Ch6-13 Review
Which of the following describes an IPv6 address?
128-bit address Eight hexadecimal quartets
What is a PKI?
A hierarchy of computers for issuing certificates
Which of the following best describes the contents of the CRL?
A list of all revoked certificates
You connect your computer to a wireless network available at your local library. You find that you can access all websites you want on the Internet except for two. What might be causing the problem?
A proxy server is blocking access to the web sites.
Which of the following does a router acting as a firewall use to control which packets are forwarded or dropped?
ACL
Which of the following attacks tries to associate an incorrect MAC address with a known IP address?
ARP poisoning
A private key has been stolen. What action should be taken to deal with this crisis?
Add the digital certificate to the CRL
A PKI is a method for managing which type of encryption?
Asymmetric
Which of the following statements is true when comparing symmetric and asymmetric cryptography?
Asymmetric key cryptography is used to distribute symmetric keys
Certificates can be invalidated by the trusted third-party that originally issued the certificate. What is the name of the mechanism that is used to distribute information about invalid certificates?
CRL
Which of the following conditions does not result in a certificate being added to the certificate revocation list?
Certificate expiration
An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack?
DDoS
Which of the following is a direct protection of integrity?
Digital signature
Which of the following is the best protection to prevent attacks on mobile phones through the Bluetooth protocol?
Disable Bluetooth on the phone
You are concerned that if a private key is lost, all documents encrypted using your private key will be inaccessible. Which service should you use to solve this problem?
Key escrow
Capturing packets as they travel from one host to another with the intent of altering the contents of the packets is a form of which security concern?
Man-in-the-middle attack
When is the best time to apply for a certificate renewal?
Near the end of the certificate's valid lifetime
Routers operate at what level of the OSI model?
Network layer
Your company has a connection to the Internet that allows users to access the Internet. You also have a Web server an an email server that you want to make available to Internet users. You want to create a DMZ for these two servers. Which type of device should you use to create the DMZ?
Network-based firewall
You have a Web server that will be used for secure transactions for customers who access the Web site over the Internet. The Web server requires a certificate to support SSL. Which method would you use to get a certificate for the server?
Obtain a certificate from a public PKI
Which of the following is a mechanism for granting and validating certificates?
PKI
Which of the following is a firewall function?
Packet filtering
The disaster recovery plan calls for having tape backups stored at a different location. The location is a safe deposit box at the local bank. Because of this, the disaster recovery plan specifies to choose a method that uses the fewest tapes, but is also quick to back up and restore them. Which backup strategy would best meet the disaster recovery plan for tape backups?
Perform a full backup once a week with a differential backup the other days of the week.
Which of the following solutions would you implement to track which websites that network users are accessing?
Proxy
Which of the following items are contained in a digital certificate? (TWO)
Public Key Validity period
Which of the following is the best countermeasure for man-in-the-middle attacks?
Public key infrastructure (PKI)
Which of the following identifies someone who can retrieve private keys from storage?
Recovery agent
You have lost the private key that you have used to encrypt files. You need to get a copy of the private key to open some encrypted files. Who should you contact?
Recovery agent
Which of the following is an entity that accepts and validates information contained within a request for a certificate?
Registration authority
Even if you perform regular backups, what must be done to ensure that you are protected against data loss?
Regularly test restoration procedures
Which security mechanism can be used to harden or protect e-commerce traffic from Web servers?
SSL
Which of the following is not true regarding SSL?
SSL authenticates the server to the client using a biometric based multi-factor authentication mechanism
Which type of activity changes or falsifies information in order to mislead or re-direct traffic?
Spoofing
Which of the following best describes the purpose of using subnets?
Subnets divide an IP network address into multiple network addresses.
An SSL client has determined that the Certificate Authority (CA) issuing a server's certificate is on its list of trusted CAs. What is the next step in verifying the server's identity?
The CA's public key must validate the CA's digital signature on the server certificate
What action is taken when the private key associated with a digital certificate becomes compromised?
The certificate is revoked and added to the Certificate Revocation List
Certificate revocation should occur under all but which of the following conditions?
The certificate owner has held the certificate beyond the established lifetime timer
Which of the following would require that a certificate be placed on the CRL?
The private key is compromised
What is the purpose of key escrow?
To provide a means to recover from a lost private key
Which aspect of certificates makes them a reliable and useful mechanism for proving the identity of a person, system, or service on the Internet?
Trusted third-party
How many keys are used with Public Key Cryptography?
Two
You have a company network that is connected to the Internet. You want all users to have Internet access, but need to protect your private network and users. You also need to make a Web server publicly available to Internet users. Which solution should you use?
Use firewalls to create a DMZ. Place the web server inside the DMZ, and the private network behind the DMZ.
HTTPS can be used to provide security for what type of traffic?
Web
Which standard is most widely used for certificates?
X.509
Which of the following is the best device to deploy to protect your private network from a public untrusted network?
Firewall
You have been asked to deploy a network solution that requires an alternate location where operational recovery is provided within minutes of a disaster. Which of the following strategies would you choose?
Hot site
To obtain a digital certificate and participate in a PKI, what must be submitted and where should it be submitted?
Identifying data and a certification request to the registration authority (RA).
What is the primary purpose of a certificate?
Identity proofing
