2.6 Given a scenario, implement secure protocols. Flashcards

1
Q

What helps reduce spoofing and poisoning attacks by providing a verification process for domain name system responses?

A

DNS Security Extensions (DNSSEC)

DNS Security Extensions (DNSSEC) helps to mitigate against spoofing and poisoning attacks by providing a validation process for DNS responses.

Secure Shell (SSH) is the principal means of obtaining secure remote access to a UNIX or Linux server. The main uses of SSH are for remote administration and secure file transfer (SFTP).

A File Transfer Protocol (FTP) server is typically configured with several public directories, hosting files, and user accounts.

SSH FTP (SFTP) addresses the privacy and integrity issues of FTP by encrypting the authentication and data transfer between client and server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The company’s media network infrastructure requires evaluation of threats and vulnerabilities with respect to video conferencing. What real-time services or protocols would most support the company’s security needs? (Select all that apply)

A

Session Control

Session initiation protocol (SIP)

Session control is used to establish, manage, and disestablish communications sessions. They handle tasks such as user discovery (locating a user on the network), availability advertising (whether a user is prepared to receive calls), negotiating session parameters (such as use of audio/video), and session management and termination.

The Session Initiation Protocol (SIP) is one of the most widely used session control protocols. SIP endpoints are the end-user devices (also known as user agents).

Data transport handles the delivery of the actual video or voice information.

Quality of Service (QoS) provides information about the connection to a QoS system, which, in turn, ensures that voice or video communications are free from problems such as dropped packets, delay, or jitter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A stratum 1 time server obtains routine updated time to ensure accuracy. Evaluate the Network Time Protocol (NTP) and conclude which device provided the updates.

A

Atomic Clock

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are most authentication and access control protocols dependent on?

A

Time synchronization

Most authentication and access control protocols are critically dependent on time synchronization. Many applications on networks are time dependent and time critical, such as authentication and security mechanisms, scheduling applications, or backup software.

Simple Network Management Protocol (SNMP) is a widely used framework for management and monitoring. SNMP consists of a management system and agents.

The Domain Name System (DNS) is a system for resolving host names and domain labels to IP addresses. It uses a distributed database system that contains information on domains and hosts within those domains.

The Dynamic Host Configuration Protocol (DHCP) provides an automatic method for network address allocation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a secure version of file transfer protocol, which facilitates data access and data transfer over a secure shell data stream?

A

SFTP

Secure File Transfer Protocol (SFTP) is a secure version of File Transfer Protocol (FTP), which facilitates data access and data transfer over a Secure Shell (SSH) data stream. It is part of the SSH Protocol.

Trivial File Transfer Protocol (TFTP) is a connectionless protocol that provides file transfer services.

SSH (Secure Shell) is a remote administration and file-copy program that supports VPNs by using port forwarding, and that runs on TCP port 22.

S/MIME (Secure/Multipurpose Internet Mail Extensions) is an email encryption standard that adds digital signatures and public key cryptography to traditional MIME communications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A system administrator moves a file from a server to a client using Secure Shell (SSH) over port 22. Compare the protocols for file transfers, to deduce the protocol utilized.

A

SFTP

SSH FTP (SFTP) addresses the privacy and integrity issues of FTP by encrypting the authentication and data transfer between client and server. It uses the Secure Shell (SSH) over TCP port 22.

Explicit TLS (FTPES) uses the AUTH TLS command to upgrade an insecure connection established over port 21 to a secure one.

Implicit TLS (FTPS) uses port 990. It negotiates an SSL/TLS tunnel before the exchange of any FTP commands. This mode uses the secure port 990 for the control connection.

Trivial File Transfer Protocol (TFTP) is a connectionless protocol (utilizing UDP port69) that provides file transfer services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An authorititative server for a zone creates a Resource Records Set (RRSet) signed with a zone signing key. Analyze Domain Name System (DNS) traits and functions and conclude what the scenario demonstrates.

A

DNS Security Extensions

Domain Name System Security Extensions (DNSSEC) helps to mitigate against spoofing and poisoning attacks. The authoritative server for the zone creates a package of resource records, called an RRset, signed with a private key known as the zone signing key.

