Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

CPE109 > Module 8: Implementing Virtual Private Networks and Implementing the Cisco Adaptive Security Appliance > Flashcards

Module 8: Implementing Virtual Private Networks and Implementing the Cisco Adaptive Security Appliance Flashcards

1
Q

A computer network concept that masks your IP address so your online actions are virtually untraceable.

A

virtual private network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

It gives you online privacy and anonymity by creating a private network from a public internet connection.

A

virtual private network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the benefit of virtual private network?

A
  • cost savings
  • security
  • scalability
  • compatibility
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the different types of virtual private network?

A
  • remote-access virtual private network
  • site-to-site virtual private network
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A type of VPN where remote employees can log on to your office network from anywhere — home, traveling, or in transit.

A

remote-access virtual private network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A type of VPN where a company can securely connect its corporate network with its remote offices to communicate and share resources with them as a single network.

A

site-to-site virtual private network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A type of VPN that is are frequently used by companies with multiple offices in different geographic locations that need to access and use the corporate network on an ongoing basis.

A

site-to-site virtual private network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A type of VPN that creates a virtual tunnel between an employee’s device and the company’s network.

A

remote-access virtual private network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A component of remote-access VPN that requires the user to provide valid credentials to sign in to the VPN.

A

network access server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Components of Site-to-Site VPN

A
  • Virtual private gateway
  • Transit gateway
  • Customer gateway device
  • Customer gateway
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are algorithms used for confidentiality under the IPSec framework?

A
  • data encryption standard
  • triple data encryption standard
  • advanced encryption standard
  • software-optimized encryption algorithm
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the algorithms used for the integrity of a network?

A
  • message digest algorithm (MD5)
  • secure hash algorithm (SHA)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the algorithms used for the authentication of a network?

A
  • Pre-Shared Key (PSK)
  • RSA algorithm (Rivest-Shamir-Adleman)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A group of protocols that are used together to set up encrypted connections
between devices.

A

IPsec (internet protocol security)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

It is a group of protocols which is used to set up VPNs, and it works by encrypting IP packets, along with authenticating the source where the packets come from.

A

IPsec (internet protocol security)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An IPSec protocol that verifies any message passed from one router to another was not modified during transit.

A

authentication header

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

An IPSec protocol where IP packet encryption conceals the data payload and the identities of the ultimate source and destination.

A

encapsulating security payload

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A concept in computer network that refers to the accuracy and completeness of data.

A

integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

It is an algorithm where it common application is to encrypt password.

A

Secure Hash Algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

It is a family of cryptographic functions designed to keep data secured.

A

secure hash algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

It is an algorithm designed to be one-way functions, meaning that once they’re transformed into their respective hash values, it’s virtually impossible to transform them back into the original data.

A

secure hash algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

a one-way cryptographic function that accepts a message of any length as input and returns as output a fixed-length digest value to be used for authenticating the original message.

A

message digest-5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

It is a hash function that was originally designed for use as a secure cryptographic hash algorithm for authenticating digital signatures.

A

message digest-5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A client authentication method that uses a string of 64 hexadecimal digits, or as a passphrase of 8 to 63 printable ASCII characters, to generate unique encryption keys for each wireless client.

