Quiz 11

A split tunnel configuration can be seen by inspecting the routing table of the VPN client machine and looking for a single gateway.

False

Border firewalls can be allowed to filter encrypted VPN traffic by placing them "in front of", that is, closer to the Internet than a VPN concentrator. Internet -----> Firewall -----> VPN concentrator ----> rest of LAN

False

Border firewalls can be allowed to filter encrypted VPN traffic by placing them "in front of", that is, closer to the Internet than a VPN concentrator. Internet -----> Firewall -----> VPN concentrator ----> rest of LAN

False

IPSec is a single protocol, not a suite of protocols.

False

SSH as a VPN is not subject to the TCP meltdown problem because SSH uses UDP port 22.

False

The TAP virtual network interface created when a VPN client is installed or a connection is made is a layer (blank) based tunnel.

Data Link

The TAP virtual network interface created when a VPN client is installed or a connection is made is a layer ____ based tunnel.

Data Link

IPsec operates at the (blank) layer of the TCP/IP OSI hybrid model.

Network

The TUN virtual network interface created when a VPN client is installed or a connection is made is a layer (blank) based tunnel.

Network

The TUN virtual network interface created when a VPN client is installed or a connection is made is a layer ____ based tunnel.

Network

VPNs can operate at which layers of the TCP/IP - OSI hybrid protocol model?

Network, Transport

Split tunnels can leak information if the ______ information in the configurations is not correct.

None of these

If OpenVPN uses TCP as the underlying protocol, it can experience a problem where it exceeds available bandwidth, known as the (blank).

TCP meltdown problem

OpenVPN uses the (blank) protocol to create a tunnel over which regular packets can be sent.

TLS

OpenVPN uses the ____ protocol to create a tunnel over which regular packets can be sent.

TLS

Which IPSec mode provides end-to-end encryption?

Transport

DNS information can be leaked from a VPN if the configuration does not explicitly set DNS servers that are within the tunnel.

True

IPSec ESP headers in tunnel mode encrypt the original IP headers, providing protection from some types of traffic analysis.

True

SSTP is a Microsoft proprietary VPN protocol that uses TLS to encrypt communications.

True

Wireguard is a new VPN protocol, which appears to be more secure than OpenVPN or even IPsec.

True

On disadvantage of using TLS as a Layer 4 VPN technology is that a full network stack _____ through it.

can't be tunneled

Split tunneling in a VPN refers to a situation where there are two gateways, one for ________ and the other for traffic to be routed out to the VPN server.

local LAN traffic

Wireguard is a VPN protocol which uses (blank) ciphers such as ChaCha20 and Curve25519.

modern

Wireguard is a VPN protocol which uses ______ ciphers such as ChaCha20 and Curve25519.

modern

An HTTPS connection between a browser and a web server represents the (blank) type of VPN today.

most widely used

An HTTPS connection between a browser and a web server represents the _______ type of VPN today.

most widely used

L2TP and PPTP are older protocols which are (blank).

mostly insecure

L2TP and PPTP are older protocols which are _______.

mostly insecure

IPSec tends to be one of the most ________ methods of creating a VPN because it runs at the IP layer.

transparent