IS3230 CHAPTER 12 Flashcards
As part of AAA, this provides the ability of a system to collect statistic on networks or users for auditing and billing purposes. This enables the tracking of systems usage, start and stop times of resources, and number of packets, as well as other metrics that identify what was used and for how long is called ___.
ACCOUNTING
An IPSec authentication protocol that is used to prove the identity of the sender and ensure the data has not been tampered with is called ___.
AUTHENTICATION HEADER (AH)
Network service that provide security through a framework of access controls and policies, enforcement of policies, and information needed for billing purposes is called ___.
AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING (AAA)
____provides authentication over a PPP link.
CHALLENGE HANDSHAKE AUTHENTICATION PROTOCOL (CHAP)
Authentication and encryption protocol for IPSec that encrypts Internet Protocol (IP) packets and ensures their integrity is called ___.
ENCAPSULATED SECURITY PAYLOAD (ESP)
A framework enabling multiple authentication mechanisms over various connections is called ___.
EXTENSIBLE AUTHENTICATION PROTOCOL (EAP)
A tunneling protocol that encapsulates packets inside Internet Protocol (IP) tunnels is called ___.
GENERIC ROUTING ENCAPSULATION (GRE)
Provides identification to communication partners via a secure connection is called ___.
INTERNET KEY EXCHANGE (IKE)
A protocol that secures IP communications by authentication and encrypting each IP packet is called ___.
INTERNET PROTOCOL SECURITY (IPSec)
A protocol that provides the framework for the negotiation of algorithms, protocols, modes and keys for IKE is called ___.
INTERNET SECURITY ASSOCIATION AND KEY MANAGEMENT PROTOCOL (ISAKMP)
This sets up a point-to-point connection between two computer systems that can be transmitted over multiple types of networks is called ___.
LAYER 2 TUNNELING PROTOCOL (L2TP)
An algorithm that applies a hash function to a message, creating a 128-bit message digest. This algorithm is used to ensure the data has not been changed in any manner is called ___.
MESSAGE DIGEST 5 (MD5)
Proveds a service to dial-in users. This server allows a computer system to connect to the network through either a phone line or the Internet is called ___.
NETWORK ACCESS SERVER (NAS)
A protocol that allows computer systems to exchange key agreement over an insecure network is called ___.
OAKLEY
A data-link protocol that provides authentication over PPP is called ___.
PASSWORD AUTHENTICATION PROTOCOL (PAP)
A protocol for communication between two computers. Typically, the connection from the client to the server isomer a telephone line and is called ___.
POINT-TO-POINT PROTOCOL (PPP)
A protocol that seats up a point-to-point connection between two computer systems over an Internet Protocol (IP) network is called ___.
POINT-TO-POINT TUNNELING PROTOCOL (PPTP)
A server that provides an authentication service for users that are dialing into a network or accessing it from the Internet is called ___.
REMOTE ACCESS SERVER (RAS)
A client/server protocol that provides authentication, authorization, and accounting for a remote dial-in system is called ___.
REMOTE AUTHENTICATION DIAL IN USER SERVICE (RADIUS)
Records the configuration the computer systems need to support an IPSec connection is called ___.
SECURITY ASSOCIATION (SA)
A remote access client/server protocol that provides authentication and authorization capabilities to users that are accessing the network remotely and is not a secure protocol is called ___.
TERMINAL ACCESS CONTROLLER ACCESS CONTROL SYSTEM (TACACS)
A remote access client/server protocol. It is a Cisco proprietary protocol and provides authentication, authorization, and accounting is called ___.
TERMINAL ACCESS CONTROLLER ACCESS CONTROL SYSTEM PLUS (TACACS+)
The sending of messages to a single network destination. The opposite of this is broadcast, where data is sent to all network destinations is called ___.
UNICAST
- RADIUS uses TCP.
TRUE OR FALSE
FALSE
- AAA stands for ___.
Authentication
Authorization
Accounting
- Which of the following bed describes the act of verifying that users are who they say they are?
- Identification
- Authentication
- Authorization
- Auditing
Authentication
- Which of the following are authentication protocols used with PPP (Select three)
- CHES
- CHAP
- EAP
- MAP
- PAP
CHAP
EAP
PAP
- TACACS+ encrypts the entrée data packet.
TRUE OR FALSE
TRUE
- What portion of TACACS+ provides AAA capabilities?
- NAS
- Client
- TACACS+ daemon
- XTACACS
TACACS+ daemon
- What are examples of Web authentication? (Select three)
- Knowledge-based authentication
- Identification
- Certificates
- User ID/password
- Remote access server
Knowledge-based authentication
Certificates
User ID/password
- MD5 is a cryptographic ___ function.
Hash
- Cisco developed the TACACS_ and XTACACS.
TRUE OR FALSE
TRUE
- Which of the following is used to validate the communication between a RADIUS server and a RADIUS client?
- NAM
- TACACS daemon
- RAS
- Shared secret
Shared secret
- PAP is a ___ handshake.
Two-way
- CHAP is a ___ handshake.
Three-way
- What is a program that runs in the background?
- RAS
- Encryption
- Daemon
- PAP
Daemon
- What is the de facto standard for IPSec key exchange?
- OAKLEY
- IKE
- ISAKMP
- RADIUS
IKE
