Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Network+ Practice Tests: Exam N10-007 > Network Security (3) > Flashcards

Network Security (3) Flashcards

1
Q

Your new smartphone enables you to configure the lock screen with a picture of your husband, on which you draw eyes, nose, and a mouth with your finger to unlock the phone. This is an example of which of the following authentication factors?

Something you have

Something you know

Something you do

A

Something you do

The act of drawing on the screen with your finger is a gesture, which is an example of something you do. A PIN or a password is something you know; a thumbprint, or any other biometric factor, is something you are; and a smartcard is an example of something you have

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following authentication factors is an example of something you do?

A fingerprint

A smartcard

A finger gesture

A

A finger gesture

Something you do refers to a physical action performed by a user, such as a finger gesture, which helps to confirm his or her identity. This type of authentication is often used as part of a multifactor authentication procedure because a gesture or other action can be imitated. A fingerprint would be considered something you are, a password something you know, and a smartcard something you have

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following authentication factors is an example of something you know?

A fingerprint

A smartcard

A password

A

A password

Something you know refers to information you supply during the authentication process, such as a password or PIN. This is the most common type of authentication factor because it cannot be lost or stolen unless the user violates security policies. A fingerprint would be considered something you are, a finger gesture something you do, and a smartcard something you have

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following authentication factors is an example of something you are?

A fingerprint

A smartcard

A password

A

A fingerprint

Something you are refers to a physical characteristic that uniquely identifies an individual, such as a fingerprint or other form of biometric. This type of authentication is often used as part of a multifactor authentication procedure because a biometric element can conceivably be compromised. A finger gesture would be considered something you do, a password something you know, and a smartcard something you have

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following is an implementation of Network Access Control (NAC)?

RADIUS

802.1X

LDAP

A

802.1X

NAC is a set of policies that define security requirements that clients must meet before they are permitted to connect to a network. 802.1X is a basic implementation of NAC. RADIUS and TACACS+ are Authentication, Authorization, and Accounting (AAA) services. They are not NAC implementations themselves, although they can play a part in their deployment. Lightweight Directory Access Protocol (LDAP) provides directory service communications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following is the service responsible for issuing certificates to client users and computers?

DNS

AAA

CA

A

CA

A certification authority (CA) is the service that receives requests for certificate enrollment from clients and issues the certificates when the requests are approved. Domain Name System (DNS); Authentication, Authorization, and Accounting (AAA) services; and access control lists (ACLs) do not issue certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following is not one of the roles involved in an 802.1X transaction?

Supplicant

Authentication server

Authorizing agent

A

Authorizing agent

An 802.1X transaction involves three parties: the supplicant, which is the client attempting to connect to the network; the authenticator, which is a switch or access point to which the supplicant is requesting access; and the authentication server, which is typically a RADIUS implementation that verifies the supplicant’s identity. There is no party to the transaction called an authorizing agent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following terms describes the process by which a client user or computer requests that it be issued a certificate, either manually or automatically?

Authorization

Enrollment

Authentication

A

Enrollment

Enrollment is the process by which a client submits a request for a certificate from a certification authority (CA). The enrollment process can be automated and invisible to the user, or it can be a manual request generated using an application. Authorization and authentication, and certification are not terms used for certificate requests

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In an 802.1X transaction, what is the function of the supplicant?

The supplicant is the service that issues certificates to clients attempting to connect to the network.

The supplicant is the network device to which the client is attempting to connect.

The supplicant is the client user or computer attempting to connect to the network.

A

The supplicant is the client user or computer attempting to connect to the network.

An 802.1X transaction involves three parties: the supplicant, which is the client attempting to connect to the network; the authenticator, which is a switch or access point to which the supplicant is requesting access; and the authentication server, which is typically a RADIUS implementation that verifies the supplicant’s identity. The supplicant is not involved in issuing certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

In an 802.1X transaction, what is the function of the authenticator?

The authenticator is the service that issues certificates to clients attempting to connect to the network.

The authenticator is the service that verifies the credentials of the client attempting to access the network.

The authenticator is the network device to which the client is attempting to connect.

A

The authenticator is the network device to which the client is attempting to connect.

An 802.1X transaction involves three parties: the supplicant, which is the client attempting to connect to the network; the authenticator, which is a switch or access point to which the supplicant is requesting access; and the authentication server, which is typically a RADIUS implementation that verifies the supplicant’s identity. The authenticator is not involved in issuing certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An 802.1X transaction involves three roles: the supplicant, the authenticator, and the authentication server. Of the three, which role typically takes the form of a RADIUS implementation?

The supplicant

The authenticator

The authentication server

A

The authentication server

The authentication server role is typically performed by a Remote Authentication Dial-In User Service (RADIUS) server. In an 802.1X transaction, the supplicant is the client attempting to connect to the network, the authenticator is a switch or access point to which the supplicant is requesting access, and the authentication server verifies the client’s identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following best describes an example of a captive portal?

A switch port used to connect to other switches

A web page with which a user must interact before being granted access to a wireless network

A series of two doors through which people must pass before they can enter a secured space

A

A web page with which a user must interact before being granted access to a wireless network

A captive portal is a web page displayed to a user attempting to access a public wireless network. The user typically must supply credentials, provide payment, or accept a user agreement before access is granted. A captive portal does not refer to a switch port, a secured entryway to a room, or a type of extortionate computer attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A user attempting to connect to a Wi-Fi hotspot in a coffee shop is taken to a web page that requires her to accept an End User License Agreement before access to the network is granted. Which of the following is the term for such an arrangement?

Captive portal

Ransomware

Port security

A

Captive portal

A web page that prompts users for payment, authentication, or acceptance of a EULA is a captive portal. Ransomware is a type of attack that extorts payment. Port security and root guards are methods for protecting access to switch ports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following are standards that define combined authentication, authorization, and accounting (AAA) services? (Choose all correct answers.)

802.1X

RADIUS

TACACS+

LDAP

A

RADIUS

TACACS+

Remote Authentication Dial-In User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+) are both services that provide networks with authentication, authorization, and accounting. 802.1X provides only authentication, and Lightweight Directory Access Protocol (LDAP) provides communication between directory service entities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following standards was originally designed to provide authentication, authorization, and accounting services dial-up network connections?

RADIUS

TACACS+

Kerberos

A

RADIUS

Remote Authentication Dial-In User Service (RADIUS) was originally conceived to provide AAA services for Internet Service Providers (ISPs), which at one time ran networks with hundreds of modems providing dial-up access to subscribers. Terminal Access Controller Access Control System Plus (TACACS+) is a protocol that was designed to provide AAA services for networks with many routers and switches but not for dial-up connections. Kerberos and Lightweight Directory Access Protocol (LDAP) are not AAA services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

MAC filtering is an access control method used by which of the following types of hardware devices?

Wireless access point

RADIUS server

Domain controller

A

Wireless access point

Wireless access points (WAPs) typically include the ability to maintain an access control list, which specifies the MAC addresses of devices that are permitted to connect to the wireless network. The technique is known as MAC address filtering. RADIUS servers, domain controllers, and smartcards typically do include MAC filtering capabilities

17
Q

Which of the following technologies utilize access control lists to limit access to network resources? (Choose all correct answers.)

NTFS

LDAP

WAP

Kerberos

A

NTFS

WAP

NTFS files and folder all have access control lists (ACLs), which contain access control entries (ACEs) that specify the users and groups that can access them and the specific permissions they have been granted. Wireless access points (WAPs) have access control lists that contain MAC address of the devices that are permitted to connect to the wireless network. Lightweight Directory Access Protocol and Kerberos are protocols that provide directory service communication and authentication, respectively. Neither one uses access control lists

18
Q

Which of the following statements about RADIUS and TACACS+ are correct?

By default, RADIUS uses UDP, and TACACS+ uses TCP.

By default, RADIUS uses TCP, and TACACS+ uses UDP.

By default, both RADIUS and TACACS+ use TCP.

A

By default, RADIUS uses UDP, and TACACS+ uses TCP.

RADIUS uses User Datagram Protocol (UDP) ports 1812 and 1813 or 1645 and 1646 for authentication, whereas TACACS+ uses TCP port 49

19
Q

Which of the following standards provides authentication, authorization, and accounting services for network routers and switches?

RADIUS

TACACS+

Kerberos

A

TACACS+

Terminal Access Controller Access Control System Plus (TACACS+) is a protocol designed to provide AAA services for networks with many routers and switches, enabling administrators to access them with a single set of credentials. Remote Authentication Dial-In User Service (RADIUS) provides AAA services, but not for routers and switches. Kerberos and Lightweight Directory Access Protocol (LDAP) are not AAA services

20
Q

Which of the following terms refers to the process of determining whether a user is a member of a group that provides access to a particular network resource?

Authentication

Accounting

Authorization

A

Authorization

Authorization is the process of determining what resources a user can access on a network. Typically, this is done by assessing the user’s group memberships. Authentication is the process of confirming a user’s identity. Accounting is the process of tracking a user’s network activity. Access control is the creation of permissions that provide users and groups with specific types of access to a resource

21
Q

Which of the following terms refers to the process of confirming a user’s identity by checking specific credentials?

Authentication

Accounting

Authorization

A

Authentication

Authentication is the process of confirming a user’s identity by checking credentials, such as passwords, ID cards, or fingerprints. Authorization is the process of determining what resources a user can access on a network. Accounting is the process of tracking a user’s network activity. Access control is the creation of permissions that provide users and groups with specific types of access to a resource

22
Q

Which of the following terms refers to the process by which a system tracks a user’s network activity?

Authentication

Accounting

Authorization

A

Accounting

Accounting is the process of tracking a user’s network activity, such as when the user logged on and logged off and what resources the user accessed. Authentication is the process of confirming a user’s identity by checking credentials. Authorization is the process of determining what resources a user can access on a network. Access control is the creation of permissions that provide users and groups with specific types of access to a resource

23
Q

Which of the following statements are true about a public key infrastructure? (Choose all correct answers.)

Data encrypted with a user’s public key can be decrypted with the user’s public key.

Data encrypted with a user’s public key can be decrypted with the user’s private key.

Data encrypted with a user’s private key can be decrypted with the user’s private key.

Data encrypted with a user’s private key can be decrypted with the user’s public key.

A

Data encrypted with a user’s public key can be decrypted with the user’s private key.

Data encrypted with a user’s private key can be decrypted with the user’s public key.

In a public key infrastructure, data encrypted with a user’s public key can only be decrypted with the user’s private key and data encrypted with a user’s private key can only be decrypted with the user’s public key. This enables the system to provide both message encryption and nonrepudiation. If data encrypted with a user’s public key could be decrypted with that same public key, the system would provide no security at all. If data encrypted with a user’s private key could be decrypted with that same private key, the user could only send secure messages to him- or herself

24
Q

Which of the following is not a factor that weakens the security of the Wired Equivalent Privacy (WEP) protocol used on early IEEE 802.11 wireless LANs?

24-bit initialization vectors

Static shared secrets

Open System Authentication

A

Open System Authentication

Open System Authentication enables any user to connect to the wireless network without a password, which actually increases the security of the protocol. This is because most WEP implementations use the same secret key for both authentication and encryption. An intruder that captures the key during the authentication process might therefore penetrate the data encryption system as well. By not using the key for authentication, you reduce the chances of the encryption being compromised. The use of short, 40-bit encryption keys was mandated at the time by U.S. export restrictions. Later protocols used keys at least 128 bits long. The IV is a randomized value appended to the shared secret to ensure that the cipher never encrypts two packets with the same key. The relatively short IV that WEP uses results in a reasonable probability of key duplication, if an attacker captured a sufficient number of packets. Shared secrets that do not change provide attackers with more time to crack them. The lack of a mechanism to automatically change WEP shared secrets weakened the protocol considerably

25
Q

Which of the following encryption ciphers was replaced by CCMP-AES when the WPA2 wireless security protocol was introduced?

EAP

WEP

TKIP

A

TKIP

Wi-Fi Protected Access (WPA) is a wireless security protocol that was designed to replace the increasingly vulnerable Wired Equivalent Privacy (WEP). WPA added an encryption protocol called Temporal Key Integrity Protocol (TKIP). This too became vulnerable, and WPA2 was introduced, which replaced TKIP with an Advanced Encryption Standard (CCMP-AES) protocol

CompTIA Network+ Practice Tests: Exam N10-007 (48 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions