IS3220 CHAPTER 3 Flashcards

1
Q

A set of rules and procedures, usually mathematical in nature. This can define how the encryption processes operate. Often very complex, many are publicly known; anyone can investigate and analyze the strengths and weaknesses of what is called an___?

A

ALGORITHM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A means of encoding and decoding information using related but different keys for each process is called ___?
FYI
(A key used to encode cannot decode, and vice versa. This is based on algorithms that use either key pairs or some other special mathematical mechanism. Different keys serve different purposes. Different keys are used by different members of the communication session. some systems use something different from keys altogether)

A

ASYMMETRIC CRYPTOGRAPHY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Examples of this include:
RADIUS, TACACS, and directory services such as LDAP and Active Directory.
This is called ___?

A

AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING (AAA) SERVICES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The process of confirming the identity of the combination of authentication and access control/authorization that provides either the identity of the sender of a message or controls who is to receive a message. This is called ___?

A

AUTHENTICITY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A common feature of hash algorithms. this effect ensures that small changes in the input data produce large changes in the outputted hash value. A single binary digit change in a file should produce a clearly recognizable difference in the resultant hash value. This is called ___?

A

AVALANCHE EFFECT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A trusted third-party entity that issues digital certificates to verify and validate identities of people, organizations, systems, and networks digitally is called ___?

A

CERTIFICATE AUTHORITY (CA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A communication pathway, circuity, or frequency dedicated or reserved for a specific transmission is called ___?

A

CHANNEL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The seemingly random and unusable output from a cryptographic function applied to original data is called ___?
(This is the result of encryption. Decryption converts this back into plain text)

A

CIPHERTEXT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

This is created between a client and a server either within the same local network or across a WAN link or intermediary network and is called ___?
This will support secure client interaction with the services of a resource host.

A

CLIENT-TO-SERVER VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Removal of redundant or superfluous data or space to reduce the size of a data set is called___?
This consumes less storage space and increased the speed of data transmission.

A

COMPRESSION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An appliance firewall placed on the border or edge of an organization’s network is called ___?.

A

CORPORATE FIREWALL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The art and science of hiding information from unauthorized third parties is called ___?
This is divided into two main categories: encryption and decryption.

A

CRYPTOGRAPHY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The process of converting cipher text back into plain text is called___?

A

DECRYPTION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A network connection that is always on and available for immediate transmission of data is called ___?
Most leased lines are this.

A

DEDICATED CONNECTION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A network connection that is always on and available for immediate transmission of data is called ___?
AKA a dedicated connection.

A

DEDICATED LEASED LINE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An electronic proof of identity issued by a certificate authority is called ___?
This is an entity’s public key encoded by the CA’s private key.

A

DIGITAL CERTIFICATE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A secure communication based on public-key cryptography that encodes a message or data with the public key of the intended recipient is called ___?

A

DIGITAL ENVELOPE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A public-key cryptography-based mechanism for proving the source (and possibly integrity) of a signed data set or message is called ___?
This uses the private key of a sender.

A

DIGITAL SIGNATURE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A LAN whose components are in multiple places that are interconnected by WAN VPN links is called ___?

A

DISTRIBUTED LAN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

The act of listening in on digital or audio conversations is called ___?
Network types usually require a sniffer, protocol analyzer, or packet capturing utility. This may be able to access unencrypted communication, depending on where it occurs.

A

EAVESDROPPING

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

A router positioned on the edge of a private network is called ___?
This is usually the last device owned and controlled by an organization before an ISP or telco connection.

A

EDGE ROUTER

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

This is used to grant outside entities access into a perimeter network and is called ___?
This is used to host resources designated as accessible to a limited group of external entities, such as business partners or suppliers, but not the general public.

A

EXTRANET VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

______ occurs when a data set is too large for maximum supported size of a communication container, such as a segment, packet, or frame.
The original divides into multiple sections or fragments for transmission across the size-limited medium, then reassembles on the receiving end.
It can sometimes corrupt or damage data or allow outsiders to smuggle malicious content past network filters.

