Introducing VPN Solutions

Question 1

What is a Virtual Private Network?

Answer 1

A VPN is an encrypted connection between private networks over a public network such as the internet.

Question 2

What two authentication methods are used by IPsec to authenticate peers?

Answer 2

Pre-Shared Keys and RSA signatures

Question 3

What RSA signatures are used with IPsec?

Answer 3

Rivest, Shamir, and Adelman

Question 4

What type of devices can be VPN gateways?

Answer 4

Routers, Firewalls, VPN concentrators

Question 5

What Cisco specific device can be a VPN gateway?

Answer 5

Cisco ASA 5500

Question 6

What is Cisco Easy VPN?

Answer 6

Cisco Easy VPN is a cost-effective solution for deploying VPN that is ideal for remote offices that have little ideal IT support.

Question 7

What are the two components of Cisco VPNs?

Answer 7

Cisco Easy VPN Server, and Cisco Easy VPN Remote

Question 8

What is Cisco Easy VPN Server?

Answer 8

The VPN server is a dedicated VPN gateway that can terminate VPN tunnels as well as site-to-site VPNs

Question 9

What is Cisco Easy VPN Remote?

Answer 9

The VPN remote enables Cisco hardware clients to receive security policies from a Cisco Easy VPN server..

Question 10

What VPN parameters can an administrator configure on Cisco Easy VPN server to be pushed to a Cisco Easy VPN remote client?

Answer 10

Internal IP addresses, internal subnet masks, DHCP addresses, WINS server addresses, split-tunneling flags

Question 11

What are some benefits of using the Cisco Easy VPN solution?

Answer 11

Dynamic configuration of end-user policies // Local VPN configuration is independent of the remote peer IP // Centralized security management // Enables large-scale deployments with rapid user provisioning // Removes the need for end users to install and configure Cisco Easy VPN remote software on their PCs

Question 12

What are the two main IPsec framework protocols?

Answer 12

Authentication Header (AH) & Encapsulation Security Protocol (ESP)

Question 13

What is an SSL VPN or WebVPN?

Answer 13

Provides remote-access connectivity from almost any internet enabled location using a web browser and native SSL encryption

Question 14

What is an example of an SSL or WebVPN?

Answer 14

Citrix

Question 15

What is the Authentication Header?

Answer 15

AH provides authentication and data integrity using its algorithms. AH does not encrypt packets, and is used with ESP to provide encryption with tamper-aware security

Question 16

What is Encapsulating Security Protocol?

Answer 16

ESP is an encryption algorithm that encrypts the IP packet and ESP header, which conceal the data payload and identities of the source / destination.

Question 17

What are the two modes of cisco WebVPN?

Answer 17

Clientless // Thin Client

Question 18

What is IPsec?

Answer 18

Network layer protocol that protects and authenticates packets.

Question 19

What four security services does IPsec provide?

Answer 19

Confidentiality // Integrity // Authentication // Antireplay protection

Question 20

What is Antireplay protection?

Answer 20

Antireplay protection verifies that each packet is unique and not duplicated. This is done by comparing the sequence number of the received packets with a sliding window of the destination host or gateway.

Question 21

For IPsec encryption to work in a VPN, what must both the sender and receiver be configured with?

Answer 21

The sender and receiver must be configured with the same transform set.

Question 22

In a VPN, what is degree of security based on?

Answer 22

The degree of security is based on the encryption algorithm used and the length of the key.

Question 23

List three types of encryption algorithms supported by IPsec.

Answer 23

Data Encryption Standard (DES) // Triple DES (3DES) // Advance Encryption Standard (AES)

Question 24

What is a transform set in relation to IPsec?

Answer 24

A transform set is the rules used to encrypt the traffic through the VPN. These rules are based on an algorithm and a key.

Question 25

What is the Diffie-Hellman Key Exchange?

Answer 25

The Diffie-Hellman (DH) Key Exchange is a public key exchange that exchanges symmetric shared secret keys

Question 26

How does IPsec ensure data integrity?

Answer 26

Uses Hash Based Messaged Authentication (HMAC) code to determine if been tampered

Question 27

What are two common HMAC algorithms used by IPsec?

Answer 27

Message Digest Algorithm 5 (MD5) // Secure Hash Algorith 1 (SHA-1)

Question 28

What are the two types of VPNs?

Answer 28

Site-to-Site // Remote Access

Question 29

List Six Cisco Easy VPN restrictions.

Answer 29

Manual NAT or PAT is not allowed // Only one destination peer and only one tunnel connection supported // Digital certificates are not supported // Only ISAKMP is supported on IPsec servers // Transform sets that provide encryption without authentication are not supported (DES, ESP, and 3DES)

Question 30

What is manual NAT or PAT not allowed in Cisco Easy VPN?

Answer 30

Cisco Easy VPN Remote automatically creates the appropriate NAT or PAT configuration for the VPN tunnel