Network Security Exam 3 - Part 1
Studied by 3 people
Learn
Practice Test
Spaced Repetition
Match
Flashcards1/62
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
63 Terms
A VPN creates or simulates a network connection over an intermediary network.
True
A hashing cryptographic function takes the input of any file or message and creates a fixed length output based on:
the hashing algorithm being used.
A host-to-host virtual private network (VPN) is a direct VPN connection between one host and another
True
A remote access link enables access to network resources using a wide area network (WAN) link to connect to the geographically distant network
True
A remote access virtual private network (VPN) is also known as host-to-site VPN because it supports single-host VPN connections into a LAN site
True
A site-to-site virtual private network (VPN) is also known as a LAN-to-LAN VPN
True
A virtual private network (VPN) can operate securely over the Internet and still provide high levels of security through encryption
True
A virtual private network (VPN) connection ensures quality of service.
False
Asymmetric cryptography that uses key pairs is commonly known as:
public key cryptography
Effective virtual private network (VPN) policies clearly define security restrictions imposed on VPNs.
True
Hashing modifies the original data
False
In symmetric cryptography, the same key must be used to encrypt and decrypt data.
True
Isabella is a network administrator. She is researching virtual private network (VPN) options for company employees who work from home. The solution must provide encryption over public networks, including the Internet; not rely upon pathways the company owns; be reliable; and not be subject to eavesdropping. It must also be cost-effective. Which solution does she choose?
Secured VPN
Mazie is a network engineer designing a virtual private network (VPN) architecture. The architecture must have the ability to establish and maintain a secure link between the company's main office and a branch office over the Internet, effectively creating a single distributed LAN. What solution does she recommend be applied?
site-to-site
Remote control is the ability to use a local computer system to remotely take control of another computer
True
Resiliency is the ease with which an organization can quickly increase capacity and use or shrink capacity and use of a device, system, or network.
False
Side attacks against the encrypted link of a virtual private network (VPN) are nearly eliminated, while data entering or leaving the VPN is at risk.
True
Virtual private networks (VPNs) over the Internet can experience latency but not fragmentation.
False
What is a mathematical operation that is easily performed but that is highly unlikely to reverse in a reasonable amount of time?
one-way function
Which elements do digital certificate contain that can be used to increase the reliability of authenticity and nonrepudiation?
Digital certificates use a public key and private key pair signed by a trusted third party.
Which of the following is a virtual private network (VPN) encryption encapsulation method best suited for linking individual computers together, even though it does not encrypt the original IP header?
Transport
Which of the following is an encryption method that is very fast and is based on a single, shared key?
Symmetric
Which of the following statements about ciphertext is TRUE?
Properly encrypted data produces ciphertext that does not contain redundancies or recognizable patterns.
Which of the following statements is TRUE of encryption?
The security of the encryption relies on the key.
A benefit of a commercial virtual private network (VPN) solution is access to vendor support.
True
A best practice when troubleshooting a virtual private network (VPN) is to document processes and procedures.
True
A virtual private network (VPN) policy documents an organization's rules for using the VPN
True
A virtual private network (VPN) policy should be a part of an overall IT security policy framework to avoid duplicate or conflicting information
True
A virtual private network (VPN) set up in a demilitarized zone (DMZ) has a firewall in front and behind it
True
Analisa is a sales representative who travels extensively. At a trade show, Analisa uses her virtual private network (VPN) connection to simultaneously connect to the office LAN and her personal computer at home. What security risk does this pose?
split tunneling that can lead to hairpinning
In a bypass virtual private network (VPN), traffic to the VPN and from the VPN to the internal network is not firewalled
True
In an internally connected virtual private network (VPN), the Internet-facing VPN connection is front of a firewall.
False
Only hardware virtual private networks (VPNs) are vulnerable to denial of service (DoS) attacks.