A

FRAGMENTATION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

This requires a line between each business location and allows for a direct communication between one site and another. This is called ___?

A

FULL MESH

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

A dedicated device hosting VPN software. It can connect hosts and/or networks. This is also known as an appliance VPN and is called ___?

A

HARDWARE VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

The unique number produced by a hash algorithm when applied to a data set is called ___?
This verifies the integrity of date.

A

HASH/HASH VALUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

A set of mathematical rules and procedures that produce a unique number from a data set is called ___?

A

HASH ALGORITHM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

The process of verifying data integrity. It uses hash algorithms to produce unique numbers from datasets, known as hash values. If before and after hash values are the same, the data retain integrity and is called ___?

A

HASHING

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

A VPN endpoint located on a host client or server is called___?
It relies on either a native feature of the operating system or a third-party application.

A

HOST VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

A VPN model where the remote client connects to the VPN server to gain access to the internal network is called ___?

A

HOST-TO-HOST VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

A VPN created between a host and a network across a local or intermediary network is called ___?
(AKA a remote access VPN.)

A

HOST-TO-SITE VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

A form of VPN establishing a secure VPN over trust VPN connections is called ___?

A

HYBRID VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

The act of authentication that confirms the identity of a user or host is called ___?

A

IDENTITY PROOFING

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Any network, network link, or channel located between the endpoints of a VPN is called ___?
(Often the Internet)

A

INTERMEDIARY NETWORK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

The unique number used to guide an algorithm in the encryption and decryption process is called ___?
A valid key must be within the key space of an algorithm.

A

KEY/ENCRYPTION KEY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

The cryptographic function ensuring that both endpoints of a commutation have the same symmetric key is called ?
It occurs by simultaneous key generation or with a digital envelope.

A

KEY EXCHANGE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

The set of associated keys including a public key and a private key used by public key cryptography is called ___?
Only the public key can decrypt data encrypted by the private key, and vice versa.

A

KEY PAIR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

The range of valid keys used by an algorithm is called ___?

This is the bit length of the keys supported by the algorithm.

A

KEY SPACE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

A VPN between two networks over an intermediary network is called ___?
AKA WAN VPN and site-to-site VPN.

A

LAN-TO-LAN VPN

40
Q

The accumulation of delay each time a communication signal crosses a node or host is called ___?
Some amount of delay occurs between reception on one interface and transmission out of another interface. Too much latency causes communication timeouts.

A

LATENCY

41
Q

A network communications line leased from an ISP or telco service is called ___?
This is usually a dedicated line between network locations or to the Internet.

A

LEASED LINE

42
Q

This acronym is a device that communicates computer data across a telephone connection and is called ___?

A

MODEM

43
Q

Authentication that requires multiple valid proofs of identity used in simultaneous combination is called ___?

A

MULTI-FACTOR AUTHENTICATION

44
Q

A network connection not always on and available for immediate transmission of data is called ___?
A connection must be established through a negation process before the channel is open and ready for data transmission. Dial-up and DSL are examples.

A

NON-DEDICATED CONNECTION

45
Q

A security service that ensures that a sender cannot deny sending a message is called ___?
This service can be provided by public key cryptography, typically through a digital signature.

A

NON-REPUDIATION

46
Q

A form of cryptography in which each encryption key is used once before being discarded is called ___?
Keys are pseudorandom and never repeat.
Key length must match message length, so that each character is encrypted with a unique key character.

A

ONE-TIME PAD

47
Q

A mathematical operation performed in one direction relatively easily is called ___?
Reversing the operation is nearly impossible.

A

ONE-WAY FUNCTION

48
Q

A form of network carrier line, often leased or dedicated, which uses fiber optic cables for very high-speed connections is called ___?

A

OPTICAL CARRIER (OC)

49
Q

Commonly used as a technique for secured data exchange or verification of an identity and is called ___?
This is a method of communication through an alternative route, mechanism, or pathway other than the current one employed (the current communication is known as “in band”).

A

OUT OF BAND

50
Q

A type of business telephone network; these systems allow for multiple phone extensions, voice mailboxes, and conference calling and require specialized equipment and is called ___?
These systems are largely being replace by VOIP solutions.

A

PRIVATE BRANCH EXCHANGE (PBX)

51
Q

The key of the public key cryptography key pair kept secret and used only by the intended entity is called a ___?
It decodes information encoded with its associated public key, encrypting information that can be decrypted only by its associated public key. This process validates the identity of the originator and creates a digital signature.

A

PRIVATE KEY

52
Q

The mechanism of computer systems that produces partially random numbers using a complex algorithm and a seed value that is usually time based is called ___? Computers are currently unable to produce true random numbers and this approximates randomness.

A

PSEUDO RANDOM NUMBER GENERATOR (PRNG)

53
Q

It decodes messages encoded with its associated private key, originates messages that only the holder of the associate private key can decrypt, and creates digital envelopes and is called ___?
The key of this cryptography key pair shared with other entities with whom the holder of the private key wishes to correspond.

A

PUBLIC KEY

54
Q

A subset of asymmetric cryptography based on the use of key pair sets is called ___?
This uses public and private keys to create digital envelopes and digital signatures.

A

PUBLIC KEY CRYPTOGRAPHY

55
Q

Any network accessible by entities from outside an organization is called ___?
Most often, use of this term implies the Internet, but many other public networks exist.

A

PUBLIC NETWORK

56
Q

The process of triggering the enervation of a new symmetric encryption key and secure exchange of that key is called ___?
This can take place based on time, idleness, volume, randomness, or election.

A

REKEYING

57
Q

This design grants individual telecommuters or traveling workers easy access to the VPN endpoint concepts: edge router, corporate firewall, or VPN appliance and is called ___?
Also known as host-to-site VPN since it supports single-host VPN connections into a LAN site.

A

REMOTE ACCESS VPN

58
Q

A VPN used to connect to a remote or mobile host into a home computer or network is called ___?
AKA host-to-host VPN.

A

REMOTE-TO-HOME VPN

59
Q

A VPN used to connect a remote or mobile host into office network workstation. This is called ___?

A

REMOTE-TO-OFFICE VPN

60
Q

The ability of a product or service to provide adequate performance across changes in size, load, scope, or volume is called ___?

A

SCALABILITY

61
Q

A VPN that uses encryption to protect the confidentiality of its transmissions is called ___?

A

SECURED VPN

62
Q

A VPN used to connect networks is called ___?

AKA a LAN-to-LAN VPN or WAN VPN.

A

SITE-TO-SITE VPN

63
Q

A VPN crafted by software rather than hardware is called ___?
It may be a feature of the operating system or third-party application.

A

SOFTWARE VPN

64
Q

A VPN connection that allows simultaneous access to the secured VPN link and unsecured access to the Internet across the same connection is called ___?

A

SPLIT TUNNEL

65
Q

Cryptography based on algorithms that use a single shared secret key is called ___?
The same key encrypts and decrypts data and the same key must be shared with all communication partners of the same session.

A

SYMMETRIC CRYPTOGRAPHY

66
Q

The act of working from a home, remote, or mobile location while connecting into “the employer’s private network”, often using a VPN is called ___?

A

TELECOMMUTING

67
Q

The problem when too much data crosses a network segment. This results in reduced throughput, increased latency, and lost data is called ___?

A

TRAFFIC CONGESTION

68
Q

A mechanism of authentication using a third entity known and trusted by two parties is called ___?
This allows the two communicating parties, who were originally strangers to each other, to establish an initial level of inferred trust.

