VPN Practice Test MCQ Quiz: Trivia!
-
What would be a good characterization of a VPN tunnel established between a telecommuter's PC using a VPN client software and a VPN Concentrator at the HQ location?
-
Remote access VPN
-
Site to site VPN
-
Extranet VPN
-
LAN to LAN VPN
-
What we have here is a VPN practice test MCQ quiz trivia! The Virtual Private Network is almost everyone’s answer to having anonymity and secrecy when they are using the internet. It protects one from being tracked and gives access to banned or restricted websites with ease. What makes VPN so secure for internet users and how do you know the one you are using is secure. Check your VPN knowledge now!
(101).jpg "VPN Practice Test MCQ Quiz: Trivia! - Quiz")
Quiz Preview
- 2.
Which of the following is not a characteristic of a VPN?
-
It is a secure network
-
It is deployed over a shared infrastructure
-
It may use tunneling techniques
-
It does not provide any cost savings to alternate connectivity options
Correct Answer
A. It does not provide any cost savings to alternate connectivity optionsExplanation
A VPN is a secure network that allows users to access and transmit data over a shared infrastructure. It achieves this by using tunneling techniques, which encapsulate data packets within another protocol. One of the advantages of using a VPN is that it can provide cost savings compared to alternate connectivity options, such as leased lines or dedicated networks. Therefore, the statement "It does not provide any cost savings to alternate connectivity options" is not a characteristic of a VPN.Rate this question:
-
- 3.
DES, 3DES, and AES are examples of encryption algorithms that use the same key for encryption and decryption. Such encryption algorithms are categorized as:
-
Asymmetrical encryption
-
Symmetrical encryption
-
Secure Hash Function
-
Public Key Infrastructure
Correct Answer
A. Symmetrical encryptionExplanation
Symmetrical encryption algorithms, such as DES, 3DES, and AES, use the same key for both encryption and decryption processes. In symmetrical encryption, the sender and receiver share a common secret key, which is used to encrypt the data at the sender's end and decrypt it at the receiver's end. This type of encryption is efficient and faster compared to asymmetrical encryption, where different keys are used for encryption and decryption. Therefore, the given answer categorizing these encryption algorithms as symmetrical encryption is correct.Rate this question:
-
- 4.
Which of the following may be used as a terminating point for a site to site VPN tunnel?
-
Router
-
Firewall
-
Concentrator
-
All of the above
Correct Answer
A. All of the aboveExplanation
All of the above options, including router, firewall, and concentrator, can be used as terminating points for a site-to-site VPN tunnel. A router is commonly used to establish VPN connections between two networks, while a concentrator is a specialized device designed for managing multiple VPN connections. Therefore, any of these options can serve as a termination point for a site-to-site VPN tunnel.Rate this question:
-
- 5.
Which of the following services is not provided by an IPSEC tunnel?
-
Data Confidentiality
-
Origin Authentication
-
Data Integrity
-
Protection from Spyware
Correct Answer
A. Protection from SpywareExplanation
An IPSEC tunnel provides services such as Data Confidentiality, Origin Authentication, and Data Integrity. These services ensure that the data transmitted through the tunnel is secure, authenticated, and not tampered with. However, Protection from Spyware is not a service provided by an IPSEC tunnel. Spyware refers to malicious software that is designed to gather information without the user's knowledge or consent. While an IPSEC tunnel can provide security for data transmission, it does not specifically protect against spyware threats.Rate this question:
-
- 6.
Hashing functions like MD5 and SHA are used in IPSEC to provide which of the following services:
-
Data confidentiality (privacy from eavesdropping)
-
Data Integrity (data protected from being changed during transit)
-
Securely negotiating a key over a unsecure media
-
Anti replay protection
Correct Answer
A. Data Integrity (data protected from being changed during transit)Explanation
Hashing functions like MD5 and SHA are used in IPSEC to provide data integrity. These functions generate a unique hash value for a given set of data. This hash value acts as a digital signature for the data, ensuring that it has not been altered during transit. By comparing the received hash value with the calculated hash value, the recipient can verify the integrity of the data. Therefore, the use of hashing functions in IPSEC helps protect the data from being changed or tampered with during transmission.Rate this question:
-
- 7.
What is the end result of Phase II of ISAKMP?
-
The IPSEC tunnel is established
-
Phase III of ISAKMP commences
-
The IPSEC tunnel is torn down and renegotiated
-
An interim secure channel is established
Correct Answer
A. The IPSEC tunnel is establishedExplanation
Phase II of ISAKMP is responsible for establishing the IPSEC tunnel. ISAKMP (Internet Security Association and Key Management Protocol) is a protocol used for establishing security associations and exchanging keys for IPsec (Internet Protocol Security) encryption. Phase II specifically deals with negotiating the IPSEC parameters such as encryption algorithms, session keys, and security policies. Once Phase II is successfully completed, the IPSEC tunnel is established, allowing secure communication between the two endpoints.Rate this question:
-
- 8.
