This chapter looked at how VPNs can be used to extend the
corporate networks securely using public networks, such as the Internet. The two
basic VPN types are remote access and site-to-site. The three types of VPN
connectivity are access VPN, intranet VPN, and extranet VPN. The two VPN modes
are transport and tunnel.
While a variety of Layer 2 and Layer 7 VPN implementations exist,
IPSec and IETF Layer 3 standards seem to dominate the market today. IPSec
technologies include a variety of authentication and encryption methods.
Questions
|
1. |
Which is not one of the three basic
types of VPN connections?
-
Access VPNs
-
Intranet VPNs
-
Internet VPNs
-
Extranet VPNs |
|
|
2. |
Which is not one of the concerns in
using the Internet for conducting private communications?
-
Loss of privacy
-
High cost
-
Loss of data integrity
-
Identity spoofing |
|
|
3. |
Which one of the following is a Layer 2 tunneling protocol
supported by Microsoft and Cisco?
-
PPTP
-
L2F
-
L2TP
-
GRE |
|
|
4. |
With which security protocol is the data not encrypted?
-
AH
-
EST
-
ESP
-
Diffie-Hellman |
|
|
5. |
What is the size of the encryption key for DES?
-
40 bit
-
56 bit
-
128 bit
-
168 bit |
|
|
6. |
Which one of the following is not an
encryption algorithm?
-
DES
-
3DES
-
ESP
-
AES |
|
|
7. |
Which is the most secure hashing algorithm?
-
MD5
-
SHA-1
-
HMAC MD5
-
HMAC SHA-1 |
|
|
8. |
With which security mode is the original IP header
encrypted?
-
AH Transport
-
AH Tunnel
-
ESP Transport
-
ESP Tunnel |
|
|
9. |
Which is not a valid transform?
-
ah-md5-hmac
-
esp-rfc1829
-
ah-des
-
esp-sha-hmac |
|
|
10. |
Transform sets can contain how many AH transforms?
-
1
-
2
-
3
-
None |
|
|
11. |
Which cryptography type is also called public key
encryption?
-
Symmetric encryption
-
Asymmetric encryption
-
Hash function
-
Cipher text |
|
|
12. |
Which Diffie-Hellman key exchange offers the most
security?
-
5
-
2
-
1
-
0 |
|
|
13. |
In an IPSec session, what is the minimum number of SAs that
will be created?
-
1
-
2
-
3
-
6 |
|
|
14. |
At what point are the IPSec peers authenticated?
-
IKE Phase One
-
IKE Phase Two
-
IKE Phase Three
-
Interesting Traffic |
|
|
15. |
What is a nonce?
-
A large prime number
-
A random number
-
A pseudorandom number
-
A digital signature |
|
Answers
|
1. |
C. Internet VPNs |
|
2. |
B. High cost |
|
3. |
C. L2TP |
|
4. |
A. AH |
|
5. |
B. 56 bit |
|
6. |
C. ESP |
|
7. |
D. HMAC SHA-1 |
|
8. |
D. ESP Tunnel |
|
9. |
C. ah-des |
|
10. |
A. 1 |
|
11. |
B. Asymmetric encryption |
|
12. |
A. 5 |
|
13. |
C. 3—1 IKE and 1 in each direction for
IPSec |
|
14. |
A. IKE Phase One |
|
15. |
C. pseudorandom number |
Sections
Comments (0 posted)
Syndication
