Ports/Protocols

Question 1

SSH

Answer 1

Secure Shell

22

Secure remote access

Question 2

SCP

Answer 2

Secure Copy Protocol

22

Secure copy to Linux/Unix

Question 3

DNSSEC

Answer 3

DNS Secure

TCP/UDP 55

Secure DNS traffic via certificates (no encryption)

Question 4

Kerberos

Answer 4

TCP/UDP 88

Secure authentication

Question 5

SNMPv3

Answer 5

Simple Network Management Protocol

UDP 162

Remote monitoring/configuration of network devices

Question 6

LDAPS

Answer 6

Lightweight Directory Access Protocol over SSL

636

Secure directory services

Question 7

HTTPS

Answer 7

Hypertext Transport Protocol over TLS/SSL

443

Secure web browsing

Question 8

HTTP

Answer 8

Hypertext Transport Protocol

80

Question 9

TLS/SSL

Answer 9

Transport Layer Security/Secure Sockets Layer

443

Secure data in transit

Question 10

TLS/SSL

Answer 10

Transport Layer Security/Secure Sockets Layer

443

Secure data in transit

Question 11

IPSec

Answer 11

Internet Protocol Security

UDP 500

Secure VPN sessions between hosts

Question 12

SMTPS

Answer 12

Simple Mail Transfer Protocol Secure

587

Secure SMTP (email)

Question 13

IMAP4

Answer 13

Internet Message Access Protocol

993

Secure IMAP (email)

Question 14

POP3

Answer 14

Post Office Protocol

995

Secure POP (email)

Question 15

S/MIME

Answer 15

Secure/Multipurpose Internet Mail Extensions

993

Encrypt/digitally sign email

Question 16

FTPS

Answer 16

File Transfer Protocol Secure

989/990

Download large files securely

Question 17

RDP

Answer 17

Remote Desktop Protocol

3389

Secure remote access

Question 18

SIP

Answer 18

Session Initiated Protocol

5060/5061

Signaling/controlling in VoIP

Question 19

SRTP

Answer 19

Secure Real Time Protocol

5061

Encryption/message auth/integrity for VoIP audio/video

Uses AES encryption

Question 20

SMTP (base)

Answer 20

TCP 25

Question 21

DNS

Answer 21

Domain Name System

TCP/UDP 53

Question 22

SNMP (base)

Answer 22

UDP 161/162

Question 23

LEAP

Answer 23

Lightweight

Cisco proprietary alternative to TKIP (WPA)

Question 24

PEAP

Answer 24

Protected

Encapsulates EAP within TLS tunnel

Doesn’t require client certificates

AS uses digital certificate instead of PAC

User authenticates with MSCHAPv2 or generic token card/hardware token generator

Question 25

EAP-FAST

Answer 25

Used when connection speed is important

Replaced LEAP

AS/supplicant share protected access credential (PAC)

Authentication over TLS tunnel

Need RADIUS server

Question 26

EAP-TLS

Answer 26

Requires digital certificates on AS + all other devices (all wireless clients)

AS + supplicant exchange certificates for mutual authentication

Not all devices can support use of digital certificates

Question 27

EAP-TTLS

Answer 27

Set up secure session with server via TLS tunnel

Utilizing certificates that are seamless to client (only requires digital certificate on AS)

Use any authentication method inside TLS tunnel

Legacy system connections

Question 28

EAP

Answer 28

Integrates with 802.1X

Supplicant (user device)

Authenticator (switch/controller)

Authentication server (RADIUS server)

Question 29

802.1X

Answer 29

Port-based NAC

Used in conjunction with access database (RADIUS/LDAP/TACACS+)

Question 30

LDAP

Answer 30

TCP 389