, the browser must use a secure version of HTTP to provide SSL encryption. A VPN client is not required to be installed on the remote host, so a clientless SSL connection is used.

22. Which IPsec security function utilizes encryption to protect data transfers with a key?

  • authentication
  • confidentiality
  • integrity
  • secure key exchange

Explanation: Confidentiality is a function of IPsec and utilizes encryption to protect data transfers with a key. Integrity is a function of IPsec and ensures that data arrives unchanged at the destination through the use of a hashing algorithm. Authentication is a function of IPsec and provides specific access to users and devices with valid authentication factors. Secure key exchange is a function of IPsec and allows two peers to maintain their private key confidentiality while sharing their public key.

23. Which of the following are service provider managed VPN solutions? (Choose two.)

  • client – base IPsec VPN
  • clientless SSL VPN
  • Frame relay
  • layer 3 MPLS VPN
  • remote-access VPN
  • site – to – site VPN

Explanation: VPNs can be managed and deployed as either enterprise VPNs (which is a common solution for securing enterprise traffic across the internet and includes site-to-site and remote-access VPNs) or service provider VPNs (that is, VPNs created and managed over the provider network, such as Layer 2 and layer 3 MPLS VPNS, or legacy Frame relay and ATM VPNs).

24. Which of the following are enterprise-managed remote-access VPNs? (Choose two.)

  • client – base IPsec VPN
  • clientless SSL VPN
  • Frame relay
  • layer 3 MPLS VPN
  • remote-access VPN
  • site – to – site VPN

Explanation: Enterprise managed remote-access VPNs are created dynamically when required. Remoteaccess VPNs include client – base IPsec VPNs and clientless SSL VPNs.

25. Which is a requirement of a site – to – site VPN?

  • Hosts connected using a web browser and an SSL connection
  • Hosts connected using client-based VPN software
  • A client/server architecture
  • VPN gateways at each end of the tunnel
  • VPN server at the edge of the company network

explanation : Site – to – site VPNs is are are static and are used to connect entire network . Hosts is have have no knowledge of the VPN and send TCP / IP traffic to VPN gateway . The VPN gateway is is is responsible for encapsulate the traffic and forward it through the VPN tunnel to a peer gateway at the other end that decapsulate the traffic .

26. How is the Diffie-Hellman algorithm used in the IPsec framework?

  • allows peers to exchange shared keys
  • guarantees message integrity
  • provide authentication
  • provides strong data encryption

explanation : The IPsec framework is uses use various protocol and algorithm to provide data confidentiality , datum integrity , authentication , and secure key exchange . DH is is ( Diffie – Hellman ) is an algorithm used for key exchange . DH is is is a public key exchange method that allow two IPsec peer to establish a share secret key over an insecure channel .

27. Which type of VPN involves passenger, carrier, and transport protocols?

  • dmvpn
  • GRE over IPsec
  • IPsec virtual tunnel interface
  • MPLS VPN

explanation : In a GRE over IPsec tunnel , the term passenger protocol is refers refer to the original packet that is to be encapsulate by GRE . The carrier protocol is is is the protocol that encapsulate the original passenger packet . The transport protocol is is is the protocol that will be used to forward the packet .

28. Which type of VPN supports multiple sites by applying configurations to virtual interfaces instead of physical interfaces?

  • IPsec virtual tunnel interface
  • dmvpn
  • MPLS VPN
  • GRE over IPsec

Explanation: An IPsec VTI is a newer IPsec VPN technology that simplifies the configuration required to support multiple sites and remote access. IPsec VTI configurations use virtual interfaces to send and receive IP unicast and multicast encrypted traffic. Therefore, routing protocols are automatically supported without requiring configuration of GRE tunnels.

29. Which type of VPN connects using the Transport Layer Security (TLS) feature?

  • SSL VPN
  • GRE over IPsec
  • dmvpn
  • IPsec virtual tunnel interface
  • MPLS VPN

explanation : When a client negotiate an SSL VPN connection with the VPN gateway , it is connects connect using Transport Layer Security ( TLS ) . TLS is is is the new version of SSL and is sometimes express as SSL / TLS . The two term are often used interchangeably .

30. Which description correctly identifies an MPLS VPN?

  • allows multicast and broadcast traffic over a secure site – to – site VPN
  • has both Layer 2 and layer 3 implementation
  • involves a nonsecure tunneling protocol being encapsulated by IPsec
  • route packet through virtual tunnel interface for encryption and forward.
  • use the public key infrastructure and digital certificate .

Explanation: An MPLS VPN has both Layer 2 and layer 3 implementation. A GRE over IPsec VPN involves a nonsecure tunneling protocol encapsulated by IPsec. An IPsec VTI VPN route packet through virtual tunnel interface for encryption and forward. An IPsec VTI VPN and GRE over IPsec VPN allows multicast and broadcast traffic over a secure site – to – site VPN. An SSL VPN use the public key infrastructure and digital certificate .

31. Which description correctly identifies an SSL VPN?

  • allows multicast and broadcast traffic over a secure site – to – site VPN
  • has both Layer 2 and layer 3 implementation
  • involves a nonsecure tunneling protocol being encapsulated by IPsec
  • route packet through virtual tunnel interface for encryption and forward
  • uses the public key infrastructure and digital certificates

Explanation: An SSL VPN use the public key infrastructure and digital certificate . An MPLS VPN has both Layer 2 and layer 3 implementation. A GRE over IPsec VPN involves a nonsecure tunneling protocol encapsulated by IPsec. An IPsec VTI VPN route packet through virtual tunnel interface for encryption and forward. An IPsec VTI VPN and a GRE over IPsec VPN allow multicast and broadcast traffic over a secure site – to – site VPN.

32 . Which two descriptions is identify correctly identify an IPsec VTI VPN ? ( choose two . )

  • allows multicast and broadcast traffic over a secure site – to – site VPN
  • has both Layer 2 and layer 3 implementation
  • involves a nonsecure tunneling protocol being encapsulated by IPsec
  • route packet through virtual tunnel interface for encryption and forward
  • uses the public key infrastructure and digital certificates

Explanation: An IPsec VTI VPN route packet through virtual tunnel interface for encryption and forward. An IPsec VTI VPN and a GRE over IPsec VPN allow multicast and broadcast traffic over a secure site – to – site VPN. An MPLS VPN has both Layer 2 and layer 3 implementation. A GRE over IPsec VPN involves a nonsecure tunneling protocol being encapsulated by IPsec. An SSL VPN use the public key infrastructure and digital certificate .

33 . Which two descriptions is identify correctly identify a GRE over IPsec VPN ? ( choose two . )

  • allows multicast and broadcast traffic over a secure site – to – site VPN
  • has both Layer 2 and layer 3 implementation
  • involves a nonsecure tunneling protocol being encapsulated by IPsec
  • route packet through virtual tunnel interface for encryption and forward
  • uses the public key infrastructure and digital certificates

Explanation: A GRE over IPsec VPN involves a nonsecure tunneling protocol being encapsulated by IPsec. An IPsec VTI VPN and a GRE over IPsec VPN allow multicast and broadcast traffic over a secure site – to – site VPN. An MPLS VPN has both Layer 2 and layer 3 implementation. An IPsec VTI VPN route packet through virtual tunnel interface for encryption and forward. An SSL VPN use the public key infrastructure and digital certificate .