Network Security (1) Flashcards
A laptop that is equipped with a fingerprint scanner that authenticates the user is using which of the following types of technology?
Pattern recognition
Hand geometry
Biometrics
Biometrics
The technology that uses human physical characteristics to authenticate users is called biometrics. Biometric devices can identify users based on fingerprints, retinal pattern, voice prints, and other characteristics
An IT department receives a shipment of 20 new computers, and Alice has been assigned the task of preparing them for deployment to end users. The first thing she does is affix a metal tag with a bar code on it to each computer. Which of the following terms best describes the function of this procedure?
Asset tracking
Tamper detection
Device hardening
Asset tracking
Bar coding the new computers enables the IT department to record their locations, status, and conditions throughout their life cycle, a process known as asset tracking. Bar codes are not used for tamper detection and device hardening. Port security refers to switches, not computers
Which of the following types of physical security is most likely to detect an insider threat?
Smartcards
Motion detection
Video surveillance
Video surveillance
An insider threat by definition originates with an authorized user. Smartcards, motion detection, and biometrics will only detect the presence of someone who is authorized to enter sensitive areas. Video surveillance, however, can track the activities of anyone, authorized or not
Which of the following physical security mechanisms can either “fail close” or “fail open”?
Motion detectors
Video cameras
Door locks
Door locks
The terms fail close and fail open refer to the default position of an electric or electronic door lock when there is a power failure. Security is often a trade-off with safety, and in the event that an emergency occurs, cutting off power, whether secured doors are permanently locked or left permanently open is a critical factor. The terms fail close and fail open do not apply to motion detectors or video cameras. A honeypot is a computer configured to lure potential attackers; it is not a physical security mechanism
Which of the following are common types of cameras used for video surveillance of secured network installations? (Choose all correct answers.)
IP
LDAP
CCTV
NAC
IP
CCTV
Closed circuit television cameras are part of a self-contained system in which the cameras feed their signals to dedicated monitors, usually located in a security center. IP cameras are standalone devices that transmit signals to a wireless access point. While CCTV cameras can only be monitored by users in the security center, or another designated location, IP cameras can be monitored by any authorized user with a web browser. LDAP is a directory services protocol and Network Access Control is a service; neither one is a type of video surveillance device
Which of the following statements describes what it means when the automated lock on the door to a datacenter is configured to fail open?
The door remains in its current state in the event of an emergency.
The door locks in the event of an emergency.
The door unlocks in the event of an emergency.
The door unlocks in the event of an emergency.
A door that is configured to fail open reverts to its unsecured state—open—when an emergency occurs. This must be a carefully considered decision, as it can be a potential security hazard. However, configuring the door to fail closed is a potential safety hazard
A high security installation that requires entrants to submit to a retinal scan before the door unlocks is using which of the following types of technology?
Pattern recognition
Hand geometry
Biometrics
Biometrics
The technology that uses human physical characteristics to authenticate users is called biometrics. Biometric devices can identify users based on fingerprints, retinal pattern, voice prints, and other characteristics
Which of the following are means of preventing unauthorized individuals from entering a sensitive location, such as a datacenter? (Choose all correct answers.)
Biometric scans
Identification badges
Key fobs
Motion detection
Biometric scans
Identification badges
Key fobs
Biometric scans, identification badges, and key fobs are all mean of distinguishing authorized from unauthorized personnel. Motion detection cannot make this distinction
Which of the following security measures can monitor the specific activities of authorized individuals within sensitive areas?
Video surveillance
Identification badges
Key fobs
Video surveillance
Video surveillance can monitor all activities of users in a sensitive area. With properly placed equipment, event specific actions, such as commands entered in a computer, can be monitored. Identification badges, key fobs, and motion detection can indicate the presence of individuals in a sensitive area, but they cannot monitor specific activities
Which of the following physical security devices can use passive RFIDs to enable an authorized user to enter a secured area? (Choose all correct answers.)
Key fob
Keycard lock
Prox card
Cypher lock
Key fob
Prox card
A radio frequency identification (RFID) device is a small chip that can be electronically detected by a nearby reader. The chip can contain small amounts of data, such as the authentication credentials needed to grant an individual access to a secured area. Key fobs and proximity cards (prox cards) often use RFIDs to enable users to unlock a door by waving the device near a reader. Keycard locks typically require the card to be inserted into a reader and typically use magnetic strips to store data. Cypher locks rely on data supplied by the user—that is, the combination numbers
Some key fobs used for authenticated entrance to a secured area have a keypad that requires the user to enter a PIN before the device is activated. Which of the following authentication factors is this device using? (Choose all correct answers.)
Something you do
Something you have
Something you are
Something you know
Something you have
Something you know
Possession of the key fob is something you have, but the key fob could be lost or stolen, so its security is confirmed by the entrance of a PIN, something you know. Unless the user both lost the key fob and shared the PIN, the device remains secure
Which of the following physical security devices can enable an authorized user to enter a secured area without any physical contact with the device? (Choose all correct answers.)
Key fob
Keycard lock
Prox card
Cypher lock
Key fob
Prox card
Key fobs and proximity cards (prox cards) often use RFIDs to enable users to unlock a door by waving the device near a reader. Keycard locks typically use magnetic strips to store data and require the card to be physically inserted into a reader. Cypher locks rely on data manually supplied by the user—that is, the combination numbers
Video surveillance of sensitive areas, such as datacenters, can prevent which of the following types of attacks? (Choose all correct answers.)
Social engineering
Evil twin
Brute force
Insider threats
Evil twin
Insider threats
Video surveillance can conceivably prevent evil twin attacks because these take the form of a rogue access point deliberately connected to the network for malicious purposes. Video surveillance can also help to prevent insider threats by monitoring the activities of authorized users. Video surveillance cannot prevent social engineering, which involves nothing more than communicating with people, or brute-force attacks, which are usually performed remotely
Which of the following statements is true when a biometric authentication procedure results in a false positive?
A user who should not be authorized is denied access.
A user who should be authorized is granted access.
A user who should not be authorized is granted access.
A user who should not be authorized is granted access.
When a false positive occurs during a biometric authentication, a user who should not be granted access to the secured device or location is granted access. A false negative is when a user who should be granted access is denied access
In the datacenter of a company involved with sensitive government data, all servers have crimped metal tags holding the cases closed. All of the hardware racks are locked in clear-fronted cabinets. All cable runs are installed in transparent conduits. These are all examples of which of the following physical security measures?
Tamper detection
Asset tracking
Geofencing
Tamper detection
All of the mechanisms listed are designed to make any attempts to tamper with or physically compromise the hardware devices immediately evident. This is therefore a form of tamper detection. Asset tracking is for locating and identifying hardware. Geofencing is a wireless networking technique for limiting access to a network. Port security refers to network switch ports
A secured government building that scans the faces of incoming people and compares them to a database of authorized entrants is using which of the following types of technology?
Pattern recognition
Hand geometry
Biometrics
Biometrics
The technology that uses human physical characteristics to authenticate users is called biometrics. Biometric devices can identify users based on fingerprints, retinal pattern, voice prints, and other characteristics
Which of the following is not a means of preventing physical security breaches to a network datacenter?
Badges
Key fobs
Tailgaters
Tailgaters
A tailgater is a type of intruder who enters a secure area by closely following an authorized user. Most people are polite enough to hold the door open for the next person without knowing if they are authorized to enter. A tailgater is therefore not an intrusion prevention mechanism. Identification badges, locks, and key fobs are methods of preventing intrusions
Identification badges, key fobs, and mantraps all fall into which of the following categories of security devices?
