Exam SY0-601 topic 1 question 300 discussion

NAT preserves and TLS Secures

To meet the requirements, the analyst should configure BGP on the core router (choice C) and enable TLSv2 encryption on the web server (choice F). BGP, or Border Gateway Protocol, is a routing protocol that is used to exchange routing and reachability information among autonomous systems on the Internet. It is typically used on the core routers of a network infrastructure to ensure that traffic is routed efficiently and securely. By configuring BGP on the core router, the analyst can ensure that the public IP addresses assigned to equipment on the router are preserved and that traffic is routed securely. TLS, or Transport Layer Security, is a cryptographic protocol that provides secure communication over the Internet. TLSv2 is the most recent version of the protocol and offers the strongest encryption ciphers available. By enabling TLSv2 on the web server, the analyst can ensure that "in transport" encryption protection is provided to the server with the strongest ciphers available.

it's D & F don't joke guys

BGP doesn't seem correct unless they are referring to iBGP. This question is about internet breakouts /pips and not about routing protocols.

. Border Gateway Protocol is the protocol used throughout the internet to exchange routing information between Networks. Border Gateway Protocol is the language used by routers on the internet to determine how packets can be sent from one router to another router, and ultimately to their destination. Border Gateway Protocol (BGP) is still used today; however, the protocol does not directly include a security mechanism, and they are based largely on trust between network operators and that they will secure their systems correctly and not send incorrect data.

I think the answer is B to preserve the public ip and D for AES encryption on the Web server. There is NOT SUCH thing as TLSv2. It doesn't exist. The lastest version of TLS is TLS 1.3 NOT TLSv2.

To meet the given requirements, the security analyst should implement the following: B. Configure NAT on the core router. - Network Address Translation (NAT) allows the preservation of public IP addresses assigned to equipment on the core router while hiding the internal IP addresses of devices behind the router. This ensures that devices on the internal network can communicate with external networks using the public IP addresses without exposing their internal IP addresses. F. Enable TLSv2 encryption on the web server. - Transport Layer Security (TLS) encryption protects data in transit between the web server and clients. Enabling TLSv2 encryption with strong ciphers on the web server ensures that data exchanged between the server and clients is encrypted using robust cryptographic algorithms, thereby providing secure communication.

B. Configure NAT (Network Address Translation) on the core router: NAT allows you to preserve public IP addresses by translating them to private IP addresses within the internal network. This way, the public IP addresses are retained for equipment on the core router while maintaining network security. D. Enable AES encryption on the web server: AES (Advanced Encryption Standard) is a strong and widely recommended encryption algorithm. Enabling AES encryption on the web server is a good practice to ensure secure communication. It aligns with the requirement to enable strong ciphers. AES is used for encrypting data in transit over secure connections in web browsers. When you see a padlock symbol in your web browser's address bar (indicating a secure HTTPS connection), AES is likely being used to encrypt the data.

There is no TLS v2..latest is 1.3

TLS (Transport Layer Security) which means data in transit where as AES encrypts data at rest.

BGP (Border Gateway Protocol) is not directly related to the given requirements of preserving public IP addresses on the core router and enabling "in transport" encryption protection on the web server. BGP is an exterior gateway protocol used for routing between autonomous systems (AS) on the internet. It is primarily used for exchanging routing information between routers to determine the best path for traffic to reach its destination While BGP is a critical protocol for internet routing, it does not directly address the requirements mentioned in the question. Therefore, in the context of the given requirements, BGP is not the appropriate choice to meet those specific needs. Instead, configuring NAT on the core router and enabling TLSv2 encryption on the web server would be more relevant and effective in fulfilling the stated requirements.

B. Configure NAT on the core router: By configuring Network Address Translation (NAT) on the core router, the analyst can preserve the use of public IP addresses assigned to equipment. NAT allows for the translation of private IP addresses to public IP addresses and vice versa, enabling devices with private IP addresses to communicate with devices on the internet using the public IP addresses assigned to the core router. F. Enable TLSv2 encryption on the web server: To enable "in transport" encryption protection to the web server with the strongest ciphers, the analyst should enable TLSv2 encryption. TLS (Transport Layer Security) is a cryptographic protocol that provides secure communication over networks. By enabling TLSv2 with strong ciphers, the web server can establish encrypted connections and protect the data transmitted between the server and clients.

I have my CCNA cert to which I would also say BGP and TLSv2 for this question.

This question is peace of cake to those who have taken CCNA, finally, I am seeing the benefits of it.

BGP and TLSv2 BGP because the core router is selected based on the highest IP address in the network. Assuming the public IP is the highest, the core router will remain as such. TLS provides the encryption for data in transit/transport.

Ok folks, work me through this because I have doubts on any answer that includes "F". Per Chat GPT = "There is no TLSv2 protocol. The current version of the TLS (Transport Layer Security) protocol is TLSv1.3, which was released in 2018. It is an improvement over its predecessor, TLSv1.2, and includes several security enhancements, such as improved cipher suites, support for forward secrecy, and a simplified handshake process." I asked the question on Google, "What is the current verson of TLS?" The answer I received is "TLS 1.3 - What is the difference between TLS 1.3 and TLS 1.2? TLS 1.3 is the latest version of the TLS protocol. TLS, which is used by HTTPS and other network protocols for encryption, is the modern version of SSL." Hearing from the community would be great on this one.

BF IMO