DNS server cache poisoning is a redirection attack that aims to corrupt the records held by the DNS server itself.

DNS spoofing is an attack that compromises the name resolution process. The attacker may compromise the process of DNS resolution by replacing the valid IP address for a trusted website.

Dynamic Host Configuration Protocol (DHCP) provides an automatic method for network address allocation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The administrators of a website need to execute the website as an HTTPS. What does the server require, prior to receiving HTTPS status?

A

Digital certificate signed by a trusted certificate authority

To implement HTTPS, a server is assigned a digital certificate signed by some trusted Certificate Authority (CA). The certificate proves the identity of the server (assuming that the client trusts the Certificate Authority).

The digital certificate by itself will not work, it needs to be signed by a certificate authority. SSL/TLS (Secured Sockets Layer/Transport Layer Security) works as a layer between the application and transport layers of the TCP/IP (Transmission Control Protocol/Internet Protocol) stack.

The server uses the digital certificate and the SSL/TLS protocol to encrypt communications between it and the client.

DMZ (Demilitarized Zone) is a small section of a private network that is located behind one firewall or between two firewalls and made available for public access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Two project managers are on the phone, discussing plans for a new site. The call changes over to video, as a way for one site manager to show a schematic on a wall. Compare types of communication services and determine which service the project managers utilized.

A

Unified Communications

The project managers are utilizing Unified Communications (UC). These solutions are messaging applications that combine multiple communications channels and technologies into a single platform. These communications channels can include voice, messaging, interactive whiteboards, data sharing, email and social media.

Voice over Internet Protocol (VoIP) is a type of voice communication. While this could have been utilized for the first portion of the communication, it could not have been utilized without additional tools, to change to video.

Video Teleconferencing (VTC) is utilized for voice and video. The project managers started on a voice-only call, therefore this was not the solution being utilized.

Web conferencing is utilized for live meetings. The call started as voice-only, and this would not be applicable for this scenario.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A system administrator remotely manages a server securely by encrypting the packets over port 49. Analyze remote access protocols and determine which protocol the system administrator employed.

A

TACACS+

Terminal Access Controller Access-Control System Plus (TACACS+) is more reliable than RADIUS. It uses TCP communications over port 49 and this reliable, connection-oriented delivery makes it easier to detect when a server is down. All of the data in TACACS+ packets is encrypted.

Remote Authentication Dial-in User Service (RADIUS) uses ports 1812 and 1813 by default and is less secure than TACACS+. Only the authentication data is encrypted.

Lightweight Directory Access Protocol runs on port 389 by default. This basic protocol provides no security and all transmissions are in plaintext, making it vulnerable to sniffing and Man-in-the-Middle attacks.

Security Association Markup Language (SAML) was developed to handle user identity assertions and transmit authorizations between the principle and providers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What provides an automatic method for network address allocation?

A

DHCP

The Dynamic Host Configuration Protocol (DHCP) provides an automatic method for network address allocation. As well, an IP address and subnet mask can include optional parameters.

The Domain Name System (DNS) is a system for resolving host names and domain labels to IP addresses. It uses a distributed database system that contains information on domains and hosts within those domains.

DNS server cache poisoning (or pollution) is another redirection attack, but instead of trying to subvert the name service used by the client, it aims to corrupt the records held by the DNS server itself.

DNS Security Extensions (DNSSEC) help to mitigate against spoofing and poisoning attacks by providing a validation process for DNS responses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An administrator needs to complete a Secure File Transfer (SFTP) between UNIX systems. Compare the methods for obtaining secure remote access and determine which method the admin will most likely utilize.

A

Secure Shell

Secure Shell (SSH) is the principal means of obtaining secure remote access to a UNIX or Linux server. The main uses of SSH are for remote administration and Secure File Transfer (SFTP).

Telnet is terminal emulation software to support a remote connection to another computer. It does not support file transfer directly.

Remote Desktop Protocol (RDP) is Microsoft’s protocol for operating remote connections to a Windows machine.

A Virtual Private Network (VPN) is utilized to connect to a network and the user needs to connect to a single host to complete the file transfer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An accountant opens a web browser and goes to a bank’s website to pull the latest statement. Compare web protocols and determine the correct protocol to use for this type of web activity?

A

HTTPS

HyperText Transfer Protocol Secure (HTTPS) is used to encrypt Transmission Control Protocol (TCP) connections. Websites for banking, email or shopping should use HTTPS to encrypt data for protection of the data being submitted.

HyperText Transfer Protocol (HTTP) enables clients, typically web browsers, to request resources from a server. The payload is usually used to serve HyperText Markup Language (HTML) web pages, which are plaintext files with coded tags.

Secure Sockets Layer/Transport Layer Security (SSL/TLS) work as a layer between the application and transport layers of the TCP/IP stack. It is usually used to encrypt TCP connections and the HTTP application.

Uniform Resource Locator (URL) is how the HTTP server submits a request for a resource using an appropriate TCP port (default is 80).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Server B requests a secure record exchange from Server A. Server A returns a package along with a public key that verifies the signature. What does this scenario demonstrate?

A

DNS Security Extensions

Domain Name System Security Extensions (DNSSEC) helps to mitigate against spoofing and poisoning attacks. The authoritative server for the zone creates a package of resource records, called an RRset, signed with a private key known as the zone signing key.

DNS server cache poisoning is a redirection attack that aims to corrupt the records held by the DNS server itself.

DNS spoofing is an attack that compromises the name resolution process. The attacker may compromise the process of DNS resolution by replacing the valid IP address for a trusted website.

Dynamic Host Configuration Protocol (DHCP) provides an automatic method for network address allocation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A network administrator researched Secure Sockets Layer/Transport Layer Security (SSL/TLS) versions to determine the best solution for the network. Security is a top priority along with a strong cipher. Recommend the version to implement, which will meet the needs of the company.

A

TLS 1.2

Transport Layer Security (TLS) 1.2 added support for the strong Secure Hash Algorithm (SHA)-256 cipher along with improvements to the cipher suite negotiation process and protection against known attacks.

Secure Sockets Layer (SSL) 3.0 is less secure than any of the TLS versions and does not support SHA-256 cipher.

TLS 1.1 added the improvement to the cipher suite negotiation process and protection against known attacks but does not support SHA-256 cipher.

SSL 2.0 is deprecated and should only be deployed when subject to risk assessments. This version does not support SHA-256 cipher.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Select the vulnerabilities that can influence routing. (Select more than one)

A

Route injection

ARP poisoning

Fingerprinting

Fingerprinting is when a port scanner uses a tool such as Nmap that can reveal the presence of a router and which dynamic routing and management protocols it is running.

Route injection means that traffic is misdirected to a monitoring port (sniffing), sent to a blackhole (non-existent address), or continuously looped around the network, causing DoS.

Address resolution protocol (ARP) poisoning or internet control message protocol (ICMP) redirect is tricking hosts on the subnet into routing through the attacker’s machine, rather than the legitimate default gateway. This allows the attacker to eavesdrop on communications and perform replay or man in the middle (MitM) attacks.

Most routers can also be configured to block traffic, acting as a firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A company desires a basic protocol for email. The owner requested that a local system store and manage email for each user. Compare the various mail protocols and recommend the best solution for the company.

A

Secure Post Office Protocol v3

Secure Post Office Protocol v3 (POP3) is a mailbox protocol designed to allow mail to be stored on a server and downloaded to the recipient’s email client at their convenience.

Secure Internet Message Access Protocol v4 (IMAP4) is primarily designed for dial-up access and the client contacts the server to download its messages, then disconnects. IMAP supports permanent connections to a server and connecting multiple clients to the same mailbox simultaneously. Messages can be stored and organized on the server.

Simple Mail Transfer Protocol (SMTP) specifies how mail is delivered from one system to another.

In Secure Multipurpose Internet Mail Extensions (S/MIME), the user is issued a digital certificate containing a public key that is signed by a CA (Certificate Authority) to establish its validity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A user’s device does not make a direct cabled connection to the network. Instead, the connection occurs over or through an intermediate network. Describe this type of connection.

A

Remote access

Remote access refers to the user’s device connecting over or through an intermediae network, usually a public Wide Area Network (WAN). It does not make a direct cabled or wireless connection to the network.

