A security analyst is hardening a network infrastructure. The analyst is given the following requirements:
• Preserve the use of public IP addresses assigned to equipment on the core router.
• Enable "in transport" encryption protection to the web server with the strongest ciphers.
Which of the following should the analyst implement to meet these requirements? (Choose two.)
To preserve the use of public IP addresses assigned to equipment on the core router, configuring NAT (Network Address Translation) is essential. NAT allows internal devices to use public IP addresses assigned to the core router while hiding their private IP addresses. To enable 'in transport' encryption protection, AES encryption should be enabled on the web server. AES (Advanced Encryption Standard) is a widely used and strong encryption algorithm, suitable for encrypting data in transit when used within secure connections like HTTPS. While TLSv1.2 and TLSv1.3 are valid encryption protocols, TLSv2 does not exist, making AES the appropriate choice from the provided options.
NAT preserves and TLS Secures
To meet the requirements, the analyst should configure BGP on the core router (choice C) and enable TLSv2 encryption on the web server (choice F). BGP, or Border Gateway Protocol, is a routing protocol that is used to exchange routing and reachability information among autonomous systems on the Internet. It is typically used on the core routers of a network infrastructure to ensure that traffic is routed efficiently and securely. By configuring BGP on the core router, the analyst can ensure that the public IP addresses assigned to equipment on the router are preserved and that traffic is routed securely. TLS, or Transport Layer Security, is a cryptographic protocol that provides secure communication over the Internet. TLSv2 is the most recent version of the protocol and offers the strongest encryption ciphers available. By enabling TLSv2 on the web server, the analyst can ensure that "in transport" encryption protection is provided to the server with the strongest ciphers available.
Border Gateway Protocol (BGP) is used for routing between autonomous systems on the internet. While it's important for routing, it's not mentioned in the requirements and doesn't address preserving public IP addresses or web server encryption. Therefore, it should be BF not CF
There is no TLS v2..latest is 1.3
B. Configure NAT on the core router: By configuring Network Address Translation (NAT) on the core router, the analyst can preserve the use of public IP addresses assigned to equipment. NAT allows for the translation of private IP addresses to public IP addresses and vice versa, enabling devices with private IP addresses to communicate with devices on the internet using the public IP addresses assigned to the core router. F. Enable TLSv2 encryption on the web server: To enable "in transport" encryption protection to the web server with the strongest ciphers, the analyst should enable TLSv2 encryption. TLS (Transport Layer Security) is a cryptographic protocol that provides secure communication over networks. By enabling TLSv2 with strong ciphers, the web server can establish encrypted connections and protect the data transmitted between the server and clients.
There's nothing like TLSv2, latest is 1.3
TLSv2 refers to TLS version 1.2. TLS version 1.3 might be a little too new for the 601 exam.
its B and F
To meet the given requirements, the security analyst should implement the following: B. Configure NAT on the core router. - Network Address Translation (NAT) allows the preservation of public IP addresses assigned to equipment on the core router while hiding the internal IP addresses of devices behind the router. This ensures that devices on the internal network can communicate with external networks using the public IP addresses without exposing their internal IP addresses. F. Enable TLSv2 encryption on the web server. - Transport Layer Security (TLS) encryption protects data in transit between the web server and clients. Enabling TLSv2 encryption with strong ciphers on the web server ensures that data exchanged between the server and clients is encrypted using robust cryptographic algorithms, thereby providing secure communication.
I have my CCNA cert to which I would also say BGP and TLSv2 for this question.
BGP doesnt preserve the use of public IP. NAT is doing that. I agree with the TLSv2 answer.
Fellow CCNA, BGP is a routing protocol and it doesn't help you to "Preserve the use of public IP addresses assigned to equipment on the core router." Nat is the one you're looking for.
BGP and TLSv2 BGP because the core router is selected based on the highest IP address in the network. Assuming the public IP is the highest, the core router will remain as such. TLS provides the encryption for data in transit/transport.
I like the use of BGP better than TLSv2 since TLSv2 is not a standard, though TLSv1.3 is. Using NAT and BGP makes a ton of sense since BGP "enables "in transport" encryption protection to the web server with the strongest ciphers." BGP need not encrypt, it just needs to ensure that the packets containing the encrypted data are correctly routed between the client and the server.
B and F is correct.
agree with B,F
I think the answer is B to preserve the public ip and D for AES encryption on the Web server. There is NOT SUCH thing as TLSv2. It doesn't exist. The lastest version of TLS is TLS 1.3 NOT TLSv2.
This question is peace of cake to those who have taken CCNA, finally, I am seeing the benefits of it.
...and your choices are?
B. Configure NAT (Network Address Translation) on the core router: NAT allows you to preserve public IP addresses by translating them to private IP addresses within the internal network. This way, the public IP addresses are retained for equipment on the core router while maintaining network security. D. Enable AES encryption on the web server: AES (Advanced Encryption Standard) is a strong and widely recommended encryption algorithm. Enabling AES encryption on the web server is a good practice to ensure secure communication. It aligns with the requirement to enable strong ciphers. AES is used for encrypting data in transit over secure connections in web browsers. When you see a padlock symbol in your web browser's address bar (indicating a secure HTTPS connection), AES is likely being used to encrypt the data.
Ok folks, work me through this because I have doubts on any answer that includes "F". Per Chat GPT = "There is no TLSv2 protocol. The current version of the TLS (Transport Layer Security) protocol is TLSv1.3, which was released in 2018. It is an improvement over its predecessor, TLSv1.2, and includes several security enhancements, such as improved cipher suites, support for forward secrecy, and a simplified handshake process." I asked the question on Google, "What is the current verson of TLS?" The answer I received is "TLS 1.3 - What is the difference between TLS 1.3 and TLS 1.2? TLS 1.3 is the latest version of the TLS protocol. TLS, which is used by HTTPS and other network protocols for encryption, is the modern version of SSL." Hearing from the community would be great on this one.
The ONLY answer that includes TLS that makes sense is that TLSv2 is a typo since TLS, of the options presented, is the only protocol that encrypts "in transport". I certainly hope that CompTIA doesn't give me that attrociously worded question...
TLS (Transport Layer Security) which means data in transit where as AES encrypts data at rest.
BGP (Border Gateway Protocol) is not directly related to the given requirements of preserving public IP addresses on the core router and enabling "in transport" encryption protection on the web server. BGP is an exterior gateway protocol used for routing between autonomous systems (AS) on the internet. It is primarily used for exchanging routing information between routers to determine the best path for traffic to reach its destination While BGP is a critical protocol for internet routing, it does not directly address the requirements mentioned in the question. Therefore, in the context of the given requirements, BGP is not the appropriate choice to meet those specific needs. Instead, configuring NAT on the core router and enabling TLSv2 encryption on the web server would be more relevant and effective in fulfilling the stated requirements.
BF IMO