Chapter Review

Chapter Review

This chapter looked at how VPNs can be used to extend the corporate networks securely using public networks, such as the Internet. The two basic VPN types are remote access and site-to-site. The three types of VPN connectivity are access VPN, intranet VPN, and extranet VPN. The two VPN modes are transport and tunnel.

While a variety of Layer 2 and Layer 7 VPN implementations exist, IPSec and IETF Layer 3 standards seem to dominate the market today. IPSec technologies include a variety of authentication and encryption methods.

Questions

1.?

Which is not one of the three basic types of VPN connections?

  1. Access VPNs

  2. Intranet VPNs

  3. Internet VPNs

  4. Extranet VPNs

 C. Internet VPNs

2.?

Which is not one of the concerns in using the Internet for conducting private communications?

  1. Loss of privacy

  2. High cost

  3. Loss of data integrity

  4. Identity spoofing

 B. High cost

3.?

Which one of the following is a Layer 2 tunneling protocol supported by Microsoft and Cisco?

  1. PPTP

  2. L2F

  3. L2TP

  4. GRE

 C. L2TP

4.?

With which security protocol is the data not encrypted?

  1. AH

  2. EST

  3. ESP

  4. Diffie-Hellman

 A. AH

5.?

What is the size of the encryption key for DES?

  1. 40 bit

  2. 56 bit

  3. 128 bit

  4. 168 bit

 B. 56 bit

6.?

Which one of the following is not an encryption algorithm?

  1. DES

  2. 3DES

  3. ESP

  4. AES

 C. ESP

7.?

Which is the most secure hashing algorithm?

  1. MD5

  2. SHA-1

  3. HMAC MD5

  4. HMAC SHA-1

 D. HMAC SHA-1

8.?

With which security mode is the original IP header encrypted?

  1. AH Transport

  2. AH Tunnel

  3. ESP Transport

  4. ESP Tunnel

 D. ESP Tunnel

9.?

Which is not a valid transform?

  1. ah-md5-hmac

  2. esp-rfc1829

  3. ah-des

  4. esp-sha-hmac

 C. ah-des

10.?

Transform sets can contain how many AH transforms?

  1. 1

  2. 2

  3. 3

  4. None

 A. 1

11.?

Which cryptography type is also called public key encryption?

  1. Symmetric encryption

  2. Asymmetric encryption

  3. Hash function

  4. Cipher text

 B. Asymmetric encryption

12.?

Which Diffie-Hellman key exchange offers the most security?

  1. 5

  2. 2

  3. 1

  4. 0

 A. 5

13.?

In an IPSec session, what is the minimum number of SAs that will be created?

  1. 1

  2. 2

  3. 3

  4. 6

 C. 3-1 IKE and 1 in each direction for IPSec

14.?

At what point are the IPSec peers authenticated?

  1. IKE Phase One

  2. IKE Phase Two

  3. IKE Phase Three

  4. Interesting Traffic

 A. IKE Phase One

15.?

What is a nonce?

  1. A large prime number

  2. A random number

  3. A pseudorandom number

  4. A digital signature

 C. pseudorandom number

Answers

1.?

C. Internet VPNs

2.?

B. High cost

3.?

C. L2TP

4.?

A. AH

5.?

B. 56 bit

6.?

C. ESP

7.?

D. HMAC SHA-1

8.?

D. ESP Tunnel

9.?

C. ah-des

10.?

A. 1

11.?

B. Asymmetric encryption

12.?

A. 5

13.?

C. 3—1 IKE and 1 in each direction for IPSec

14.?

A. IKE Phase One

15.?

C. pseudorandom number




Part III: Virtual Private Networks (VPNs)