Network+ ch 7 - Cloud Computing and Remote Access, Chapter 7, Network+ 7th edition Ch. 7&8, Chapter 7
Brute force attack
A hacker runs a program that tries numerous character combinations until it stumbles on the correct combination and cracks the key. What offensive strategy is this program using?
Network layer
At what layer of the OSI model does the IPSec encryption protocol operate?
IRC
Botnets often make use of what chat protocol in order to receive commands?
An authentication protocol that operates over PPP and also encrypts usernames and passwords for transmission.
CHAP Challenge Handshake Authentication
Digital certificates are issued by organizations known as what term?
Certification authorities
Amazon and Rackspace both utilize what virtualization software below to create their cloud environments?
Citrix Xen
certification authorities
Digital certificates are issued by organizations known as what term?
"What protocol below only provides the framework for authenticating clients and servers, but relies on other encryption and authentication schemes to verify the credentials of clients or servers?"
EAP
The MD5 hashing algorithm is not susceptible to the possibility of hash collisions.
False
The MD5 hashing algorithm is not susceptible to the possibility of hash collisions. T/F
False
60 days
How often should administrators and network users be required to change their password?
One of two services in the key management phase of creating a secure IPsec connection. It negotiates the exchange of keys, including authentication of the keys. It uses UDP and usually runs on port 500
IKE Internet Key Exchange
What security encryption protocol requires regular re-establishment of a connection and can be used with any type of TCP/IP transmission?
IPSec
What security encryption protocol requires regular re-establishment of a connection and can be used with any type of TCP/IP transmission?
IPsec
Which type of cloud service model involves hardware services that are provided virtually, including network infrastructure devices such as virtual servers?
IaaS
Private key
In public key encryption, which key is used to decrypt the message?
The combination of a public key and a private key are known by what term below
Key Pair
At what layer of the OSI model does the IPsec encryption protocol operate?
Network layer
At what layer of the OSI model does the IPSec encryption protocol operate?
Network layer 4
What authentication protocol sends authentication information in cleartext without encryption?
PAP
The _________________ cloud service model provides virtual environments online that can be tailored to the needs of developers.
PAS Platform as a service
True
PPP can support several types of Network layer protocols that might use the connection.
160 bit
The original version of the Secure Hashing Algorithm (SHA) was developed by the NSA, and used a hash of what length?
In Kerberos, a temporary set of credentials that a client uses to prove that its identity has been validated is known as a _____________.
Ticket
An enterprise-wide VPN can include elements of both the client-to-site and site-to-site models.
True
An enterprise-wide VPN can include elements of both the client-to-site and site-to-site models. T?F
True
What are the three tenets of the CIA triad, and how do they provide assurances that data will be protected?
Utility - data arrives in a format that is useful to the receiver Authenticity- data received is the data that was issued by the stated sender and not forged Non-repudiation- provides proof of delivery and proof of the sender's identity
When using a site-to-site VPN, what type of device sits at the edge of the LAN and establishes the connection between sites?
VPN gateway
PAP
What authentication protocol sends authentication information in cleartext without encryption?
polymorphism
What characteristic of viruses make it possible for a virus to potentially change its characteristics (such as file size, and internal instructions) to avoid detection?
TKIP
What encryption protocol was designed as more of an integrity check for WEP transmissions rather than a sophisticated encryption protocol?
Port forwarding
What feature must be configured on a router to redirect traffic from an insecure port to a secure one?
dynamic ARP inspection
What feature on some network switches can be used to detect faked arp messages?
Describe the three way handshake process as used by CHAP
the server sends the client a randomly generated string of characters. The client sends a new string inresponse to theserver while the server concatenates the users password with a challenge and created it own string.
Logic Bomb
What type of virus are dormant until a specific condition is met, such as the changing of a file or a match of the current date?
In the context of IPsec, a type of encryption that provides authentication of the IP packet's data payload through public key techniques
KDC (Key Distribution Center) KDC)
In Kerberos terminology, the server that issues keys to clients during initial client authentication.
KDC Key Distribution Center KDC
Which of the following is NOT an encryption algorithm used by SSH?
SHA-2
What option below is not an encryption algorithm method that is used by SSH?
SHA-2
What two protocols below are Data Link Layer protocols designed to connect WAN endpoints in a direct connection, such as when a client computer connects to a server at an ISP using a dial-up or DSL connection and modem?
SLIP
What two options below are AAA services?
TACACS+ RADIUS
What encryption protocol was designed as more of an integrity check for WEP transmissions rather than a sophisticated encryption protocol?
TKIP
FCS
The PPP headers and trailers used to create a PPP frame that encapsulates Network layer packets vary between 8 and 10 bytes in size due to what field?
PPP can support several types of Network layer protocols that might use the connection
True
PPP can support several types of Network layer protocols that might use the connection.
True
128 bits
What is the minimum acceptable key size for today's security standards?
non-repudiation
What security principle provides proof of delivery and proof of the sender's identity?
In the authorized keys file on the host where the SSH server is.
When using public and private keys to connect to an SSH server, where must your public key be placed?
Access control
Which of the following is NOT one of the three AAA services provided by RADIUS and TACACS+?
L2TP
Which tunneling protocol is accepted and used by multiple vendors?
IaaS
Which type of cloud service model involves hardware services that are provided virtually, including network infrastructure devices such as virtual servers?
True
Windows, UNIX, Linux, and Mac OS clients are all capable of connecting to a VPN using PPTP.
Digital certificates are issued by organizations known as what term?
certification authorities
Describe how public key encryption works.
data is encrypted using two keys, one known to the user and the other is public key associated with the user
Describe the TLS/SSL handshake process as initiated by a web client accessing a secure website.
it allows the client and server to introduce themselves to each other and establishes terms for how they will securely exchange data.
The combination of a public key and a private key are known by what term below?
key pair
SaaS
What cloud service model involves providing applications through an online user interface, providing for compatibility with a multitude of different operating systems and devices?
SHA-2
What option below is not an encryption algorithm method that is used by SSH?
22
What option below is not an encryption algorithm method that is used by SSH?
EAP
What protocol below only provides the framework for authenticating clients and servers, but relies on other encryption and authentication schemes to verify the credentials of clients or servers?
IPSec
What security encryption protocol requires regular re-establishment of a connection and can be used with any type of TCP/IP transmission?
What two protocols below are Data Link Layer protocols designed to connect WAN endpoints in a direct connection, such as when a client computer connects to a server at an ISP using a dial-up or DSL connection and modem?
SLIP, PPP
What protocol below is a Microsoft proprietary protocol first available in Windows Vista?
SSTP
What cloud service model involves providing applications through an online user interface, providing for compatibility with a multitude of different operating systems and devices?
SaaS
A service model in which applications are provided through an online user interface and are compatible with a multitude of devices and operating systems.
SaaS Software as a Service
A Layer 2 communications protocol that enables a workstation to connect to a server using a serial connection such as dial-up or DSL. It can support multiple Network layer protocols and can encrypt transmissions.
TKIP Temporal Key Integrity Protocol
An encryption key generation and management scheme used by 802.11i
TKIP Temporal Key Integrity Protocol
banner-grabbing attack
An attack in which hackers transmit bogus requests for connection to servers or applications in order to harvest useful information to guide their attack efforts is known as what option below?
What two different types of encryption can be used by IPSec during data transfer?
Authentication Header (AH) and Encapsulating Security Payload (ESP)
False
The MD5 hashing algorithm is not susceptible to the possibility of hash collisions.
PPP can support several types of Network layer protocols that might use the connection. T/F
True
Windows, UNIX, Linux, and Mac OS clients are all capable of connecting to a VPN using PPTP.
True
A _________________ is a service that is shared between multiple organizations, but not available publicly.
Community Cloud
Windows, UNIX, Linux, and Mac OS clients are all capable of connecting to a VPN using PPTP. T/F
True
A variant of TLS is ___________________, which provides authentication like SSL/TLS, but does not require a certificate for each user.
