Lesson 11: Implementing Secure Network Protocols Flashcards
An organization routinely communicates directly to a partner company via a domain name. The domain name now leads to a fraudulent site for all users. Systems administrators find incorrect host records in DNS. What do the administrators believe to be the root cause?
A. A server host has a poisoned arp cache.
B. Some user systems have invalid hosts file entries.
C. An attacker masquerades as an authoritative name server.
D. The domain servers have been hijacked.
C
A system administrator needs to implement a secure remote administration protocol and would like more information on Telnet. Evaluate and select the features of Telnet that the administrator should consider to accomplish this task. (Select all that apply.)
A. Telnet does not support direct file transfer.
B. Telnet uses TCP port 23.
C. Telnet is a secure option.
D. Telnet uses encryption to send passwords.
A,B
A system administrator uses a Graphical User Interface (GUI) remote administration tool over TCP port 3389 to manage a server operating Windows 2016. Evaluate the types of remote administration tools to conclude which protocol the administrator is using.
A. Secure Shell
B. Telnet
C. Dynamic Host Configuration Protocol
D. Remote Desktop
D
Transport layer security (TLS) version 1.3 improves upon a vulnerability in TLS1.2. Which statement correctly describes a remedy for this vulnerability?
A. TLS version 1.3 is backward compatible with earlier versions of transport layer security.
B. TLS version 1.3 removes the ability to downgrade to weaker encryption ciphers and earlier versions of transport layer security.
C. TLS version 1.3 creates a secure link between the client and server using Secure Shell (SSH) over TCP port 22.
D. TLS1.3 can use more secure authentication and authorization methods, such as security assertion markup language (SAML) and open authorization (OAuth).
B
An attacker modifies the HOSTS file on a workstation to redirect traffic. Consider the types of attacks and deduce which type of attack has likely occurred.
A. DNS server cache poisoning
B. DNS spoofing
C. DNS client cache poisoning
D. Pharming
C
A system administrator needs secure remote access into a Linux server. Evaluate the types of remote administration to recommend which protocol should be used in this situation.
A. Telnet
B. Secure Shell (SSH)
C. Remote Desktop Protocol (RDP)
D. Kerberos
B
When a company attempts to re-register their domain name, they find that an attacker has supplied false credentials to the domain registrar and redirected their host records to a different IP address. What type of attack has occurred?
A. Domain hijacking
B. Domain name system client cache (DNS) poisoning
C. Rogue dynamic host configuration protocol (DHCP)
D. Domain name system server cache (DNS) poisoning
A
If an administrator in an exchange server needs to send digitally signed and encrypted messages, what messaging implementation will best suit the administrator’s needs?
A. Secure/Multipurpose Internet Mail Extensions (S/MIME)
B. Secure Post Office Protocol v3 (POP3S)
C. Internet Message Access Protocol v4 (IMAP4)
D. Simple Mail Transfer Protocol (SMTP)
A
Analyze the methods for authentication to a Secure Shell (SSH) and determine which statement best summarizes the host-based authentication method.
A. The user’s private key is configured with a passphrase that must be input to access the key.
B. The client submits credentials that are verified by the SSH server using RADIUS.
C. The client submits a Ticket Granting Ticket (TGT) that is obtained when the user logged onto the workstation.
D. The client sends a request for authentication and the server generates a challenge with the public key.
D
A technician is configuring Internet Protocol Security (IPSec) for communications over a Virtual Private Network (VPN). Evaluate the features of available modes and recommend the best option for implementation.
A. Tunnel mode because the whole IP packet is encrypted, and a new IP header is added.
B. Transport mode because the whole IP packet is encrypted, and a new IP header is added.
C. Tunnel mode because the payload is encrypted.
D. Transport mode because the payload is encrypted.
A
A system administrator is configuring a new Dynamic Host Configuration Protocol (DHCP) server. Analyze the types of attacks DHCP servers are prone to and determine which steps the system administrator should take to protect the server. (Select all that apply.)
A. Use scanning and intrusion detection to pick up suspicious activity.
B. Disable DHCP snooping on switch access ports to block unauthorized servers.
C. Enable logging and review the logs for suspicious events.
D. Disable unused ports and perform regular physical inspections to look for unauthorized devices.
A,C,D
A security engineer encrypted traffic between a client and a server. Which security protocol does the engineer configure if an ephemeral key agreement is used?
A. AES 256
B. TLS 1.2
C. TLS 1.3
D. SHA 384
C
An authoritative server for a zone creates an RRset signed with a Zone Signing Key. Another server requests a secure record exchange and the authoritative server returns the package along with the public key. Evaluate the scenario to determine what the authoritative server is demonstrating in this situation.
A. Domain Name System (DNS)
B. DNS Security Extension
C. DNS Footprinting
D. Dynamic Host Configuration Protocol (DHCP)
B
A system administrator is setting up a new Simple Mail Transfer Protocol (SMTP) configuration. Make recommendations for how the administrator should configure the ports. (Select all that apply.)
A. Port 110 should be used by mail clients to submit messages for delivery.
B. Port 143 should be used to connect clients.
C. Port 25 should be used for message relay.
D. Port 465 should be used for message submission over implicit TLS.
C,D
