Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CyberSecurity Essentials AIT-660 > Chapter 4 > Flashcards

Chapter 4 Flashcards

1
Q

Describe the differences between transport mode and tunnel mode of IPSec.

A

IPSec’s transport mode is used for host-to-host links and encrypts only the payload, not the header.

IPSec’s tunnel mode is used for host-to-LAN and LAN-to-LAN links and encrypts the entire original payload and header and then adds a link header.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Discuss the benefits of NAT

A

Network Address Translation (NAT) allows for the identity of internal systems to be hidden from external entities.

Often NAT is used to translate between RFC 1918 private IP addresses and leased public addresses.

NAT serves as a one-way firewall because it allows only inbound traffic that is a response to a previous internal query.

NAT also allows a few leased public addresses to be used to grant Internet connectivity to a larger number of internal systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the main differences between circuit switching and packet switching?

A

Circuit switching is usually associated with physical connections. The link itself is physically established and then dismantled for the communication. Circuit switching offers known fixed delays, supports constant traffic, is connection oriented, is sensitive only to the loss of the connection rather than the communication, and was most often used for voice transmissions.

Packet switching is usually associated with logical connections because the link is just a logically defined path among possible paths. Within a packet-switching system, each system or link can be employed simultaneously by other circuits. Packet switching divides the communication into segments, and each segment traverses the circuit to the destination. Packet switching has variable delays because each segment could take a unique path, is usually employed for bursty traffic, is not physically connection oriented but often uses virtual circuits, is sensitive to the loss of data, and is used for any form of communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are some security issues with email and options for safeguarding against them?

A

Email is inherently insecure because it is primarily a plain-text communication medium and employs nonencrypted transmissions protocols.

This allows for email to be easily spoofed, spammed, flooded, eavesdropped on, interfered with, and hijacked.

Defenses against these issues primarily include having stronger authentication requirements and using encryption to protect the content while in transit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. _________________ is a layer 2 connection mechanism that uses packet-switching technology to establish virtual circuits between the communication endpoints.

A. ISDN

B. Frame Relay

C. SMDS

D. ATM

A

B. Frame Relay is a layer 2 connection mechanism that uses packet-switching technology to establish virtual circuits between the communication endpoints.

The Frame Relay network is a shared medium across which virtual circuits are created to provide point-to-point communications. All virtual circuits are independent of and invisible to each other.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. Tunnel connections can be established over all except for which of the following?

A. WAN links

B. LAN pathways

C. Dial-up connections

D. Stand-alone systems

A

D. A stand-alone system has no need for tunneling because no communications between systems are occurring and no intermediary network is present.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. __________________ is a standards-based mechanism for providing encryption for point-to-point TCP/IP traffic.

A. UDP

B. IDEA

C. IPSec

D. SDLC

A

C. IPSec, or IP Security, is a standards-based mechanism for providing encryption for point-to-point TCP/IP traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. Which of the following IP addresses is not a private IP address as defined by RFC 1918?

A. 10.0.0.18

B. 169.254.1.119

C. 172.31.8.204

D. 192.168.6.43

A

B. The 169.254.x.x subnet is in the APIPA range, which is not part of RFC 1918. The addresses in RFC 1918 are

  1. 0.0.0–10.255.255.255, (Class A)
  2. 16.0.0–172.31.255.255, (Class B)
  3. 168.0.0–192.168.255.255. (Class C)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. Which of the following cannot be linked over a VPN?

A. Two distant Internet-connected LANs

B. Two systems on the same LAN

C. A system connected to the Internet and a LAN connected to the Internet

D. Two systems without an intermediary network connection

A

D. An intermediary network connection is required for a VPN link to be established.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. What is needed to allow an external client to initiate a communication session with an internal system if the network uses a NAT proxy?

A. IPSec tunnel

B. Static mode NAT

C. Static private IP address

D. Reverse DNS

A

B. Static mode NAT is needed to allow an outside entity to initiate communications with an internal system behind a NAT proxy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. Which of the following VPN protocols do not offer native data encryption? (Choose all that apply.)

A. L2F

B. L2TP

C. IPSec

D. PPTP

A

A, B, D. L2F, L2TP, and PPTP all lack native data encryption.

Only IPSec includes native data encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. At which OSI model layer does the IPSec protocol function?

