Domain 4: Network Security Flashcards
A laptop that is equipped with a fingerprint scanner that authenticates the user is using which of the following types of technology?
A. Pattern recognition
B. Hand geometry
C. Biometrics
D. Tamper detection
C. Biometrics
The technology that uses human physical characteristics to authenticate users is called biometrics. Biometric devices can identify users based on fingerprints, retinal pattern, voice prints, and other characteristics.
An IT department receives a shipment of 20 new computers, and Alice has been assigned the task of preparing them for deployment to end users. The first thing she does is affix a metal tag with a bar code on it to each computer. Which of the following terms best describes the function of this procedure?
A. Asset tracking
B. Tamper detection
C. Device hardening
D. Port security
A. Asset tracking
Bar coding the new computers enables the IT department to record their locations, status, and conditions throughout their life cycle, a process known as asset tracking. Bar codes are not used for tamper detection and device hardening. Port security refers to switches, not computers.
Which of the following types of physical security is most likely to detect an insider threat?
A. Smartcards
B. Motion detection
C. Video surveillance
D. Biometrics
C. Video surveillance
An insider threat by definition originates with an authorized user. Smartcards, motion detection, and biometrics will only detect the presence of someone who is authorized to enter sensitive areas. Video surveillance, however, can track the activities of anyone, authorized or not.
Which of the following physical security mechanisms can either fail close or fail open?
A. Motion detectors
B. Video cameras
C. Honeypots
D. Door locks
D. Door locks
The terms fail close and fail open refer to the default position of an electric or electronic door lock when there is a power failure. Security is often a trade-off with safety, and in the event that an emergency occurs, cutting off power, whether secured doors are permanently locked or left permanently open is a critical factor. The terms fail close and fail open do not apply to motion detectors or video cameras. A honeypot is a computer configured to lure potential attackers; it is not a physical security mechanism.
Which of the following statements describes what it means when the automated lock on the door to a datacenter is configured to fail open?
A. The door remains in its current state in the event of an emergency.
B. The door locks in the event of an emergency.
C. The door unlocks in the event of an emergency.
D. The door continues to function using battery power in the event of an emergency.
C. The door unlocks in the event of an emergency.
A door that is configured to fail open reverts to its unsecured state—open—when an emergency occurs. This must be a carefully considered decision, as it can be a potential security hazard. However, configuring the door to fail closed is a potential safety hazard.
A high security installation that requires entrants to submit to a retinal scan before the door unlocks is using which of the following types of technology?
A. Pattern recognition
B. Hand geometry
C. Biometrics
D. Tamper detection
C. Biometrics
The technology that uses human physical characteristics to authenticate users is called biometrics. Biometric devices can identify users based on fingerprints, retinal pattern, voice prints, and other characteristics.
Which of the following security measures can monitor the specific activities of authorized individuals within sensitive areas?
A. Video surveillance
B. Identification badges
C. Key fobs
D. Motion detection
A. Video surveillance
Video surveillance can monitor all activities of users in a sensitive area. With properly placed equipment, event specific actions, such as commands entered in a computer, can be monitored. Identification badges, key fobs, and motion detection can indicate the presence of individuals in a sensitive area, but they cannot monitor specific activities.
Which of the following statements is true when a biometric authentication procedure results in a false positive?
A. A user who should be authorized is denied access.
B. A user who should not be authorized is denied access.
C. A user who should be authorized is granted access.
D. A user who should not be authorized is granted access.
D. A user who should not be authorized is granted access.
When a false positive occurs during a biometric authentication, a user who should not be granted access to the secured device or location is granted access. A false negative is when a user who should be granted access is denied access.
In the datacenter of a company involved with sensitive government data, all servers have crimped metal tags holding the cases closed. All of the hardware racks are locked in clear-fronted cabinets. All cable runs are installed in transparent conduits. These are all examples of which of the following physical security measures?
