4.4 Flashcards
A user is sending data over the internet where the data and original IP address are encrypted. What is this called?
Transport mode is used to secure communication between hosts on a private network. When ESP is applied in transport mode, only the payload data is encrypted. If AH is used in transport mode, it can provide integrity for the IP header.
A group of users need to connect to a secure network. However, the network administrator needs to ensure that only valid users are connecting to it. Which of the following authentication methods meets the needs of the administrator for encrypted communications? (Select all that apply.)
Securing a network requires confirmation that only valid users are connecting to it. A pre-shared key (PSK) is a secret that is shared between two parties via a secure channel prior to its use in encrypted communications.
Securing a network requires confirmation that only valid users are connecting to it. Using a passphrase to generate the key used to encrypt communications is referred to as group authentication because a group of users share the same secret.
MAC filtering is an additional authorization mechanism that involves specifying which MAC addresses are permitted to connect to the AP.
Which of the following is also referred to as a router implementation?
Tunnel mode is used for communication between VPN gateways across an unsecure network. With ESP, the whole IP packet is encrypted and encapsulated as a datagram with a new IP header. AH has no real use in tunnel mode.
What solution uses a protocol called WebSockets that enables bidirectional messages to be sent between the server and client without requiring the overhead of separate HTTP requests?
Clientless VPN requires a client appl that implements the protocols and authentication methods by the remote desktop/VPN gateway.
Which of the following VPN involves more than two sites connecting the remote spokes to a headquarters hub by using static tunnels configured between the hub and each spoke?
Site-to-site VPN connects two or more private networks automatically. The gateways exchange security information using whichever protocol the VPN is based on.
What approach is used to communicate multiprotocol data between two routers?
Point-to-point protocol (PPP) is an encapsulation protocol that works at the Data Link layer (layer 2). PPP has no security mechanisms, so must be used with other protocols to provision a secure tunnel.
A network administrator sets up a policy that secures the authentication mechanism that a host must be able to match at least one matching security method for a connection to be established. What is this called?
Internet protocol security (IPSec) can be used to secure IPv4 and/or IPv6 communications on local networks and as a remote access protocol. Each host that is required to use IPSec must be assigned a policy.
What method allows for the use of a dynamic mesh topology between multiple remote sites, effectively setting up direct VPNs, rather than the remote sites having to route traffic via the hub?
Dynamic multipoint VPN (DMVPN) allows VPNs to be set up dynamically according to traffic requirements and demand. Each site can communicate with all other spokes directly no matter where they are located.
Which of the following protocols excludes the IP header when calculating ICV?
Encapsulating security payload (ESP) provides confidentiality and/or authentication and integrity. It can be used to encrypt the packet rather than simply calculating a hash.
A network administrator uses a method that connects the port used for management access to a physically separate network infrastructure. What is this method?
Out of band management allows access to the network when the network is down. Out of band can be used remotely to reboot devices.
Just info on other ports
AUX port is designed to connect to an analog modem and provide remote access over a dial-up link.
Console port requires connecting a device running emulator software to the device through a separate physical interface using a special console.
Management port is configuring a virtual network interface and IP address on the device to use for management functions and connecting to it via one of the normal Ethernet ports.
What protocol attaches three fields to the packet which are a header, a trailer, and integrity check value?
Encapsulating security payload (ESP) provides confidentiality and/or authentication and integrity. It can be used to encrypt the packet rather than simply calculating a hash.
A network administrator is using a method that enables remote site routers to connect to the hub router using an IPSec tunnel, GRE tunneling, IPSec encryption, and next-hop router protocol (NHRP) to deploy provisioning to the VPNs. What is this called?
Dynamic multipoint VPN (DMVPN) allows VPNs to be set up dynamically according to traffic requirements and demand. Each site can communicate with all other spokes directly no matter where they are located.