A. Data Link

B. Transport

C. Session

D. Network

A

D. IPSec operates at the Network layer (layer 3).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. Which of the following is not defined in RFC 1918 as one of the private IP address ranges that are not routed on the Internet?

A. 169.172.0.0–169.191.255.255

B. 192.168.0.0–192.168.255.255

C. 10.0.0.0–10.255.255.255

D. 172.16.0.0–172.31.255.255

A
  1. A. The address range 169.172.0.0–169.191.255.255 is not listed in RFC 1918 as a private IP address range. It is in fact a public IP address range.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. Which of the following is not a benefit of NAT?

A. Hiding the internal IP addressing scheme

B. Sharing a few public Internet addresses with a large number of internal clients

C. Using the private IP addresses from RFC 1918 on an internal network

D. filtering network traffic to prevent brute-force attacks

A

D. NAT does not protect against or prevent brute-force attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. A significant benefit of a security control is when it goes unnoticed by users. What is this called?

A. Invisibility

B. Transparency

C. Diversion

D. Hiding in plain sight

A

B. When transparency is a characteristic of a service, security control, or access mechanism it is unseen by users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. When you’re designing a security system for Internet-delivered email, which of the following is least important?

A. Nonrepudiation

B. Availability

C. Message integrity

D. Access restriction

A

B. Although availability is a key aspect of security in general, it is the least important aspect of security systems for Internet-delivered email.

17
Q
  1. Which of the following is typically not an element that must be discussed with end users in regard to email retention policies?

A. Privacy

B. Auditor review

C. Length of retainer

D. Backup method

A

D. The backup method is not an important factor to discuss with end users regarding email retention.

18
Q
  1. What is it called when email itself is used as an attack mechanism?

A. Masquerading

B. Mail-bombing

C. Spoofing

D. Smurf attack

A

B. Mail-bombing is the use of email as an attack mechanism. Flooding a system with messages causes a denial of service.

19
Q
  1. Why is spam so difficult to stop?

A. filters are ineffective at blocking inbound messages.

B. The source address is usually spoofed.

C. It is an attack requiring little expertise.

D. Spam can cause denial-of-service attacks.

A

B. It is often difficult to stop spam because the source of the messages is usually spoofed.

20
Q
  1. Which of the following is a type of connection that can be described as a logical circuit that always exists and is waiting for the customer to send data?

A. ISDN

B. PVC

C. VPN

D. SVC

A

B. A permanent virtual circuit (PVC) can be described as a logical circuit that always exists and is waiting for the customer to send data.

21
Q
  1. In addition to maintaining an updated system and controlling physical access, which of the following is the most effective countermeasure against PBX fraud and abuse?

A. Encrypting communications

B. Changing default passwords

C. Using transmission logs

D. Taping and archiving all conversations

A

B. Changing default passwords on PBX systems provides the most effective increase in security.

22
Q
  1. Which of the following can be used to bypass even the best physical and logical security mechanisms to gain access to a system?

A. Brute-force attacks

B. Denial of service

C. Social engineering

D. Port scanning

A

C. Social engineering can often be used to bypass even the most effective physical and logical controls. Whatever activity the attacker convinces the victim to perform, it is usually directed toward opening a back door that the attacker can use to gain access to the network.

23
Q
  1. Which of the following is not a denial-of-service attack?

A. Exploiting a flaw in a program to consume 100 percent of the CPU

B. Sending malformed packets to a system, causing it to freeze

C. Performing a brute-force attack against a known user account

D. Sending thousands of emails to a single address

A

C. A brute-force attack is not considered a DoS.

24
Q
  1. What authentication protocol offers no encryption or protection for logon credentials?

A. Password Authentication Protocol (PAP)

B. Challenge Handshake Authentication Protocol (CHAP)

C. Secure Socket Layers SSL

D. Remote Authentication Dial-In User Service (RADIUS)

A

A. Password Authentication Protocol (PAP) is a standardized authentication protocol for PPP. PAP transmits usernames and passwords in the clear. It offers no form of encryption. It simply provides a means to transport the logon credentials from the client to the authentication server.

