1.

Which of the following statements are true about Virtual Private Networks (VPN)? (Select all that apply)

	a.	The key updating functions of TLS make it well suited to long-term VPNs between branch offices.
	b.	IPsec and TLS can both be used to create VPNs without providing confidentiality
	c.	IPsec is not an effective method for building a VPN between two hosts.
	d.	A VPN can be used to prevent user traffic from being filtered by a firewall.

2.

hich of the following statement is true regarding ARP?

	a.	ARP poisoning is a Man in the Middle style attack.
	b.	ARP is a protocol used to resolve URLs to IP addresses.
	c.	Static ARP entries are an effective way to defend against ARP attacks in large networks.
	d.	ARP authenticates proposed changes to its cache to prevent spoofing.

3.

Which of the following statements are true regarding DMZs? (Select all that apply.)

	a.	DMZs permit access to specific servers or services by users from outside of an organization.
	b.	Organizations can operate multiple DMZs as long as they have the same security configuration for each.
	c.	DMZs should permit all traffic from the Internet into the DMZ.
	d.	Users from inside the organization can use resources from the DMZ.

4.

Which of the following statements are true regarding the IPsec AH security transform? (Select all that apply.)

	a.	AH Transport mode is most often used between IPsec gateways and not the end points of the communication.
	b.	In tunnel mode, AH can provide Data Integrity, Data-Origin Authentication, and Confidentiality.
	c.	In tunnel mode, AH protects all fields of the AH header, the inner IP header, and the inner IP payload.
	d.	The widespread use of Network Address Translation has limited the use of the AH transform in transport mode because the IP header must be changed to perform NAT.

5.

Which of the following is a type of attack that uses ICMP? (Select all that apply.)

	a.	Man in the Middle
	b.	Eavesdropping
	c.	Spoofing
	d.	DoS