A

Pre-Shared Key (PSK)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
It is a public-key cryptosystem that is a relatively slow algorithm and is not commonly used to directly encrypt user data.
rivest-shamir-adleman
26
It is a protocol that authenticates IP headers and their payloads, with the exception of certain header fields that can be legitimately changed in transit, such as the Time To Live (TTL) field.
authentication header
27
An IPSec protocol that is used when confidentiality is not required or permitted.
authentication header
28
It is a protocol that provides data encryption and authentication.
encapsulating security payload
29
It is a protocol that authenticates only the IP datagram portion of the IP packet.
encapsulating security payload
30
It is a protocol that authenticates the entire IP packet, including the outer IP header.
authentication header
31
An ESP mode that encrypts the whole packet and is used for the establishment of site-to-site VPN tunnels, when securing communication between VPN gateway devices.
tunnel mode
32
A mode of AH and ESP that can be applied to any mix of end systems and intermediate systems, such as security gateways.
tunnel mode
33
A mode of AH and ESP where the original packet is encapsulated in another IP header.
tunnel mode
34
An ESP mode that provides security for the entire original IP packet, protecting the headers and payload.
tunnel mode
35
An ESP mode that protects the payload of the packet and the higher layer protocols.
transport mode
36
An ESP mode that is commonly used between two different workstations running VPN software.
transport mode
37
It is the protocol used to set up a secure, authenticated communications channel between two parties.
internet key exchange
38
It is part of the Internet Security Protocol which is responsible for negotiating security associations.
internet key exchange
39
It is a set of mutually agreed-upon keys and algorithms to be used by both parties trying to establish a VPN connection/tunnel.
security association
40
It defines how to establish, negotiate, modify and delete Security Associations containing the information required for execution of various network security services.
internet security association and key management protocol
41
In phase 1, IKE creates an authenticated, secure channel between the two IKE peers using __________.
Diffie-Hellman key agreement protocol
42
Typically deployed when two or more autonomous systems wish to communicate with each other over an untrusted media when confidential exchange of data is required.
Site-to-site IPsec VPN
43
A protocol for encapsulating data packets that use one routing protocol inside the packets of another protocol.
Generic Routing Encapsulation
44
It is an encapsulation concept that enables the usage of protocols that are not normally supported by a network, because the packets are wrapped within other packets that do use supported protocols.
Generic Routing Encapsulation
45
It means wrapping one data packet within another data packet, like putting a box inside another box.
Encapsulating
46
It is another way to set up a direct point-to-point connection across a network by simplifying connections between separate networks.
Generic Routing Encapsulation
47
It means encapsulating packets within other packets
tunneling
48
The Cisco command to configure PSK? crypto isakmp transform-set R1-R2 ah-md5-hmac crypto ipsec transform-set R1-R2 ah-md5-hmac crypto isakmp key cisco12345 address 172.30.2.2 access-list 101 permit ip 10.0.1.0 0.0.0.255 192.168.1.0 0.0.0.255
crypto isakmp key cisco12345 address 172.30.2.2
49
The Cisco command to configure internet protocol security transform set? crypto ipsec transform-set R1-R2 ah-md5-hmac access-list 101 permit ip 10.0.1.0 0.0.0.255 192.168.1.0 0.0.0.255 crypto map R1-R2_MAP 10 ipsec-isakmp crypto isakmp transform-set R1-R2 ah-md5-hmac
crypto ipsec transform-set R1-R2 ah-md5-hmac
50
The Cisco command to apply cyrpto map to an interface? ping ip 192.168.1.1 source 10.0.1.1 crypto ipsec sa crypto isakmp transform-set R1-R2 ah-md5-hmac crypto map R1-R2_MAP
crypto map R1-R2_MAP
51
The Cisco command to check the default ISAKMP policy? crypto isakmp policy default show crypto isakmp policy show crypto isakmp default policy
show crypto isakmp default policy
52
The Cisco command that permits AH traffic? access-list ADMIN permit ahp 192.168.1.0 0.0.0.255 access-list ADMIN permit udp 192.168.1.0 0.0.0.255 eq isakmp access-list ADMIN permit esp192.168.1.0 0.0.0.255
access-list ADMIN permit ahp 192.168.1.0 0.0.0.255
53
The Cisco command to configure ISAKMP policy to default ? crypto isakmp policy 1 default show crypto isakmp default policy show crypto isakmp policy
crypto isakmp policy 1 default
54
The Cisco command that permits ISAKMP traffic? access-list ADMIN permit ahp 192.168.1.0 0.0.0.255 access-list ADMIN permit esp192.168.1.0 0.0.0.255 access-list ADMIN permit udp 192.168.1.0 0.0.0.255 eq isakmp
access-list ADMIN permit udp 192.168.1.0 0.0.0.255 eq isakmp
55
A concept where ASA is divided into multiple virtual standalone firewalls and each virtual standalone firewall acts and behaves as an independent firewall with its own configuration, interfaces, Security Policies, routing table and etc.
Adaptive security appliance (ASA) Virtualization
56
What are the features of advanced ASA firewall?
* Adaptive security appliance (ASA) Virtualization * high availability * Identity-based firewall * adaptive security appliance (ASA) threat control
57
A feature of ASA firewall that relies on a number of different triggers and statistics.
adaptive security appliance threat control
58
A feature of ASA firewall that provides firewall administrators with the necessary tools to identify, understand, and stop attacks before they reach the internal network infrastructure.
adaptive security appliance threat control
59
A feature of ASA firewall that can be used in environments where an IPS is not available to provide an added layer of protection to the core functionality of ASA.
adaptive security appliance threat control
60
What are failover modes supported by ASA?
* active/active failover * active/standby failover
61
A feature of ASA firewall that enhances the existing access control and security policy mechanisms by allowing users or groups to be specified in place of source IP addresses.
identity firewall
62
A feature of ASA firewall where it can be configured to access rules and security policies based on user names and user groups name rather than through source IP addresses.
identity firewall
63
A feature of ASA firewall where it applies the security policies based on an association of IP addresses to Windows Active Directory login information and reports events based on the mapped user names.
identity firewall
64
A feature of ASA firewall that provides more granular access control based on users’ identities.
identity firewall
65
What are the ASA firewall modes of operation?
* routed mode * transparent mode
66
An ASA firewall modes of operation where ASA is considered to be a router hop in the network.
routed mode
67
An ASA firewall modes of operation where each interface that you want to route between is on a different subnet.
routed mode
68
An ASA firewall modes of operation where Layer 2 firewall that acts like a “bump in the wire,” or a “stealth firewall,” and is not seen as a router hop to connected devices.
transparent mode
69
ASA Security Level Controls
* Network Access * Inspection Engines * Application Filtering
70
An ASA security level control that is a numbered between 0 to 100 that defines the trustworthiness of the network that the interface is connected to
Network Access
71
An ASA security level control which is required for services that embed IP addressing information in the user data packet or that open secondary channels on dynamically assigned ports.
Inspection Engine
72
An ASA security level control where you can look inside the traffic and prevent applications that are unacceptable for your network.
Application Filtering
73
A computer network concept that may contain a single object (such as a single IP address, network, or subnet) or multiple objects such as a combination of multiple IP addresses, networks, or subnets.
object group
74
An ASA basic configuration command that sets the passphrase between 8 and 128 characters long.
key config-key password-encryption
75
An ASA basic configuration command used for generating the encryption key.
key config-key password-encryption
76
An ASA basic configuration command that provides legal notification and configures the system to display a message-of-the-day banner when connecting to the ASA
banner motd
77
An ASA basic configuration command that sets the default domain name
domain-name
78
An ASA basic configuration command that enables password encryption and encrypts all user passwords.
password encryption aes
79
It allows a group of users to have access only to a specific group of servers.
access control entry (ACE)
80
It is a set of rules that is usually used to filter network traffic.
access control list
81
It allows you to evaluate only the source IP address of a packet
standard access lists
82
It allow you to evaluate the source and destination IP addresses, the type of Layer 3 protocol, source and destination port, and other parameters.
extended access lists
83
A type of NAT wherein there is a consistent mapping between a real and mapped IP address.
static network address translation
84
It is a computer network concept that replaces a private IP address with a public IP address, translating the private addresses in the internal private network into legal, routable addresses that can be used on the public Internet.
network address translation
85
It is a computer network concept that enables private IP networks to connect to the Internet.
network address translation
86
A type of address translation where a remote host on the destination network can initiate a connection to the translated host if an access rule allows it.
Dynamic Port Address Translation
87
A type of NAT where only the real host can initiate traffic.
dynamic network address translation
88
A type of NAT that allows bidirectional traffic initiation, both to and from the host (if an access rule exists that allows it).
static network address translation
89
A computer network concept that provides a consistent and flexible way to configure security appliance features.
modular policy framework
90
A component or step in MPF that specifies where to apply the policy.
service policy
91
A component or step in MPF that specifies what action the ASA should take against the traffic identified by the Class Map.
policy map
92
A component or step in MPF that is used to identify the type of traffic.
class map

CPE109 (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions