Network+ Extra 6

Question 1

Uses a packet’s original IP header, as opposed to adding an additional tunnel header. This approach works well in networks where increasing a packet’s size might cause an issue. Also, _________ ____ is often used for client-to-site VPNs, where a PC running VPN client software connects back to a VPN termination device at a headquarters location.

Answer 1

Transport Mode

Question 2

Unlike transport mode, ______ mode encapsulates an entire packet. As a result, the encapsulated packet has a new header (an IPSec header). This new header has source and destination IP address information that reflects the two VPN termination devices at different sites. Therefore, ______ mode is often used in an IPSec site-to-site VPN.

Answer 2

Tunnel Mode

Question 3

is a VPN protocol that lacks security features, such as encryption. However, ____ can still be used for a secure VPN connection if it is combined with another protocol that does provide encryption.

Answer 3

Layer 2 Tunneling Protocol (L2TP)

Question 4

is a VPN protocol designed (by Cisco Systems) with the intent of providing a tunneling protocol for PPP. Like L2TP, ___ lacks native security features.

Answer 4

Layer 2 Forwarding (L2F)

Question 5

is an older VPN protocol (which supported the dial-up networking feature in older versions of Microsoft Windows). Like L2TP and L2F, ____ lacks native security features. However, Microsoft’s versions of ____ bundled with various versions of Microsoft Windows were enhanced to offer security features.

Answer 5

Point-to-Point Tunneling Protocol (PPTP)

Question 6

whereas an IDS device receives a copy of traffic to be analyzed, an IPS device resides inline with the traffic

Answer 6

IDS/IPS

Question 7

A signature could be a string of bytes, in a certain context, that triggers detection.

Answer 7

signature-based detection

Question 8

based on network policies and if something happens out of policy it is reported.

Answer 8

policy-based detection :

Question 9

Anomaly-based detection : detecting things outside of normal conditions

________ anomaly detection : This approach watches network-traffic patterns over a period of time and dynamically builds a baseline. Then, if traffic patterns significantly vary from the baseline, an alarm can be triggered.

Answer 9

anomaly-based detection (Statistical Anomaly based detection)

Question 10

___________ anomaly detection : This approach allows an administrator to define what traffic patterns are supposed to look like, so anything outside the baseline will be reported and or blocked.

Answer 10

Nonstatistical anomaly detection