CompTIA Security+ Exam: Strong and Weak Ciphers on VPN Concentrator

Which Occurrences Can Happen? (Choose 2)

Prev Question Next Question

Question

Which of the following could occur when both strong and weak ciphers are configured on a VPN concentrator? (Choose two.)

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

AE.

When both strong and weak ciphers are configured on a VPN concentrator, two possible outcomes could occur:

  1. An attacker could potentially perform a downgrade attack: A downgrade attack happens when an attacker tries to force a secure communication session to use a weaker encryption algorithm. By doing this, the attacker may be able to decrypt the data transmitted between the two parties. In this case, if a VPN concentrator allows both strong and weak ciphers, an attacker could potentially force the connection to use a weaker cipher, making it vulnerable to decryption. Therefore, the possibility of a downgrade attack is increased when both strong and weak ciphers are configured on a VPN concentrator.

  2. The integrity of the data could be at risk: When a VPN connection is established, data is encrypted and sent over the connection using a cipher. If a weak cipher is used, the data may not be properly protected, and an attacker may be able to intercept, modify, or corrupt the data in transit. This could compromise the integrity of the data and make it untrustworthy. Therefore, if a VPN concentrator allows weak ciphers to be used, the integrity of the data transmitted could be at risk.

The other answer options are not correct or relevant to the scenario described. The connection being vulnerable to resource exhaustion (option B) is not related to the use of strong and weak ciphers. The VPN concentrator reverting to L2TP (option D) is not a consequence of using both strong and weak ciphers. Finally, the IPSec payload being reverted to 16-bit sequence numbers (option E) is also not related to the use of both strong and weak ciphers on a VPN concentrator.