Internet Protocol Security (IPSec) is a set of open, non-proprietary standards that you can use to secure data as it travels across the network or the Internet.

The Authentication Header (AH) protocol performs a cryptographic hash on the packet plus a shared secret key (known only to the communicating hosts), and adds this HMAC (Hashed Message Authentication Code) in its header as an Integrity Check Value (ICV).

Tunnel mode is when the whole IP packet (header and payload) is encrypted and a new IP header added.

19
Q

An employee can authenticate to any client on the network and have shared files available for viewing. What function will provide this capability?

A

Directory services

Directory services are the principal means of providing privilege management and authorization on an enterprise network. A key will be generated for the user, which contains the group members of the authenticated user.

Authentication credentials are provided by each user at logon, to gain access to a system-defined account. While this is utilized in the scenario, directory services takes the authentication credentials to have a key generated, for the user to access resources.

A security database is what the username and password, or other authentication data, are compared with to determine what resources the user has access to.

A distinguished name is a unique identifier for any given resource within an X.500-like directory and is made up of attributes.

20
Q

What is a secure version of file transfer protocol, which facilitates data access and data transfer over a secure shell data stream?

A

SFTP

Secure File Transfer Protocol (SFTP) is a secure version of File Transfer Protocol (FTP), which facilitates data access and data transfer over a Secure Shell (SSH) data stream. It is part of the SSH Protocol.

Trivial File Transfer Protocol (TFTP) is a connectionless protocol that provides file transfer services.

SSH (Secure Shell) is a remote administration and file-copy program that supports VPNs by using port forwarding, and that runs on TCP port 22.

S/MIME (Secure/Multipurpose Internet Mail Extensions) is an email encryption standard that adds digital signatures and public key cryptography to traditional MIME communications.

21
Q

What provides privilege management and authorization on an enterprise network?

A

Directory services

Directory services is a network service that stores identity information in a particular network, including users, groups, servers, client computers, and printers.

RADIUS (Remote Authentication Dial-in User Service) is a standard protocol used to manage remote and wireless authentication infrastructures.

ACL (Access Control List) specifies which subjects (user accounts, host IP addresses, etc.) are allowed or denied access and the privileges given over the object (read only, read/write, etc.).

TACACS+ (Terminal Access Controller Access Control System Plus) is a similar protocol to RADIUS, but designed to be more flexible and reliable.

22
Q

Analyze remote access protocols and explain the characteristics of TACACS+ that distinguishes it from the others.

A

A reliable system that utilizes TCP communications and encrypts transmitted packets

Terminal Access Controller Access-Control System Plus (TACACS+) is more reliable than RADIUS. It uses TCP communications over port 49 and this reliable, connection-oriented delivery makes it easier to detect when a server is down. All of the data in TACACS+ packets is encrypted.

Remote Authentication Dial-in User Service (RADIUS) uses ports 1812 and 1813 by default and is less secure than TACACS+. Only the authentication data is encrypted.

Lightweight Directory Access Protocol runs on port 389 by default. This basic protocol provides no security and all transmissions are in plaintext, making it vulnerable to sniffing and Man-in-the-Middle attacks.

Security Association Markup Language (SAML) was developed to handle user identity assertions and transmit authorizations between the principle and providers.

23
Q

A system administrator completes a file transfer, secured by encrypting the authentication and data between the client and server over TCP port 22. Evaluate the file transfer protocols and determine which protocol the administrator used.

A

SFTP

Secure Shell File Transfer Protocol (SFTP) addresses the privacy and integrity issues of FTP by encrypting the authentication and data transfer between a client and server. A secure link is created using Secure Shell (SSH) over Transmission Control Protocol (TCP) port 22.

Explicit Transport Layer Security (FTPES) uses the AUTH TLS command to upgrade an unsecure connection established over port 21 to a secure one. This protects authentication credentials.

Implicit Transport Layer Security (FTPS) negotiates an Single Socket Layer/Transport Layer Security (SSL/TLS) tunnel before the exchange of any FTP commands. This mode uses the secure port 990 for the control connection.

Trivial File Transfer Protocol (TFTP) is a connectionless protocol that utilizes User Datagram Protocol (UDP) 69 and also provides file transfer services.

24
Q

The administrators of a website need to execute the website as an HTTPS. What does the server require, prior to receiving HTTPS status?

A

Digital certificate signed by a trusted certificate authority

25
Q

What facilitates a pharming attack?

A

DNS spoofing

Domain Name System (DNS) spoofing is an attack that compromises the name resolution process. One use of DNS spoofing is to facilitate a pharming attack.

DNS server cache poisoning (or pollution) is another redirection attack, but instead of trying to subvert the name service used by the client, it aims to corrupt the records held by the DNS server itself.

DNS Security Extensions (DNSSEC) help to mitigate against spoofing and poisoning attacks by providing a validation process for DNS responses.

Cybersquatting is an attack where an adversary acquires a domain for a company’s trading name or trademark, or perhaps some spelling variation thereof.

26
Q

The administrator in an exchange server needs to send digitally signed and encrypted messages. What should the administrator execute?

A

S/MIME

Secure/Multipurpose Internet Mail Extensions (S/MIME) is a widely accepted method for sending digitally signed and encrypted messages, it allows the sender to encrypt the emails and digitally sign them.

SSH (Secure Shell) is a remote administration and file-copy program that supports VPNs by using port forwarding, and that runs on TCP port 22.

The Session Initiation Protocol (SIP) is one of the most widely used session control protocols.

The Post Office Protocol v3 (POP3) is a mailbox protocol designed to allow mail to be stored on a server and downloaded to the recipient’s email client at his or her convenience.

27
Q

A company recently implemented a Secure Sockets Layer/Transport Layer Security (SSL/TLS) version that supports Secure Hashing Algorithm-256 (SHA-256) cipher. Compare and contrast the SSL/TLS versions and determine which version deployed.

A

TLS 1.2

28
Q

Two employees use Instant Messaging (IM) in separate buildings at work. They change the communications over to a video call with one click. Compare the types of communication services and determine which service the employees used.

A

Unified Communications

29
Q

A company recently implemented a Secure Sockets Layer/Transport Layer Security (SSL/TLS) version that supports Secure Hashing Algorithm-256 (SHA-256) cipher. Compare and contrast the SSL/TLS versions and determine which version deployed.

A

TLS 1.2

Transport Layer Security (TLS) 1.2 added support for the strong Secure Hash Algorithm (SHA)-256 cipher. That is the primary difference between TLS 1.1 and 1.2.

Secure Sockets Layer (SSL) 3.0 is less secure than any of the TLS versions and does not support SHA-256 cipher.

TLS 1.1 added the improvement to the cipher suite negotiation process and protection against known attacks, but does not support SHA-256 cipher.

SSL 2.0 is deprecated and should only be deployed when subject to risk assessments. This version does not support SHA-256 cipher.

30
Q

Two employees use Instant Messaging (IM) in separate buildings at work. They change the communications over to a video call with one click. Compare the types of communication services and determine which service the employees used.

A

Unified Communications

The project managers are utilizing Unified Communications (UC). These solutions are messaging applications that combine multiple communications channels and technologies into a single platform. These communications channels can include voice, messaging, interactive whiteboards, data sharing, email and social media.

Voice over Internet Protocol (VoIP) is a type of voice communication. While this could have been utilized for the first portion of the communication, it could not have been utilized without additional tools, to change to video.

Video Teleconferencing (VTC) is utilized for voice and video. The project managers started on a voice-only call, therefore this was not the solution being utilized.

Web conferencing is utilized for live meetings. The call started as voice-only, and this would not be applicable for this scenario.

31
Q

A network administrator sets up a protocol for management and monitoring. The administrator needs the protocol to support encryption and to have a strong user-based authentication. Recommend which protocol to utilize.

A

SNMPv3

Simple Network Management Protocol (SNMP) v3 supports encryption and strong user-based authentication. Instead of community names, the agent is configured with a list of usernames and access permissions.

SNMPv1 uses community names that are sent in plaintext and should not be transmitted over the network, if there is any risk they could be intercepted.

SNMPv2c also uses community names that are sent in plaintext and should not be transmitted over the network, if there is any risk they could be intercepted. Like SNMPv1, this protocol does not support strong user-based authentication.

Management Information Base (MIB) is the database that the agent within SNMP utilizes. The agent is a process that runs on a switch, router, server or other SNMP compatible network device.

32
Q

A system administrator completes a file transfer by negotiating a tunnel before the exchange of any commands. Evaluate the file transfer protocols to conclude which protocol the admin utilized.

A

FTPS

Implicit Transport Layer Security (FTPS) negotiates an Secure Sockets Layer/Transport Layer Security (SSl/TLS) tunnel before the exchange of any File Transfer Protocol (FTP) commands.

Explicit TLS (FTPES) uses the AUTH TLS command to upgrade an unsecure connection.

Secure Shell (SSH) FTP (SFTP) encrypted the authentication and data transfer between the client and server and a secure link is created between the client and server using SSH.

Trivial File Transfer Protocol (TFTP) is a connectionless protocol that provides file transfer services. It does not provide the guaranteed delivery offered by FTP.

33
Q

A system administrator moves a file from a server to a client using Secure Shell (SSH) over port 22. Compare the protocols for file transfers, to deduce the protocol utilized.

A

SFTP

SSH FTP (SFTP) addresses the privacy and integrity issues of FTP by encrypting the authentication and data transfer between client and server. It uses the Secure Shell (SSH) over TCP port 22.

Explicit TLS (FTPES) uses the AUTH TLS command to upgrade an insecure connection established over port 21 to a secure one.

Implicit TLS (FTPS) uses port 990. It negotiates an SSL/TLS tunnel before the exchange of any FTP commands. This mode uses the secure port 990 for the control connection.

Trivial File Transfer Protocol (TFTP) is a connectionless protocol (utilizing UDP port69) that provides file transfer services.

34
Q

A user’s device does not make a direct cabled connection to the network. Instead, the connection occurs over or through an intermediate network. Describe this type of connection.

A

Remote access

Remote access refers to the user’s device connecting over or through an intermediae network, usually a public Wide Area Network (WAN). It does not make a direct cabled or wireless connection to the network.

Internet Protocol Security (IPSec) is a set of open, non-proprietary standards that you can use to secure data as it travels across the network or the Internet.

The Authentication Header (AH) protocol performs a cryptographic hash on the packet plus a shared secret key (known only to the communicating hosts), and adds this HMAC (Hashed Message Authentication Code) in its header as an Integrity Check Value (ICV).

Tunnel mode is when the whole IP packet (header and payload) is encrypted and a new IP header added.

35
Q

Consider the principles of web server hardening and determine which actions a system administrator should take when deploying a new server. (Select more than one)

A

Use the configuration templates provided

Secure a guest account

Use SSH for uploading files

Most web servers must allow access to guests. The guest account must be secured so that it cannot be used to modify any data on the server.

A secure means of uploading files and configuration changes needs to be used, such as Secure Shell (SSH).

Web servers should be deployed using configuration templates where possible. This will assist the administrator with hardening the system.

The location of the server should be carefully considered as a way to not expose the private network to attack from the public. This can be achieved by placing a firewall between the web server and the local network.

36
Q

A network uses a framework for management and monitoring that uses the Data Encryption Standard (DES) and the Advanced Encryption Standard (AES), which encrypts the contents of traps and query responses. Analyze the types of protocols available for management and monitoring, then deduce the protocol utilized.

A

SNMPv3

Simple Network Management Protocol (SNMP) v3 supports encryption and strong user-based authentication. Instead of community names, the agent is configured with a list of usernames and access permissions.

SNMPv1 uses community names that are sent in plaintext and should not be transmitted over the network, if there is any risk they could be intercepted. This protocol does not support encryption.

SNMPv2c also uses community names that are sent in plaintext and should not be transmitted over the network, if there is any risk they could be intercepted. Like SNMPv1, this protocol does not support encryption

Management Information Base (MIB) is the database that the agent within SNMP utilizes. The agent is a process that runs on a switch, router, server or other SNMP compatible network device.

