Level 3 — Intermediate — VPN Knowledge Test

1

How does DNS-based censorship prevent access to a blocked domain?

The DNS resolver returns a false IP address or no response The ISP blocks all packets containing the domain name in the URL The domain's authoritative nameserver refuses to respond The censoring authority deletes the domain from the root zone file

2

Why is IP-based blocking considered to have collateral damage?

Multiple unrelated websites often share the same IP address via hosting It requires blocking the entire subnet containing the target IP It causes increased latency for all traffic passing through that IP It permanently blacklists the IP in all ISP routing tables worldwide

3

Why does Server Name Indication (SNI) leak the destination domain despite HTTPS encryption?

SNI is sent unencrypted in the TLS ClientHello before the connection is encrypted HTTPS encryption does not cover DNS resolution or TCP handshakes The domain name must be visible for the certificate to be matched SNI is transmitted as plaintext in the TLS session resumption ticket

4

What problem does Encrypted Client Hello (ECH) solve?

It encrypts the SNI field so the destination domain remains hidden from network observers It prevents the VPN server from learning which websites the user visits It eliminates the need for digital certificates on HTTPS servers It encrypts DNS queries at the application layer instead of the transport layer

5

At what technical level is geo-blocking typically implemented?

By checking the client's IP address against a geolocation database By examining the country code in the user's TLS certificate By reading the geographic coordinates in HTTP headers By analyzing the ISP name field in the DNS request

6

Why do Content Delivery Networks (CDNs) make IP-based blocking unreliable?

CDNs distribute content across many IPs and locations, so blocking one IP doesn't block the service CDNs use encrypted tunnels that prevent ISPs from identifying the destination IP CDNs dynamically change IP addresses every time a user makes a request CDNs automatically route around blocked IPs using alternative DNS servers

7

What is a transparent proxy and how does it intercept traffic?

It intercepts traffic without requiring client configuration by using network-level redirection It asks the client for permission before inspecting each packet It works only on networks where all hosts have enabled proxy mode in settings It transparently encrypts all traffic so the original destination cannot be identified

8

What is BGP and how can BGP-level interventions affect routing?

BGP is the routing protocol that determines internet paths; interventions redirect or blackhole traffic BGP is a DNS protocol that maps domain names to autonomous system numbers BGP is an encryption standard used to secure routing announcements between ISPs BGP is an application-layer protocol that negotiates which ISP should handle each request

9

How does the trust model of Tor differ fundamentally from that of a typical VPN?

Tor uses multiple independent nodes so no single entity sees both source and destination; VPNs require trusting one provider completely Tor trusts the exit node completely while VPNs trust the entry node VPNs use decentralized routing while Tor uses a centralized directory authority Tor requires trusting your ISP while VPNs do not

10

What is an exit node in the Tor network?

The final relay that decrypts traffic and forwards it to the destination on the open internet The entry point where a user first connects to the Tor network A node that validates blockchain transactions for Tor's payment system The server that stores encrypted copies of users' traffic for anonymity recovery

11

How do traffic correlation attacks work conceptually?

By observing timing and volume patterns of traffic entering and exiting a proxy to match users with destinations By decrypting the payload of encrypted packets to read usernames and passwords By using machine learning to predict which domains a user will visit next By exploiting the fact that all traffic through a proxy shares the same encryption key

12

Why are VPN-over-Tor and Tor-over-VPN not equivalent in practice?

VPN-over-Tor hides Tor usage from the ISP but the VPN provider sees plaintext; Tor-over-VPN hides the destination from the ISP but Tor exit nodes see plaintext One uses encryption while the other uses obfuscation, making them serve different purposes VPN-over-Tor is faster because it reduces the number of network hops Tor-over-VPN provides better anonymity because the VPN is encrypted end-to-end

13

What specific threat does a VPN kill switch protect against?

Exposure of unencrypted traffic if the VPN connection drops unexpectedly Detection of the user's real IP address by malicious websites Interception of the user's VPN password by the ISP Tracking of the user's location by their mobile device's GPS

14

What does forward secrecy guarantee for a VPN session?

If the long-term key is compromised, past session keys cannot be recovered or decrypted The user's IP address is never visible to any server on the internet The VPN provider cannot modify the user's traffic in transit Future VPN sessions will use stronger encryption than previous sessions

15

Why do DNS leaks occur even when a VPN is active?

Applications may bypass the VPN's DNS settings by using hardcoded DNS servers or direct IP queries The operating system automatically falls back to ISP DNS if the VPN DNS is slow DNS queries are too small for the VPN to encrypt efficiently The VPN protocol does not support DNS resolution on most networks

16

What is a WebRTC leak and how is it prevented?

WebRTC discloses the real IP during peer-to-peer connections; prevent by disabling WebRTC in browser settings or firewalls WebRTC leaks the user's browsing history to nearby devices on the same network WebRTC is a vulnerability in HTTPS that allows servers to read encrypted data WebRTC leaks happen when DNS queries resolve to multiple IP addresses simultaneously

17

What is the core operational difference between symmetric and asymmetric encryption?

Symmetric uses one shared key for both encryption and decryption; asymmetric uses separate public and private keys Symmetric is faster but asymmetric is more secure in all practical scenarios Symmetric requires a certificate authority while asymmetric does not Asymmetric can only encrypt small amounts of data while symmetric can encrypt streams

18

What does a digital certificate prove and what does it NOT prove?

It proves the website's identity and that the connection is encrypted; it does NOT prove the site is trustworthy or that the organization is reputable It proves the user's identity to the website and all future sessions will remain secure It proves the website's real-world location and that no third-party is intercepting traffic It proves the website will never engage in data harvesting or malicious behavior

19

What is the role of Certificate Transparency logs?

To publicly record all issued certificates so unauthorized or fraudulent certificates can be detected To store encrypted copies of user's HTTPS traffic for legal discovery To verify that a website's certificate has been renewed within the last year To automatically revoke certificates when a domain expires or is sold

20

What security guarantee does a perfect forward secrecy session key provide?

The session key cannot be derived from the long-term credential even if that credential is later compromised The session key will never be used again after the session ends, making it impossible to decrypt The session key is visible only to the client and server and is immune to network eavesdropping The session key is stored in the certificate and signed by a trusted authority