Week 2

Question 1

-to create end-to-end private networks to create end-to-end private network connections
-is virtual in that it carries information within a private network, but that information is actually transported over a public network.
-is private in that the traffic is encrypted to keep the data confidential while it is transported acrosss the public network.

Answer 1

Virtual Private Network (VPN)

Question 2

(VPN Benefits)
-organizations can use VPNs to reduce their connectivity costs while simultaneously increasing remote connection bandwidth.

Answer 2

cost savings

Question 3

(VPN Benefits)
-encryption and authentication protocols data from unauthorized access.

Answer 3

security

Question 4

(VPN Benefits)
-VPNs allow organizations to use the internet, making it easy to add new users wihtout adding significant infrastructure.

Answer 4

scalability

Question 5

(VPN Benefits)
-VPNs can be implemented across a wide variety of WAN link options including broadband technologies. Remote workers can use these high-speed connections to gain secure access to corporate networks.

Answer 5

compatibility

Question 6

-common solution for securing enterprise traffic across the internet. Site-to-seite and remote access VPNs are created and managed by the enterprise using IPsec and SSL VPNs/

Answer 6

Enterprise VPNs

Question 7

-created and managed by the provider network, The provider uses Multiprotocol Label Switching (MPLS) at Layer 2 or Layer 3 to create secure channels between an enterprise’s sites, effecticely segregating the traffic from other customer traffic.

Answer 7

Service Provider VPNs

Question 8

-does not ask you to install for connection, you can use the browser to connect

Answer 8

Client SSL Connection

Question 9

-let remote and mobile users securely connect to the enterprise.
-are typically enabled dramatically by the user when required and can be created using either IPsec or SSL.

Answer 9

Remote-access VPNs

Question 10

(remote-access VPNs)
-the connection is secured using a web browser SSL connection

Answer 10

clientless VPN connection

Question 11

(remote-access VPNs)
-VPN client software such as Cisco AnyConnect Secure Mobility Client must be installed on the remote user’s end device.

Answer 11

Client-based VPN connection

Question 12

-uses the public key infrastructure and digitial certificates to authenticate peers. The type of VPN method implemented is based on the access requirements of the users and the organization’s IT processes.

Answer 12

SSL VPNs

Question 13

-connect networks across an untrusted network such as the internet.

Answer 13

site-to-site VPNs

Question 14

(site-to-site IPsec VPNs)
–send and receive normal unencrypted TCP/IP traffic through a VPN gateway.

Answer 14

end hosts

Question 15

(site-to-site IPsec VPNs)
-encapsulates and encrypts outbound traffic from a site and sends the traffic through the VPN tunnel to the VPN gateway strips the headers, decrypts thw contect and relays the packet toward the target host inside its private network.

Answer 15

VPN gateway

Question 16

-is a non-secure site-to-site VPN tunneling protocol
-does not default support encryption; and therefore, it does not provide a secure VPN tunnel.
-its packet can be encapsulated into an IPsec packet to forward it securely to the destination VPN gateway.

Answer 16

Generic Routing Encapsulation (GRE)

Question 17

(GRE over IPsec)
-can encapsulate various network layer protocols as well as multicast and broadcast traffic.

Answer 17

GRE tunnel

Question 18

(GRE over IPsec)
-this is the original packet that is to be encapsulated by GRE. It could be an IPv4 or IPv6 pakcet, a routing update, and more.

Answer 18

passenger protocol

Question 19

(GRE over IPsec)
-that encapsulates the original passenger packet

Answer 19

carrier protocol

Question 20

(GRE over IPsec)
-this is the protocol that will actually be used to forward the packet. This could be IPv4 or IPv6.

Answer 20

Transport protocol

Question 21

-is a Cisco software slolution for building multiple VPNs in an easy, dynamic, and scalale manner
-simplifies the VPN tunnel configuration and provides a flexible option to connect a central site with branch sites.

