CCNA 4 Chapter 7: Securing Site-to-Site Connectivity Flashcards
How is “tunneling” accomplished in a VPN?
New headers from one or more VPN protocols encapsulate the original packets.
Which two scenarios are examples of remote access VPNs? (Choose two.).
- A mobile sales agent is connecting to the company network via the Internet connection at a hotel.
- An employee who is working from home uses VPN client software on a laptop in order to connect to the company network.
Refer to the exhibit. Which IP address would be configured on the tunnel interface of the destination router?
172.16.1.2
Which statement correctly describes IPsec?
IPsec works at Layer 3, but can protect traffic from Layer 4 through Layer 7.
What is an IPsec protocol that provides data confidentiality and authentication for IP packets?
ESP
Which three statements describe the building blocks that make up the IPsec protocol framework? (Choose three.)
- IPsec uses encryption algorithms and keys to provide secure transfer of data
- IPsec uses secret key cryptography to encrypt messages that are sent through a VPN.
- IPsec uses ESP to provide confidential transfer of data by encrypting IP packets.
What key question would help determine whether an organization should use an SSL VPN or an IPsec VPN for the remote access solution of the organization?
Do users need to be able to connect without requiring special VPN software?
What is the purpose of a message hash in a VPN connection?
It ensures that the data has not changed while in transit.
A network design engineer is planning the implementation of a cost-effective method to interconnect multiple networks securely over the Internet. Which type of technology is required?
a VPN gateway
What is one benefit of using VPNs for remote access?
potential for reduced connectivity costs
Which statement describes a characteristic of IPsec VPNs?
IPsec works with all Layer 2 protocols
What is the purpose of the generic routing encapsulation tunneling protocol?
to manage the transportation of IP multicast and multiprotocol traffic between remote sites
Which algorithm is an asymmetrical key cryptosystem?
RSA
A network design engineer is planning the implementation of an IPsec VPN. Which hashing algorithm would provide the strongest level of message integrity?
512-bit SHA
What two encryption algorithms are used in IPsec VPNs? (Choose two.)
- . 3DES
2. AES
Which statement describes a feature of site-to-site VPNs?
Internal hosts send normal, un-encapsulated packets.
Which Cisco VPN solution provides limited access to internal network resources by utilizing a Cisco ASA and provides browser-based access only?
clientless SSL VPN
Which two algorithms use Hash-based Message Authentication Code for message authentication? (Choose two.)
- MD5
2. SHA
Which function of IPsec security services allows the receiver to verify that the data was transmitted without being changed or altered in any way?
data integrity
Open the PT Activity. Perform the tasks in the activity instructions and then answer the question. What problem is preventing the hosts from communicating across the VPN tunnel?
The tunnel IP addresses are incorrect.
What is the purpose of utilizing Diffie-Hellman (DH) algorithms as part of the IPsec standard?
DH algorithms allow two parties to establish a shared secret key that is used by encryption and hash algorithms.
Refer to the exhibit. A tunnel was implemented between routers R1 and R2. Which two conclusions can be drawn from the R1 command output? (Choose two.)
- The data that is sent across this tunnel is not secure.
2. A GRE tunnel is being used.
Two corporations have just completed a merger. The network engineer has been asked to connect the two corporate networks without the expense of leased lines. Which solution would be the most cost effective method of providing a proper and secure connection between the two corporate networks?
site-to-site VPN
Which remote access implementation scenario will support the use of generic routing encapsulation tunneling?
a central site that connects to a SOHO site without encryption
