Remote Access Methods

Question 1

Encapsulating a payload protocol within a delivery protocol to ensure secure transmission is known as what?

Answer 1

Tunnelling

Question 2

List the 4 types of VPNs

Answer 2

1) Client-to-site (Remote-Access)
2) Host-to-Host VPN
3) Site-to-Site VPN
4) Extranet VPN (allows organizations suppliers/partners to connect to the network)

Question 3

What’s the main benefit of using a site-to-site VPN for connecting remote offices than other WAN technologies?

Answer 3

It’s cheap!

Question 4

List the 5 tunnelling protocols covered in CompTIA

Answer 4

1) DTLS
2) L2TP
3) GRE
4) IPsec
5) PPTP

Question 5

When might you use DatagramTLS?

Answer 5

DTLS is a protocol based on TLS that is capable of securing the datagram (connectionless) transport so you might use it for securing delay-sensitive traffic.

Question 6

Which tunnelling protocol would you choose if you had to connect networks that used non-TCP/IP traffic?

Answer 6

L2TP (PPTP using GRE can do this but considered obsolete)

Question 7

Who created L2TP?

Answer 7

IETF

Question 8

Which data-link layer tunnelling protocol allows access to a VPN using ports TCP 1723 and IP 47?

Answer 8

PPTP

Question 9

Which technique encapsulates Point-to-Point Protocol (PPP) frames in Internet Protocol (IP) packets using the Generic Routing Encapsulation (GRE) protocol.

Answer 9

PPTP

Question 10

List 4 characteristics of GRE

Answer 10

1) Uses protocol-type field to transport any Layer 3 protocol
2) It is STATELESS and has NO FLOW CONTROL
3) It has NO ENCRYPTION
4) Create addition OVERHEAD

Question 11

Which tunneling protocol was designed by the IETF, works at the Network layer of the OSI model and supports both IPv4 and IPv6?

Answer 11

IPSec

Question 12

Which two major protocols work inside IPSec?

Answer 12

1) AH - Authentication Header (responsible for providing integrity and authentication using Integrity Value Check i.e. IVC)
2) ESP - Encapsulating Security Payload (responsible for encryption)

Question 13

What do you need to be aware of when tunnelling to NAT networks using IPSec?

Answer 13

The Authentication Header protocol isn’t compatible

Question 14

What is the difference between IPSec transport and tunnelling modes?

Answer 14

1) Transport mode creates a secure tunnel between two devices (e.g. host to host/host to server)
2) Tunnelling mode creates a secure tunnel between two end points like routers.

Question 15

What is the key advantage of ISAKMP? Which tunnelling protocol is it integrated into?

Answer 15

It allows for separating out of the method for safely transferring key and authentication independent of the key generation technique.
IPSec

Question 16

Which layer 2 protocol is commonly used for remote access and provides authentication, encryption and compression services to clients logging in remotely?
Is it routable?

Answer 16

Point-to-Point Protocol

It is not routable. It can be made routable using PPTP

Question 17

List what happens in the Discovery phase in PPPoE

Answer 17

1) MAC addresses of end-points are exchanged
2) Session ID is created to facilitate further data transmission
3) Point-to-point connection is created

Question 18

Which remote desktop sharing system similar to RDP uses the remote frame buffer protocol?

Answer 18

VNC (Virtual Network Computing)

Question 19

if you wanted to create a private network on an intranet what could you use?

Answer 19

an SSL VPN

Question 20

What is the major difference between the RDP and VNC?

Answer 20

VNC sends raw pixel data while RDP uses graphic primitives (not as high quality basically)

Question 21

SSL is based on what public key encryption algorithm?

Answer 21

RSA

Question 22

Which remote access method uses a Terminal Services Client to connect and provides 128-bit encryption using the RC4 algorithm?

Answer 22

Remote Desktop Protocol

Question 23

List the layers at which the following protocls work at:
GRE
IPSec
L2TP
PPTP

Answer 23

GRE - Layer 3
IPSec - Layer 3
L2TP - Layer 2
PPTP - Layer 2

Question 24

Which web browser security method was deprecated in 2015 in favour of TLS?

Answer 24

SSL

Question 25

What protocol number is 51 for?

Answer 25

The IPSec Authentication Header

Question 26

What is the protocol number of the Encapsulating Security Payload (ESP) and the Authentication Header? (AH)

Answer 26

ESP = 50
AH = 51

Question 27

What uses Internet Key Exchange, what port does it use and what does it do?

Answer 27

IPsec uses IKE over port 500 to authenticate clients in the IPSec conversation before data is transmitted.