Which of the following is not a Layer 2 tunneling protocol?
-
PPTP
-
IPSEC
-
L2TP
-
L2F
Correct Answer
A. IPSECExplanation
IPSEC is not a Layer 2 tunneling protocol. It is actually a Layer 3 protocol that provides secure communication over the Internet. Layer 2 tunneling protocols, on the other hand, are used to create virtual tunnels for transmitting data between two network endpoints. PPTP, L2TP, and L2F are all examples of Layer 2 tunneling protocols that are commonly used for VPN (Virtual Private Network) connections.Rate this question:
-
- 9.
What do you call a cryptographic function that has the following features: - Takes a variable-sized message as input and produces a fixed-length output - The output will be identical for an identical input - A one-way function that is difficult to reverse (invert)
-
Encryption
-
Key Exchange
-
Hashing
-
Scrambling
Correct Answer
A. HashingExplanation
A cryptographic function that takes a variable-sized message as input and produces a fixed-length output is called hashing. The output of the hashing function will always be the same for an identical input, making it useful for verifying data integrity. Additionally, hashing is a one-way function that is difficult to reverse or invert, providing security for sensitive information.Rate this question:
-
- 10.
Which of the following approaches may be used to do peer authentication during Phase 1 of ISAKMP?
-
Pre-Shared Keys
-
Digital Certificates
-
All the above
-
Peer authentication is not performed during Phase 1 of ISAKMP
Correct Answer
A. All the aboveExplanation
Both pre-shared keys and digital certificates can be used for peer authentication during Phase 1 of ISAKMP. Pre-shared keys involve sharing a secret key between the peers, while digital certificates use a public key infrastructure to verify the identity of the peers. Using both approaches provides an added layer of security and flexibility in choosing the authentication method. Therefore, the correct answer is "All the above."Rate this question:
-
- 11.
Which of the following processes is used in IPSEC to negotiate symmetric keys securely between endpoints over an unsecured intermediate media?
-
Diffie-Hellman Key Exchange
-
Advanced Encryption Standard (AES)
-
Secure Hashing Algorithm (SHA)
-
None of the above
Correct Answer
A. Diffie-Hellman Key ExchangeExplanation
The correct answer is Diffie-Hellman Key Exchange. This process is used in IPSEC to negotiate symmetric keys securely between endpoints over an unsecured intermediate media. Diffie-Hellman allows two parties to establish a shared secret key over an insecure channel without actually transmitting the key. This key can then be used for symmetric encryption and decryption of IPSEC traffic.Rate this question:
-
- 12.
The end result of Phase 1 of ISAKMP is an interim secure channel over which Phase II of ISAKMP is performed. What does Phase II do?
-
Negotiate ISAKMP SAs
-
Negotiate IPSEC SAs
-
Perform peer authentication
-
Perform initial Diffie-Hellman Key Exchange
Correct Answer
A. Negotiate IPSEC SAsExplanation
Phase II of ISAKMP negotiates IPSEC SAs (Security Associations). IPSEC SAs define the parameters for securing the actual data traffic between two peers. This phase establishes the necessary keys and algorithms for encryption, authentication, and integrity, allowing secure communication between the peers. Phase II builds upon the secure channel established in Phase I to enable the secure exchange of IPSEC SAs.Rate this question:
-
- 13.
Which of the following describes the capability for a VPN terminating interface to simultaneously send IPsec protected traffic and regular unprotected traffic?
-
Split tunneling
-
Load Balancing
-
Firewalling
-
Dual Stack tunneling
Correct Answer
A. Split tunnelingExplanation
Split tunneling describes the capability for a VPN terminating interface to simultaneously send IPsec protected traffic and regular unprotected traffic. This means that the VPN can route some traffic through the encrypted tunnel while allowing other traffic to bypass the tunnel and use the regular internet connection. This can be useful in situations where certain traffic, such as accessing local resources, does not need to be encrypted and can be routed directly.Rate this question:
-
- 14.
Which of the following is not performed during Phase 1 of ISAKMP?
-
Negotiate ISAKMP SAs
-
Negotiate IPSEC SAs
-
Perform peer authentication
-
Perform initial Diffie-Hellman Key Exchange
Correct Answer
A. Negotiate IPSEC SAsExplanation
During Phase 1 of ISAKMP, the following tasks are performed: negotiate ISAKMP SAs, perform peer authentication, and perform initial Diffie-Hellman Key Exchange. However, negotiating IPSEC SAs is not performed during Phase 1. IPSEC SAs are negotiated during Phase 2 of ISAKMP.Rate this question:
-
- 15.
