What is the function of the Diffie-Hellman algorithm within the IPsec framework?

allows peers to exchange shared keys

provides strong data encryption

How is "tunneling" accomplished in a VPN?

New headers from one or more VPN protocols encapsulate the original packets.

All packets between two hosts are assigned to a single physical medium to ensure that the packets are kept private.

Packets are disguised to look like other types of traffic so that they will be ignored by potential attackers.

A dedicated circuit is established between the source and destination devices for the duration of the connection.

Which statement describes a VPN?

VPNs use virtual connections to create a private network through a public network.

VPNs use dedicated physical connections to transfer data between remote users.

VPNs use logical connections to create public networks through the Internet.

VPNs use open source virtualization software to create the tunnel through the Internet.

Module 8 - VPN and IPsec Concepts Review Quiz

1.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the function of the Hashed Message Authentication Code (HMAC) algorithm in setting up an IPsec VPN?

guarantees message integrity

authenticates the IPsec peers

protects IPsec keys during session negotiation

creates a secure channel for key negotiation

Answer explanation

The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. The Hashed Message Authentication Code (HMAC) is a data integrity algorithm that uses a hash value to guarantee the integrity of a message.

2.

MULTIPLE SELECT QUESTION

45 sec • 1 pt

What are two hashing algorithms used with IPsec AH to guarantee authenticity? (Choose two.)

MD5

SHA

AES

DH

RSA

Answer explanation

The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. Two popular algorithms used to ensure that data is not intercepted and modified (data integrity and authenticity) are MD5 and SHA.

3.

MULTIPLE SELECT QUESTION

45 sec • 1 pt

What two algorithms can be part of an IPsec policy to provide encryption and hashing to protect interesting traffic? (Choose two.)

AES

SHA

DH

RSA

PSK

Answer explanation

The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. Two algorithms that can be used within an IPsec policy to protect interesting traffic are AES, which is an encryption protocol, and SHA, which is a hashing algorithm.

4.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which protocol creates a virtual point-to-point connection to tunnel unencrypted traffic between Cisco routers from a variety of protocols?

OSPF

IPsec

IKE

GRE

Answer explanation

Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco that encapsulates multiprotocol traffic between remote Cisco routers. GRE does not encrypt data. OSPF is a open source routing protocol. IPsec is a suite of protocols that allow for the exchange of information that can be encrypted and verified. Internet Key Exchange (IKE) is a key management standard used with IPsec.

5.

MULTIPLE SELECT QUESTION

45 sec • 1 pt

Which two end points can be on the other side of an ASA site-to-site VPN? (Choose two.)

DSL switch

router

another ASA

multilayer switch

Frame Relay switch

Answer explanation

In a site-to-site VPN, end hosts send and receive normal unencrypted TCP/IP traffic through a VPN terminating device, typically called a VPN gateway. A VPN gateway device could be a router or a firewall. A Cisco Adaptive Security Appliance (ASA) is a standalone firewall device that combines firewall, VPN concentrator, and intrusion prevention functionality into one software image.

6.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which VPN solution allows the use of a web browser to establish a secure, remote-access VPN tunnel to the ASA?

clientless SSL

client-based SSL

site-to-site using a preshared key

site-to-site using an ACL

Answer explanation

When a web browser is used to securely access the corporate network, the browser must use a secure version of HTTP to provide SSL encryption. A VPN client is not required to be installed on the remote host, so a clientless SSL connection is used.

7.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which IPsec security function provides assurance that the data received via a VPN has not been modified in transit?

confidentiality

integrity

authentication

secure key exchange

Answer explanation

Integrity is a function of IPsec and ensures data arrives unchanged at the destination through the use of a hash algorithm. Confidentiality is a function of IPsec and utilizes encryption to protect data transfers with a key. Authentication is a function of IPsec and provides specific access to users and devices with valid authentication factors. Secure key exchange is a function of IPsec and allows two peers to maintain their private key confidentiality while sharing their public key.

8.

MULTIPLE SELECT QUESTION

45 sec • 1 pt

Which two technologies provide enterprise-managed VPN solutions? (Choose two.)

Frame Relay

site-to-site VPN

Layer 2 MPLS VPN

Layer 3 MPLS VPN

remote access VPN

Answer explanation

VPNs can be managed and deployed as either of two types: Enterprise VPNs – Enterprise-managed VPNs are a common solution for securing enterprise traffic across the internet. Site-to-site and remote access VPNs are examples of enterprise managed VPNs.
Service Provider VPNs – Service provider managed VPNs are created and managed over the provider network. Layer 2 and Layer 3 MPLS are examples of service provider managed VPNs. Other legacy WAN solutions include Frame Relay and ATM VPNs.

9.

MULTIPLE SELECT QUESTION

45 sec • 1 pt

Which two types of VPNs are examples of enterprise-managed remote access VPNs? (Choose two.)

IPsec VPN

clientless SSL VPN

GRE over IPsec VPN

client-based IPsec VPN

IPsec Virtual Tunnel Interface VPN

Answer explanation

Enterprise managed VPNs can be deployed in two configurations: Remote Access VPN - This VPN is created dynamically when required to establish a secure connection between a client and a VPN server. Remote access VPNs include client-based IPsec VPNs and clientless SSL VPNs.
Site-to-site VPN - This VPN is created when interconnecting devices are preconfigured with information to establish a secure tunnel. VPN traffic is encrypted only between the interconnecting devices, and internal hosts have no knowledge that a VPN is used. Site-to-site VPNs include IPsec, GRE over IPsec, Cisco Dynamic Multipoint (DMVPN), and IPsec Virtual Tunnel Interface (VTI) VPNs.

10.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which is a requirement of a site-to-site VPN?

It requires a client/server architecture.

It requires the placement of a VPN server at the edge of the company network.

It requires hosts to use VPN client software to encapsulate traffic.

It requires a VPN gateway at each end of the tunnel to encrypt and decrypt traffic.

Answer explanation

Site-to-site VPNs are static and are used to connect entire networks. Hosts have no knowledge of the VPN and send TCP/IP traffic to VPN gateways. The VPN gateway is responsible for encapsulating the traffic and forwarding it through the VPN tunnel to a peer gateway at the other end which decapsulates the traffic.

Module 8 - VPN and IPsec Concepts Review

20 questions

What is the function of the Hashed Message Authentication Code (HMAC) algorithm in setting up an IPsec VPN?

The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. The Hashed Message Authentication Code (HMAC) is a data integrity algorithm that uses a hash value to guarantee the integrity of a message.

What are two hashing algorithms used with IPsec AH to guarantee authenticity? (Choose two.)

The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. Two popular algorithms used to ensure that data is not intercepted and modified (data integrity and authenticity) are MD5 and SHA.

What two algorithms can be part of an IPsec policy to provide encryption and hashing to protect interesting traffic? (Choose two.)

Which protocol creates a virtual point-to-point connection to tunnel unencrypted traffic between Cisco routers from a variety of protocols?

Which two end points can be on the other side of an ASA site-to-site VPN? (Choose two.)

Which VPN solution allows the use of a web browser to establish a secure, remote-access VPN tunnel to the ASA?

When a web browser is used to securely access the corporate network, the browser must use a secure version of HTTP to provide SSL encryption. A VPN client is not required to be installed on the remote host, so a clientless SSL connection is used.

Which IPsec security function provides assurance that the data received via a VPN has not been modified in transit?

Which two technologies provide enterprise-managed VPN solutions? (Choose two.)

Which two types of VPNs are examples of enterprise-managed remote access VPNs? (Choose two.)

Which is a requirement of a site-to-site VPN?

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers