CAS-002 · Question #156
CAS-002 Question #156: Real Exam Question with Answer & Explanation
The correct answer is D: From the Mac, establish a SSH tunnel to the Linux server and connect the VNC to 127.0.0.1.. VNC transmits data in cleartext, making it easily sniffable. The standard solution is to tunnel VNC traffic through an SSH connection, which encrypts everything end-to-end. From the Mac, the designer establishes an SSH tunnel to the Linux server (192.168.10.10), with local port f
Question
Options
- AFrom the server, establish an SSH tunnel to the Mac and VPN to 192.168.10.200.
- BFrom the Mac, establish a remote desktop connection to 192.168.10.10 using Network Layer
- CFrom the Mac, establish a VPN to the Linux server and connect the VNC to 127.0.0.1.
- DFrom the Mac, establish a SSH tunnel to the Linux server and connect the VNC to 127.0.0.1.
Explanation
VNC transmits data in cleartext, making it easily sniffable. The standard solution is to tunnel VNC traffic through an SSH connection, which encrypts everything end-to-end. From the Mac, the designer establishes an SSH tunnel to the Linux server (192.168.10.10), with local port forwarding configured so that a local port on 127.0.0.1 (localhost) maps to the VNC port on the Linux server. The VNC client then connects to 127.0.0.1 (the local tunnel endpoint), and all traffic flows encrypted through SSH to the server. Option A reverses direction (server to Mac) and adds unnecessary VPN. Option B (NLA remote desktop) is Windows-specific. Option C (VPN) is architectural overkill for a same-subnet connection and doesn't solve the VNC cleartext problem directly.
Community Discussion
No community discussion yet for this question.