A

TRUSTED THIRD PARTY

69
Q

A VPN that uses dedicated channels, rather than VPNs, to provide privacy to its transmissions is called ___?

A

TRUSTED VPN

70
Q

A mechanism to establish a secure remote access connection across an intermediary network, often the Internet is called ___?
This allows inexpensive insecure links to replace expensive security links.
This allows for cheap long-distance connections established over the Internet.
Both endpoints need only a local Internet link.

A

VIRTUAL PRIVATE NETWORK (VPN)

71
Q

A hardware VPN device is called ___?

A

VPN APPLIANCE

72
Q

A VPN between two networks over an intermediary network is called ___?
AKA as LAN-to-LAN VPN and site-to-site VPN.

A

WAN VPN

73
Q
  1. Which of the following is NOT a valid example of a VPN?
  2. A host links to another host over an intermediary network
  3. A host connects to a network over an intermediary network
  4. A network communicates with another network over an intermediary network
  5. A host takes control over another remote host over an intermediary network
  6. A mobile device interacts with a network over an intermediary network
A

A host takes control over another remote host over an intermediary network

74
Q
  1. Which of the following is NOT ensured or provided by a secured VPN?
  2. Confidentiality
  3. Quality of service
  4. Integrity
  5. Privacy
  6. Authentication
A

Quality of service

75
Q
  1. Which of the following techniques make(s) a VPN private?
  2. A single organization owning all the supporting infrastructure components
  3. Leasing dedicated WAN channels from a telco
  4. Encrypting and encapsulating traffic
  5. 1 and 2
  6. 1, 2, & 3
A

A single organization owning all the supporting infrastructure components

Leasing dedicated WAN channels from a telco

Encrypting and encapsulating traffic

1, 2, & 3

76
Q
  1. What is the primary difference between a VPN connection and a local network connection?
  2. Speed
  3. Resource access
  4. Security
  5. Access control models
  6. Authentication factors
A

Speed

77
Q
  1. Which of the following is NOT a true statement?
  2. VPN traffic should be authenticated and encrypted
  3. VPNs require dedicated leased lines
  4. Endpoints of a VPN should abide by the same security policy
  5. VPNs perform tunneling and encapsulation
  6. VPNs can be implemented with software or hardware solutions
A

VPNs require dedicated leased lines

78
Q
  1. What is a hybrid VPN?
  2. A VPN with a software endpoint and a hardware endpoint
  3. A VPN supporting remote connectivity and remote control
  4. A VPN consisting of trusted and secured segments
  5. A VPN supporting both symmetric and asymmetric cryptography
  6. A VPN using both tunneling and encapsulation
A

A VPN consisting of trusted and secured segments

79
Q
  1. What is the most commonly mentioned benefit of a VPN?
  2. Cost savings
  3. Remote access
  4. Secure transmissions
  5. Split tunnels
  6. Eavesdropping
A

Cost savings

80
Q
  1. Which of the following is a limitation or drawback of a VPN?
  2. Intermediary networks are insecure
  3. VPNs are not supported by Linux OSs
  4. VPNs are expensive
  5. VPNs reduce infrastructure costs
  6. Vulnerabilities exist at endpoints
A

Vulnerabilities exist at endpoints

81
Q
  1. On what is an effective VPN policy based?
  2. A thorough risk assessment
  3. Proper patch management
  4. Business finances
  5. Flexibility of worker local
  6. Training
A

A thorough risk assessment

82
Q
  1. What form of VPN deployment prevents VPN traffic from being filtered?
  2. Edge router
  3. Extranet VPN
  4. Corporate firewall
  5. Appliance VPN
  6. Host-to-Site VPN
A

Corporate firewall

83
Q
  1. What form of VPN deployment requires additional authentication for accessing resources across the VPN?
  2. Site-to-site VPN
  3. Corporate firewall
  4. Host-to-site VPN
  5. Edge router
  6. Remote access VPN
A

Edge router

84
Q
  1. Which of the following is NOT a name for a VPN between individual systems?
  2. Client-to-server
  3. Host-to-Host
  4. Remote-to-home
  5. Host-to-site
  6. Remote-to-office
A

Host-to-site

85
Q
  1. Which of the following is the primary distinction between tunnel mode and transport mode VPNs?
  2. Whether or not it can support network to network links
  3. Whether or not the payload is encrypted
  4. Whether or not it can support host-to-host links
  5. Whether or not the header is encrypted
  6. Whether or not it supports integrity checking
A

Whether or not the header is encrypted

86
Q
  1. What VPN implementation grants outside entities access to secured resources?
  2. Edge router VPN
  3. Corporate VPN
  4. Site-to-site VPN
  5. Extranet VPN
  6. Remote control VPN
A

Extranet VPN

87
Q
  1. What form of cryptography encrypts the bulk of data transmitted between VPN endpoints
  2. Symmetric
  3. Hashing
  4. Public key
  5. Transport mode
  6. Asymmetric
A

Symmetric

88
Q
  1. What components create a digital signature that verifies authenticity and integrity?
  2. Public key and session key
  3. Private key and hashing
  4. Hashing and shared key
  5. Session key and public key
  6. Shared key and hashing
A

Private key and hashing

89
Q
  1. By what mechanism do VPNs securely exchange session keys between endpoints?
  2. Digital envelope
  3. Digital forensics
  4. Digital encapsulation
  5. Digital certificate
  6. Digital signature
A

Digital envelope

90
Q
  1. What are the two most important features of VPN authentication?
  2. Single factor and replayable
  3. Scalability and interoperability
  4. Transparent and efficient
  5. Interoperability and single factor
  6. Replayable and scalable
A

Scalability and interoperability

91
Q
  1. What VPN access control issue can be enforced through VPN authentication?
  2. Blocking unauthorized VPN users
  3. Restricting access to the Internet
  4. Limiting access to files
  5. Filtering access to network services
  6. Controlling access to printers
A

Blocking unauthorized VPN users

92
Q
  1. When designing the authorization for VPNs and VPN users, what should be the primary security guideline?
  2. Scalability
  3. Multi-factor
  4. Distributed trust
  5. Principle of least privilege
  6. Grant by default, deny by exception
A

Principle of least privilege

93
Q
  1. All of the following statements about a host-to-host VPN are true EXCEPT?
  2. Are commonly supported by the host OS
  3. Must be implemented with VPN appliances
  4. Can be interoperable between different OS products
  5. Usually employs transport mode encryption
  6. Can be established within a private network
A

Can be interoperable between different OS products

94
Q
  1. All of the following are commonly used in supporting a site-to-site VPN EXCEPT?
  2. VPN appliance
  3. Commercial firewall
  4. Client VPN software
  5. Edge router
  6. VPN gateway proxy
A

Client VPN software

95
Q
  1. A VPN used to connect geographically distant users with the private network is located within which domain from the seven domains of a typical IT infrastructure?
  2. LAN Domain
  3. User Domain
  4. System/Application Domain
  5. Remote Access Domain
  6. LAN-to-LAN Domain
A

User Domain

96
Q
  1. What feature or function in tunnel mode encryption is not supported in transport mode encryption?
  2. The header is encrypted
  3. The payload is encrypted
  4. The source address is encrypted, but not the destination address
  5. A footer is added to contain the hash value
  6. Provides encryption protection from the source of a conversation to the destination
A

The header is encrypted

97
Q
  1. All of the following statements are true EXCEPT?
  2. Encryption ensures VPN traffic remains confidential
  3. It is possible to have a private VPN without encryption
  4. VPN authentication ensures only valid entities can access the secured connection
  5. Authorization over a VPN consists exclusively of granting or denying access to file resources
  6. VPN authentication can include multi-factor options
A

VPN authentication can include multi-factor options