Network Security (1)

Question 1

A laptop that is equipped with a fingerprint scanner that authenticates the user is using which of the following types of technology?

Pattern recognition

Hand geometry

Biometrics

Answer 1

Biometrics

The technology that uses human physical characteristics to authenticate users is called biometrics. Biometric devices can identify users based on fingerprints, retinal pattern, voice prints, and other characteristics

Question 2

An IT department receives a shipment of 20 new computers, and Alice has been assigned the task of preparing them for deployment to end users. The first thing she does is affix a metal tag with a bar code on it to each computer. Which of the following terms best describes the function of this procedure?

Asset tracking

Tamper detection

Device hardening

Answer 2

Asset tracking

Bar coding the new computers enables the IT department to record their locations, status, and conditions throughout their life cycle, a process known as asset tracking. Bar codes are not used for tamper detection and device hardening. Port security refers to switches, not computers

Question 3

Which of the following types of physical security is most likely to detect an insider threat?

Smartcards

Motion detection

Video surveillance

Answer 3

Video surveillance

An insider threat by definition originates with an authorized user. Smartcards, motion detection, and biometrics will only detect the presence of someone who is authorized to enter sensitive areas. Video surveillance, however, can track the activities of anyone, authorized or not

Question 4

Which of the following physical security mechanisms can either “fail close” or “fail open”?

Motion detectors

Video cameras

Door locks

Answer 4

Door locks

The terms fail close and fail open refer to the default position of an electric or electronic door lock when there is a power failure. Security is often a trade-off with safety, and in the event that an emergency occurs, cutting off power, whether secured doors are permanently locked or left permanently open is a critical factor. The terms fail close and fail open do not apply to motion detectors or video cameras. A honeypot is a computer configured to lure potential attackers; it is not a physical security mechanism

Question 5

Which of the following are common types of cameras used for video surveillance of secured network installations? (Choose all correct answers.)

IP

LDAP

CCTV

NAC

Answer 5

IP

CCTV

Closed circuit television cameras are part of a self-contained system in which the cameras feed their signals to dedicated monitors, usually located in a security center. IP cameras are standalone devices that transmit signals to a wireless access point. While CCTV cameras can only be monitored by users in the security center, or another designated location, IP cameras can be monitored by any authorized user with a web browser. LDAP is a directory services protocol and Network Access Control is a service; neither one is a type of video surveillance device

Question 6

Which of the following statements describes what it means when the automated lock on the door to a datacenter is configured to fail open?

The door remains in its current state in the event of an emergency.

The door locks in the event of an emergency.

The door unlocks in the event of an emergency.

Answer 6

The door unlocks in the event of an emergency.

A door that is configured to fail open reverts to its unsecured state—open—when an emergency occurs. This must be a carefully considered decision, as it can be a potential security hazard. However, configuring the door to fail closed is a potential safety hazard

Question 7

A high security installation that requires entrants to submit to a retinal scan before the door unlocks is using which of the following types of technology?

Pattern recognition

Hand geometry

Biometrics

Answer 7

Biometrics

The technology that uses human physical characteristics to authenticate users is called biometrics. Biometric devices can identify users based on fingerprints, retinal pattern, voice prints, and other characteristics

Question 8

Which of the following are means of preventing unauthorized individuals from entering a sensitive location, such as a datacenter? (Choose all correct answers.)

Biometric scans

Identification badges

Key fobs

Motion detection

Answer 8

Biometric scans

Identification badges

Key fobs

Biometric scans, identification badges, and key fobs are all mean of distinguishing authorized from unauthorized personnel. Motion detection cannot make this distinction

Question 9

Which of the following security measures can monitor the specific activities of authorized individuals within sensitive areas?

Video surveillance

Identification badges

Key fobs

Answer 9

Video surveillance

Video surveillance can monitor all activities of users in a sensitive area. With properly placed equipment, event specific actions, such as commands entered in a computer, can be monitored. Identification badges, key fobs, and motion detection can indicate the presence of individuals in a sensitive area, but they cannot monitor specific activities

Question 10

Which of the following physical security devices can use passive RFIDs to enable an authorized user to enter a secured area? (Choose all correct answers.)