Tunneled Transport Layer Security
TKIP
What encryption protocol was designed as more of an integrity check for WEP transmissions rather than a sophisticated encryption protocol?
What protocol below only provides the framework for authenticating clients and servers, but relies on other encryption and authentication schemes to verify the credentials of clients or servers?
EAP
In the contest of IPsec, a type of encryption that provides authentication of the IP packet's data payload through public key techniques. In add, it also encrypts the entire IP packed for added security.
ESP Encapsulating Security Payload
What two different types of encryption can be used by IPsec during data transfer?
Encapsulating Security Payload (ESP) Authentication Header (AH)
The PPP headers and trailers used to create a PPP frame that encapsulates Network layer packets vary between 8 and 10 bytes in size due to what field?
FCS
After L2TP establishing a VPN tunnel, GRE is used to transmit L2TP data frames through the tunnel.
False
After L2TP establishing a VPN tunnel, GRE is used to transmit L2TP data frames through the tunnel. T/F
False
A service model in which hardware services are provided virtually, including network infrastructure devices such as virtual servers.
IaaS Infrastructure as a Service
0.0.0.0
In ACL statements, the any keyword is equivalent to using what wildcard mask below?
When using public and private keys to connect to an SSH server, where must your public key be placed before you can connect?
In an authorization file on the host where the SSH server is.
The key management phase of IPSec is reliant on which two services below?
Internet Security Association and Key Management Protocol (ISAKMP) Internet Key Exchange (IKE)
The key management phase of IPsec is reliant on which two services below?
Internet Security Association and Key Management Protocol (ISAKMP), Internet Key Exchange (IKE)
True
PPP can support several types of Network layer protocols that might use the connection.
When PPP is used over an Ethernet network, it is known as ________________.
PPoE
smurf attack
What kind of attack involves a flood of broadcast ping messages, with the originating source address being spoofed to appear as a host on the network?
A service model in which various platforms are provide virtually, enabling developer s to build and test application within virtual, online environments tailored to the specific needs of a project.
PaaS
Virtual Wire mode
What mode setting on a firewall makes the firewall transparent to surrounding nodes as if it's just part of the wire?
SSTP
What protocol below is a Microsoft proprietary protocol first available in Windows Vista?
DirectAccess
What service in Windows Server 2012 R2 authenticates remote users and computers to the Windows domain and its corporate network resources?
PaaS
Which cloud computing service model gives software developers access to multiple operating systems for testing?
IPsec
Which encryption protocol does GRE use to increase the security of its transmissions?
PPPoE
Which remote access protocol is used over an Ethernet network?
metasploit
Which software below combines known scanning techniques and exploits to allow for hybrid exploits?
Natas
Which virus below combines polymorphism and stealth techniques to create a very destructive virus?
A SecurID key chain fob from RSA security generates a password that changes how often?
every 60 seconds
How is GRE used by the PPP protocol
it encapuslates PPP frames them take on the temporary id of IP packets at layer 3
What security principle provides proof of delivery and proof of the sender's identity?
non-repudiation
What security principle provides proof of delivery and proof of the sender's identity?
non-repudiation
When using public and private keys to connect to an SSH server, where must your public key be placed?
In the authorized keys file on the host where the SSH server is.
The original version of the Secure Hashing Algorithm (SHA) was developed by the NSA, and used a hash of what length?
160
The original version of the Secure Hashing Algorithm (SHA) was developed by the NSA, and used a hash of what length?
160 bit
The SSH service listens on what TCP port?
22
What two key lengths are the most popular for the SHA-2 hashing algorithm?
256 and 512
What two key lengths are the most popular for the SHA-2 hashing algorithm?
256, 512
How often should administrators and network users be required to change their password?
60 days
True
A SOHO wireless router typically acts as a firewall and may include packet filtering options.
amplification attack
A reflective attack can be increased in intensity by combining it with what type of attack?