VPN Practice Test MCQ Quiz: Trivia!

21 Questions | By Apalani | Updated: Mar 22, 2022 | Attempts: 8829

Questions

Settings

VPN Practice Test MCQ Quiz: Trivia! - Quiz

What we have here is a VPN practice test MCQ quiz trivia! The Virtual Private Network is almost everyone’s answer to having anonymity and secrecy when they are using the internet. It protects one from being tracked and gives access to banned or restricted websites with ease. What makes VPN so secure for internet users and how do you know the one you are using is secure. Check your VPN knowledge now!

Questions and Answers

1.

Which of the following is not a characteristic of a VPN?
- A.
  
  It is a secure network
- B.
  
  It is deployed over a shared infrastructure
- C.
  
  It may use tunneling techniques
- D.
  
  It does not provide any cost savings to alternate connectivity options
2.

What would be a good characterization of a VPN tunnel extablished between a telecommuter's PC using a VPN client software and a VPN Concentrator at the HQ location?
- A.
  
  Remote access VPN
- B.
  
  Site to site VPN
- C.
  
  Extranet VPN
- D.
  
  LAN to LAN VPN
3.

Which of the following may be used as a terminating point for a site to site VPN tunnel?
- A.
  
  Router
- B.
  
  Router
- C.
  
  Concentrator
- D.
  
  All of the above
4.

Which of the following is not a Layer 2 tunneling protocol?
- A.
  
  PPTP
- B.
  
  IPSEC
- C.
  
  L2TP
- D.
  
  L2F
5.

Which of the following security technique provides confidentiality (data privacy) service?
- A.
  
  Hashing
- B.
  
  Key exchange
- C.
  
  Encryption
- D.
  
  All of the above
6.

DES, 3DES and AES are examples encryption algorithms which use the same key for encryption and decryption. Such encryption algorithms are categorized as:
- A.
  
  Asymmetrical encryption
- B.
  
  Symmetrical encryption
- C.
  
  Secure Hash Function
- D.
  
  Public Key Infrastructure
7.

Which of the following is not true about DES, 3DES and AES?
- A.
  
  DES has the least cryptographic strength
- B.
  
  3DES is strong but has high CPU overhead
- C.
  
  AES offers a good balance of cryptographic strength and CPU overhead
- D.
  
  AES has export restrictions associated with it
8.

What do you call a cryptographic function that has the following features: - Takes a variable-sized message as input and produces a fixed-length output - The output will be identical for an identical input - A one-way function that is difficult to reverse (invert)
- A.
  
  Encryption
- B.
  
  Key Exchange
- C.
  
  Hashing
- D.
  
  Scrambling
9.

Hashing functions like MD5 and SHA are used in IPSEC to provide which of the following services:
- A.
  
  Data confidentiality (privacy from eavesdropping)
- B.
  
  Data Integrity (data protected from being changed during transit)
- C.
  
  Securely negotiating a key over a unsecure media
- D.
  
  Anti replay protection
10.

Which of the following process is used in IPSEC to negotiate symmetric keys securely between endpoints over an unsecured intermediate media?
- A.
  
  Diffie-Hellman Key Exchange
- B.
  
  Advanced Encryption Standard (AES)
- C.
  
  Secure Hashing Algorithm (SHA)
- D.
  
  None of the above
11.

Which of the following services is not provided by an IPSEC tunnel?
- A.
  
  Data Confidentiality
- B.
  
  Origin Authentication
- C.
  
  Data Integrity
- D.
  
  Protection from Spy Ware
12.

Which of the following services is not provided by AH?
- A.
  
  Data Confidentiality (encryption)
- B.
  
  Origin Authentication
- C.
  
  Data Integrity
- D.
  
  Protection against Anti Replay attacks
13.

Which protocol number is associated with ESP?
- A.
  
  51
- B.
  
  53
- C.
  
  50
- D.
  
  500
14.

Which of the following is not performed during Phase 1 of ISAKMP?
- A.
  
  Negotiate ISAKMP SAs
- B.
  
  Negotiate IPSEC SAs
- C.
  
  Perform peer authentication
- D.
  
  Perform initial Diffie-Hellman Key Exchange
15.

The end result of Phase 1 of ISAKMP is an interim secure channel over which Phase II of ISAKMP is performed. What does Phase II do?
- A.
  
  Negotiate ISAKMP SAs
- B.
  
  Negotiate IPSEC SAs
- C.
  
  Perform peer authentication
- D.
  
  Perform initial Diffie-Hellman Key Exchange
16.

What is the end result of Phase II of ISAKMP?
- A.
  
  The IPSEC tunnel is established
- B.
  
  Phase III of ISAKMP commences
- C.
  
  The IPSEC tunnel is torn down and renegotiated
- D.
  
  An interim secure channel is established
17.

Which of the following is NOT a value add of the companion protocol ISAKMP for IPSEC?
- A.
  
  It automates the IPSEC tunnel establishment process
- B.
  
  It allows symmetric keys used by encryption and hashing algorithms to be negotiated dynamically
- C.
  
  It gives a lifetime to the tunnel, after which the tunnel expires and is reestablished
- D.
  
  It reduces the overheads associated with IPSEC tunnel establishment
18.

Where does ISAKMP reside in the TCP/IP protocol stack?
- A.
  
  Directly above IP with protocol number 50
- B.
  
  Above UDP with port number 500
- C.
  
  Above TCP with port number 500
- D.
  
  Over AH/ESP with port number 500
19.

Which of the following approaches may be used to do peer authentication during Phase 1 of ISAKMP?
- A.
  
  Pre-Shared Keys
- B.
  
  Digital Certificates
- C.
  
  All the above
- D.
  
  Peer authentication is not performed during Phase 1 of ISAKMP
20.

Which of the following is a propietary extention to IPSEC which is not defined in the RFC speciifications for IPSEC?
- A.
  
  Peer Authentication using digital certificates during Phase 1 of ISAKMP
- B.
  
  Per User Authentication when connecting from VPN client to VPN concentrator
- C.
  
  AES encryption for confidentiality
- D.
  
  An IPSEC tunnel operating in transport mode
21.

Which of the following describes the capability for a VPN terminating interface to simultaneously send IPsec protected traffic and regular unprotected traffic?
- A.
  
  Split tunneling
- B.
  
  Load Balancing
- C.
  
  Firewalling
- D.
  
  Dual Stack tunneling