37
Q

A system administrator completes a file transfer by negotiating a tunnel before the exchange of any commands. Evaluate the file transfer protocols to conclude which protocol the admin utilized.

A

FTPS

Implicit Transport Layer Security (FTPS) negotiates an Secure Sockets Layer/Transport Layer Security (SSl/TLS) tunnel before the exchange of any File Transfer Protocol (FTP) commands.

Explicit TLS (FTPES) uses the AUTH TLS command to upgrade an unsecure connection.

Secure Shell (SSH) FTP (SFTP) encrypted the authentication and data transfer between the client and server and a secure link is created between the client and server using SSH.

Trivial File Transfer Protocol (TFTP) is a connectionless protocol that provides file transfer services. It does not provide the guaranteed delivery offered by FTP.

38
Q

The administrator in an exchange server needs to send digitally signed and encrypted messages. What should the administrator execute?

A

S/MIME

Secure/Multipurpose Internet Mail Extensions (S/MIME) is a widely accepted method for sending digitally signed and encrypted messages, it allows the sender to encrypt the emails and digitally sign them.

SSH (Secure Shell) is a remote administration and file-copy program that supports VPNs by using port forwarding, and that runs on TCP port 22.

The Session Initiation Protocol (SIP) is one of the most widely used session control protocols.

The Post Office Protocol v3 (POP3) is a mailbox protocol designed to allow mail to be stored on a server and downloaded to the recipient’s email client at his or her convenience.

39
Q

What is a secure version of file transfer protocol, which facilitates data access and data transfer over a secure shell data stream?

A

SFTP

Secure File Transfer Protocol (SFTP) is a secure version of File Transfer Protocol (FTP), which facilitates data access and data transfer over a Secure Shell (SSH) data stream. It is part of the SSH Protocol.

Trivial File Transfer Protocol (TFTP) is a connectionless protocol that provides file transfer services.

SSH (Secure Shell) is a remote administration and file-copy program that supports VPNs by using port forwarding, and that runs on TCP port 22.

S/MIME (Secure/Multipurpose Internet Mail Extensions) is an email encryption standard that adds digital signatures and public key cryptography to traditional MIME communications.

40
Q

An employee logs into the network with credentials, and then the network provides an access key. This key accesses network resources, such as shared files and printers, which the employee uses to complete tasks. What does the employee utilize based on this scenario?

A

Directory services

Directory services are the principal means of providing privilege management and authorization on an enterprise network. A key will be generated for the user, which contains the group members of the authenticated user.

Authentication credentials are provided by each user at logon, to gain access to a system-defined account. While this is utilized in the scenario, directory services takes the authentication credentials to have a key generated, for the user to access resources.

A security database is what the username and password, or other authentication data, are compared with to determine what resources the user has access to.

A distinguished name is a unique identifier for any given resource within an X.500-like directory and is made up of attributes.

41
Q

A system administrator remotely manages a server securely by encrypting the packets over port 49. Analyze remote access protocols and determine which protocol the system administrator employed.

A

TACACS+

42
Q

Employees log into their email and the messages download from the server, onto the client. The mail server does not store the messages. Compare the following email protocols and determine which protocol this represents.

A

Secure Post Office Protocol v3

Secure Post Office Protocol v3 (POP3) is a mailbox protocol designed to allow mail to be held on a server and downloaded to the recipient’s email client at their convenience, at which time it is deleted from the server (unless specific settings to keep the messages are set).

Secure Internet Message Access Protocol v4 (IMAP4) is primarily designed for dial-up access and the client contacts the server to download its messages, then disconnects. IMAP supports permanent connections to a server and connecting multiple clients to the same mailbox simultaneously. Messages can be stored and organized on the server.

Simple Mail Transfer Protocol (SMTP) specifies how mail is delivered from one system to another.

In Secure Multipurpose Internet Mail Extensions (S/MIME), the user is issued a digital certificate containing a public key that is signed by a CA (Certificate Authority) to establish its validity.

43
Q

A system administrator teaches a class to junior technicians on the principles of web server hardening. Recommend the principles to include in the training. (Select more than one)

A

Secure a guest account

Use SSH for uploading files

Use the configuration templates provided