VLAN Technology and Network Security Quiz

Questions and Answers

What does the Q-switch do to a packet based on the source IP address before routing is set up?

• Tags the packet with VLAN information
• Assigns the packet to the appropriate VLAN (correct)
• Forwards the packet to the destination IP address
• Drops the packet

What is the purpose of dynamic VLAN assignment?

• To automatically assign VLANs based on the source MAC address
• To establish VLAN trunking between switches
• To filter packets within a VLAN using ACLs
• To assign VLANs based on the user's group membership (correct)

What happens when a salesperson connects her laptop to an ethernet jack in a conference room?

• The packets are forwarded to all VLANs
• The switch assigns the laptop to the management VLAN
• The switch drops the packets from her device
• The switch requires hardware and user authentication (correct)

What is a benefit of having VLAN-aware end-point devices?

Ability to assign various packets to different VLANs based on applications used (D)

What is the purpose of trunking between switches in VLAN management?

To allow VLAN members to exist in different locations and use all VLAN-assigned resources (A)

What do VLAN access control lists (VACLs) do in VLAN management?

Filter packets within a VLAN (D)

Why is dynamic VLAN assignment particularly useful for wireless or remote devices?

It is based on the authenticating user’s group membership (A)

What role does role-based access control play in VLAN management?

It works well with dynamic VLAN assignment (C)

What does a trunk port do in VLAN management?

Allows VLAN members to exist in different locations and use all VLAN-assigned resources (C)

What is the purpose of VACL filtering in VLAN management?

To filter packets within a VLAN (B)

What is an advantage of having VLAN-aware end-point devices?

Ability to process incoming tagged packets (A)

How does the Q-switch handle packet assignment before routing is set up?

Assigns the packet to the appropriate VLAN (D)

In a provider-provisioned VPN (PPVPN) scenario, what is the role of the Provider edge device (PE)?

Connects to customer networks through CE devices and maintains VPN state (B)

What is the principal role of a Provider device (P) in a provider-provisioned VPN (PPVPN) scenario?

Provides routing for many provider-operated tunnels and acts as an aggregation point for multiple PEs (A)

What is the function of a Customer edge device (CE) in a provider-provisioned VPN (PPVPN) scenario?

Is at the edge of the customer's network and provides access to the PPVPN (D)

What does a multiprotocol label switching (MPLS) functionality blur in a Layer 2 (L2) or Layer 3 (L3) PPVPN scenario?

Blurs the L2–L3 identity (C)

What is the purpose of tunneling protocols in a VPN scenario?

To allow the VPN tunnel to establish automatically without intervention from the administrator (D)

What is the primary purpose of a virtual private network (VPN)?

To provide secure access to a private network over an insecure communication medium (A)

How does a site-to-site virtual private network (VPN) configuration differ from a remote access configuration?

A site-to-site VPN connects two networks, while a remote access VPN provides secure access to an enterprise network (C)

What are the benefits of using a virtual private network (VPN)?

Greater flexibility for remote workers (A)

In the context of virtual private networks (VPNs), what is the role of tunneling protocols?

To provide secure access to a private network over an insecure communication medium (C)

What is the purpose of a host-to-network configuration in the context of virtual private networks (VPNs)?

To provide secure access to an enterprise network (B)

Which VPN protocol is known for utilizing the Curve25519 protocol for key exchange and ChaCha20-Poly1305 for encryption and message authentication?

WireGuard (C)

Which VPN protocol is primarily used in mobile devices and was created by Microsoft and Cisco?

IKEv2 (D)

Which VPN protocol can tunnel Point-to-Point Protocol (PPP) or Layer 2 Tunneling Protocol traffic through an SSL/TLS channel?

SSTP (C)

Which VPN protocol provides security and meets most security goals, while also being widely used with IPv4 and the Layer 2 Tunneling Protocol?

IPsec (A)

Which VPN protocol is a free and open-source VPN protocol based on the TLS protocol, currently being developed and updated by OpenVPN Inc.?

OpenVPN (D)

Study Notes

• The text discusses the use of site-to-site VPNs for expanding a network across geographically disparate offices or connecting them to a data center installation.
• VPNs can be intranet or extranet based, with intranet referring to sites belonging to the same organization and extranet for sites belonging to multiple organizations.
• Site-to-site VPNs are primarily used for business-to-business, cloud computing, and branch office scenarios.
• VPN systems can be classified based on the tunneling protocol used, termination point location, topology, and security levels.
• VPNs provide confidentiality, sender authentication, and message integrity.
• Secure VPN protocols include IPsec, SSL/TLS, DTLS, MPPE, SSTP, MPVPN, SSH, WireGuard, IKEv2, and OpenVPN.
• IPsec provides security and meets most security goals, while also being widely used with IPv4 and the Layer 2 Tunneling Protocol.
• SSL/TLS can secure an individual connection or tunnel an entire network's traffic, and can be used when IPsec runs into trouble with Network Address Translation and firewall rules.
• Microsoft Point-to-Point Encryption (MPPE) works with Point-to-Point Tunneling Protocol and in several compatible implementations on other platforms.
• Microsoft Secure Socket Tunneling Protocol (SSTP) tunnels Point-to-Point Protocol (PPP) or Layer 2 Tunneling Protocol traffic through an SSL/TLS channel.
• Multi Path Virtual Private Network (MPVPN) is a registered trademark of Ragula Systems Development Company.
• Secure Shell (SSH) VPN can secure remote connections to a network, inter-network links, and remote systems, but is more often used for remote access instead of a site-to-site connection.
• WireGuard is a protocol that utilizes the Curve25519 protocol for key exchange and ChaCha20-Poly1305 for encryption and message authentication.
• Internet Key Exchange version 2 (IKEv2) was created by Microsoft and Cisco and is used in conjunction with IPSec for encryption and authentication. Its primary use is in mobile devices.
• OpenVPN is a free and open-source VPN protocol based on the TLS protocol, and is currently being developed and updated by OpenVPN Inc.
• Crypto IP Encapsulation (CIPE) is a free and open-source VPN implementation for tunneling IPv4 packets over UDP via encapsulation, but development ended in 2002.
• Tunnel endpoints must be authenticated before secure VPN tunnels can be established, and user-created remote-access VPNs may use passwords, biometrics, or other cryptographic methods.

Description

Test your knowledge of VLAN technology, network segmentation, and switch security measures to create a multi-layered attack surface for network security. Explore advanced concepts to hinder threat agents from reaching hardened systems.