ExamGecko
Search Search Login
Home Home / CompTIA / SY0-701
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?
Which of the following is used to add extra complexity before using a one-way data transformation algorithm?
An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario?
A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?
Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?
A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?
A newly identified network access vulnerability has been found in the OS of legacy loT devices. Which of the following would best mitigate this vulnerability quickly?
Which of the following involves an attempt to take advantage of database misconfigurations?
An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Choose two.)
Which of the following security concepts is the best reason for permissions on a human resources fileshare to follow the principle of least privilege?

Question 185 - SY0-701 discussion

Report
Export

A systems administrator is configuring a site-to-site VPN between two branch offices. Some of the settings have already been configured correctly. The systems administrator has been provided the following requirements as part of completing the configuration:

* Most secure algorithms should be selected

* All traffic should be encrypted over the VPN

* A secret password will be used to authenticate the two VPN concentrators

A.
See the Explanation part for all the Solution
Answers
A.
See the Explanation part for all the Solution
Suggested answer: A

Explanation:

To configure the site-to-site VPN between the two branch offices according to the provided requirements, here are the detailed steps and settings that need to be applied to the VPN concentrators:

Requirements:

Most secure algorithms should be selected.

All traffic should be encrypted over the VPN.

A secret password will be used to authenticate the two VPN concentrators.

VPN Concentrator 1 Configuration:

Phase 1:

Peer IP address: 5.5.5.10 (The IP address of VPN Concentrator 2)

Auth method: PSK (Pre-Shared Key)

Negotiation mode: MAIN

Encryption algorithm: AES256

Hash algorithm: SHA256

DH key group: 14

Phase 2:

Mode: Tunnel

Protocol: ESP (Encapsulating Security Payload)

Encryption algorithm: AES256

Hash algorithm: SHA256

Local network/mask: 192.168.1.0/24

Remote network/mask: 192.168.2.0/24

VPN Concentrator 2 Configuration:

Phase 1:

Peer IP address: 5.5.5.5 (The IP address of VPN Concentrator 1)

Auth method: PSK (Pre-Shared Key)

Negotiation mode: MAIN

Encryption algorithm: AES256

Hash algorithm: SHA256

DH key group: 14

Phase 2:

Mode: Tunnel

Protocol: ESP (Encapsulating Security Payload)

Encryption algorithm: AES256

Hash algorithm: SHA256

Local network/mask: 192.168.2.0/24

Remote network/mask: 192.168.1.0/24

Summary:

Peer IP Address: Set to the IP address of the remote VPN concentrator.

Auth Method: PSK for using a pre-shared key.

Negotiation Mode: MAIN for the initial setup.

Encryption Algorithm: AES256, which is a strong and secure algorithm.

Hash Algorithm: SHA256, which provides strong hashing.

DH Key Group: 14 for strong Diffie-Hellman key exchange.

Phase 2 Protocol: ESP for encryption and integrity.

Local and Remote Networks: Properly configure the local and remote network addresses to match each branch office subnet.

By configuring these settings on both VPN concentrators, the site-to-site VPN will meet the requirements for strong security algorithms, encryption of all traffic, and authentication using a pre-shared key.

Show Answer
asked 02/10/2024
Ryan Harris
42 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms