ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-701 All Questions

View all questions & answers for the SY0-701 exam
Go to Exam

Exam SY0-701 topic 1 question 310 discussion

Actual exam question from CompTIA's SY0-701
Question #: 310
Topic #: 1
[All SY0-701 Questions]

SIMULATION
-

A systems administrator is configuring a site-to-site VPN between two branch offices. Some of the settings have already been configured correctly. The systems administrator has been provided the following requirements as part of completing the configuration:

• Most secure algorithms should be selected
• All traffic should be encrypted over the VPN
• A secret password will be used to authenticate the two VPN concentrators


INSTRUCTIONS
-

Click on the two VPN Concentrators to configure the appropriate settings.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.









Show Suggested Answer Hide Answer
Suggested Answer:
by TrebleSmith at Sept. 4, 2024, 4:44 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
TrebleSmith
Highly Voted 10 months, 2 weeks ago
VPN Concentrator 1 (Branch Office 1) Configuration: Phase 1: Peer IP address: 5.5.5.20 (IP of VPN Concentrator 2) Auth method: PSK (Pre-Shared Key) Negotiation mode: MAIN Encryption algorithm: AES256 Hash algorithm: SHA256 DH key group: 14 Phase 2: Mode: Tunnel Protocol: ESP (Encapsulating Security Payload) Encryption algorithm: AES256 Hash algorithm: SHA256 Local network/mask: 192.168.1.0/24 Remote network/mask: 192.168.2.0/24 VPN Concentrator 2 (Branch Office 2) Configuration: Phase 1: Peer IP address: 5.5.5.10 (IP of VPN Concentrator 1) Auth method: PSK (Pre-Shared Key) Negotiation mode: MAIN Encryption algorithm: AES256 Hash algorithm: SHA256 DH key group: 14 Phase 2: Mode: Tunnel Protocol: ESP (Encapsulating Security Payload) Encryption algorithm: AES256 Hash algorithm: SHA256 Local network/mask: 192.168.2.0/24 Remote network/mask: 192.168.1.0/24
upvoted 36 times
TrebleSmith
10 months, 2 weeks ago
I supplied ChatGPT with all of the images included in this PBQ and these are the results. I am putting this out here as a discussion starter in case there are any issues with the answer supplied to me, as there are no comments at the time of me posting this.
upvoted 9 times
...
Ty13
9 months, 2 weeks ago
Auth should be PKI, not PSK. PKI is more secure than PSK.
upvoted 1 times
Ty13
9 months, 2 weeks ago
Nevermind, I just realized the question asked for PSK specifically.
upvoted 3 times
famuza77
9 months ago
I dont see any PSK requirement
upvoted 1 times
3dk1
8 months, 2 weeks ago
It is PSK for sure since the question is asking for "a secret password" and PSK is how you get a "pre shared key" AKA a password that is used between both VPNs. PKI is more complex and uses certificates, but that is not what the question wants.
upvoted 11 times
...
...
...
...
koala_lay
10 months ago
Special thanks to your valuable discussion.
upvoted 2 times
...
...
PAWarriors
Highly Voted 10 months, 1 week ago
Correct information: VPN Concentrator 1 (Branch Office 1) Configuration: Phase 1: Peer IP address: 5.5.5.20 (IP of VPN Concentrator 2) Auth method: PSK (Pre-Shared Key) Negotiation mode: MAIN Encryption algorithm: AES256 Hash algorithm: SHA256 DH key group: 14 Phase 2: Mode: Tunnel Protocol: ESP (Encapsulating Security Payload) Encryption algorithm: AES256 Hash algorithm: SHA256 Local network/mask: 192.168.1.0/24 Remote network/mask: 192.168.2.0/24 VPN Concentrator 2 (Branch Office 2) Configuration: Phase 1: Peer IP address: 5.5.5.10 (IP of VPN Concentrator 1) Auth method: PSK (Pre-Shared Key) Negotiation mode: MAIN Encryption algorithm: AES256 Hash algorithm: SHA256 DH key group: 14 Phase 2: Mode: Tunnel Protocol: ESP (Encapsulating Security Payload) Encryption algorithm: AES256 Hash algorithm: SHA256 Local network/mask: 192.168.2.0/24 Remote network/mask: 192.168.1.0/24
upvoted 5 times
...
BKnows007
Most Recent 4 weeks, 1 day ago
Why is PSK chosen instead of PKI? PKI is allegedly more secured.
upvoted 1 times
...
rmycyc
1 month ago
• Most secure algorithms should be selected • All traffic should be encrypted over the VPN • A secret password will be used to authenticate the two VPN concentrators Dont forget one of goal is "a secret password will be used" which mean PSK as exp in S2S you need to input password that you will share on the client side which is secret code to authenticate. PKI more on certificate file you will feed on the client end which typical cloud environment use this method.
upvoted 1 times
...
iliecomptia
8 months, 1 week ago
All traffic should be encrypted over the VPN = Does this not mean that for both collectors remote and local ranges should be 0.0.0.0/0 ?
upvoted 1 times
...
bobernb
9 months, 2 weeks ago
I agree with TrebleSmith's answers, but I'm not sure about local network/mask and remote network/mask for both concentrators. I suppose that these ask for subnet masks which are VPN Concentrator 1, Phase 2: Local network/mask: 255.255.255.0 Remote network/mask: 255.255.255.0 VPN Concentrator 2, Phase 2: Local network/mask: 255.255.255.0 Remote network/mask: 255.255.255.0 Please, tell me what you think
upvoted 1 times
bobernb
9 months, 2 weeks ago
Nevermind, I've just learned what is CIDR notation, and I agree with all of TrebleSmith's answers.
upvoted 2 times
...
RobJob
9 months, 1 week ago
/24 is the same as 255.255.255.0
upvoted 3 times
...
...
Deathstrangler
10 months ago
@PAWarriors How did you get the local area network and the remote mask
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel