Module 8: Implementing Virtual Private Networks and Implementing the Cisco Adaptive Security Appliance Flashcards

1
Q

A computer network concept that masks your IP address so your online actions are virtually untraceable.

A

virtual private network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

It gives you online privacy and anonymity by creating a private network from a public internet connection.

A

virtual private network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the benefit of virtual private network?

A
  • cost savings
  • security
  • scalability
  • compatibility
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the different types of virtual private network?

A
  • remote-access virtual private network
  • site-to-site virtual private network
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A type of VPN where remote employees can log on to your office network from anywhere — home, traveling, or in transit.

A

remote-access virtual private network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A type of VPN where a company can securely connect its corporate network with its remote offices to communicate and share resources with them as a single network.

A

site-to-site virtual private network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A type of VPN that is are frequently used by companies with multiple offices in different geographic locations that need to access and use the corporate network on an ongoing basis.

A

site-to-site virtual private network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A type of VPN that creates a virtual tunnel between an employee’s device and the company’s network.

A

remote-access virtual private network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A component of remote-access VPN that requires the user to provide valid credentials to sign in to the VPN.

A

network access server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Components of Site-to-Site VPN

A
  • Virtual private gateway
  • Transit gateway
  • Customer gateway device
  • Customer gateway
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are algorithms used for confidentiality under the IPSec framework?

A
  • data encryption standard
  • triple data encryption standard
  • advanced encryption standard
  • software-optimized encryption algorithm
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the algorithms used for the integrity of a network?

A
  • message digest algorithm (MD5)
  • secure hash algorithm (SHA)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the algorithms used for the authentication of a network?

A
  • Pre-Shared Key (PSK)
  • RSA algorithm (Rivest-Shamir-Adleman)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A group of protocols that are used together to set up encrypted connections
between devices.

A

IPsec (internet protocol security)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

It is a group of protocols which is used to set up VPNs, and it works by encrypting IP packets, along with authenticating the source where the packets come from.

A

IPsec (internet protocol security)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An IPSec protocol that verifies any message passed from one router to another was not modified during transit.

A

authentication header

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

An IPSec protocol where IP packet encryption conceals the data payload and the identities of the ultimate source and destination.

A

encapsulating security payload

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A concept in computer network that refers to the accuracy and completeness of data.

A

integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

It is an algorithm where it common application is to encrypt password.

A

Secure Hash Algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

It is a family of cryptographic functions designed to keep data secured.

A

secure hash algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

It is an algorithm designed to be one-way functions, meaning that once they’re transformed into their respective hash values, it’s virtually impossible to transform them back into the original data.

A

secure hash algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

a one-way cryptographic function that accepts a message of any length as input and returns as output a fixed-length digest value to be used for authenticating the original message.

A

message digest-5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

It is a hash function that was originally designed for use as a secure cryptographic hash algorithm for authenticating digital signatures.

A

message digest-5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A client authentication method that uses a string of 64 hexadecimal digits, or as a passphrase of 8 to 63 printable ASCII characters, to generate unique encryption keys for each wireless client.

A

Pre-Shared Key (PSK)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

It is a public-key cryptosystem that is a relatively slow algorithm and is not commonly used to directly encrypt user data.

A

rivest-shamir-adleman

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

It is a protocol that authenticates IP headers and their payloads, with the exception of certain header fields that can be legitimately changed in transit, such as the Time To Live (TTL) field.

A

authentication header

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

An IPSec protocol that is used when confidentiality is not required or permitted.

A

authentication header

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

It is a protocol that provides data encryption and authentication.

A

encapsulating security payload

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

It is a protocol that authenticates only the IP datagram portion of the IP packet.

A

encapsulating security payload

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

It is a protocol that authenticates the entire IP packet, including the outer IP header.

A

authentication header

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

An ESP mode that encrypts the whole packet and is used for the establishment of site-to-site VPN tunnels, when securing communication between VPN gateway devices.

A

tunnel mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

A mode of AH and ESP that can be applied to any mix of end systems and intermediate systems, such as security gateways.

A

tunnel mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

A mode of AH and ESP where the original packet is encapsulated in another IP header.

A

tunnel mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

An ESP mode that provides security for the entire original IP packet, protecting the headers and payload.

A

tunnel mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

An ESP mode that protects the payload of the packet and the higher layer protocols.

