Misc Implementation

Question 1

Too many passwords to remember?

Answer 1

Password vault

Question 2

Split-tunnel VPN

Answer 2

Sends only traffic destined for the remote network over the VPN, with all other traffic split away to use the VPN system or a user’s primary network connection. This reduces overall traffic sent through the VPN but means that traffic cannot be monitored and secured via the VPN

Question 3

Hardening

Answer 3

the process of improving the security of an operating system or application. One of the primary methods of hardening a trusted OS is to eliminate unneeded protocols. This is also known as creating a secure baseline that allows the OS to run safely and securely

Question 4

OpenID

Answer 4

an authentication service often done by a third party, and it can be used to sign into any website that accepts OpenID

Question 5

Kerberos

Answer 5

a network authentication protocol for use within a domain.

Question 6

Shibboleth

Answer 6

Single sign-on system that works with federated systems

Question 7

Line of sight?

Answer 7

Infrared

Question 8

Storm control

Answer 8

Enabling storm control on a switch will limit the amount of total bandwidth that broadcast packets can use, preventing broadcast storms from taking down the network

Question 9

firewall

Answer 9

stops traffic based on rules

Question 10

Fuzzing

Answer 10

a technique whereby the tester intentionally enters incorrect values into input fields to see how the application will handle it

Question 11

Loop protection

Answer 11

sends packets that include a PDU, or protocol data unit. These are detected by other network devices and allow the network devices to shut down ports from which they receive those packets

Question 12

Stateful packet filtering firewall

Answer 12

A stateful inspection firewall examines the content and context of each packet it encounters. This means that a stateful packet inspection (SPI) firewall understands the preceding packets that came from the same IP address, and thus the context of the communications. This makes certain attacks, like a SYN flood, almost impossible

Question 13

ad hoc wireless network

Answer 13

operate on point-to-point topology (star and bus models are used in wired networks)

Question 14

What channels do NOT cause issues with channel overlap or overlap in U.S. installations of 2.4 GHz Wi-Fi networks?

Answer 14

1, 6, 11. Other channels will overlap

Question 15

Jump box

Answer 15

a common solution for providing access to a network with a different security profile

Question 16

What is the size of the wrapper TKIP places around the WEP encryption with a key that is based on things such as the MAC address of your machine and the serial number of the packet?

Answer 16

TKIP places a 128-bit wrapper around the WEP encryption with a key that is based on things such as the MAC address of the host device and the serial number of the packet

Question 17

Samantha is looking for an authentication method that incorporates the X.509 standard and will allow authentication to be digitally signed. Which of the following authentication methods would BEST meet these requirements?

Answer 17

Digital certificates use the X.509 standard (or the PGP standard) and allow the user to digitally sign authentication requests.

Question 18

Isabel is responsible for security at a mid-sized company. She wants to prevent users on her network from visiting job-hunting sites while at work. Which of the following would be the BEST device to accomplish this goal?

Answer 18

Proxy Server - A web proxy can be used to block certain websites. It is common practice for network administrators to block either individual sites or general classes of sites (like job-hunting sites).