25
Q

Difference between VPN and tunneling

A

A virtual private network (VPN) is a communication tunnel that provides
point-to-point transmission of both authentication information and data traffic over an intermediary untrusted network

Tunneling is a network communications process that protects the contents of protocol packets by encapsulating them in packets of another protocol

Most VPNs use encryption to protect the encapsulated traffic, but encryption is not necessary for the connection to be considered a VPN
VPNs are most commonly associated with establishing secure communication paths through the Internet between two distant networks

VPNs can provide confidentiality and integrity over insecure or untrusted intermediary networks

VPNs do not provide or guarantee availability

26
Q

IP parts (AH, ESP)

security protocol

A

Authentication Header (AH) AH provides authentication, integrity, and nonrepudiation.

Encapsulating Security Payload (ESP) ESP provides encryption to protect the confidentiality of transmitted data, but it can also perform limited authentication. It operates at the Network layer (layer 3) and can be used in transport mode or tunnel mode. In transport mode, the IP packet data is encrypted but the header of the packet is not. In tunnel mode, the entire IP packet is encrypted and a new header is added to the packet to govern transmission through the tunnel.

27
Q

What are the Private IP addresses according to RFC 1918

A

RFC 1918

    1. 0.0/8 (addresses 10.0. 0.0 through 10.255. 255.255 inclusive)
    1. 0.0/12 (addresses 172.16. 0.0 through 172.31. 255.255 inclusive)
    1. 0.0/16 (addresses 192.168. 0.0 through 192.168.
28
Q

Different types of NAT

A
  • Stateful NAT

- Static and Dynamic NAT

29
Q

PVC vs SVC

A

Permanent virtual circuits (PVCs)
A PVC is like a dedicated leased line; the logical circuit always exists and is waiting for the user to send data

Switched virtual circuits (SVCs)
An SVC is more like a dial-up connection because a virtual circuit has to be created before it can be used and then disassembled after the transmission is complete

30
Q

Email sec solutions

A

Secure Multipurpose Internet Mail Extensions (S/MIME)
Offers authentication and confidentiality

MIME Object Security Services (MOSS)
Provides authentication, confidentiality, integrity, and nonrepudiation

Privacy Enhanced Mail (PEM)
Is an email encryption mechanism that provides authentication, integrity, confidentiality, and nonrepudiation

Pretty Good Privacy (PGP)
Is a public-private key system that uses a variety of encryption algorithms to encrypt files and email messages

31
Q

What is NAT

A

NAT is a mechanism for converting the internal IP addresses found in a private network into public IP addresses for transmission over the Internet

NAT is used for

  • Hiding the identity of internal clients
  • Masking the design of a private network
  • Keeping public IP address leasing costs to a minimum

NAT was developed to allow private networks to use any IP address set without causing conflicts with public Internet hosts with the same IP addresses

32
Q

What is NAT

A

NAT is a mechanism for converting the internal IP addresses found in a private network into public IP addresses for transmission over the Internet

NAT is used for

  • Hiding the identity of internal clients
  • Masking the design of a private network
  • Keeping public IP address leasing costs to a minimum

NAT was developed to allow private networks to use any IP address set without causing conflicts with public Internet hosts with the same IP addresses

33
Q

Stateful NAT

A

NAT operates by maintaining a mapping between
requests made by internal clients,
a client’s internal IP address, and
the IP address of the Internet service contacted

When a packet is received from a client, NAT changes the source address to the NAT’s address

This change is recorded in the NAT along with the destination address

Once a reply is received from the Internet server, NAT matches the reply’s source address to an address stored in its mapping database and then redirects the response packets to its intended destination

NAT maintains information about the communication sessions between clients and external systems

NAT can operate on a one-to-one basis

Other types of NAT employ multiplexing techniques(PORT)

34
Q

Static NAT

A

Permanently assigns a specific external IP address to an internal host

Enables external entities to initiate the communication with systems inside the private network, even if it is using RFC 1918 IP addresses

35
Q

Dynamic NAT

A

Grants multiple internal clients access to a few leased public IP addresses

A large internal network can still access the Internet without having to lease a large block of public IP addresses
In a dynamic mode NAT implementation, the NAT system maintains a database of mappings so that all response traffic from Internet services is properly routed to the original internal requesting client

Not always compatible with VPN protocols, like IPSec

36
Q

What is the CIA Triad?

A

Confidentiality,
Integrity,
Availability

CyberSecurity Essentials AIT-660 (19 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions