Sybex Chp 12-14 Flashcards

1
Q

True or False

In PPTP, the initial tunnel negotiation is not encrypted

A

True

Therefore, the IP address of the sender and receiver (and even usernames and hashed passwords) could be intercepted by an attacker.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

True or False

PPTP does not support TACAS+ or RADIUS

A

True - PPTP does not support TACAS+ or RADIUS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

True or False

L2F does not offer encryption

A

True - L2F does not offer encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

True or False

L2F does not support TACAS+ or RADIUS

A

False - L2F does support TACAS+ or RADIUS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

IPSec Authentication Header (AH) provides limited authentication

A

False

IPSec Authentication Header (AH) supports:

  • –Authentication
  • –Integrity
  • –Non-repudiation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

IPSec Encapsulating Security Payload (ESP) provides encryption to protect the confidentiality of transmitted data (and limited authentication)

A

True

ESP has two modes:

—Transport Mode - IP header is not encrypted (data is encrypted)

—Tunnel Mode - IP Header and data is encrypted ad a new header is generated to govern transmission through the tunnel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Main difference between Smart-card and Memory-card?

A

Smart card has a processor that can be used for authentication, encrypt data, or digitally sign email.

Memory card just holds authentication data about a user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Explain BYOD Device Fingerprinting

A

Users register their device and associate it with their account. The enrollment captures system characteristics (CPU, Memory, Applications, model, serial, etc.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Identity as a Service (IDaaS)?

A

3rd Party service that provides cloud identity and access management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How does a right and a permission differ?

A

A permission has to do with an object (read/write/edit/execute,etc.)

A right has to do with an ability to do something (change time, restore a file)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

__________ are subject focused and identify the objects that subjects can access.

ACL
Capability list

A

Capability list are subject focused and identify the objects that subjects can access.

Capability tables are focused on subjects (such as users, groups, roles)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

__________ are object focused and identify access granted to subjects for any specific object.

ACL
Capability list

A

ACL are object focused and identify access granted to subjects for any specific object.

DAC Access Models are implemented using ACLs on objects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which hash is not collision free?

MD5
SHA-3

A

MD-5 (128-bits) - considered broken

SHA-3 (512-bits) - considered safe against birthday attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

This attack focuses on finding collisions in hashes

A

Birthday Attack

Find enough samples and you will find a collision

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is an Advanced Persistent Threat?

A

An APT is usually a government-funded group of very smart people with very expensive toys with the purpose of doing bad things with computers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly