Chapter 7 Flashcards
At what layer of the OSI model does the IPSec encryption protocol operate?
a. Transport layer b. Application layer c. Network layer d. Physical layer
c. Network layer
After L2TP establishing a VPN tunnel, GRE is used to transmit L2TP data frames through the tunnel.
True
False
False
An enterprise-wide VPN can include elements of both the client-to-site and site-to-site models.
True
False
True
When using a site-to-site VPN, what type of device sits at the edge of the LAN and establishes the connection between sites?
a. VPN transport b. VPN gateway c. VPN proxy d. VPN server
b. VPN gateway
Digital certificates are issued by organizations known as what term?
a. certification registrars b. certification authorities c. identity verifiers d. certificate exchanges
b. certification authorities
What cloud service model involves providing applications through an online user interface, providing for compatibility with a multitude of different operating systems and devices?
a. IaaS b. XaaS c. PaaS d. SaaS
d. SaaS
The combination of a public key and a private key are known by what term below?
a. key team b. key set c. key pair d. key tie
c. key pair
PPP can support several types of Network layer protocols that might use the connection.
True
False
True
What option below is not an encryption algorithm method that is used by SSH?
a. Kerberos b. SHA-2 c. RSA d. DES
b. SHA-2
What protocol below only provides the framework for authenticating clients and servers, but relies on other encryption and authentication schemes to verify the credentials of clients or servers?
a. MS-CHAPv2 b. EAP c. MS-CHAP d. TKIP
b. EAP
What protocol below is a Microsoft proprietary protocol first available in Windows Vista?
a. PPTP b. L2TP c. SSTP d. TTLS
c. SSTP
Windows, UNIX, Linux, and Mac OS clients are all capable of connecting to a VPN using PPTP.
True
False
true
The MD5 hashing algorithm is not susceptible to the possibility of hash collisions.
True
False
True
A SecurID key chain fob from RSA security generates a password that changes how often?
a. every 30 seconds b. every 70 seconds c. every 20 seconds d. every 60 seconds
d. every 60 seconds
How often should administrators and network users be required to change their password?
a. 90 days b. 60 days c. 120 days d. 180 days
b. 60 days
The original version of the Secure Hashing Algorithm (SHA) was developed by the NSA, and used a hash of what length?
a. 128 bit b. 256 bit c. 512 bit d. 160 bit
b. 256 bit
What encryption protocol was designed as more of an integrity check for WEP transmissions rather than a sophisticated encryption protocol?
a. Kerberos b. AES c. EAP d. TKIP
d.
The PPP headers and trailers used to create a PPP frame that encapsulates Network layer packets vary between 8 and 10 bytes in size due to what field?
a. priority b. encryption c. FCS d. FEC
c. FCS
An enterprise-wide VPN can include elements of both the client-to-site and site-to-site models. (A) True (B) False
Answer : (A)
After L2TP establishing a VPN tunnel, GRE is used to transmit L2TP data frames through the tunnel.
(A) True
(B) False
Answer : (B)
The MD5 hashing algorithm is not susceptible to the possibility of hash collisions.
(A) True
(B) False
Answer : (B)
PPP can support several types of Network layer protocols that might use the connection.
(A) True
(B) False
Answer : (A)
Windows, UNIX, Linux, and Mac OS clients are all capable of connecting to a VPN using PPTP.
(A) True
(B) False
Answer : (A)
Which type of cloud service model involves hardware services that are provided virtually, including network infrastructure devices such as virtual servers? (A) IaaS (B) PaaS (C) SaaS (D) XaaS
Answer : (A)
What cloud service model involves providing applications through an online user interface, providing for compatibility with a multitude of different operating systems and devices? (A) IaaS
(B) SaaS
(C) XaaS
(D) PaaS
Answer : (B)
Which of the following is NOT an encryption algorithm used by SSH? (A) SHA-2 (B) DES (C) RSA (D) Kerberos
Answer : (A)
The SSH service listens on what TCP port? (A) 20 (B) 21 C) 22 (D) 23
Answer : (C)
The original version of the Secure Hashing Algorithm (SHA) was developed by the NSA, and used a hash of what length? (A) 128 bit B) 160 bit (C) 256 bit (D) 512 bit
Answer : (B)
What protocol below only provides the framework for authenticating clients and servers, but relies on other encryption and authentication schemes to verify the credentials of clients or servers? (A) MS-CHAP (B) MS-CHAPv2 (C) EAP (D) TKIP
Answer : (C)
When using public and private keys to connect to an SSH server, where must your public key be placed before you can connect?
