IS3220 CHAPTER 12

Question 1

This provides integrity protection for packet headers and data, as well as user authentication. It can optionally provide replay protection and access protection.. It cannot encrypt any portion of a packet. Because authentication capabilities were added to ESP in the seconder version of IPSec, this has become less significant. But, it still has value because it can authenticate portions of packets that ESP cannot. This is called ___?

Answer 1

AUTHENTICATION HEADER (AH)

Question 2

This is the second core IPSec security protocol in NISTs Guide to IPsec VPNs notes. Initially, this provided only encryption for packet payload data. Integrity protection was provided by the AH protocol if needed. The next version became more flexible. It can perform authentication to provide integrity protection, although not for the outermost IP header. This is called

Answer 2

ENCAPSULATING SECURITY PAYLOAD (ESP)

Question 3

This is the standards body for internet-related engineering specifications.. It uses RFCs as a mechanism to define internet-related standards and is called ___?

Answer 3

INTERNET ENGINEERING TASK FORCE (IETF)

Question 4

This negotiates, creates, and manages security associations. Security association (SA) is a generic term for a set of values that define the IPSec features and protections applied to a connection. You can also create SAs manually, using values agreed on in advance by both parties, but because these SAs cannot be updated, this method does not scale for real-life large-scale VPNs. In IPSec, this provides a secure mechanism for establishing IPSec-protected connections and is this is called ___?

Answer 4

INTERNET KEY EXCHANGE (IKE)

Question 5

353

Answer 5

LAYER 2 FORWARDING (L2F)

Question 6

This is an older protocol largely replaced by IPSec and SSL/TLS-based VPNs in production environments. This was used extensively in the early VPN solutions, but lost its popularity as other protocols proved to be more usable as industry standards developed. This is called ___?

Answer 6

LAYER 2 TUNNELING PROTOCOL (L2TP)

Question 7

This was a protocol defined to provide a standard transport mechanism. This was used largely in conjunction with modem connections and has been phased out as high-speed internet connections have replaced modem connections. This is called ___?

Answer 7

POINT-TO-POINT PROTOCOL (PPP)

Question 8

This protocol supports Microsoft’s remote access servers and has known issues. It uses Microsoft Point-to-point Encryption and is still used for some remote access solutions, IPSec and SSL-based solutions are replacing it. This is called ___?

Answer 8

POINT-TO-POINT TUNNELING PROTOCOL (PPTP)

Question 9

A document that defines or describes computer and networking technologies. These exist for hardware, operating systems, protocols, security services and more. This is called ___?

Answer 9

REQUEST FOR COMMENT (RFC)

Question 10

A network protocol that allows data exchange using a secure channel between two networked devices. It is used primarily on GNU/Linux and UNIX based systems to access shell accounts. This was a replacement for Telnet and other insecure remote shoes, which send information, notably passwords, in plaintext, rendering them susceptible to packet analysis. This is called ___?

Answer 10

SECURE SHELL (SSH)

Question 11

1. What are the two modes supported by IPSec?
   (Multiple answers are correct)
2. Transition
3. Tunnel
4. Encrypted
5. Transport
6. Internally connected

Answer 11

Tunnel

Transport

Question 12

2. All the following are considered IPSec service EXCEPT:
   (Multiple answers may be correct)
3. Access control
4. Encryption
5. NAT interoperability
6. Replay rejection
7. Support for AES encryption

Answer 12

NAT interoperability

Support for AES encryption

Question 13

3. The strongest encryption protocol currently supported by IPSec is ___?

Answer 13

3DES

Question 14

4. The two different protocols commonly used for remote access VPN are ___ and ___.

Answer 14

SSL and IPSec

Question 15

5. Select two advantages of using an IPSec-based VPN solution instead of an SSL-based solution.
   (Multiple answers are correct)
6. Provides direct connection to the network
7. Since IPSec works at Layer 3, it can support virtually all network applications
8. Requires configuration of each application being accessed via the VPN
9. Client-less solution

Answer 15

Provides direct connection to the network

Since IPSec works at Layer 3, it can support virtually all network applications

Question 16

6. A solution that permitted industry to extend the life of IPv4 addresses is ___.

Answer 16

network address translation (NAT)

Question 17

7. Which of the following are benefits of using an SSL VPN?  
(Multiple answers may be correct)
1. More costly
2. Less flexible
3. Support for NAT
4. Fewer firewall rules
5. Used for secure logins

Answer 17

Support for NAT

Fewer firewall rules

Question 18

8. SSL VPNs are considered ____ because access is granted through SSL, which is supported by Web browsers on virtually all platforms.

Answer 18

platform independent

Question 19

9. Which of the following are areas that can impact the stability of your VPN?
(Multiple answers may be correct)
1. Number of users
2. VPN Configuration
3. Code Revision Level
4. Operating System
5. Encryption Level

Answer 19

VPN Configuration

Code Revision Level

Operating System

Question 20

10. Which of the following are types of Network Address Translation? (Multiple answers may be correct)
11. On Demand
12. Dynamic
13. Secure
14. Static
15. Encrypted

Answer 20

Dynamic

Static

Question 21

11. The mechanism used by the IETF to document internet standards is the ___.

Answer 21

request for comment (RFC)

Question 22

12. Separating the physical devices from the logical devices is known as ___.

Answer 22

.virtualization

Question 23

13. Which of the following are uses for the SSH protocol?
(Multiple answers may be correct)
1. Secure Remote Login
2. Secure File Transfers
3. Secure access to a Web site
4. Encrypting data on backup tapes
5. Creating a VPN connection

Answer 23

Secure Remote Login

Secure File Transfers

Creating a VPN connection

Question 24

14. The L2TP protocol was created by the combination of these two protocols: ___ and ___.

Answer 24

L2F and PPTP

Question 25

15. When you need to securely connect to a router for remote login, ___ would be the recommended protocol.

Answer 25

SSH

Question 26

16. Which of the following are protocols that can be used for a VPN connection? (Multiple answers may be correct)
17. IPSec
18. 3DES
19. SSH
20. IETF
21. SSL

Answer 26

IPSec

SSH

SSL

Question 27

17. When working with IPSec in an environment using network address translation, which protocols and ports need to be open for IPSec to communicate?
    (Multiple answers may be correct)
18. (IKE) __ User Datagram Protocol (UDP) port 500
19. Internet Key Exchange – UDP port 500
20. Encapsulating Security Payload – IP port 50
21. Secure Sockets Layer __ TCP port 443
22. Authentication Header – IP protocol number 51

Answer 27

Internet Key Exchange – UDP port 500

Encapsulating Security Payload – IP port 50

Authentication Header – IP protocol number 51

Question 28

18. When designing a VPN solutions, which of the following areas could impact VPN performance? (Multiple answers may be correct)
19. Available bandwidth
20. Client configuration
21. Client patch level
22. Traffic
23. Topology

Answer 28

Available bandwidth

Client configuration

Traffic

Topology

Question 29

19. Which of the following are benefits of IPv6?
    (Multiple answers may be correct)
20. IPSec is defined as a native protocol
21. Support for SSL included in the standard
22. Ability to address a limit of 4.3 billion hosts
23. Plug and Play configuration with or without DHCP
24. Define how to respond to incidents

Answer 29

IPSec is defined as a native protocol

Plug and Play configuration with or without DHCP

Question 30

20. The ability to traverse a firewall using Network Address Translation on port 443 is a component of which VPN protocol ___?

Answer 30

Secure Socket Layer