A

transport mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

An ESP mode that is commonly used between two different workstations running VPN software.

A

transport mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

It is the protocol used to set up a secure, authenticated communications channel between two parties.

A

internet key exchange

38
Q

It is part of the Internet Security Protocol which is responsible for negotiating security associations.

A

internet key exchange

39
Q

It is a set of mutually agreed-upon keys and algorithms to be used by both parties trying to establish a VPN connection/tunnel.

A

security association

40
Q

It defines how to establish, negotiate, modify and delete Security Associations containing the information required for execution of various network security services.

A

internet security association and key management protocol

41
Q

In phase 1, IKE creates an authenticated, secure channel between the two IKE peers using __________.

A

Diffie-Hellman key agreement protocol

42
Q

Typically deployed when two or more autonomous systems wish to communicate with each other over an untrusted media when confidential exchange of data is required.

A

Site-to-site IPsec VPN

43
Q

A protocol for encapsulating data packets that use one routing protocol inside the packets of another protocol.

A

Generic Routing Encapsulation

44
Q

It is an encapsulation concept that enables the usage of protocols that are not normally supported by a network, because the packets are wrapped within other packets that do use supported protocols.

A

Generic Routing Encapsulation

45
Q

It means wrapping one data packet within another data packet, like putting a box inside another box.

A

Encapsulating

46
Q

It is another way to set up a direct point-to-point connection across a network by simplifying connections between separate networks.

A

Generic Routing Encapsulation

47
Q

It means encapsulating packets within other packets

48
Q

The Cisco command to configure PSK?

crypto isakmp transform-set R1-R2 ah-md5-hmac

crypto ipsec transform-set R1-R2 ah-md5-hmac

crypto isakmp key cisco12345 address 172.30.2.2

access-list 101 permit ip 10.0.1.0 0.0.0.255 192.168.1.0 0.0.0.255

A

crypto isakmp key cisco12345 address 172.30.2.2

49
Q

The Cisco command to configure internet protocol security transform set?

crypto ipsec transform-set R1-R2 ah-md5-hmac

access-list 101 permit ip 10.0.1.0 0.0.0.255 192.168.1.0 0.0.0.255

crypto map R1-R2_MAP 10 ipsec-isakmp

crypto isakmp transform-set R1-R2 ah-md5-hmac

A

crypto ipsec transform-set R1-R2 ah-md5-hmac

50
Q

The Cisco command to apply cyrpto map to an interface?

ping ip 192.168.1.1 source 10.0.1.1

crypto ipsec sa

crypto isakmp transform-set R1-R2 ah-md5-hmac

crypto map R1-R2_MAP

A

crypto map R1-R2_MAP

51
Q

The Cisco command to check the default ISAKMP policy?

crypto isakmp policy default

show crypto isakmp policy

show crypto isakmp default policy

A

show crypto isakmp default policy

52
Q

The Cisco command that permits AH traffic?

access-list ADMIN permit ahp 192.168.1.0 0.0.0.255

access-list ADMIN permit udp 192.168.1.0 0.0.0.255 eq isakmp

access-list ADMIN permit esp192.168.1.0 0.0.0.255

A

access-list ADMIN permit ahp 192.168.1.0 0.0.0.255

53
Q

The Cisco command to configure ISAKMP policy to default ?

crypto isakmp policy 1 default

show crypto isakmp default policy

show crypto isakmp policy

A

crypto isakmp policy 1 default

54
Q

The Cisco command that permits ISAKMP traffic?

access-list ADMIN permit ahp 192.168.1.0 0.0.0.255

access-list ADMIN permit esp192.168.1.0 0.0.0.255

access-list ADMIN permit udp 192.168.1.0 0.0.0.255 eq isakmp

A

access-list ADMIN permit udp 192.168.1.0 0.0.0.255 eq isakmp

55
Q

A concept where ASA is divided into multiple virtual standalone firewalls and each virtual standalone firewall acts and behaves as an independent firewall with its own configuration, interfaces, Security Policies, routing table and etc.

A

Adaptive security appliance (ASA) Virtualization

56
Q

What are the features of advanced ASA firewall?

A
  • Adaptive security appliance (ASA) Virtualization
  • high availability
  • Identity-based firewall
  • adaptive security appliance (ASA) threat control
57
Q

A feature of ASA firewall that relies on a number of different triggers and statistics.

