6.9-6.12

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

You want to use Kerberos to protect LDAP authentication. Which authentication mode should you choose?

SASL

you have recently reconfigured FTP to require encryption of both passwords and data transfers. you would like to check the network traffic to verify that all FTP passwords and data are encrypted. which tool should you use?

protocol analyzer

you want to identify traffic that is generated and sent through the network by a specific application running on a device. which tool should you use?

protocol analyzer

which of the following are differences between RADIUS and TACACS+

radius combines authentication and authorization into a single function' TACACS+ allows these services to be split between different servers

You often travel away from the office. While traveling, you would like to use a modem on your laptop computer to connect directly to a server in your office and access files on that server that you need. You want the connection to be as secure as possible. Which type of connection will you need?

remote access

You have run a vulnerability scanning tool and identified several patches that need to be applied to a system. What should you do next after applying the patches?

run the vulnerability assessment again

When using Kerberos authentication, which of the following terms is used to describe the token that verifies the identity of the user to the target system?

ticket

a user has just authenticated using Kerberos. which object is issued to the user immediately following login?

ticket granting ticket

You want to use a vulnerability scanner to check a system for known security risks. What should you do first?

update the scanner definition files

Your LDAP directory service solution uses simple authentication. What should you always do when using simple authentication?

use SSL

you want to be able to identify the services running on a set of servers on your network. which tool would best give you the information you need?

vulnerability scanner

You want to use a tool to see packets on a network, including the source and destination of each packet. Which tool should you use?

wireshark

what is mutual authentication?

A process by which each party in an online communication verifies the identity of the other party

which of the following ports are used with TACACS?

49

You want to deploy SSL to protect authentication traffic with you LDAP-based directory service. Which port would this use?

636

Which ports does LDAP use by default? (Select two.)

- 636 - 389

KWalletManger is a Linux based credential management system that stores encrypted account credentials for network resources. Which encryption methods can KWalletManager use to secure account credentials?(Two)

- GPG - Blowfish

which of the following are methods for providing centralized authentication, authorization, and accounting for remote access?

- TACAS+ - RADIUS

which of the following are requirements to deploy Kerberos on a network?

- a centralized database of users and passwords - time synchronization between devices

which of the following are characteristics of TACACS+

- allow three different servers, one each for authentication, authorization, and accounting - uses TCP

which of the following are performed by the microsoft baseline security analyzer tool?

- check for missing patches - check for open ports - check user accounts for weak passwords

which of the following functions can a port scanner provide?

- discovering unadvertised servers - determining which ports are open on a firewall

You want to use a tool to scan a system for vulnerabilities including open ports, running services, and missing patches. Which tool would you use? (select two)

- nessus - retina

required when implementing Kerberos for authentication and authorization

- ticket granting server -time synchronization

you are configuring a dial-up connection to a remote access server. which protocols would you choose to establish the connection and authenticate, providing the most secure connection possible?

-PPP -CHAP

RADIUS is primarily used for what purpose?

Authenticating remote clients before access to the network is granted

You want to protect the authentication credentials you use to connect to the LAB server in your network by copying them to a USB drive. What option would you hit?

Back up credentials

Which remote access authentication protocol allows for the use of smart cards for authentication?

CHAP

which of the following authentication mechanisms is designed to protect a nine-character password from attacks by hashing the first seven characters into a single hash and then hashing the remaining two characters into another separate hash?

LANMAN

which of the following identifies standards and XML formats for reporting and analyzing system vulnerabilities?

OVAL

which of the following authentication protocols transmits passwords in cleartext, and is, therefore, considered too insecure for modern networks?

PAP

You want to set up a service to allow multiple users to dial in to the office server from modems on their home computers. What service should you implement?

RAS

which of the following protocols can be used to centralize remote access authentication?

TACACS

which of the following is the type of port scan that does not complete the full three-way TCP handshake, but rather listens only for either SYN/ACK or RST/ACK packets?

TCP SYN Scan

which of the following is the best example of remote access authentication

a user establishes a dial-up connection to a server to gain access to shared resources

You have a small network of devices connected together using a switch. You want to capture the traffic that is sent from Host A to Host B. On Host C, you install a packet sniffer that captures network traffic. After running the packet sniffer, you cannot find any captured packets between Host A and Host B. What should you do?

configure port mirroring

a manager has told you she is concerned about her employees writing their passwords for websites, network files, and database resources on sticky notes. your office runs exclusively in a windows environment. Which tool could you use to prevent this behavior?

credential manager

a security administrator logs onto a windows server on her organization's network. she then runs a vulnerability scan on that server. what type of scan was conducted in this scenario?

credentialed scan

You are using a vulnerability scanner that conforms to the OVAL specifications. Which o the following items containing a specific vulnerability or security issue that could be present on a system?

definition

which of the following is a characteristic of TACACS+

encrypts the entire packet, not just authentication packets

You want to check a server for user account that have weak password. Which tool should you use?

john the ripper

which of the following protocols uses port 88

kerberos

You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffer software on a device which is connected to the same hub with three other computers. the hub is connected to the same switch that is connected to the router. When you run the software, you only see frames addressed to the four workstations but not the router. Which feature should you configure?

mirroring

which of the following is a feature of MS-CHAP v2 that is not included in CHAP?

mutual authentication

You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram. Which tool should you use?

network mapper

a security administrator needs to run a vulnerability scan that will analyze a system from the perspective of a hacker attacking the organization from the outside. what type of scan should he use?

non-credentialed scan

you have a network with three remote access servers, a radius server used for authentication and authorization, and a second radius server used for accounting. where should you configure remote access policies

on the radius server used for authentication and authorization

You are concerned about attacks directed against the firewall on your network. You would like to examine the content of individual frames sent to the network. Which tool should you use?

packet sniffer

you want to know which protocols are being used on your network. You'd like to monitor network traffic and sort traffic by protocol. which tool should you use?

packet sniffer

CHAP performs which of the following security functions?

periodically verifies the identity of a peer using a three-way handshake

You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept packets sent to those services. Which tool should you use?

port scanner

You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffer software on a device which is connected to the same hub that is connected to the router. When you run the software, you only see frames addressed to the workstation and not other devices. Which feature should you configure?

promiscuous mode


Ensembles d'études connexes

Texas Statutes and Rules Common to All Lines

View Set

Test 3 (Oligopolys and Monopolistic comp)

View Set

Ch 3 Test: Interests and Estates

View Set