(A) In an authorization file under your home directory on your computer.
(B) In an authorization file on the host where the SSH server is.
C) In the /etc/ssh/keys folder.
(D) In the /var/run/ssh/public folder.
Answer : (B)
What security principle provides proof of delivery and proof of the sender's identity? (A) utility (B) integrity (C) availability (D) non-repudiation
Answer : (D)
The combination of a public key and a private key are known by what term below? (A) key set (B) key team (C) key pair D) key tie
Answer : (C)
Digital certificates are issued by organizations known as what term? (A) certification authorities (B) certification registrars (C) identity verifiers (D) certificate exchanges
Answer : (A)
What security encryption protocol requires regular re-establishment of a connection and can be used with any type of TCP/IP transmission? (A) L2TP (B) TLS (C) IPsec (D) SSL
Answer : (C)
At what layer of the OSI model does the IPsec encryption protocol operate? (A) Physical layer (B) Network layer (C) Transport layer (D) Application layer
Answer : (B)
The PPP headers and trailers used to create a PPP frame that encapsulates Network layer packets vary between 8 and 10 bytes in size due to what field? (A) priority (B) FCS C) FEC (D) encryption
Answer : (B)
When using a site-to-site VPN, what type of device sits at the edge of the LAN and establishes the connection between sites? (A) VPN proxy (B) VPN server (C) VPN transport (D) VPN gateway
Answer : (D)
Amazon and Rackspace both utilize what virtualization software below to create their cloud environments? (A) VMware vSphere B) Oracle VirtualBox C) Parallels (D) Citrix Xen
Answer : (D)
What protocol below is a Microsoft proprietary protocol first available in Windows Vista? (A) L2TP (B) PPTP (C) TTLS ( D) SSTP
Answer : (D)
What authentication protocol sends authentication information in cleartext without encryption? (A) PAP B) MS-CHAP (C) MS-CHAPv2 D) EAP
Answer : (A)
How often should administrators and network users be required to change their password? (A) 60 days (B) 90 days (C) 120 days (D) 180 days
Answer : (A)
What encryption protocol was designed as more of an integrity check for WEP transmissions rather than a sophisticated encryption protocol? (A) Kerberos (B) TKIP (C) AES (D) EAP
Answer : (B)
A SecurID key chain fob from RSA security generates a password that changes how often? (A) every 20 seconds (B) every 30 seconds (C) every 60 seconds (D) every 70 seconds
Answer : (C)
The _________________ cloud service model provides virtual environments online that can be tailored to the needs of developers.
Answer : Platform as a Service (PaaS)
A _________________ is a service that is shared between multiple organizations, but not available publicly.
Answer : community cloud
A variant of TLS is ___________________, which provides authentication like SSL/TLS, but does not require a certificate for each user.
Answer : Tunneled Transport Layer Security (TTLS)
In Kerberos, a temporary set of credentials that a client uses to prove that its identity has been validated is known as a _____________.
Answer : ticket
When PPP is used over an Ethernet network, it is known as ________________.Answer : PPPoE Answer : Point to Point over Ethernet
Answer : PPPoE Answer : Point to Point over Ethernet
In which cloud computing service model are hardware services provided virtually, including network infrastructure devices such as virtual servers?
Answer: IaaS (Infrastructure as a Service)
Which of the following cloud deployment models would the Internet be considered as an example?
a. Community
b. Private
c. Public
d. Hybrid
Answer: C
A ______ is a virtual connection between a client and a remote network, two remote networks, or two remote hosts over the Internet, to remotely provide network resources.
Answer: virtual private network or VPN
Which remote access protocol is an earlier protocol that does not support encryption, can carry only IP packets, and works strictly on serial connections?
Answer: SLIP or Serial Line Internet Protocol
Most VPN tunneling protocols operate at the _____ layer to encapsulate the VPN frame into a Network packet.
Answer: Data Link
Because public key encryption requires the use of two different keys, it is also known as _____ encryption.
Answer: asymmetric
Which of the following terms best describe a small file containing verified identification information about the user and the user’s public key?
a. certificate authority
b. private key
c. digital certificate
d. cipher
Answer: C
Which type of protocol allows the client and server to introduce themselves to each other and establish terms for how they will exchange data?
a. tunneling
b. handshake
c. VPN
d. file transfer
Answer: B
SSH provides little security for establishing a connection and no security for transmitting data.
Answer: False
Which cloud computing service model gives software developers access to multiple operating systems for testing? A. IaaS B. PaaS C. SaaS D. XaaS
Answer: B. PaaS
What service in Windows Server 2012 R2 authenticates remote users and computers to the
Windows domain and its corporate network resources?
A. Active Directory
B. Group Policy
C. DirectAccess
D. RAS (Remote Access Service)
Answer: C. DirectAccess
Which remote access protocol is used over an Ethernet network? A. PPPoE B. RAS C. PPP D. SLIP
Answer: A. PPPoE
Which encryption protocol does GRE use to increase the security of its transmissions? A. SSL B. SFTP C. IPsec D. SSH
Answer: C. IPsec
Which tunneling protocol is accepted and used by multiple vendors? A. SSL VPN B. L2TP C. SSL D. SSH
Answer: B. L2TP
A hacker runs a program that tries numerous character combinations until it stumbles on the
correct combination and cracks the key. What offensive strategy is this program using?
A. Brute force attack
B. Zero-day exploit
C. CIA triad
D. Endpoint security vulnerability
Answer: A. Brute force attack
What is the minimum acceptable key size for today’s security standards? A. 8 bytes B. 128 bits C. 256 bits D. 512 bits
Answer: B. 128 bits
In public key encryption, which key is used to decrypt the message? A. Session key B. Private key C. Public key D. Network key
Answer: B. Private key
What feature must be configured on a router to redirect traffic from an insecure port to a
secure one?
A. AAA (authentication, authorization, and accounting)
B. Mutual authentication
C. TGS (Ticket-Granting Service)
D. Port forwarding
Answer: D. Port forwarding
Which of the following is NOT one of the three AAA services provided by RADIUS and TACACS+? A. Authentication B. Authorization C. Access control D. Accounting
Answer: C. Access control
Organizations with common interests, such as regulatory requirements, performance
requirements, or data access, might share resources in a __________________.
Answer: community cloud
All types of remote access techniques require some type of ________________, which
accepts a remote connection and grants privileges to the network’s resources.
Answer: remote access server (RAS)
Which Transport layer protocol does PPTP use? Which Transport layer protocol does L2TP
use?
Answer: TCP, UDP
What unique VPN connection characteristic is provided by the conjunction of RRAS and
DirectAccess?
Answer: RRAS and DirectAccess together enable always-on remote connections.
What are the two primary encryption techniques used by VPNs today?
Answer: IPsec and SSL
When surfing online, you get some strange data on an apparently secure Web site, and you
realize you need to check the legitimacy of the site. What kind of organization issues digital
certificates?
Answer: Certificate authority (CA)
Which two protocols are available to create secure transmissions for HTTP sessions?
Answer: SSL and TLS
____________________ is used for confidentiality while ___________________ is used for
integrity and authentication.
Answer: Encryption, hashing
EAPoL is primarily used with what kind of transmission?
Answer: Wireless
What kind of ticket is held by Kerberos’ TGS?
