Sec 9.10 Secure Protocols SSL/ TLS/IPsec/HTTPS
IPsec is implemented through two separate protocols. What are these protocols called? (Select two.)
AH-Authentication Header ESP-Encapsulating Security Payload
What is the primary function of the IKE protocol used with IPsec?
Create a security association between communicating partners. The Internet Key Exchange (IKE) protocol is used with IPsec to create a security association between communicating partners. It controls the negotiation of encryption methods, identifies how keys are exchanged, and sets up other parameters that control communications.
Which of the following tools allow for remote management of servers? (Select two.)
telnet and ssh
Which of the following is a secure alternative to FTP that uses SSL for encryption?
FTPS
Which of the following protocols uses port 443?
HTTPS Hyper Text Transfer Protocol Secure (HTTPS) is a secure form of HTTP that uses either SSL or TLS to encrypt sensitive data before it is transmitted. HTTPS uses port 443.
Which TCP/IP protocol is a secure form of HTTP that uses SSL as a sublayer for security?
Https
Which of the following network layer protocols provides authentication and encryption services for IP-based network traffic?
IPsec IPsec is security implementation that provides security for all other TCP/IP based protocols that operate above the network layer. IPsec provides authentication through a protocol called IPsec Authentication Header (AH) and encryption services through a protocol called IPsec Encapsulating Security Payloads (ESP).
Which of the following protocols can TLS use for key exchange? (Select two.)
RSA&Diffie
Telnet is inherently insecure because its communications is in plaintext and easily intercepted. Which of the following is an acceptable alternative to Telnet?
SSH SSH (Secure Shell) is a secure and acceptable alternative to Telnet. SSH allows for secure interactive control of remote systems. SSH uses RSA public key cryptography for both connection and authentication. SSH uses the IDEA algorithm for encryption by default, but is also able to use Blowfish and DES.
Which protocol does HTTPS use to offer greater security in web transactions?
SSL
You want to allow traveling users to connect to your private network through the internet. Users will connect from various locations, including airports, hotels, and public access points such as coffee shops and libraries. As such, you won't be able to configure the firewalls that might be controlling access to the internet in these locations. Which of the following protocols would be most likely to be allowed through the widest number of firewalls?
SSL Ports must be opened in firewalls to allow VPN protocols. For this reason, using SSL for the VPN often works through firewalls, when other solutions do not because SSL uses port 443--a port that is often already open to allow HTTPS traffic. In addition, some NAT solutions do not work well with VPN connections.
You are purchasing a hard disk from an online retailer over the internet. What does your browser use to ensure that others cannot see your credit card number on the internet?
SSL Your web browser uses SSL (Secure Sockets Layer) to ensure safe web transactions. URLs that begin with HTTPS:// trigger your web browser to use SSL.
Which of the following protocols are often added to other protocols to provide secure transmission of data? (Select two.)
SSL & TLS
SSL (Secure Sockets Layer) operates at which layer of the OSI model?
SSL (Secure Sockets Layer) operates at the Session layer of the OSI model.
When using SSL authentication, what does the client verify first when checking a server's identity?
The current date and time must fall within the server's certificate validity period. SSL clients verify a server's identity with the following steps: The client checks the server's certificate validity period. The authentication process stops if the current date and time fall outside of the validity period. The client verifies that the issuing Certificate Authority (CA) is on its list of trusted CAs. The client uses the CA's public key to validate the CA's digital signature on the server certificate. If the digital signature can be verified, the client accepts the server certificate as a valid certificate issued by a trusted CA. To protect against Man in the Middle attacks, the client compares the actual DNS name of the server to the DNS name on the certificate.
