Security Fundamentals Q/A's

Question 1

What does TACACS+ stand for?

Answer 1

Terminal Access Controller Access Control System

Question 2

What is does RADIUS stand for?

Answer 2

Remote Authentication Dial-In User Service

Question 3

RADIUS encrypt what packet type from client to server?

Answer 3

access-request packet

Question 4

TACACS+ encrypts the entire or partial body of each packet?

Does TACACS+ encrypt the header?

Answer 4

Encrypts the full content of each packet.

No, it does not include the header

Question 5

802.1x is used for what?

What types of messages are allowed to a 802.1x port and which packets will be blocked?

Answer 5

Port Based Network Access Control

Only 802.1x messages are allowed to go thru the port all other packets will be blocked.

Question 6

What does AAA server stand for?

Answer 6

Authorization, Authenticated and Accounting

Question 7

What two protocols are commonly used in AAA server?

Answer 7

RADIUS and TACACS+

Question 8

What protocol and port does TACACS+ use to communicate between the TACACS+ server?

Answer 8

TCP port 49

Question 9

What’s is created between two endpoints using a Virtual Private Network VPN?

Answer 9

A tunnel

Question 10

What is a site-to-site VPN over a public network?

Answer 10

multiple fixed locations

Question 11

What is a remote access VPN over a remote network?

Answer 11

secure VPN connection

Question 12

What does Multi-Factor Authentication (2FA) use to identify users?

Answer 12

two or more authentication factors

Question 13

What does a security certificate authenticate and identify?

Answer 13

reliability of a website or web application

Question 14

What does biometric security use to identify uses?

Answer 14

physical biorecognition technology

Question 15

What is malware software intentionally designed to do upon infection?

Answer 15

cause damage to server, network or computer

Question 16

How does a DOS attack work?

Answer 16

floods the target with traffic until it crashes

Question 17

What does an exploit use to take advantage of one’s own system?

Answer 17

bugs or vulnerabilities.

Question 18

What is ransomware?

Answer 18

malware that requires victims to make payment using cryptography to regain access their files or resources.

Question 19

What is sphere-phishing?

Answer 19

targeted malware attack sent via email to a specific person or organization

Question 20

What is a Phishing attack?

Answer 20

random malware attack via email links

Question 21

What is a Trojan horse?

Answer 21

legitimate looking code designed to take control of your computer.

Question 22

What is an SQL Injection?

Answer 22

malicious SQL entries injected to attack data-driven applications

Question 23

What is a man in the middle attack?

Answer 23

something in the middle intercepting communication between two end-points

Question 24

What are 802.1x authenticators?

Answer 24

L2 switches or Wireless Access Point (WAP).

Question 25

What is a 802.1x authentication server used to validate?

Answer 25

client’s credentials

Question 26

What is an example of a 802.1x supplicant or Client, which tries to access the network?

Answer 26

user machine (PC)

Question 27

What is TACACS+ / RADIUS used for?

Answer 27

Centralize user access management

Question 28

What requests do RADIUS servers receive and why?

Answer 28

user connection requests to authenticate users and return configuration information

Question 29

What does RADIUS encrypt?

Answer 29

username and encrypted password

Question 30

When 802.1x is enabled on a switch port what state will the port be in until user is connected to the port authenticated?

Answer 30

blocked state

Question 31

What access layer is 802.1X?

Answer 31

L2

Question 32

What is an AAA server used for?

Answer 32

Centralize management of username and passwords