Test Questions Chapter 4 Flashcards
What’s the difference between a digital certificate and a digital signature?
Digital signatures ensure the integrity of the message and who it is from. It verifies the trustworthiness of the data.
Certificates bind a signature to an entity (e.g. an external authority). It verifies the trustworthiness of the sender
Biometric Scans, identification badges and key fobs examples of of means of identifying authorized personnel from unauthorized personnel - true or false?
True
what out of the below can monitor all activities of users in a sensitive area?
1) Video surveillance
2) Identification badge
3) Motion detection
Video Surveillance
Video surveillance can prevent Evil Twin and Insider Threats - true or false?
True
A false positive is when a user who should not be granted access is - true or false?
True
Which Windows supported remote authentication protocol that supports the use of authentication methods other than the use of passwords, such as smartcards?
EAP
Which of the following services are methods of tracking a user’s activities on a network? (Choose all correct answers.)
A. Authentication B. Authorization C. Accounting D. Auditing
C. D.
Which of the following security protocols can authenticate users without transmitting their passwords over the network?
A. Kerberos B. 802.1X C. TKIP D. LDAP
A
TACACS+ was originally designed to provides AAA services to networks with what?
many routers and switches. It allowed admins to login using one set of credentials.
- It was NOT designed for remote access
- RADIUS was originally designed to provide AAA to ISPs and doesn’t provide AAA for routers and switches.
What is the name of the process whereby a client submits a request for a certificate?
Enrollment
in an 802.1x transaction, the authenticator is simply the devices to which the supplicant is requesting access, true or false?
True
Access control lists are used by Windows NTFS and Wireless Access Points - true or false?
True
RADIUS uses TCP true or false?
False, it uses UDP
40-bit encryption
24-bit initialization vector
static shared secret
are all weaknesses of what wireless security standard?
WEP
WPA uses TKIP
WPA2 uses AES
True or false
TRUE
EAP is used on wireless and point-to-point connections to encapsulate authentication messages using dozens of different authentication methods, true or false?
TRUE!
EAP and 802.1x do not themselves provide authorization, encryption, or accounting services - TRUE or FALSE
TRUE
Which EAP variants use tunnelling to provide security for the authentication process?
PEAP
EAP-FAST
What is local authentication?
is an application or service that triggers an authentication request to which a user must respond before access is granted.
Geofencing can use signal strength, GPS location or what else as a form to restrict access to the wireless network?
strategic placement of APs
Certificates associate people and machines to pairs of keys, digital signatures do not, true or false?
True
what is Bluejacking?
Bluejacking is the process of sending unsolicited text messages, images, or sounds to a smartphone or other device using Bluetooth.
An attack where an attacker sends requests containing the target server’s IP address to legitimate servers on the internet is called?
Reflective attack
Which type of DoS attack increases the processing burdern on the target servers?
Amplified attack
Which types of attack don’t require any additional hardware or software?
List 3
Brute Force
Denial of Service
Social Engineering
*they can be done with tools on a standard workstation
VLAN hopping allows an attacker to:
1) change the native VLAN
2) rename the default VLAN
True or False?
BOTH FALSE
It allows the attacker to change the VLAN assignment on a given port
VLAN hopping uses 802.1q spoofing to gain access to a VLAN they are not authorized to do so - TRUE or FALSE
TRUE!
Which DoS attack method involves spoofing an ip address of the victim and sending icmp requests to the network’s broadcast address so that all hosts on that network respond to the victims machine?
Smurfing
What’s the difference between a fraggle attack and smurf?
fraggle uses UDP traffic whereas smurf uses ICMP
ARP poisoning facilitates what type types of attacks?
Man-in-the-middle
Session Hijacking
If users are persistently using weak passwords, despite a policy being in place, what’s the best course of action?
Educate them on what are examples of weak passwords
Which out of the following doesn't ship with default username and password credentials assigned? Routers Switches Access Points Windows Server
Windows Server
Upgrading server firmware is considered a form of device hardening, true or false?
FALSE
Creating a policy instructing users to avoid passwords that use commonly shared information, such as birth dates and the names of children and pets, is an example of which of the following?
A. Mitigation techniques B. Multifactor authentication C. Network hardening D. Access control
C. Network Hardening
What is the administrator account username in Windows and Unix?
Windows = Administrator
Unix - Root
the practice of creating a different virtual server for each server role or application is known as what?
Role Separation
DHCP snooping is a data-link layer process, true or false?
TRUE
DHCP snooping is a data-link layer process, true or false?
TRUE
BPDUs are only receives on ports connected to other switches, true or false?
TRUE
When VLAN tagging is enabled, it makes the native VLAN impervious to double-tagging- TRUE or FALSE
TRUE
Which of the following mitigation techniques helps organizations maintain compliance to standards such as HIPAA and FISMA?
A. File integrity monitoring B. Role separation C. Deauthentication D. Tamper detection
A. File integrity monitoring
If you encrypt a document with a public key, you cannot deny having created it - true or false?
false. Only with a private key that is unique to you.