Which of the following security techniques provide confidentiality (data privacy) service?
-
Key exchange
-
Encryption
-
All of the above
-
Hashing
Correct Answer
A. EncryptionExplanation
Encryption is a security technique that provides confidentiality or data privacy service. It involves converting plain text into cipher text using an algorithm and a key. This ensures that only authorized individuals can access and understand the information, as the cipher text is unreadable without the key. Encryption is widely used to protect sensitive data during transmission or storage, preventing unauthorized access and maintaining the confidentiality of the information.Rate this question:
-
- 16.
Which protocol number is associated with ESP?
-
51
-
53
-
50
-
500
Correct Answer
A. 50Explanation
The correct answer is 50. ESP (Encapsulating Security Payload) is a protocol used in IPsec (Internet Protocol Security) to provide confidentiality, integrity, and authentication for data packets. It operates at the network layer (Layer 3) of the OSI model. Protocol numbers are used to identify different protocols in IP networks, and the protocol number 50 is specifically associated with ESP.Rate this question:
-
- 17.
Which of the following is not true about DES, 3DES and AES?
-
DES has the least cryptographic strength
-
3DES is strong but has high CPU overhead
-
AES offers a good balance of cryptographic strength and CPU overhead
-
AES has export restrictions associated with it
Correct Answer
A. AES has export restrictions associated with itExplanation
AES does not have export restrictions associated with it. This means that AES can be freely used and distributed without any limitations or restrictions imposed by governments or regulatory bodies. DES, on the other hand, has the least cryptographic strength, meaning it is the least secure among the three encryption algorithms mentioned. 3DES is strong but has high CPU overhead, which means it requires more computational resources to perform encryption and decryption compared to AES.Rate this question:
-
- 18.
Where does ISAKMP reside in the TCP/IP protocol stack?
-
Directly above IP with protocol number 50
-
Above UDP with port number 500
-
Above TCP with port number 500
-
Over AH/ESP with port number 500
Correct Answer
A. Above UDP with port number 500Explanation
ISAKMP (Internet Security Association and Key Management Protocol) resides above UDP with port number 500 in the TCP/IP protocol stack. ISAKMP is a key management protocol used for establishing and negotiating security associations (SA) between devices in a network. It operates at the transport layer and uses UDP as its transport protocol. By residing above UDP with port number 500, ISAKMP ensures that it can communicate securely with other devices in the network.Rate this question:
-
- 19.
Which of the following is a proprietary extension to IPSEC that is not defined in the RFC specifications for IPSEC?
-
Peer Authentication using digital certificates during Phase 1 of ISAKMP
-
Per User Authentication when connecting from VPN client to VPN concentrator
-
AES encryption for confidentiality
-
An IPSEC tunnel operating in transport mode
Correct Answer
A. Per User Authentication when connecting from VPN client to VPN concentratorExplanation
Per User Authentication when connecting from VPN client to VPN concentrator is a proprietary extension to IPSEC that is not defined in the RFC specifications for IPSEC. The RFC specifications for IPSEC do not include any specific authentication mechanism for individual users connecting from a VPN client to a VPN concentrator. Therefore, the option of per user authentication in this context would be considered a proprietary extension.Rate this question:
-
- 20.
Which of the following services is not provided by AH?
-
Data Confidentiality (encryption)
-
Origin Authentication
-
Data Integrity
-
Protection against Anti Replay attacks
Correct Answer
A. Data Confidentiality (encryption)Explanation
AH (Authentication Header) is a protocol used in IPsec (Internet Protocol security) to provide authentication and integrity of IP packets. It does not provide data confidentiality or encryption. Instead, AH focuses on verifying the authenticity of the source of the IP packet and ensuring the integrity of the data within the packet. Data confidentiality, which involves encrypting the data to protect it from unauthorized access, is typically provided by another IPsec protocol called ESP (Encapsulating Security Payload). Therefore, the correct answer is Data Confidentiality (encryption).Rate this question:
-
- 21.
Which of the following is NOT a value add of the companion protocol ISAKMP for IPSEC?
-
It automates the IPSEC tunnel establishment process
-
It allows symmetric keys used by encryption and hashing algorithms to be negotiated dynamically
-
It gives a lifetime to the tunnel, after which the tunnel expires and is reestablished
-
It reduces the overheads associated with IPSEC tunnel establishment
Correct Answer
A. It reduces the overheads associated with IPSEC tunnel establishmentExplanation
The companion protocol ISAKMP for IPSEC does not reduce the overheads associated with IPSEC tunnel establishment.Rate this question:
-
Quiz Review Timeline (Updated): Feb 12, 2024 +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Feb 12, 2024Quiz Edited by
ProProfs Editorial Team
Expert Reviewed by
Samy Boulos -
Mar 03, 2011Quiz Created by
Apalani
Back to top