Answer: Ticket-granting ticket (TGT)
What does RAS stand for?
a. Remote authentication service
b. Remote access server
c. Remote accounting service
d. Remote addressing server
b. Remote access server
Which of the following best describes a modem’s function?
a. To encapsulate Data Link layer protocols as Network layer protocols before transmitting data over the PSTN
b. To separate data into frames as it is transmitted from the computer to the PSTN, and then strip data from frames as it is received from the PSTN
c. To encrypt data as it is transmitted from the computer to the PSTN, and then decrypt data as it is received from the PSTN
d. To convert a source computer’s digital pulses into analog signals for the PSTN, and then convert analog signals back into digital pulses for the destination computer
d. To convert a source computer’s digital pulses into analog signals for the PSTN, and then convert analog signals back into digital pulses for the destination computer
What is another common term for Public Switched Telephone Network?
a. Plain old telephone service
b. Basic rate telephone service
c. Limited access telephone service
d. Transcontinental public telephone service
a. Plain old telephone service
Which of the following types of dial-up connections would result in the best performance from the client’s perspective?
a. A PPP dial-up connection to an RRAS server that allowed the client to launch an application from the RRAS server
b. A PPTP dial-up connection to an RRAS server that allowed the client to launch an application from another server on the LAN
c. A SLIP dial-up connection to an RRAS server that allowed the client to log on to an application server on the LAN and run an application from that application server
d. A PPTP dial-up connection to an RRAS server that allowed the client to log on to a Citrix terminal server and use ICA to run an application
d. A PPTP dial-up connection to an RRAS server that allowed the client to log on to a Citrix terminal server and use ICA to run an application
Why do most remote clients (for example, those that dial in to an RRAS server) use DHCP and not static IP addressing?
a. Because using DHCP allows more efficient use of a limited number of IP addresses
b. Because using DHCP ensures that the client is authorized to access the network
c. Because using DHCP ensures that the client is assigned a valid IP address
d. Because using DHCP allows the client to use the same IP address each time he or she dials in to the LAN
c. Because using DHCP ensures that the client is assigned a valid IP address
What does the “T” in PPTP stand for?
a. Tunneling
b. Transmission
c. Transport
d. Telecommunications
a. Tunneling
What is one reason an organization might employ a VPN rather than simply allow users to dial directly in to their remote access server?
a. VPNs always provide better performance than direct-dial connections.
b. VPNs allow more users to connect to the LAN simultaneously.
c. VPNs are less expensive for connecting a large number of remote users.
d. VPNs prevent the need for firewalls between access servers and the Internet.
c. VPNs are less expensive for connecting a large number of remote users.
In this lab, you connected a workstation to a server using a VPN. Which of the following is true about the VPN connection you created in this lab?
a. It uses physical IP addresses.
b. It uses virtual IP addresses on the workstation end.
c. It uses virtual IP addresses on both ends.
d. It requires a modem for connection
c. It uses virtual IP addresses on both ends.
Which of the following transmission methods is most apt to be used by VPN clients?
a. PSTN
b. T-1
c. frame relay
d. SONET
a. PSTN
What is the most common public network used with VPNs? a. ARPANET What is the most common public network used with VPNs? a. ARPANET b. The Internet c. NetBEUI d. AppleTalk c. NetBEUI d. AppleTalk
b. The Internet
Which of the following are reasons you might implement Terminal Services instead of a remote access server? (Choose all that apply.)
a. No modems required with Terminal Services
b. Central configuration and control of applications on the Terminal Server
c. No modems required on clients
d. No need to configure security on the Terminal Server
a. No modems required with Terminal Services
What is the difference between configuring a Windows Server 2012 R2 computer to accept Remote Desktop Connection and configuring it to run Terminal Services?
a. Remote Desktop Connection requires additional licensing.
b. Terminal Services requires each client to have a modem.
c. Terminal Services allows no more than two simultaneous connections.
d. Terminal Services allows more than two simultaneous connections
d. Terminal Services allows more than two simultaneous connections
What is one way a network administrator can effectively troubleshoot a user’s problem in a Terminal Services session that can’t be done with a remote access server?
a. By speaking with the user over the phone
b. By examining the Terminal Server’s error logs
c. By taking over the user’s session temporarily
d. By rebooting the server
c. By taking over the user’s session temporarily
Which of the following is a potential disadvantage of Terminal Services?
a. It requires additional licensing.
b. It requires the client to be running Windows 8.1
c. It requires the client to have a high-speed connection such as a T-1.
d. It requires the server to have a minimum of 1 GB of RAM.
a. It requires additional licensing.
