Chapter 10 - Securing TCP/IP Flashcards
_______ defines what a person accessing data can do with that data.
Authorization
_______ is the act of verifying you are who you say you are.
Authorization
_______ is the process of guaranteeing that data is as originally sent.
Integrity
A(n) _______ encrypts data in fixed-length chunks at a time.
block cipher
_______ is a secure replacement for Telnet.
Secure Shell (SSH)
A(n) _______ uses one key to encrypt data and a different key to decrypt the same data.
asymmetric-key algorithm
SSL has been replaced by the more robust _______.
transport layer security (TLS)
SCP has been replaced by _______, a secure protocol for copying files to a server.
Secure FTP (SFTP)
_______ is the default authentication protocol for Windows domains and is extremely time sensitive
Kerberos
_______ uses a 128-bit block, up to a 256-bit key, and is a virtually uncrackable encryption algorithm.
Advanced Encryption Standard (AES)
Justin wants his team to be able to send him encrypted e-mails. What should he do?
A. Send each team member his private key.
B. Send each team member his public key.
C. Ask each team member for his or her private key.
D. Ask each team member for his or her public key.
Justin should send each team member a copy of his public key. He can then decrypt the messages with his private key.
Which of the following is a popular cryptographic hashing function?
A. SHA-1
B. SHA-2
C. RADIUS
D. TACACS+
SHA-1 & SHA-2
A public and private key pair is an example of what?
A. Symmetric-key algorithm
B. Asymmetric-key algorithm
C. Certificate
D. RADIUS
Asymmetric-key algorithm
Which authentication protocol is time sensitive and is the default authentication protocol on Windows domains?
A. PPP
B. MS-CHAP
C. IPsec
D. Kerberos
Kerberos
What helps to protect credit card numbers during online purchases? (Select two.)
A. Certificates
B. TLS
C. SCP
D. NTP
Certificates and TLS
Emily wants to remotely and securely enter commands to be run at a remote server. What application should she use?
A. Telnet
B. SSH
C. SFTP
D. RSA
SSH
A hash function is by definition
A. A complex function
B. A PKI function
C. A one-way function
D. A systematic function
A one-way function
In order to have a PKI you must have a(n)
A. Web server
B. Web of trust
C. Root authority
D. Unsigned certificate
Root authority
Which term describes the process of guaranteeing that the sender of the data cannot later deny having sent it?
A. Authentication
B. Authorization
C. Encryption
D. Nonrepudiation
Nonrepudiation
If you saw some traffic running on TCP port 49, what AAA standard would you know was running?
A. PPP
B. RADIUS
C. MS-CHAP
D. TACACS+
TACACS+
What is the difference between RADIUS and TACACS+?
A. RADIUS is the authentication control for Windows networks, whereas TACACS+ is the authentication control for UNIX/Linux networks.
B. RADIUS is an implementation of an authentication control, whereas TACACS+ is an implementation of authorization control.
C. RADIUS is a generic name for authentication control, and there are implementations for Windows, UNIX, and Linux servers. TACACS+ is authentication control for Cisco routers and switches.
D. RADIUS supports encryption; TACACS+ does not and is, therefore, less desirable in a network.
RADIUS is a generic name for authentication control, and there are implementations for Windows, UNIX, and Linux servers. TACACS+ is authentication control for Cisco routers and switches.
AES is a(n) _________________ cipher.
A. block
B. forwarding
C. stream
D. asymmetric
block
If you saw some traffic running on UDP ports 1812 and 1813, what AAA standard would you know was running?
A. PPP
B. RADIUS
C. MS-CHAP
D. TACACS+
RADIUS
Digital signatures and certificates help which aspect of computer security?
A. Accounting
B. Authentication
C. Authorization
D. Nonrepudiation
Nonrepudiation
Which authorization model grants privileges based on the group membership of network users?
A. MAC
B. DAC
C. RBAC
D. GAC
RBAC