Quiz 2 Review (p4)

Maria is a network engineer assigned to select a new virtual private network (VPN) solution for her company. She is weighing the benefits of commercial versus open-source VPNs. Which of the following is a benefit of open-source platforms?

. Access to Internet-based support

Malware is a vulnerability of a software virtual private network (VPN).

True

Kasim is a network technician. He is tasked with deploying a virtual private network (VPN) in his company's IT infrastructure. He wants to place the VPN device where it is directly connected to both the Internet and the internal LAN. He believes that security will not be a concern because the VPN is already encrypted point-to-point. Which of the following statements is TRUE about this configuration?

Without a firewall, an employee on the internal LAN could use the VPN to make an insecure connection to a remote host

Marta is a network technician intern at a mid-sized company. She is learning hardware virtual private network (VPN) best practices from one of the engineers. Which of the following does the engineer tell Marta is NOT a best practice?

Connecting a client computer to more than one network interface while connected to the office via VPN

Isabelle is a network engineer deploying an IT infrastructure in one of her company's new branch offices. Currently, she is designing a local subnetwork that contains and exposes the office's external services to a larger, untrusted network, specifically the Internet. What is this called?

Demilitarized zone (DMZ)

James is a network engineer. He has been assigned the responsibility of designing a virtual private network (VPN) solution that will allow customers, suppliers, and business partners access to network resources without exposing the secure private LAN. The parties accessing these resources must use digital certificates issues by a certification authority (CA). What form of VPN is he setting up?

Extranet

Instability is not considered a potential threat associated with software virtual private networks (VPNs).

False

Internet Protocol Security (IPSec) is designed to work well with network address translation (NAT).

False

It is uncommon to leverage a virtual private network (VPN) to send sensitive information when connected to an untrustworthy network.

False

Jacob is a remote employee. He clicks the Start menu button in Windows and selects an application to run. Most of the time, he is unaware that he is really accessing the application on a server at his company's main office several miles away. What solution is he using?

Hosted services

Isabella is a network administrator. She is researching virtual private network (VPN) options for company employees who work from home. The solution must provide encryption over public networks, including the Internet; not rely upon pathways the company owns; be reliable; and not be subject to eavesdropping. It must also be cost-effective. Which solution does she choose?

Hybrid VPN

Internet Protocol Security (IPSec) is a standards-based protocol suite designed specifically for securing ____________ communications.

Internet Protocol (IP)

Maria is a new network engineer for a company that was established more than 30 years ago. She is examining the IT infrastructure and discovers that the virtual private network (VPN) solution employs an older encryption protocol for backward compatibility. This protocol has largely been replaced, but it used to be popular in early VPN solutions. What is this protocol?

Layer 2 Tunneling Protocol (L2TP)

Jahi is a security engineer for a U.S. Department of Defense contractor. He is implementing a more secure method for remote users to log into an internal system over a virtual private network (VPN). In addition to requiring a password, this method asks the user to enter a PIN texted to their mobile phone, and to use a fingerprint reader mounted to their company-issued laptop. Which method is Jahi deploying?

Multifactor authentication

Lin is designing a virtual private network (VPN) implementation as a class project. The assignment includes a budget she has to follow. To save money, she decided to use a VPN without a firewall. What is the problem with her decision?

This approach will not work because VPNs cannot take the place of firewalls

In symmetric cryptography, the same key must be used to encrypt and decrypt data.

True

Insecure default configuration is a vulnerability of a hardware virtual private network (VPN)

True

Internet Protocol Security (IPSec) has three major components: Authentication Header (AH), Encapsulating Security Payload (ESP), and Internet Key Exchange (IKE).

True

Internet Protocol Security (IPSec) supports both transport mode and tunnel mode.

True

Layer 2 of the Open Systems Interconnection (OSI) Reference Model is the Data Link Layer.

True