Chapter 5 - Network Security

Question 1

another name for “key”

5-177

Answer 1

encryption decoder

Question 2

2 things found in WPA but not in WEP

5-178

Answer 2

TKIP - scrambles key with hashing for data encryption

EAP - used with certificates for authentication

Question 3

2 ways WPA2 improves on WPA

5-178

Answer 3

AES for encryption

CCMP - 802.11i, this is the encryption that replaced TKIP

Question 4

what standard does WPA enterprise use?

5-178

Answer 4

IEEE 802.1X

Question 5

6 attributes used by ACL for filtering

5-180

Answer 5

source and destination IP addresses
source and destination MAC addresses
protocol
port number

Question 6

2 locations where IP filtering should be employed

5-181

Answer 6

router

firewall

Question 7

tell me the ranges for port

well known?
registered?
dynamic/private?

5-181

Answer 7

0-1023
1024-49151
49152-65535

Question 8

3 protocols used in VPN

5-182

Answer 8

SSL
L2TP
PPTP

Question 9

3 security services of IPSec

5-183

Answer 9

data verification
protection from data tampering
privacy of transactions

Question 10

what protocol provides for secure creation and management of keys?

5-184

Answer 10

ISAKMP

Question 11

tell me about TLS and TLS 1.2

5-184

Answer 11

TLS - kills eavesdropping, tampering, message forgery

TLS 1.2 - longer key and more sophisticated algorithms than what’s in TLS

Question 12

what does RAS and RRAS both do?

what protocols do they use?

5-185

Answer 12

remote access connectivity to a LAN environment

PPTP, L2TP

Question 13

main function of PPPoE?

5-186

Answer 13

encapsulate PPP frames inside ethernet frames

Question 14

the 3 authentication options of PPP

5-186

Answer 14

PAP
CHAP
EAP

Question 15

where does SSH operate at? (layer?)

5-187

Answer 15

7 and 5

application and session

Question 16

what is PKI?

how does it work?

5-188,189

Answer 16

public key infrastructure

public key - identifies user, encrypts data
private key - only held by the user, stored by the OS, decrypts the data

Question 17

what is Kerberos?

5-189

Answer 17

default authentication protocol for Active Directory AND for Novell NDS systems

Question 18

TGT?
KDC?
AAA?
RADIUS?
TACACS+?

5-189,190

Answer 18

ticket granting ticket
key distribution center
authentication, authorization, accounting
remote authentication dial-in user service
terminal access controller access control system +

Question 19

in 802.1x,
the client = ?
WAP = ?
________________________________________________

CHAP = ?

5-191

Answer 19

supplicant
authenticator
_________________________________________

challenge handshake authentication protocol

Question 20

give an example of two factor authentication

5-192

Answer 20

smartcard plus PIN

Question 21

give an example of multifactor authentication

5-193

Answer 21

smartcard plus PIN plus biometrics

Question 22

how to defend against WPA cracking?

DoS?
DDoS?

5-196

Answer 22

use WPA2 with AES

denial of service

distributed denial of service

Question 23

what type of attack is phishing?

how is a worm different from a virus?

5 - 198,199

Answer 23

social engineering

doesn’t need to attach itself to an application

Question 24

the best firewall settings use what?

5-203

Answer 24

implicit deny

Question 25

what should you place in the DMZ?

5-204

Answer 25

your servers that are used by hosts in both the internal network and the external network