Secure Protocols

Question 1

_____ is when a port scanner uses a tool such as Nmap that can reveal the presence of a router and which dynamic routing and management protocols it is running.

Answer 1

Fingerprinting

Question 2

The _____ provides an automatic method for network address allocation. As well, an IP address and subnet mask can include optional parameters

Answer 2

Dynamic Host Configuration Protocol (DHCP)

Question 3

The _____ is a system for resolving host names and domain labels to IP addresses. It uses a distributed database system that contains information on domains and hosts within those domains.

Answer 3

Domain Name System (DNS)

Question 4

_____ help to mitigate against spoofing and poisoning attacks by providing a validation process for DNS responses.

Answer 4

DNS Security Extensions (DNSSEC)

Question 5

_____ is another redirection attack, but instead of trying to subvert the name service used by the client, it aims to corrupt the records held by the DNS server itself.

Answer 5

DNS server cache poisoning

Question 6

_____ is a set of open, non-proprietary standards that you can use to secure data as it travels across the network or the Internet.

Answer 6

Internet Protocol Security (IPSec)

Question 7

The _____ protocol performs a cryptographic hash on the packet plus a shared secret key (known only to the communicating hosts) and adds this Hashed Message Authentication Code (HMAC) in its header as an Integrity Check Value (ICV).

Answer 7

Authentication Header (AH)

Question 8

_____ is when the whole IP packet (header and payload) is encrypted and a new IP header added.

Answer 8

Tunnel mode

Question 9

_____ is a set of open, non-proprietary standards that you can use to secure data as it travels across the network or the Internet.

Answer 9

Internet Protocol Security (IPSec)

Question 10

The _____ protocol provides confidentiality and/or authentication and integrity. It encrypts the data payload.

Answer 10

Encapsulation Security Payload (ESP)

Question 11

_____ secures communications between hosts on a private network (an end-to-end implementation)

Answer 11

Transport mode

AH and ESP running transport mode provides confidentiality, integrity, and authentication for internal secure communication.

Question 12

_____ is a widely accepted method for sending digitally signed and encrypted messages. It allows the sender to encrypt the emails and digitally sign them.

Answer 12

Secure/Multipurpose Internet Mail Extensions (S/MIME)

Question 13

The _____ is one of the most widely used session control protocols.

Answer 13

Session Initiation Protocol (SIP)

Question 14

The _____ is a mailbox protocol designed to allow mail to be stored on a server and downloaded to the recipient’s email client at his or her convenience.

Answer 14

Post Office Protocol v3 (POP3)

Question 15

_____ uses port 636 to set up a secure channel to a directory service using a digital certificate.

Answer 15

Lightweight Directory Access Protocol Secure (LDAPS)

Question 16

_____ provides confidentiality and/or authentication and integrity. ESP is used with Internet Protocol Security (IPSec) over layer 3 of the Open Systems Interconnection (OSI) model.

Answer 16

Encapsulation Security Payload (ESP)

Question 17

_____ use messaging applications that combine multiple communications channels and technologies into a single platform. These communications channels can include voice, messaging, interactive whiteboards, data sharing, email, and social media

Answer 17

Unified Communications (UC)

Question 18

_____ is deprecated and should only be deployed when subject to risk assessments.

Answer 18

SSL 2.0

Question 19

_____ adds support for the strong Secure Hash Algorithm (SHA)-256 cipher.

Answer 19

Transport Layer Security (TLS) 1.2

Question 20

_____ is designed for dial-up access. The client contacts the server to download its messages, then disconnects. IMAP supports permanent connections to a server and connecting multiple clients to the same mailbox simultaneously. Messages are stored and organized on the server.

Answer 20

Secure Internet Message Access Protocol v4 (IMAP4)

Question 21

_____ specifies how mail is delivered from one system to another.

Answer 21

Simple Mail Transfer Protocol (SMTP)

Question 22

_____ implicitly negotiates a Secure Sockets Layer/Transport Layer Security (SSL/TLS) tunnel before the exchange of any File Transfer Protocol (FTP) commands. This mode uses the secure port 990 for the control connection.

Answer 22

File Transfer Protocol over SSL (FTPS)

Question 23

_____ uses the AUTH TLS command to upgrade an unsecure connection established over port 21 to a secure one. This negotiates a SSL/TLS tunnel explicitly and is preferred over FTPS.

Answer 23

Explicit FTP over SSL (FTPES)

Question 24

_____ encrypts the authentication and data transfer between the client and server and a secure link is created between the client and server using SSH.

Answer 24

Secure Shell FTP (SFTP)

Question 25

_____ is a connectionless protocol that provides file transfer services but does not provide guaranteed delivery.

Answer 25

Trivial File Transfer Protocol (TFTP)

Question 26

Top level Network Time Protocol (NTP) servers _____ obtain the Coordinated Universal Time (UTC) from a highly accurate clock source, such as an atomic clock.

Answer 26

stratum 1

Question 27

A _____ server would obtain the time from a stratum 1 server, but not in reverse.

Answer 27

stratum 2

Question 28

A _____ server would obtain the time from a stratum 2

Answer 28

stratum 3

Question 29

_____ supports encryption and strong user-based authentication. Instead of community names, the agent is configured with a list of usernames and access permissions.

Answer 29

Simple Network Management Protocol (SNMP) v3

Question 30

_____ is the database that the SNMP agent uses. The agent is a process that runs on a switch, router, server, or SNMP compatible network device.

Answer 30

Management Information Base (MIB)

Question 31

_____ uses community names that are sent in plaintext and should not be transmitted over the network if there is any risk they could be intercepted.

Answer 31

Simple Network Management Protocol SNMPv1

Question 32

_____ is the default Windows secure authentication and authorization protocol for directory services. It is a single sign-on service based on a time-sensitive ticket-granting system.

Answer 32

Kerberos

Question 33

_____ encrypts actual real-time data, like voice and video. It provides confidentiality for the actual call data.

Answer 33

Secure real-time transport protocol (SRTP)