CCNA Cyber Ops FAQ: Introduction to Virtual Private Networks (VPNs)
Q1. Which of the following are examples of protocols used for VPN implementations?
A. TCP
B. Secure Sockets Layer (SSL)
C. UDP
D. Multiprotocol Label Switching (MPLS)
E. Internet Protocol Security (IPsec)
Q2. Which of the following VPN protocols do not provide data integrity, authentication, and data encryption?
A. L2TP
B. GRE
C. SSL
D. IPsec
E. MPLS
Q3. VPN implementations are categorized into which of the following two general groups?
A. Encrypted VPNs
B. Non-encrypted VPNs
C. Site-to-site (LAN-to-LAN) VPNs
D. Remote-access VPNs
Q4. Which of the following is an example of a remote-access VPN client?
A. Cisco Encrypted Tunnel Client
B. Cisco Any Connect Secure Mobility Client
C. Cisco ASA Client
D. Cisco Firepower Client
Q5. Which of the following attributes are exchanged in IKEv1 phase 1?
A. Encryption algorithms
B. Hashing algorithms
C. Diffie-Hellman groups
D. Vendor-specific attributes
Q6. Which of the following hashing algorithms are used in IPsec?
A. AES 192
B. AES 256
C. Secure Hash Algorithm (SHA)
D. Message Digest Algorithm 5 (MD5)
Q7. In IKEv1 phase 2, each security association (SA) is assigned which of the following?
A. A unique security parameter index (SPI) value
B. An IP address
C. The DNS server IP address
D. A public key
Q8. Which of the following statements is true about clientless SSL VPN?
A. The client must use a digital certificate to authenticate.
B. The remote client needs only an SSL-enabled web browser to access resources on the private network of the security appliances.
C. Clientless SSL VPNs do not provide the same level of encryption as client-based SSL VPNs.
D. Clientless SSL VPN sessions expire every hour
Q9. Which of the following are some of the commonly used SSL VPN technologies?
A. Tor browser
B. Reverse proxy technology
C. Port-forwarding technology and smart tunnels
D. SSL VPN tunnel client (such as the AnyConnect Secure Mobility Client)
Q10. Why can’t ESP packets be transferred by NAT devices?
A. Because ESP packets are too big to handle.
B. Because the ESP protocol does not have any ports like TCP or UDP.
C. Because ESP packets are encrypted.
D. ESP is supported in NAT devices.
Q11. What is the difference between IPsec tunnel and transport mode?
A. Tunnel mode uses encryption and transport mode uses TCP as the transport protocol.
B. Tunnel mode uses encryption and transport mode uses UDP as the transport protocol.
C. Transport mode protects upper-layer protocols, such as UDP and TCP, and tunnel mode protects the entire IP packet.
D. Tunnel mode protects upper-layer protocols, such as UDP and TCP, and transport mode protects the entire IP packet.
Q12. Which of the following is true about Diffie-Hellman?
A. Diffie-Hellman is a key agreement protocol that enables two users or devices to authenticate each other’s preshared keys without actually sending the keys over the unsecured medium.
B. Diffie-Hellman is an encapsulation protocol that enables two users or devices to send data to each other.
C. Diffie-Hellman is a part of the RSA encryption suite.
D. Diffie-Hellman has three phases, and the second and third are used to encrypt data.
Q13. Which of the following is not true about SSL VPNs?
A. SSL VPNs are used in Cisco IOS routers as a site-to-site VPN solution.
B. SSL VPNs are used in Cisco IOS routers as a remote access VPN solution.
C. SSL VPNs are used in Cisco ASA firewalls as a remote access VPN solution.
D. SSL VPNs can be client based or clientless.
Q14. Which of the following is not true about IKEv2?
A. IKEv1 Phase 1 has two possible exchanges: main mode and aggressive mode. There is a single exchange of a message pair for IKEv2 IKE_SA.
B. IKEv2 has a simple exchange of two message pairs for the CHILD_SA. IKEv1 uses an exchange of at least three message pairs for Phase 2.
C. IKEv1 has a simple exchange of two message pairs for the CHILD_SA. IKEv2 uses an exchange of at least three message pairs for Phase 2.
D. IKEv2 is used in VPN technologies such as FlexVPN.
Q15. Which of the following encryption protocols is the most secure?
A. DES
B. 3DES
C. 4DES
D. AES
Q16. Which of the following is not an SSL VPN technology or feature?
A. Reverse proxy features
B. Port-forwarding technology and smart tunnels
C. NAT Traversal
D. SSL VPN tunnel client (AnyConnect Secure Mobility Client)
Q17. Which browser is used by individuals to maintain anonymity on the Internet and to surf the dark web?
A. OnionBrowser
B. Tor
C. Chrome
D. Firefox
Q18. Which of the following are reasons why an attacker might use VPN technology?
A. Attackers cannot use VPN technologies without being detected.
B. To exfiltrate data.
C. To encrypt traffic between a compromised host and a command and control system.
D. To evade detection
Q19. Which of the following are hashing algorithms?
A. RSA
B. MD5
C. AES
D. SHA
More Resources