3.1 Given a scenario, implement secure protocols.

Question 1

AH protocol

Answer 1

The Authentication Header (AH) protocol performs a cryptographic hash on the packet plus a shared secret key (known only to the communicating hosts) and adds this Hashed Message Authentication Code (HMAC) in its header as an Integrity Check Value (ICV).

Question 2

IPSec

Answer 2

Internet Protocol Security (IPSec) is a set of open, non-proprietary standards that you can use to secure data as it travels across the network or the Internet.

Question 3

Tunnel mode

Answer 3

Tunnel mode is when the whole IP packet (header and payload) is encrypted and a new IP header added.
Tunnel mode is for communications between VPN gateways across an unsecure network. This mode is ideal when securing communication between regional offices over the Internet.

Question 4

Remote access

Answer 4

Remote access refers to the user’s device connecting over or through an intermediate network, usually a public Wide Area Network (WAN). It does not make a direct cabled or wireless connection to the network.

Question 5

Unified Communications

Answer 5

messaging applications that combine multiple communications channels and technologies into a single platform. These communications channels can include voice, messaging, interactive whiteboards, data sharing, email, and social media.

Question 6

Fingerprinting

Answer 6

Fingerprinting is when a port scanner uses a tool such as Nmap that can reveal the presence of a router and which dynamic routing and management protocols it is running.

Question 7

Route injection

Answer 7

Route injection means that traffic is misdirected to a monitoring port (sniffing), sent to a blackhole (non-existent address), or continuously looped around the network, causing DoS.

Question 8

What does transport mode do in IPSec?

Answer 8

The transport mode is used by IPsec to provide encrypted communication by only encrypting the payload. This method is used mostly in private networks.

Question 9

What port does DNSSEC traffic use?

Answer 9

TCP 53

Question 10

What port does Kerberos use?

Answer 10

88

Question 11

What port does DNS use?

Answer 11

UDP 53

Question 12

What port is used for LDAP

Answer 12

UDP 389

Question 13

Kerberos

Answer 13

Kerberos is the default Windows secure authentication and authorization protocol for directory services. It is a single sign-on service based on a time-sensitive ticket-granting system.

Question 14

ESP Protocol

Answer 14

The Encapsulation Security Payload (ESP) protocol provides confidentiality and/or authentication and integrity. It encrypts the data payload.

Question 15

TLS 1.2

Answer 15

Transport Layer Security (TLS) 1.2 added support for the strong Secure Hash Algorithm (SHA)-256 cipher. That is the primary difference between TLS 1.1 and TLS 1.2.

Question 16

TLS 1.1

Answer 16

TLS 1.1 added the improvement to the cipher suite negotiation process and protection against known attacks but does not support the SHA-256 cipher.

Question 17

SSL 3.0

Answer 17

Secure Sockets Layer (SSL) 3.0 is less secure than any of the TLS versions and does not support SHA-256 cipher.

Question 18

SSL 2.0

Answer 18

SSL 2.0 is deprecated and should only be deployed when subject to risk assessments. This version does not support the SHA-256 cipher.

Question 19

S/MIME

Answer 19

Secure/Multipurpose Internet Mail Extensions (S/MIME) is a widely accepted method for sending digitally signed and encrypted messages. It allows the sender to encrypt the emails and digitally sign them.

Question 20

Where does a top-level NTP server obtain the UTC from?

Answer 20

Atomic clock

Question 21

What stratum is the NTP server?

Answer 21

stratum 1, it is the top level and must gets it time from a top level source( atomic clock) Stratum 2 servers must get there time from a stratum 1 server.

Question 22

SRTP

Answer 22

Secure real-time transport protocol (SRTP) encrypts actual real-time data, like voice and video. It provides confidentiality for the actual call data.

Question 23

SIP

Answer 23

Session initiation protocol (SIP) provides session management features between SIP endpoints and/or gateways.

Question 24

SIPS

Answer 24

Session initiation protocol secure (SIPS) provides a secure tunnel using transport layer security (TLS) to authenticate the endpoints and establish a secure exchange of session information.

Question 25

QoS

Answer 25

Quality of service (QoS) provides information about the connection to a QoS system, which in turn ensures that voice or video communications are free from problems, such as dropped packets, delay, or jitter.

Question 26

SNMPv3

Answer 26

Simple Network Management Protocol (SNMP) v3 supports encryption and strong user-based authentication. Instead of community names, the agent is configured with a list of usernames and access permissions.

Question 27

SNMPv1

Answer 27

SNMPv1 uses community names that are sent in plaintext and should not be transmitted over the network if there is any risk they could be intercepted.

Question 28

SNMPv2c

Answer 28

SNMPv2c also uses community names that are sent in plaintext and should not be transmitted over the network, if there is any risk they could be intercepted. Like SNMPv1, this protocol does not support strong user-based authentication.

Question 29

MIB

Answer 29

Management Information Base (MIB) is the database that the SNMP agent uses. The agent is a process that runs on a switch, router, server, or SNMP compatible network device.

Question 30

FTPS

Answer 30

File Transfer Protocol over SSL (FTPS) implicitly negotiates a Secure Sockets Layer/Transport Layer Security (SSL/TLS) tunnel before the exchange of any File Transfer Protocol (FTP) commands. This mode uses the secure port 990 for the control connection.

Question 31

FTPES

Answer 31

Explicit FTP over SSL (FTPES) uses the AUTH TLS command to upgrade an unsecure connection established over port 21 to a secure one. This negotiates a SSL/TLS tunnel explicitly and is preferred over FTPS.