A. Tamper detection
B. Asset tracking
C. Geofencing
D. Port security
A. Tamper detection
All of the mechanisms listed are designed to make any attempts to tamper with or physically compromise the hardware devices immediately evident. This is therefore a form of tamper detection. Asset tracking is for locating and identifying hardware. Geofencing is a wireless networking technique for limiting access to a network. Port security refers to network switch ports.
A secured government building that scans the faces of incoming people and compares them to a database of authorized entrants is using which of the following types of technology?
A. Pattern recognition
B. Hand geometry
C. Biometrics
D. Tamper detection
C. Biometrics
The technology that uses human physical characteristics to authenticate users is called biometrics. Biometric devices can identify users based on fingerprints, retinal pattern, voice prints, and other characteristics.
Which of the following is not a means of preventing physical security breaches to a network datacenter?
A. Badges
B. Locks
C. Key fobs
D. Tailgaters
D. Tailgaters
A tailgater is a type of intruder who enters a secure area by closely following an authorized user. Most people are polite enough to hold the door open for the next person without knowing if they are authorized to enter. A tailgater is therefore not an intrusion prevention mechanism. Identification badges, locks, and key fobs are methods of preventing intrusions.
Identification badges, key fobs, and mantraps all fall into which of the following categories of security devices?
A. Physical security
B. Data security
C. Asset tracking
D. Port security
A. Physical security
Identification badges, key fobs, and mantraps are all physical security mechanisms, in that they prevent unauthorized personnel from entering sensitive areas, such as datacenters. These mechanisms are not used for data file security, asset tracking, or switch port security.
Which of the following statements describes what it means when the automated lock on the door to a datacenter is configured to fail closed?
A. The door remains in its current state in the event of an emergency.
B. The door locks in the event of an emergency.
C. The door unlocks in the event of an emergency.
D. The door continues to function using battery power in the event of an emergenc
B. The door locks in the event of an emergency.
A door that is configured to fail closed reverts to its secured state—locked—when an emergency occurs. This must be a carefully considered decision, since it can be a potential safety hazard. However, configuring the door to fail open is a potential security hazard.
Which of the following IEEE standards describes an implementation of port-based access control for wireless networks?
A. 802.11ac
B. 802.11n
C. 802.1X
D. 802.3x
C. 802.1X
IEEE 802.1X is a standard that defines a port-based Network Access Control mechanism used for authentication on wireless and other networks. IEEE 802.11ac and 802.11n are standards defining the physical and data link layer protocols for wireless networks. IEEE 802.3x is one of the standards for wired Ethernet networks.
In a public key infrastructure (PKI), which half of a cryptographic key pair is never transmitted over the network?
A. The public key
B. The private key
C. The session key
D. The ticket granting key
B. The private key
In a PKI, the two halves of a cryptographic key pair are the public key and the private key. The public key is freely available to anyone, but the private key is never transmitted over the network.
Which of the following authentication protocols do Windows networks use for Active Directory Domain Services authentication of internal clients?
A. RADIUS
B. WPA2
C. Kerberos
D. EAP-TLS
C. Kerberos
Windows networks that use AD DS authenticate clients using the Kerberos protocol, in part because it never transmits passwords over the network, even in encrypted form. RADIUS is an authentication, authorization, and accounting service for remote users connecting to a network. Windows does not use it for internal clients. WPA2 is a security protocol used by wireless LAN networks. It is not used for AD DS authentication. EAP-TLS is a remote authentication protocol that AD DS networks do not use for internal clients.
Which of the following statements best describes asymmetric key encryption?
A. A cryptographic security mechanism that uses the same key for both encryption and decryption
B. A cryptographic security mechanism that uses public and private keys to encrypt and decrypt data
C. A cryptographic security mechanism that uses two separate sets of public and private keys to encrypt and decrypt data
D. A cryptographic security mechanism that uses separate private keys to encrypt and decrypt data
B. A cryptographic security mechanism that uses public and private keys to encrypt and decrypt data
Asymmetric key encryption uses public and private keys. Data encrypted with the public key can only be decrypted using the private key. The reverse is also true. Symmetric key encryption uses only one key both to encrypt and decrypt data. Security mechanisms that use multiple key sets are not defined as symmetric.
