Security+ Chapter 11
With IPsec, security associations are used to establish the logical set of security parameters designed to facilitate the sharing of information between entities. The security association protects - Confidentiality - Integrity and confidentiality - Confidentiality and availability - Integrity and availability
Integrity and confidentiality
Which type of access control would you use to grant permissions based on the sensitivity of the information contained in the objects? - Mandatory access control - Discretionary Access Control - Role-based access control - Rule-based access control
Mandatory access control
A door that requires a thumbprint, key card, and password is an example of - Single sign-on - Mutual authentication - Multifactor authentication - Dual access control
Multifactor authentication
Which of the following protocols involves a two-way handshake in which the username and password are sent across the link in clear text? - PAP - SSH - EAP - CHAP
PAP
In addition to "What users know," "What users have," and "What users are," what did the author add to be able to authenticate a user? - What users should have" - "What users should think" - "What users can argue they should be" - "What users do"
"What users do"
Authentication is the granting of specific permissions based on the privileges held by the account. True or False
False
Authorization is the matching of user-supplied credentials to previously stored credentials on a host machine, and usually involves a username and password. True or False
False
TACACS+ is a client/server protocol that uses IP as its transport protocol. True or False
False
Telnet is a secure way to remotely access a computer. True or False
False
Telnet traffic is encrypted by default. True or False
False
The main weakness of SSH is that all traffic is sent in the clear. True or False
False
With mandatory access controls, the owner of an object determines who has access to it. True or False
False
Which of the following describes the wireless standard? - 802.11 - 854.12 - 800.15 - 756.10
802.11
What does AAA stand for? - Awareness, Accounting, Available - Acceptable, Available, Activities - Acute, Awareness, Accounting - Authentication, Authorization, Accounting
Authentication, Authorization, Accounting
The 802.1x standard is for a protocol to support communications between a user and a(n) - Authorization device - Available device - Serial device - Another user
Authorization device
Which of the following protocols involves a three-way handshake and uses a shared secret key for communication? - PAP - CHAP - TCP - S/Telnet
CHAP
With IPsec, AH and ESP - Must be used together - Must be used separately - Can be used separately or together - Must be used with EAP
Can be used separately or together
Which of the following types of access control would you use to grant permissions based on the decision of the owner of an object? - Mandatory access control - Discretionary access control - Role-based access control - Rule-based access control
Discretionary access control
Which protocol enables the secure transfer of data from a remote PC to a server by creating a VPN across a TCP/IP network? - PPPP - PPTP - PTPN - PPTN
PPTP
What does RADIUS stand for? - Real Access Device Invisible Users Solution - Rational Available Device Incremental Users Service - Remote Authentication Dial-In User Service - Remote Authentication Device Invisible Users Solution
Remote Authentication Dial-In User Service
Which type of access control would be used to grant permissions based on the duties that must be performed? - Mandatory access control - Discretionary access control - Role-based access control - Rule-based access control
Role-based access control
Which type of access control would allow the company to restrict employee access to the payroll file after hours or on weekends? - Mandatory access control - Discretionary access control - Role-based access control - Rule-based access control
Rule-based access control
What protocol would you use for remote access, to get a console with an encrypted connection? - SSH - Telnet - FTP - STP
SSH
What does SSH stand for? - Simple Security Hardware - Secure Socket Help - Secure Shell - Scientifically Secure Hard Drive
Secure Shell
What are the three types of accounting records in TACACS+? - Availability, Accounting, Confidentiality - Availability, Integrity, Confidentiality - Start, Stop, Update - Start, Stop, Delete
Start, Stop, Update
What does TACACS stand for? - Terminal Access Control of Authentication and Control Systems - Terminal Access Controller Access Control System - Television Availability Control And Communication Standard - Teletype Authentication and Control of All Control Systems
Terminal Access Controller Access Control System
The primary vulnerability associated with many methods of remote access is - Weak encryption - Too complicated for users to understand - The passing of critical data in clear text - Incompatibility with firewalls
The passing of critical data in clear text
The three major components of the SSH protocol are the - Transport Layer Protocol, User Authentication Protocol, and Connection Protocol - User Datagram Protocol, User Authentication Protocol, and Connection Protocol - Transport Layer Protocol, User Encryption Protocol, and Connection Protocol - User Datagram Protocol, User Encryption Protocol, and Connection Protocol
Transport Layer Protocol, User Authentication Protocol, and Connection Protocol
In Kerberos environment, the first ticket in the two-step process is the ticket-granting ticket. True or False
True
One of the fundamental design aspects of TACACS+ is the separation of authentication, authorization, and accounting. True or False
True
RADIUS is a remote authentication protocol the uses UDP port 1812. True or False
True
L2TP uses - UDP port 1701 - TCP port 1701 - TCP port 1107 - TCP port 1217
UDP port 1701
RADIUS uses - TCP port 1812 for authentication and TCP port 1813 for accounting - TCP port 1812 for accounting and TCP port 1813 for authentication - UDP port 1812 for authentication and UDP port 1813 for accounting - UDP port 1812 for accounting and UDP port 1813 for authentication
UDP port 1812 for authentication and UDP port 1813 for accounting
TACACS+ uses - UDP port 49 and TCP port 50 for login - UDP port 49 and TCP port 49 for login - UDP port 49 and UDP port 50 for login - TCP port 49 and UDP port 50 for login
UDP port 49 and TCP port 49 for login
Your boss wants you to suggest a secure way to connect to the corporate network from home. You will have to connect through the Internet. What is a possible solution? - Telnet - FTP - VPN - rsh
VPN