A

adaptive security appliance threat control

58
Q

A feature of ASA firewall that provides firewall administrators with the necessary tools to identify, understand, and stop attacks before they reach the internal network infrastructure.

A

adaptive security appliance threat control

59
Q

A feature of ASA firewall that can be used in environments where an IPS is not available to provide an added layer of protection to the core functionality of ASA.

A

adaptive security appliance threat control

60
Q

What are failover modes supported by ASA?

A
  • active/active failover
  • active/standby failover
61
Q

A feature of ASA firewall that enhances the existing access control and security policy mechanisms by allowing users or groups to be specified in place of source IP addresses.

A

identity firewall

62
Q

A feature of ASA firewall where it can be configured to access rules and security policies based on user names and user groups name rather than through source IP addresses.

A

identity firewall

63
Q

A feature of ASA firewall where it applies the security policies based on an association of IP addresses to Windows Active Directory login information and reports events based on the mapped user names.

A

identity firewall

64
Q

A feature of ASA firewall that provides more granular access control based on users’ identities.

A

identity firewall

65
Q

What are the ASA firewall modes of operation?

A
  • routed mode
  • transparent mode
66
Q

An ASA firewall modes of operation where ASA is considered to be a router hop in the network.

A

routed mode

67
Q

An ASA firewall modes of operation where each interface that you want to route between is on a different subnet.

A

routed mode

68
Q

An ASA firewall modes of operation where Layer 2 firewall that acts like a “bump in the wire,” or a “stealth firewall,” and is not seen as a router hop to connected devices.

A

transparent mode

69
Q

ASA Security Level Controls

A
  • Network Access
  • Inspection Engines
  • Application Filtering
70
Q

An ASA security level control that is a numbered between 0 to 100 that defines the trustworthiness of the network that the interface is connected to

A

Network Access

71
Q

An ASA security level control which is required for services that embed IP addressing information in the user data packet or that open secondary channels on dynamically assigned ports.

A

Inspection Engine

72
Q

An ASA security level control where you can look inside the traffic and prevent applications that are unacceptable for your network.

A

Application Filtering

73
Q

A computer network concept that may contain a single object (such as a single IP address, network, or subnet) or multiple objects such as a combination of multiple IP addresses, networks, or subnets.

A

object group

74
Q

An ASA basic configuration command that sets the passphrase between 8 and 128 characters long.

A

key config-key password-encryption

75
Q

An ASA basic configuration command used for generating the encryption key.

A

key config-key password-encryption

76
Q

An ASA basic configuration command that provides legal notification and configures the system to display a message-of-the-day banner when connecting to the ASA

A

banner motd

77
Q

An ASA basic configuration command that sets the default domain name

A

domain-name

78
Q

An ASA basic configuration command that enables password encryption and encrypts all user passwords.

A

password encryption aes

79
Q

It allows a group of users to have access only to a specific group of servers.

A

access control entry (ACE)

80
Q

It is a set of rules that is usually used to filter network traffic.

A

access control list

81
Q

It allows you to evaluate
only the source IP address of a packet

A

standard access lists

82
Q

It allow you to evaluate the source and destination IP addresses, the type of Layer 3 protocol, source and destination port, and other parameters.

A

extended access lists

83
Q

A type of NAT wherein there is a consistent mapping between a real and mapped IP address.

A

static network address translation

84
Q

It is a computer network concept that replaces a private IP address with a public IP address, translating the private addresses in the internal private network into legal, routable addresses that can be used on the public Internet.

A

network address translation

85
Q

It is a computer network concept that enables private IP networks to connect to the Internet.

A

network address translation

86
Q

A type of address translation where a remote host on the destination network can initiate a connection to the translated host if an access rule allows it.

A

Dynamic Port Address Translation

87
Q

A type of NAT where only the real host can initiate traffic.

A

dynamic network address translation

88
Q

A type of NAT that allows bidirectional traffic initiation, both to and from the host (if an access rule exists that allows it).

A

static network address translation

89
Q

A computer network concept that provides a consistent and flexible way to configure security appliance features.

A

modular policy framework

90
Q

A component or step in MPF that specifies where to apply the policy.

A

service policy

91
Q

A component or step in MPF that specifies what action the ASA should take against the traffic identified by the Class Map.

A

policy map

92
Q

A component or step in MPF that is used to identify the type of traffic.