Which of the following protocols can you use to authenticate Windows remote access users with smartcards?
A. EAP
B. MS-CHAPv2
C. CHAP
D. PAP
A. EAP
The Extensible Authentication Protocol (EAP) is the only Windows remote authentication protocol that supports the use of authentication methods other than passwords, such as smartcards. MS-CHAPv2 is a strong remote access authentication protocol, but it supports password authentication only. Users cannot use smartcards. The Challenge Handshake Authentication Protocol (CHAP) is a relatively weak authentication protocol that does not support the use of smartcards. The Password Authentication Protocol (PAP) supports only clear text passwords, not smartcards.
Which of the following statements best defines multifactor user authentication?
A. Verification of a user’s identity on all of a network’s resources using a single sign-on
B. Verification of a user’s identity using two or more types of credentials
C. Verification of a user’s identity on two devices at once
D. Verification of a user’s membership in two or more security groups
B. Verification of a user’s identity using two or more types of credentials
Multifactor authentication combines two or more authentication methods, requiring a user to supply multiple credentials. This reduces the likelihood that an intruder would be able to successfully impersonate a user during the authentication process. The term multifactor does not refer to the number of resources, devices, or groups with which the user is associated.
How many keys does a system that employs asymmetric encryption use?
A. None. Asymmetric encryption doesn’t require keys.
B. One. Asymmetric encryption uses one key for both encryption and decryption.
C. Two. Asymmetric encryption uses one key for encryption and another key for decryption.
D. Three. Asymmetric encryption requires a separate authentication server, and each system has its own key.
C. Two. Asymmetric encryption uses one key for encryption and another key for decryption.
Asymmetric encryption uses two separate keys, one for encryption and one for decryption. In a public key infrastructure (PKI), each user, computer, or service has both a public key and a private key.
How many keys does a system that employs symmetric encryption use?
A. None. Symmetric encryption doesn’t require keys.
B. One. Symmetric encryption uses one key for both encryption and decryption.
C. Two. Symmetric encryption uses one key for encryption and another key for decryption.
D. Three. Symmetric encryption requires a separate authentication server, and each system has its own key.
B. One. Symmetric encryption uses one key for both encryption and decryption.
Symmetric encryption uses one key, which the systems use for both encryption and decryption.
When a user supplies a password to log on to a server, which of the following actions is the user performing?
A. Authentication
B. Authorization
C. Accounting
D. Auditing
A. Authentication
Authentication is the process of confirming a user’s identity. Passwords are one of the authentication factors commonly used by network devices. Authorization defines the type of access granted to authenticated users. Accounting and auditing are both methods of tracking and recording a user’s activities on a network, such as when a user logged on and how long they remained connected.
When a user swipes a finger across a fingerprint scanner log on to a laptop computer, which of the following actions is the user performing?
A. Authentication
B. Authorization
C. Accounting
D. Auditing
A. Authentication
Authentication is the process of confirming a user’s identity. Fingerprints and other biometric readers are one of the authentication factors commonly used by network devices. Authorization defines the type of access granted to authenticated users. Accounting and auditing are both methods of tracking and recording a user’s activities on a network, such as when a user logged on and how long they remained connected.
Which of the following security protocols can authenticate users without transmitting their passwords over the network?
A. Kerberos
B. 802.1X
C. TKIP
D. LDAP
A. Kerberos
Kerberos is a security protocol used by Active Directory that employs a system of tickets to authenticate users and other network entities without the need to transmit credentials over the network. IEEE 802.1X does authenticate by transmitting credentials. Temporal Key Integrity Protocol (TKIP) and Lightweight Directory Access Protocol (LDAP) are not authentication protocols.
Which of the following security procedures is often tied to group membership?
