1. Which two statements describe a remote access VPN? (Choose two.)
- It connects entire networks to each other.
- It requires hosts to send TCP/IP traffic through a VPN gateway.
- It is used to connect individual hosts securely to a company network over the Internet.
- It may require VPN client software on hosts.
- It requires static configuration of the VPN tunnel.
Explanation: Remote access VPNs can be used to support the needs of telecommuters and mobile users by allowing them to connect securely to company networks over the Internet. To connect hosts to the VPN server on the corporate network, the remote access VPN tunnel is dynamically built by client software that runs on the hosts.
2. The use of 3DES within the IPsec framework is an example of which of the five IPsec building blocks?
- Diffie-Hellman
- integrity
- authentication
- nonrepudiation
- confidentiality
Explanation: The IPsec framework consists of five building blocks. Each building block performs a specific securty function via specific protocols. The function of providing confidentiality is provided by protocols such as DES, 3DES, and AES.
3. Which type of VPN may require the Cisco VPN Client software?
- MPLS VPN
- site-to-site VPN
- remote access VPN
- SSL VPN
Explanation: With a remote-access VPN, the client peer may need special VPN client software installed.
4. Which technique is necessary to ensure a private transfer of data using a VPN?
- scalability
- authorization
- virtualization
- encryption
Explanation: Confidential and secure transfers of data with VPNs require data encryption.
5. What are the two fundamental Dynamic Multipoint VPN tunnel types? (Choose two.)
- client-to-site
- server-to-client
- site-to-site
- hub-to-spoke
- spoke-to-spoke
Explanation: The two fundamental DMVPN designs include:
- Spoke-to-spoke
- Hub-to-spoke
6. What are two reasons a company would use a VPN? (Choose two.)
- to test network connections to remote users
- to increase bandwidth to the network
- to eliminate the need of having a gateway
- to connect remote users to the network
- to allow suppliers to access the network
Explanation: Organizations use VPNs to have a reliable secure method to connect remote users, branch offices, and suppliers to the company network. To implement VPNs, a VPN gateway is necessary.
7. True or False? All VPNs securely transmit clear text across the Internet.
- true
- false
Explanation: A VPN is secure (private) when encrypted traffic is sent over a public network, such as the Internet.
8. Which solution allows workers to telecommute effectively and securely?
- dial-up connection
- site-to-site VPN
- DSL connection
- remote-access VPN
Explanation: Telecommuters using remote-access VPNs can securely connect to their corporate networks from anywhere by creating an encrypted tunnel, allowing them to effectively complete their work. They may connect using a variety of access technologies, including dial-up and DSL connections. These connections, however, are not secure without the use of VPN technology.
9. Which VPN type is a service provider managed VPN?
- GRE over IPsec VPN
- site-to-site VPN
- remote access VPN
- Layer 3 MPLS VPN
Explanation: VPNs can be managed and deployed as:
- Enterprise VPNs – Enterprise managed VPNs are a common solution for securing enterprise traffic across the internet. Site-to-site and remote access VPNs are examples of enterprise managed VPNs.
- Service Provider VPNs – Service provider managed VPNs are created and managed over the provider network. Layer 2 and Layer 3 MPLS are examples of service provider managed VPNs. Other legacy WAN solutions include Frame Relay and ATM VPNs.
10. Which IPsec framework protocol provides data integrity and data authentication, but does not provide data confidentiality?
- DH
- ESP
- AH
- IP protocol 50
Explanation: Authentication Header (AH) is IP protocol 51 and does not provide data confidentiality. The data payload is not encrypted. Encapsulating Security Payload (ESP) is IP protocol 50 and provides data confidentiality, integrity, and authentication. The DH algorithm is used in IPsec to negotiate a shared secret key for the peers.
11. What algorithm is used to provide data integrity of a message through the use of a calculated hash value?
- AES
- RSA
- DH
- HMAC
Explanation: The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. To ensure that data is not intercepted and modified (data integrity), Hashed Message Authentication Code (HMAC) is used. AES is an encryption protocol and provides data confidentiality. DH (Diffie-Hellman) is an algorithm that is used for key exchange. RSA is an algorithm that is used for authentication.
12. Which statement describes the effect of key length in deterring an attacker from hacking through an encryption key?
- The shorter the key, the harder it is to break.
- The length of a key will not vary between encryption algorithms.
- The length of a key does not affect the degree of security.
- The longer the key, the more key possibilities exist.
Explanation: While preventing brute-force attacks and other forced decryption concerns, the longer the key length, the harder it is to break. A 64-bit key can take one year to break with a sophisticated computer, while a 128-bit key may take 1019 years to decrypt. Different encryption algorithms will provide varying key lengths for implementation.
13. What is a type of VPN that is generally transparent to the end user?
- public
- remote access
- private
- site-to-site
Explanation: With site-to-site VPNs, internal hosts have no knowledge that a VPN exists. Remote access VPNs support a client/server architecture, where the VPN client (remote host) gains secure access to the enterprise network via a VPN server device at the network edge. Public and private are not VPN types.