Answer 21

Dynamic Multipoint VPNs (DMVPN)

Question 22

(Dynamic Multipoint VPNs)
-establish secure VPN tunnels with the hub site.
-can also obtain information about each other, and alternatively build direct tunnels between themselves (spoke-to-spoke tunnels)

Answer 22

spoke sites

Question 23

-simplifies the configuration process required to support multiple sites and remote access.
-configurations are applied to a virtual interface instead of static mapping the IPsec sessions to a physical interface.
-is capable of sending and receving both IP unicast anf multicast encrypted traffic. Therefore, routing protocols are automatically supported without having to configure GRE tunnels
-can be configured between sites or in a hub-and-spoke topology.

Answer 23

IPsec Virtual Tunnel Interface (IPsec VTI)

Question 24

(service provider MPLS VPNs)
-is forwarded through the MPLS backbone using labels.
-is secure because service provider customers cannot see each other’s traffic.

Answer 24

traffic

Question 25

-can provide clients with managed VPN solutions; therefore, securing traffic between client sites in the responsibility of the service provider.
-is an open standard but cisco has its implementations

Answer 25

MPLS

Question 26

(MPSL VPN solutions)
-the service provider participates in stomer routing by establishing a peering between the customer’s routers and the provider’s routers

Answer 26

Layer 3 MPLS VPN

Question 27

(MPSL VPN solutions)
-the service provider is not involved in the customer routing. Instead, the provider deploys a Virtual Private LAN Service (VPLS) to emulate an Ethernet multiaccess LAN segment over the MPLS network. No routing is involved. The cutomer’s routers effecticely belong to the same multiaccess network.

Answer 27

layer 2 MPLS VPN

Question 28

-is an IETF standard that defines how A VPN can be secured across IP networks.
-protects and authenticates IP packets between source and destination and provides these essential security functions.
-is open-standard-you can configure it in non-cisco devices
-alone is good enough for implementation of VPN; it is a complete package.
-is not bound to any specific rules for secure cmmunications
-can easily integrate new security technologies without updating existing IPsec standards.
-encapsulates packets using Authentication Header (AH) or Encapsualtion Security Protocol (ESP).

Answer 28

IPsec

Question 29

(IPsec Technologies)
-uses encryption algorithms to prevet cybercriminals from reading the packet contents.
-the degree depends on the encryption algorithm and the length of the key used in the encryption algorithm.

Answer 29

confidentiality

Question 30

(IPsec Technologies)
-uses hashing algorithms to ensure that pakcets have not been altered between source and destination
-is computed using thr hash code
-means that the data has not changed in transit

Answer 30

Integrity

Question 31

(IPsec Technologies)
-uses the internet key exchange (IKE) protocol to authenticate source and destination.

Answer 31

origin authentication

Question 32

(IPsec Technologies)
-used to secure key exchange
-allows two peers to establish a shared secret key over an insecure channel.

Answer 32

diffie-hellman

Question 33

(IP sec Protocol Encapsulation)
-is appropriate only when confidentiality is not required or permitted

Answer 33

AH (Authentication Header)

Question 34

(IPsec Protocol Encapsulation)
-provides both confidentiality and authentication

Answer 34

ESP (Enscapsulation Security Protocol)

Question 35

(confidentiality)
-Uses a 56-bit key

Answer 35

DES

Question 36

(confidentiality)
-uses three independent 56-bit encryption keys per 64-bit block

Answer 36

3DES

Question 37

(confidentiality)
-offers three different key lengths: 128 bits, 192 bits, and 256 bots

Answer 37

AES

Question 38

(confidentiality)
-is a stream cipher, which means it encrypts data continuously rather than encrypting blocks of data.
-uses a 160-bit key.

Answer 38

SEAL

Question 39

(integrity)
-is a data integrity algorithm that guarantees the integrity of the message using a hash value.

Answer 39

Hashed Message Authentication Code (HMAC)

Question 40

(integrity)
-uses a 128-bit shared-secret key

Answer 40

Message-Digest 5 (MD5)

Question 41

(integrity)
-uses a 160-bit secret key

Answer 41

Secure Hash Algorithm (SHA)