A. Authentication
B. Authorization
C. Accounting
D. Auditing
B. Authorization
Authentication is the process of confirming a user’s identity. Authorization defines the type of access granted to authenticated users. In many instances, the authorization process is based on the groups to which a user belongs. Accounting and auditing are both methods of tracking and recording a user’s activities on a network, such as when a user logged on and how long they remained connected.
Which of the following standards is most commonly used to define the format of digital certificates?
A. 802.1X
B. X.509
C. 802.1q
D. X.500
B. X.509
X.509, published by the International Telecommunication Union’s Standardization sector (ITU-T), defines the format of digital certificates. X.500, another standard published by the ITU-T, defines functions of directory services. IEEE 802.1X is an authentication standard, and IEEE 802.1q defines the VLAN tagging format used on many network switches.
Which of the following statements about authentication auditing are not true?
A. Auditing can disclose attempts to compromise passwords.
B. Auditing can detect authentications that occur after hours.
C. Auditing can identify the guess patterns used by password cracking software.
D. Auditing can record unsuccessful as well as successful authentications.
C. Auditing can identify the guess patterns used by password cracking software.
Auditing of authentication activities can record both successful and unsuccessful logon attempts. Large numbers of logon failures can indicate attempts to crack passwords. Auditing tracks the time of authentication attempts, sometimes enabling you to detect off-hours logons that indicate an intrusion. Auditing does not record the passwords specified during authentications, so it cannot identify patterns of unsuccessful guesses.
Which of the following types of key is included in a digital certificate?
A. Public
B. Private
C. Preshared
D. Privileged
A. Public
As part of a public key infrastructure (PKI), digital certificates are associated with a key pair, consisting of a public key and a private key. The public key is supplied with the certificate to any party authenticating the entity to which the certificate was issued. The private key is supplied to the entity with the certificate, but it is not distributed as part of the certificate. Preshared keys are not associated with certificates, and privileged keys do not exist.
When a user swipes a smartcard through a reader to log on to a laptop computer, which of the following actions is the user performing?
A. Authentication
B. Authorization
C. Accounting
D. Auditing
A. Authentication
Authentication is the process of confirming a user’s identity. Smartcards are one of the authentication factors commonly used by network devices. Authorization defines the type of access granted to authenticated users. Accounting and auditing are both methods of tracking and recording a user’s activities on a network, such as when a user logged on and how long they remained connected.
Combining elements like something you know, something you have, and something you are to provide access to a secured network resource is a definition of which of the following types of authentication?
A. Multifactor
B. Multisegment
C. Multimetric
D. Multifiltered
A. Multifactor
Multifactor authentication combines two or more authentication methods and reduces the likelihood that an intruder would be able to successfully impersonate a user during the authentication process. A password (something you know) and a retinal scan (something you are) is an example of a multifactor authentication system. A smartcard and a PIN, which is the equivalent of a password, is another example of multifactor authentication because it requires users to supply something they know and something they have. Multisegment, multimetric, and multifiltered are not applicable terms in this context.
How does MAC address filtering increase the security of a wireless LAN?
A. By preventing access points from broadcasting their presence
B. By allowing traffic sent to or from specific MAC addresses through the Internet firewall
C. By substituting registered MAC addresses for unregistered ones in network packets
D. By permitting only devices with specified MAC addresses to connect to an access point
D. By permitting only devices with specified MAC addresses to connect to an access point
MAC address filtering enables administrators to configure an access point to allow only devices with specific addresses to connect; all other traffic is rejected. Access points broadcast their presence using an SSID, not a MAC address. MAC address filtering protects wireless LANs when implemented in an access point, not a firewall. MAC address filtering does not call for the modification of addresses in network packets.
Which of the following terms describes a system that prevents computers from logging on to a network unless they have the latest updates and antimalware software installed?
A. NAC
B. LDAP
C. RADIUS
D. TKIP-RC4
A. NAC
Network Access Control is a mechanism that defines standards of equipment and configuration that systems must meet before they can connect to the network.
Which of the following statements best describes symmetric key encryption?