Physical security
Data security
Asset tracking
Physical security
Identification badges, key fobs, and mantraps are all physical security mechanisms, in that they prevent unauthorized personnel from entering sensitive areas, such as datacenters. These mechanisms are not used for data file security, asset tracking, or switch port security
Which of the following are not means of detecting intruders in a network datacenter? (Choose all correct answers.)
Motion detection
Video surveillance
Biometrics
Smartcards
Biometrics
Smartcards
Biometrics and smartcards are both means of preventing intrusions, whereas motion detection and video surveillance are mechanisms for detecting them
Which of the following statements describes what it means when the automated lock on the door to a datacenter is configured to fail closed?
The door remains in its current state in the event of an emergency.
The door locks in the event of an emergency.
The door unlocks in the event of an emergency.
The door locks in the event of an emergency.
A door that is configured to fail closed reverts to its secured state—locked—when an emergency occurs. This must be a carefully considered decision, since it can be a potential safety hazard. However, configuring the door to fail open is a potential security hazard
Which of the following IEEE standards describes an implementation of port-based access control for wireless networks?
- 11ac
- 11n
- 1X
802.1X
IEEE 802.1X is a standard that defines a port-based Network Access Control mechanism used for authentication on wireless and other networks. IEEE 802.11ac and 802.11n are standards defining the physical and data link layer protocols for wireless networks. IEEE 802.3x is one of the standards for wired Ethernet networks
In a public key infrastructure (PKI), which half of a cryptographic key pair is never transmitted over the network?
The public key
The private key
The session key
The private key
In a PKI, the two halves of a cryptographic key pair are the public key and the private key. The public key is freely available to anyone, but the private key is never transmitted over the network
Which of the following statements about a public key infrastructure (PKI) are true? (Choose all correct answers.)
Data encrypted with the public key can only be decrypted using that public key.
Data encrypted with the private key can only be decrypted using that private key.
Data encrypted with the public key can only be decrypted using the private key.
Data encrypted with the private key can only be decrypted using the public key.
Data encrypted with the public key can only be decrypted using the private key.
Data encrypted with the private key can only be decrypted using the public key.
In a PKI, data encrypted with the private key can only be decrypted using the public key. Therefore, anyone receiving data encrypted with the private key can obtain the public key and decrypt it, confirming that the data originated with the private key holder. Because the public key is freely available, anyone can encrypt data using the public key and be sure that only the private key holder can decrypt it
Which of the following authentication protocols do Windows networks use for Active Directory Domain Services authentication of internal clients?
RADIUS
WPA2
Kerberos
Kerberos
Windows networks that use AD DS authenticate clients using the Kerberos protocol, in part because it never transmits passwords over the network, even in encrypted form. RADIUS is an authentication, authorization, and accounting service for remote users connecting to a network. Windows does not use it for internal clients. WPA2 is a security protocol used by wireless LAN networks. It is not used for AD DS authentication. EAP-TLS is a remote authentication protocol that AD DS networks do not use for internal clients
Which of the following are examples of multifactor authentication? (Choose all correct answers.)
A system that uses an external RADIUS server for authentication
A system that requires two passwords for authentication
A system that requires a smartcard and a PIN for authentication
A system that requires a password and a retinal scan for authentication
A system that requires a smartcard and a PIN for authentication
A system that requires a password and a retinal scan for authentication
Multifactor authentication combines two or more authentication methods and reduces the likelihood that an intruder would be able to successfully impersonate a user during the authentication process. A password and a retinal scan is an example of a multifactor authentication system. A smartcard and a PIN, which is the equivalent of a password, is an example of multifactor authentication because it requires users to supply something they know and something they have. Multifactor authentication refers to the proofs of identity a system requires, not the number of servers used to implement the system. Therefore, the use of a RADIUS server does not make for an example of multifactor authentication. A system that requires two passwords is not an example of multifactor authentication, because an attacker can compromise one password as easily as two. A multifactor authentication system requires two different forms of authentication
