3.1 Given a scenario, implement secure protocols.
A stratum 1 time server obtains routine updated time to ensure accuracy. Evaluate the Network Time Protocol (NTP) and conclude which device provided the updates.
Atomic Clock
A server administrator should use which protocol to secure user communication with web services?
HTTPS
A web server will utilize a directory protocol to enable users to authenticate with domain credentials. A certificate will be issued to the server to setup a secure tunnel. Which protocol is ideal for this situation?
LDAPS
After setting up a Git repository for a team of developers, the systems administrator opted to use Kerberos to allow other users to log in and use its services. How would configuring Kerberos benefit the overall security of the application?
Provides secure communication for directory services
Management has setup a feed or subscription service to inform users on regular updates to the network and its various systems and services. The feed is only accessible from the internal network. What else can systems administrators do to limit the service to internal access?
Provision SSO access
A user's device does not make a direct cabled connection to the network. Instead, the connection occurs over or through an intermediate network. Describe this type of connection.
Remote access
The administrator in an exchange server needs to send digitally signed and encrypted messages. What should the administrator execute?
S/MIME
A system administrator completes a file transfer, secured by encrypting the authentication and data between the client and server over TCP port 22. Evaluate the file transfer protocols and determine which protocol the administrator used.
SFTP
A network administrator sets up a protocol for management and monitoring. The administrator needs the protocol to support encryption and to have a strong user-based authentication. Recommend which protocol to use.
SNMPv3
When implementing voice and video teleconferencing solutions, which protocol provides confidentiality for the actual call data?
SRTP
Employees log into their email and the messages download from the server onto the client. The mail server does not store the messages. Compare the following email protocols and determine which protocol this represents.
Secure Post Office Protocol v3
An administrator needs to complete a Secure File Transfer (SFTP) between UNIX systems. Compare the methods for obtaining secure remote access and determine which method the admin will most likely use.
Secure Shell
Two project managers are on the phone, discussing plans for a new site. The call changes over to video, as a way for one site manager to show a schematic on a wall. Compare types of communication services and determine which service the project managers are using.
Unified Communications
A network engineer is securing communication between two applications on a private network. The applications will communicate using Internet protocol security (IPSec). Recommend the settings that will provide IP header integrity and encrypted data payload. (Select all that apply.)
*AH protocol *Transport mode *ESP protocol
Select the vulnerabilities that can influence routing. (Select all that apply.)
*ARP poisoning *Fingerprinting *Route Injection
A system administrator completes a file transfer by negotiating a tunnel before the exchange of any commands. Evaluate the file transfer protocols to conclude which protocol the admin used. (Select all that apply.)
*FTPS *FTPES
In which of the following cases can Transport Layer Security (TLS) be used to provide encrypted communication of services? (Select all that apply.)
*File transfer *Web *Directory services
A Transport Layer Security (TLS) Virtual Private Network (VPN) requires a remote access server listening on port 443 to encrypt traffic with a client machine. An IPSec (Internet Protocol Security) VPN can deliver traffic in two modes. One mode encrypts only the payload of the IP packet. The other mode encrypts the whole IP packet (header and payload). These two modes describe which of the following? (Select all that apply.)
*Transport *Tunnel
Consider the principles of web server hardening and determine which actions a system administrator should take when deploying a new server. (Select all that apply.)
*Use SSH for uploading files *Use the configuration templates provided *Secure a guest account
What provides an automatic method for network address allocation?
DHCP
An authoritative server for a zone creates a Resource Records Set (RRSet) signed with a zone signing key. Analyze Domain Name System (DNS) traits and functions and conclude what the scenario demonstrates.
DNS Security Extensions
Implementing Lightweight Directory Access Protocol Secure (LDAPS) on a web server secures direct queries to which of the following?
Directory services
Management inquired about ways to secure the domain name servers. An admin suggests using DNS SEC, or Domain Name Server Security Extensions, to help mitigate against spoofing and poisoning attacks. Which port is ideal for DNSSEC traffic?
TCP 53
A company recently implemented a Secure Sockets Layer/Transport Layer Security (SSL/TLS) version that supports Secure Hashing Algorithm-256 (SHA-256) cipher. Compare and contrast the SSL/TLS versions and determine which version deployed.
TLS 1.2