Network+ Extra 5

Question 1

is a common Layer 2 protocol that offers features such as multilink interface, looped link detection, error detection, and authentication.

Answer 1

Point-to-Point Protocol (PPP)

Question 2

can permit or deny access to a network based on characteristics of the device seeking admission, rather than just checking user credentials.

Answer 2

Network Admission Control (NAC)

Question 3

An Extensible Authentication Protocol (EAP) specifies how authentication is performed by IEEE 802.1X (EAP-FAST/EAP-MD5/EAP-TLS).

Answer 3

EAP/802.1X

Question 4

Challenge-Handshake Authentication Protocol (CHAP) performs a one-way authentication for a remote-access connection. However, authentication is performed through a three-way handshake (challenge, response, and acceptance messages) between a server and a client. The three-way handshake allows a client to be authenticated without sending credential information across a network. Password Authentication Protocol (PAP) is an unencrypted plain-text method for password exchange that should be avoided.

Answer 4

CHAP

Question 5

Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP) is a Microsoft-enhanced version of CHAP, offering a collection of additional features not present with CHAP, including two-way authentication.

Answer 5

MS-CHAP

Question 6

The firewall interface connecting to the inside network (trusted network) is configured as belonging to the INSIDE zone. The firewall interface connecting to the Internet (an untrusted network) is configured as belonging to the OUTSIDE zone.

Answer 6

INSIDE/OUTSIDE ZONES - FIREWALL

Question 7

(_____) Main mode involves three exchanges of information between the _____ peers. One peer, called the initiator, sends one or more proposals to the other peer, called the responder. The proposals include supported encryption and authentication protocols and key lifetimes. In addition, the proposals indicate whether or not perfect forward secrecy (PFS) should be used. PFS makes sure that a session key remains secure, even if one of the private keys used to derive the session key becomes compromised. Main mode has 3 exchanges :

Exchange 1: The responder selects a proposal it received from the initiator.

Exchange 2: Diffie-Hellman (DH) securely establishes a shared secret key over the unsecured medium.

Exchange 3: An Internet Security Association and Key Management Protocol (ISAKMP) session is established. This secure session is then used to negotiate an IPSec session

Answer 7

IPSec (Main Mode)

Question 8

(_____) Aggressive mode more quickly achieves the same results as main mode, using only three packets. The initiator sends the first packet, which contains all the information necessary to establish a security association (SA), which is an agreement between the two _____ peers about the cryptographic parameters to be used in the ISAKMP session. The responder sends the second packet, which contains the security parameters selected by the responder (the proposal, keying material, and its ID). This second packet is used by the responder to authenticate the session. The third and final packet, which is sent by the initiator, finalizes the authentication of the ISAKMP session.

Answer 8

IPSec (Aggressive Mode)

Question 9

(_____) Quick mode negotiates the parameters (the SA) for the _____ session. This negotiation occurs within the protection of an ISAKMP session.

Answer 9

IPSec (Quick Mode)

Question 10

Both AH and ESP offer origin authentication and integrity services, which ensure that IPSec peers are who they claim to be and that the data was not modified in transit.

Answer 10

IPSec (AH/ESP)