A. A cryptographic security mechanism that uses the same key for both encryption and decryption
B. A cryptographic security mechanism that uses public and private keys to encrypt and decrypt data
C. A cryptographic security mechanism that uses two separate sets of public and private keys to encrypt and decrypt data
D. A cryptographic security mechanism that uses separate private keys to encrypt and decrypt data
A. A cryptographic security mechanism that uses the same key for both encryption and decryption
Symmetric key encryption uses only one key both to encrypt and decrypt data. Asymmetric key encryption uses public and private keys. Security mechanisms that use multiple key sets are not defined as symmetric.
Which of the following is the best description of geofencing?
A. Something you have
B. Something you know
C. Something you do
D. Somewhere you are
D. Somewhere you are
Geofencing is the generic term for a technology that limits access to a network or other resource based on the client’s location. It is therefore best described as somewhere you are. A finger gesture would be considered something you do, a password something you know, and a smartcard something you have.
Which of the following describes the primary difference between single sign-on and same sign-on?
A. Single sign-on requires the user to supply credentials only once, whereas with same sign-on, the user must supply the credentials repeatedly.
B. Single sign-on enables users to access different resources with one set of credentials, whereas same sign-on requires users to have multiple credential sets.
C. Single sign-on credentials consist of one username and one password, whereas same sign-on credentials consist of one username and multiple passwords.
D. Single sign-on requires multifactor authentication, such as a password and a smartcard, whereas same sign-on requires only a password for authentication.
A. Single sign-on requires the user to supply credentials only once, whereas with same sign-on, the user must supply the credentials repeatedly.
Single sign-on uses one set of credentials and requires the user to supply them only once to gain access to multiple resources. Same sign-on also uses a single set of credentials, with one password, but the user must perform individual logons for each resource. Neither single sign-on nor same sign-on requires multifactor authentication.
Which of the following is the best description of biometrics?
A. Something you know
B. Something you have
C. Something you are
D. Something you do
C. Something you are
Biometrics is a type of authentication factor that uses a physical characteristic that uniquely identifies an individual, such as a fingerprint or a retinal pattern. Biometrics is therefore best described as something you are, as opposed to something you know, have, or do.
Which of the following authentication factors is an example of something you have?
A. A fingerprint
B. A smartcard
C. A password
D. A finger gesture
B. A smartcard
Something you have refers to a physical possession that serves to identify a user, such as a smartcard. This type of authentication is typically used as part of a multifactor authentication procedure, because a smartcard or other physical possession can be lost or stolen. A fingerprint would be considered something you are, a password something you know, and a finger gesture something you do.
Which of the following statements best describes the primary scenario for the use of TACACS+ ?
A. TACACS+ was designed to provide authentication, authorization, and accounting services for wireless networks.
B. TACACS+ was designed to provide authentication, authorization, and accounting services for the Active Directory directory service.
C. TACACS+ was designed to provide authentication, authorization, and accounting services for remote dial-up users.
D. TACACS+ was designed to provide authentication, authorization, and accounting services for network routers and switches.
D. TACACS+ was designed to provide authentication, authorization, and accounting services for network routers and switches.
Terminal Access Controller Access Control System Plus (TACACS+) is a protocol designed to provide AAA services for networks with many routers and switches, enabling administrators to access them with a single set of credentials. It was not designed to provide AAA services for wireless networks, Active Directory, or remote dial-in users.
Which of the following is not one of the functions provided by TACACS+ ?
A. Authentication
B. Authorization
C. Administration
D. Accounting
C. Administration
Terminal Access Controller Access Control System Plus (TACACS+) is a protocol that was designed to provide AAA services for networks with many routers and switches. AAA stands for authentication, authorization, and accounting, but not administration.
Your new smartphone enables you to configure the lock screen with a picture of your husband, on which you draw eyes, nose, and a mouth with your finger to unlock the phone. This is an example of which of the following authentication factors?
