VPN Flashcards
What is a Virtual Private Network?
A logical “overlay” on top of an existing network that can provide security to the traffic going over the VPN.
What is one protocol built-in to Windows Server 2016 to build a VPN tunnel?
Point-to-Point Tunneling Protocol (PPTP).
Worst option for VPN security.
What are better options/protocols to use to build VPNs?
L2TP/IPSec (Layer 2 Tunneling Protocol), SSTP (Secure Socket Tunneling Protocol), and IKEv2 (Internet Key Exchange Version 2)
What protocols are supported in Server 2016 to provide Authentication services?
PAP (Password Authentication Protocol): Sends passwords in plain text
CHAP (Challenge Handshake Authentication Protocol): Challenge and response method. Uses MD5 Hash
MS-CHAP-v2
EAP (Extensible Authentication Protocol)
Which Role allows a server to provide VPN services?
Remote Access.
What command is used to verify network connectivity, as well as verify the local interface used for the connection?
Test-NetConnection
What is the management tool used to configure DirectAccess?
Remote Access Management
What are two different implementation methods of VPNs?
Remote Access VPNs and Site-to-Site VPNs
Within the Routing and Remote Access management tool, in the properties of the VPN server, what tab allows you to upgrade your VPN protocol (e.g., L2TP/IPsec)?
Security
On a VPN client, in the properties of the VPN network adapter (Network Connections window), what tab is used to force a client to use a specific VPN protocol; PPTP, L2TP/IPSec, SSTP, IKEv2.
Security
On a VPN client, what VPN type is configured by default?
Automatic. Requires the least amount of configuration but also the least amount of security (PPTP).
What VPN protocol requires a pre-shared key?
IPSec (L2TP/IPSec)
DirectAccess is an IPv6 solution that can leverage IPv4 infrastructure. True or False?
True.
When installing DirectAccess on your server, you need to be logged in as the _____ administrator.
Domain
What role is required to install for DirectAccess?
Remote Access
What PowerShell command is used to view currently applied GPOs?
gpresult /r
What command gets the IP-HTTPS configuration from a computer or GPO as well as displays the configuration type and ServerURL?
Get-NetIPHTTPSConfiguration
What could be possible causes of DirectAccess not functioning correctly?
- No IPv4 connectivity to the Access server.
- IPv6 is not correctly configured in the infrastructure.
- DNS is not working for both IPv4 and IPv6.
- A Group Policy did not get applied. This can be checked with the gpresult /r.
What does CMAK stand for?
Connection Manager Administration Kit
In creating a Site-to-Site VPN, what tab is used regarding a user’s properties to allow Network Access Permission?
Dial-in
With an empty local DNS cache to begin with, a successful ping from a client at site 1 to hostname at site 2 verifies which of the following are working?
DNS, VPN, and IP Connectivity.
Both sides of a VPN tunnel need to have the same authentication protocols configured. True or False?
True.
What are some causes as to why a site-to-site VPN will fail?
- Remote access has not been allowed.
- Static routes have not been configured.
- User accounts have not been configured.
- Authentication protocols are not the same on both sides.
Machine certificates are commonly used to identify end users. True or False.
False.
