CAS-001 · Question #171
CAS-001 Question #171: Real Exam Question with Answer & Explanation
The correct answer is D: From the Mac, establish a SSH tunnel to the Linux server and connect the VNC to 127.0.0.1.. VNC transmits data (including passwords) in cleartext by default, making it vulnerable to network sniffing. The standard solution is to tunnel VNC traffic through SSH, which encrypts it. By establishing an SSH tunnel from the Mac to the Linux server (192.168.10.10), a local port
Question
Options
- AFrom the server, establish an SSH tunnel to the Mac and VPN to 192.168.10.200.
- BFrom the Mac, establish a remote desktop connection to 192.168.10.10 using Network Layer
- CFrom the Mac, establish a VPN to the Linux server and connect the VNC to 127.0.0.1.
- DFrom the Mac, establish a SSH tunnel to the Linux server and connect the VNC to 127.0.0.1.
Explanation
VNC transmits data (including passwords) in cleartext by default, making it vulnerable to network sniffing. The standard solution is to tunnel VNC traffic through SSH, which encrypts it. By establishing an SSH tunnel from the Mac to the Linux server (192.168.10.10), a local port on the Mac (127.0.0.1) is forwarded to the VNC port on the server. The VNC client then connects to 127.0.0.1 (localhost), sending all traffic through the encrypted SSH tunnel rather than across the network in plaintext. Option A is backwards (the server should not initiate to the client) and combining SSH tunnel with VPN is redundant. Option B references 'Network Layer' which is not a recognized remote desktop security protocol. Option C uses a full VPN, which is more complex and heavyweight than needed for a single application in the same subnet - SSH tunneling is simpler and more targeted.
Community Discussion
No community discussion yet for this question.