A. Something you have
B. Something you know
C. Something you are
D. Something you do
D. Something you do
The act of drawing on the screen with your finger is a gesture, which is an example of something you do. A PIN or a password is something you know; a thumbprint, or any other biometric factor, is something you are; and a smartcard is an example of something you have.
Which of the following authentication factors is an example of something you do?
A. A fingerprint
B. A smartcard
C. A password
D. A finger gesture
D. A finger gesture
Something you do refers to a physical action performed by a user, such as a finger gesture, which helps to confirm his or her identity. This type of authentication is often used as part of a multifactor authentication procedure because a gesture or other action can be imitated. A fingerprint would be considered something you are, a password something you know, and a smartcard something you have.
Which of the following authentication factors is an example of something you know?
A. A fingerprint
B. A smartcard
C. A password
D. A finger gesture
C. A password
Something you know refers to information you supply during the authentication process, such as a password or PIN. This is the most common type of authentication factor because it cannot be lost or stolen unless the user violates security policies. A fingerprint would be considered something you are, a finger gesture something you do, and a smartcard something you have.
Which of the following authentication factors is an example of something you are?
A. A fingerprint
B. A smartcard
C. A password
D. A finger gesture
A. A fingerprint
Something you are refers to a physical characteristic that uniquely identifies an individual, such as a fingerprint or other form of biometric. This type of authentication is often used as part of a multifactor authentication procedure because a biometric element can conceivably be compromised. A finger gesture would be considered something you do, a password something you know, and a smartcard something you have.
Which of the following is an implementation of Network Access Control (NAC)?
A. RADIUS
B. 802.1X
C. LDAP
D. TACACS+
B. 802.1X
NAC is a set of policies that define security requirements that clients must meet before they are permitted to connect to a network. 802.1X is a basic implementation of NAC. RADIUS and TACACS+ are Authentication, Authorization, and Accounting (AAA) services. They are not NAC implementations themselves, although they can play a part in their deployment. Lightweight Directory Access Protocol (LDAP) provides directory service communications.
Which of the following is the service responsible for issuing certificates to client users and computers?
A. DNS
B. AAA
C. CA
D. ACL
C. CA
A certification authority (CA) is the service that receives requests for certificate enrollment from clients and issues the certificates when the requests are approved. Domain Name System (DNS); Authentication, Authorization, and Accounting (AAA) services; and access control lists (ACLs) do not issue certificates.
Which of the following is not one of the roles involved in an 802.1X transaction?
A. Supplicant
B. Authentication server
C. Authorizing agent
D. Authenticator
C. Authorizing agent
An 802.1X transaction involves three parties: the supplicant, which is the client attempting to connect to the network; the authenticator, which is a switch or access point to which the supplicant is requesting access; and the authentication server, which is typically a RADIUS implementation that verifies the supplicant’s identity. There is no party to the transaction called an authorizing agent.
Which of the following terms describes the process by which a client user or computer requests that it be issued a certificate, either manually or automatically?
A. Authorization
B. Enrollment
C. Authentication
D. Certification
B. Enrollment
Enrollment is the process by which a client submits a request for a certificate from a certification authority (CA). The enrollment process can be automated and invisible to the user, or it can be a manual request generated using an application. Authorization and authentication, and certification are not terms used for certificate requests.
In an 802.1X transaction, what is the function of the supplicant?
A. The supplicant is the service that issues certificates to clients attempting to connect to the network.
B. The supplicant is the service that verifies the credentials of the client attempting to access the network.
C. The supplicant is the network device to which the client is attempting to connect.
D. The supplicant is the client user or computer attempting to connect to the network.
D. The supplicant is the client user or computer attempting to connect to the network.
An 802.1X transaction involves three parties: the supplicant, which is the client attempting to connect to the network; the authenticator, which is a switch or access point to which the supplicant is requesting access; and the authentication server, which is typically a RADIUS implementation that verifies the supplicant’s identity. The supplicant is not involved in issuing certificates.
In an 802.1X transaction, what is the function of the authenticator?
A. The authenticator is the service that issues certificates to clients attempting to connect to the network.
B. The authenticator is the service that verifies the credentials of the client attempting to access the network.
C. The authenticator is the network device to which the client is attempting to connect.
D. The authenticator is the client user or computer attempting to connect to the network.
C. The authenticator is the network device to which the client is attempting to connect.
An 802.1X transaction involves three parties: the supplicant, which is the client attempting to connect to the network; the authenticator, which is a switch or access point to which the supplicant is requesting access; and the authentication server, which is typically a RADIUS implementation that verifies the supplicant’s identity. The authenticator is not involved in issuing certificates.
An 802.1X transaction involves three roles: the supplicant, the authenticator, and the authentication server. Of the three, which role typically takes the form of a RADIUS implementation?
A. The supplicant
B. The authenticator
C. The authentication server
D. None of the above
C. The authentication server
The authentication server role is typically performed by a Remote Authentication Dial-In User Service (RADIUS) server. In an 802.1X transaction, the supplicant is the client attempting to connect to the network, the authenticator is a switch or access point to which the supplicant is requesting access, and the authentication server verifies the client’s identity.
Which of the following best describes an example of a captive portal?
A. A switch port used to connect to other switches
B. A web page with which a user must interact before being granted access to a wireless network
C. A series of two doors through which people must pass before they can enter a secured space
D. A web page stating that the user’s computer has been locked and will only be unlocked after payment of a fee
B. A web page with which a user must interact before being granted access to a wireless network
A captive portal is a web page displayed to a user attempting to access a public wireless network. The user typically must supply credentials, provide payment, or accept a user agreement before access is granted. A captive portal does not refer to a switch port, a secured entryway to a room, or a type of extortionate computer attack.
A user attempting to connect to a Wi-Fi hotspot in a coffee shop is taken to a web page that requires her to accept an End User License Agreement before access to the network is granted. Which of the following is the term for such an arrangement?
A. Captive portal
B. Ransomware
C. Port security
D. Root guard
A. Captive portal
A web page that prompts users for payment, authentication, or acceptance of a EULA is a captive portal. Ransomware is a type of attack that extorts payment. Port security and root guards are methods for protecting access to switch ports.
Which of the following standards was originally designed to provide authentication, authorization, and accounting services dial-up network connections?
A. RADIUS
B. TACACS+
C. Kerberos
D. LDAP
A. RADIUS
Remote Authentication Dial-In User Service (RADIUS) was originally conceived to provide AAA services for Internet Service Providers (ISPs), which at one time ran networks with hundreds of modems providing dial-up access to subscribers. Terminal Access Controller Access Control System Plus (TACACS+) is a protocol that was designed to provide AAA services for networks with many routers and switches but not for dial-up connections. Kerberos and Lightweight Directory Access Protocol (LDAP) are not AAA services.
MAC filtering is an access control method used by which of the following types of hardware devices?
A. Wireless access point
B. RADIUS server
C. Domain controller
D. Smartcards
A. Wireless access point
Wireless access points (WAPs) typically include the ability to maintain an access control list, which specifies the MAC addresses of devices that are permitted to connect to the wireless network. The technique is known as MAC address filtering. RADIUS servers, domain controllers, and smartcards typically do include MAC filtering capabilities.
Which of the following statements about RADIUS and TACACS+ are correct?
A. By default, RADIUS uses UDP, and TACACS+ uses TCP.
B. By default, RADIUS uses TCP, and TACACS+ uses UDP.
C. By default, both RADIUS and TACACS+ use TCP.
D. By default, both RADIUS and TACACS+ use UDP.
A. By default, RADIUS uses UDP, and TACACS+ uses TCP.
RADIUS uses User Datagram Protocol (UDP) ports 1812 and 1813 or 1645 and 1646 for authentication, whereas TACACS+ uses TCP port 49.
Which of the following standards provides authentication, authorization, and accounting services for network routers and switches?
A. RADIUS
B. TACACS+
C. Kerberos
D. LDAP
B. TACACS+
Terminal Access Controller Access Control System Plus (TACACS+) is a protocol designed to provide AAA services for networks with many routers and switches, enabling administrators to access them with a single set of credentials. Remote Authentication Dial-In User Service (RADIUS) provides AAA services, but not for routers and switches. Kerberos and Lightweight Directory Access Protocol (LDAP) are not AAA services.
Which of the following terms refers to the process of determining whether a user is a member of a group that provides access to a particular network resource?
A. Authentication
B. Accounting
C. Authorization
D. Access control
C. Authorization
Authorization is the process of determining what resources a user can access on a network. Typically, this is done by assessing the user’s group memberships. Authentication is the process of confirming a user’s identity. Accounting is the process of tracking a user’s network activity. Access control is the creation of permissions that provide users and groups with specific types of access to a resource.
Which of the following terms refers to the process of confirming a user’s identity by checking specific credentials?
A. Authentication
B. Accounting
C. Authorization
D. Access control
A. Authentication
Authentication is the process of confirming a user’s identity by checking credentials, such as passwords, ID cards, or fingerprints. Authorization is the process of determining what resources a user can access on a network. Accounting is the process of tracking a user’s network activity. Access control is the creation of permissions that provide users and groups with specific types of access to a resource.
Which of the following terms refers to the process by which a system tracks a user’s network activity?
A. Authentication
B. Accounting
C. Authorization
D. Access control
B. Accounting
Accounting is the process of tracking a user’s network activity, such as when the user logged on and logged off and what resources the user accessed. Authentication is the process of confirming a user’s identity by checking credentials. Authorization is the process of determining what resources a user can access on a network. Access control is the creation of permissions that provide users and groups with specific types of access to a resource.
Which of the following is not a factor that weakens the security of the Wired Equivalent Privacy (WEP) protocol used on early IEEE 802.11 wireless LANs?
A. 40-bit encryption keys
B. 24-bit initialization vectors
C. Static shared secrets
D. Open System Authentication
D. Open System Authentication
Open System Authentication enables any user to connect to the wireless network without a password, which actually increases the security of the protocol. This is because most WEP implementations use the same secret key for both authentication and encryption. An intruder that captures the key during the authentication process might therefore penetrate the data encryption system as well. By not using the key for authentication, you reduce the chances of the encryption being compromised.
Which of the following encryption ciphers was replaced by CCMP-AES when the WPA2 wireless security protocol was introduced?
A. EAP
B. WEP
C. TKIP
D. CCMP
C. TKIP
Wi-Fi Protected Access (WPA) is a wireless security protocol that was designed to replace the increasingly vulnerable Wired Equivalent Privacy (WEP). WPA added an encryption protocol called Temporal Key Integrity Protocol (TKIP). This too became vulnerable, and WPA2 was introduced, which replaced TKIP with an Advanced Encryption Standard (CCMP-AES) protocol.
Which of the following wireless security protocols was substantially weakened by its initialization vector?
A. WPA
B. WEP
C. WPA2
D. PEAP
B. WEP
Wired Equivalent Privacy (WEP) was one of the first commercially available security protocols for wireless LANs. WEP requires 24 bits of the encryption key for the initialization vector, substantially weakening the encryption. WEP was soon found to be easily penetrated and was replaced by Wi-Fi Protected Access (WPA) and then WPA2. Extensible Authentication Protocol (EAP) is a framework for the encapsulation of authentication messages.
Which of the following wireless security protocols uses TKIP for encryption?
A. WEP
B. WPA
C. WPA2
D. AES
B. WPA
Wi-Fi Protected Access (WPA) is a wireless security protocol that was designed to replace the increasingly vulnerable Wired Equivalent Privacy (WEP). WPA added an encryption protocol called Temporal Key Integrity Protocol (TKIP). This too became vulnerable, and WPA2 was introduced, which replaced TKIP with an Advanced Encryption Standard protocol (CCMP-AES).