False
Opal is the chief technology officer for her company. She is working with the legal department to acquire virtual private network (VPN) service through a cloud provider. She wants the contract to address failover specifically. What is she most likely concerned about?
The chance of the VPN breaking and wants to provide redundancy
Open-source virtual private network (VPN) solutions are usually less flexible than commercial solutions
False
Split tunneling is a configuration setting that allows simultaneous access to both an untrusted network and a secured virtual private network (VPN) network connection
True
Split tunneling potentially opens a door into the network that you cannot control.
True
Virtual private network (VPN) patches address security issues and fix bugs
Trye
When monitoring a virtual private network (VPN), multiple concurrent employee connections may indicate a security issue
False
Which of the following is a type of virtual private network (VPN) architecture that places a firewall in front of the VPN to protect it from Internet-based attacks as well as a firewall behind the VPN to protect the internal network?
DMZ architecture
Which of the following is one of the most common and easily exploited vulnerabilities on any hardware network device?
Default password
While there is no single way to troubleshoot a virtual private network (VPN) issue, what is the MOST appropriate first step?
Identify the symptoms
A hardware virtual private network (VPN) is a standalone device, dedicated to managing VPN functions
True
A software-based virtual private network (VPN) may be part of a server operating system, part of an appliance operating system, or a third-party add-on software solution
True
A virtualized Secure Sockets Layer (SSL) virtual private network (VPN) provides the ability to create custom authentication methods
True
Chad is a network engineer. He is tasked with selecting a virtual private network (VPN) platform for his company. He chooses a solution that is inexpensive and runs on UNIX, although it is less scalable and less stable than other solutions. What has he chosen?
OS-based VPN
Chris is a network engineer deploying a virtual private network (VPN) solution. He needs an implementation of Secure Sockets Layer/Transport Layer Security (SSL/TLS) that adds a layer of authentication to the access. What feature does he require?
Bidirectional authentication
Client capabilities do not affect the performance of a remote virtual private network (VPN) connection
False
In IPSec tunnel mode, only the data packet payload is encapsulated, while the packet header is left intact
False
Internet Protocol Security (IPSec) has three major components: Authentication Header (AH), Encapsulating Security Payload (ESP), and Internet Key Exchange (IKE)
True
Internet Protocol Security (IPSec) is a standards-based protocol suite designed specifically for securing ____________ communications
Internet Protocol (IP)
Internet Protocol Security (IPSec) is designed to work well with network address translation (NAT).
False
Internet Protocol Security (IPSec) supports both transport mode and tunnel mode.
True
Software-based virtual private networks (VPNs) are typically more scalable than hardware VPNs.
False
The higher the encryption level of a virtual private network (VPN) connection, the greater the impact on the memory and processor of the endpoint devices.
True
The stability of a virtual private network (VPN) connection can be affected by the number of firewalls and routers it must traverse
True
Which Internet Protocol Security (IPSec) core component negotiates, creates, and manages security associations?
Internet Key Exchange (IKE)
Which of the following is a core Internet Protocol Security (IPSec) protocol that provides encryption only, both encryption and integrity protection, or integrity protection only in all but the oldest IPSec implementations?
Encapsulating Security Payload (ESP
Which of the following is a protocol that replaces the use of telnet and rlogin to log in to a shell on a remote host?
Secure Shell (SSH)
Which of the following is an advantage of Secure Sockets Layer/Transport Layer Security (SSL/TLS) virtual private networks (VPNs) versus Internet Protocol Security (IPSec) VPNs?
No NAT problems
Which of the following is the protocol used with HTTPS for encrypting communications to and from websites?
Secure Sockets Layer/Transport Layer Security (SSL/TLS)
Which of the following statements is TRUE of an Internet Protocol Security (IPSec) virtual private network (VPN) when compared to a Secure Sockets Layer/Transport Layer Security (SSL/TLS) VPN?
It requires client software
A virtual private network (VPN) implementation best practice is to protect the VPN server behind a firewall
True