Key fob

Keycard lock

Prox card

Cypher lock

Answer 10

Key fob

Prox card

A radio frequency identification (RFID) device is a small chip that can be electronically detected by a nearby reader. The chip can contain small amounts of data, such as the authentication credentials needed to grant an individual access to a secured area. Key fobs and proximity cards (prox cards) often use RFIDs to enable users to unlock a door by waving the device near a reader. Keycard locks typically require the card to be inserted into a reader and typically use magnetic strips to store data. Cypher locks rely on data supplied by the user—that is, the combination numbers

Question 11

Some key fobs used for authenticated entrance to a secured area have a keypad that requires the user to enter a PIN before the device is activated. Which of the following authentication factors is this device using? (Choose all correct answers.)

Something you do

Something you have

Something you are

Something you know

Answer 11

Something you have

Something you know

Possession of the key fob is something you have, but the key fob could be lost or stolen, so its security is confirmed by the entrance of a PIN, something you know. Unless the user both lost the key fob and shared the PIN, the device remains secure

Question 12

Which of the following physical security devices can enable an authorized user to enter a secured area without any physical contact with the device? (Choose all correct answers.)

Key fob

Keycard lock

Prox card

Cypher lock

Answer 12

Key fob

Prox card

Key fobs and proximity cards (prox cards) often use RFIDs to enable users to unlock a door by waving the device near a reader. Keycard locks typically use magnetic strips to store data and require the card to be physically inserted into a reader. Cypher locks rely on data manually supplied by the user—that is, the combination numbers

Question 13

Video surveillance of sensitive areas, such as datacenters, can prevent which of the following types of attacks? (Choose all correct answers.)

Social engineering

Evil twin

Brute force

Insider threats

Answer 13

Evil twin

Insider threats

Video surveillance can conceivably prevent evil twin attacks because these take the form of a rogue access point deliberately connected to the network for malicious purposes. Video surveillance can also help to prevent insider threats by monitoring the activities of authorized users. Video surveillance cannot prevent social engineering, which involves nothing more than communicating with people, or brute-force attacks, which are usually performed remotely

Question 14

Which of the following statements is true when a biometric authentication procedure results in a false positive?

A user who should not be authorized is denied access.

A user who should be authorized is granted access.

A user who should not be authorized is granted access.

Answer 14

A user who should not be authorized is granted access.

When a false positive occurs during a biometric authentication, a user who should not be granted access to the secured device or location is granted access. A false negative is when a user who should be granted access is denied access

Question 15

In the datacenter of a company involved with sensitive government data, all servers have crimped metal tags holding the cases closed. All of the hardware racks are locked in clear-fronted cabinets. All cable runs are installed in transparent conduits. These are all examples of which of the following physical security measures?

Tamper detection

Asset tracking

Geofencing

Answer 15

Tamper detection

All of the mechanisms listed are designed to make any attempts to tamper with or physically compromise the hardware devices immediately evident. This is therefore a form of tamper detection. Asset tracking is for locating and identifying hardware. Geofencing is a wireless networking technique for limiting access to a network. Port security refers to network switch ports

Question 16

A secured government building that scans the faces of incoming people and compares them to a database of authorized entrants is using which of the following types of technology?

Pattern recognition

Hand geometry

Biometrics

Answer 16

Biometrics

The technology that uses human physical characteristics to authenticate users is called biometrics. Biometric devices can identify users based on fingerprints, retinal pattern, voice prints, and other characteristics

Question 17

Which of the following is not a means of preventing physical security breaches to a network datacenter?

Badges

Key fobs

Tailgaters

Answer 17

Tailgaters

A tailgater is a type of intruder who enters a secure area by closely following an authorized user. Most people are polite enough to hold the door open for the next person without knowing if they are authorized to enter. A tailgater is therefore not an intrusion prevention mechanism. Identification badges, locks, and key fobs are methods of preventing intrusions

Question 18

Identification badges, key fobs, and mantraps all fall into which of the following categories of security devices?

Physical security

Data security

Asset tracking

Answer 18

Physical security

Identification badges, key fobs, and mantraps are all physical security mechanisms, in that they prevent unauthorized personnel from entering sensitive areas, such as datacenters. These mechanisms are not used for data file security, asset tracking, or switch port security

Question 19

Which of the following are not means of detecting intruders in a network datacenter? (Choose all correct answers.)

Motion detection

Video surveillance

Biometrics

Smartcards

Answer 19

Biometrics

Smartcards

Biometrics and smartcards are both means of preventing intrusions, whereas motion detection and video surveillance are mechanisms for detecting them

Question 20

Which of the following statements describes what it means when the automated lock on the door to a datacenter is configured to fail closed?

The door remains in its current state in the event of an emergency.

The door locks in the event of an emergency.

The door unlocks in the event of an emergency.

Answer 20

The door locks in the event of an emergency.

A door that is configured to fail closed reverts to its secured state—locked—when an emergency occurs. This must be a carefully considered decision, since it can be a potential safety hazard. However, configuring the door to fail open is a potential security hazard

Question 21

Which of the following IEEE standards describes an implementation of port-based access control for wireless networks?

802. 11ac
803. 11n
804. 1X

Answer 21

802.1X

IEEE 802.1X is a standard that defines a port-based Network Access Control mechanism used for authentication on wireless and other networks. IEEE 802.11ac and 802.11n are standards defining the physical and data link layer protocols for wireless networks. IEEE 802.3x is one of the standards for wired Ethernet networks

Question 22

In a public key infrastructure (PKI), which half of a cryptographic key pair is never transmitted over the network?

The public key

The private key

The session key

Answer 22

The private key

In a PKI, the two halves of a cryptographic key pair are the public key and the private key. The public key is freely available to anyone, but the private key is never transmitted over the network

Question 23

Which of the following statements about a public key infrastructure (PKI) are true? (Choose all correct answers.)

Data encrypted with the public key can only be decrypted using that public key.

Data encrypted with the private key can only be decrypted using that private key.

Data encrypted with the public key can only be decrypted using the private key.

Data encrypted with the private key can only be decrypted using the public key.

Answer 23

Data encrypted with the public key can only be decrypted using the private key.

Data encrypted with the private key can only be decrypted using the public key.

In a PKI, data encrypted with the private key can only be decrypted using the public key. Therefore, anyone receiving data encrypted with the private key can obtain the public key and decrypt it, confirming that the data originated with the private key holder. Because the public key is freely available, anyone can encrypt data using the public key and be sure that only the private key holder can decrypt it

Question 24

Which of the following authentication protocols do Windows networks use for Active Directory Domain Services authentication of internal clients?

RADIUS

WPA2

Kerberos

Answer 24

Kerberos

Windows networks that use AD DS authenticate clients using the Kerberos protocol, in part because it never transmits passwords over the network, even in encrypted form. RADIUS is an authentication, authorization, and accounting service for remote users connecting to a network. Windows does not use it for internal clients. WPA2 is a security protocol used by wireless LAN networks. It is not used for AD DS authentication. EAP-TLS is a remote authentication protocol that AD DS networks do not use for internal clients

Question 25

Which of the following are examples of multifactor authentication? (Choose all correct answers.)

A system that uses an external RADIUS server for authentication

A system that requires two passwords for authentication

A system that requires a smartcard and a PIN for authentication

A system that requires a password and a retinal scan for authentication

Answer 25

A system that requires a smartcard and a PIN for authentication

A system that requires a password and a retinal scan for authentication

Multifactor authentication combines two or more authentication methods and reduces the likelihood that an intruder would be able to successfully impersonate a user during the authentication process. A password and a retinal scan is an example of a multifactor authentication system. A smartcard and a PIN, which is the equivalent of a password, is an example of multifactor authentication because it requires users to supply something they know and something they have. Multifactor authentication refers to the proofs of identity a system requires, not the number of servers used to implement the system. Therefore, the use of a RADIUS server does not make for an example of multifactor authentication. A system that requires two passwords is not an example of multifactor authentication, because an attacker can compromise one password as easily as two. A multifactor authentication system requires two different forms of authentication