Ch6-13 Review

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Which of the following describes an IPv6 address?

128-bit address Eight hexadecimal quartets

What is a PKI?

A hierarchy of computers for issuing certificates

Which of the following best describes the contents of the CRL?

A list of all revoked certificates

You connect your computer to a wireless network available at your local library. You find that you can access all websites you want on the Internet except for two. What might be causing the problem?

A proxy server is blocking access to the web sites.

Which of the following does a router acting as a firewall use to control which packets are forwarded or dropped?

ACL

Which of the following attacks tries to associate an incorrect MAC address with a known IP address?

ARP poisoning

A private key has been stolen. What action should be taken to deal with this crisis?

Add the digital certificate to the CRL

A PKI is a method for managing which type of encryption?

Asymmetric

Which of the following statements is true when comparing symmetric and asymmetric cryptography?

Asymmetric key cryptography is used to distribute symmetric keys

Certificates can be invalidated by the trusted third-party that originally issued the certificate. What is the name of the mechanism that is used to distribute information about invalid certificates?

CRL

Which of the following conditions does not result in a certificate being added to the certificate revocation list?

Certificate expiration

An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack?

DDoS

Which of the following is a direct protection of integrity?

Digital signature

Which of the following is the best protection to prevent attacks on mobile phones through the Bluetooth protocol?

Disable Bluetooth on the phone

You are concerned that if a private key is lost, all documents encrypted using your private key will be inaccessible. Which service should you use to solve this problem?

Key escrow

Capturing packets as they travel from one host to another with the intent of altering the contents of the packets is a form of which security concern?

Man-in-the-middle attack

When is the best time to apply for a certificate renewal?

Near the end of the certificate's valid lifetime

Routers operate at what level of the OSI model?

Network layer

Your company has a connection to the Internet that allows users to access the Internet. You also have a Web server an an email server that you want to make available to Internet users. You want to create a DMZ for these two servers. Which type of device should you use to create the DMZ?

Network-based firewall

You have a Web server that will be used for secure transactions for customers who access the Web site over the Internet. The Web server requires a certificate to support SSL. Which method would you use to get a certificate for the server?

Obtain a certificate from a public PKI

Which of the following is a mechanism for granting and validating certificates?

PKI

Which of the following is a firewall function?

Packet filtering

The disaster recovery plan calls for having tape backups stored at a different location. The location is a safe deposit box at the local bank. Because of this, the disaster recovery plan specifies to choose a method that uses the fewest tapes, but is also quick to back up and restore them. Which backup strategy would best meet the disaster recovery plan for tape backups?

Perform a full backup once a week with a differential backup the other days of the week.

Which of the following solutions would you implement to track which websites that network users are accessing?

Proxy

Which of the following items are contained in a digital certificate? (TWO)

Public Key Validity period

Which of the following is the best countermeasure for man-in-the-middle attacks?

Public key infrastructure (PKI)

Which of the following identifies someone who can retrieve private keys from storage?

Recovery agent

You have lost the private key that you have used to encrypt files. You need to get a copy of the private key to open some encrypted files. Who should you contact?

Recovery agent

Which of the following is an entity that accepts and validates information contained within a request for a certificate?

Registration authority

Even if you perform regular backups, what must be done to ensure that you are protected against data loss?

Regularly test restoration procedures

Which security mechanism can be used to harden or protect e-commerce traffic from Web servers?

SSL

Which of the following is not true regarding SSL?

SSL authenticates the server to the client using a biometric based multi-factor authentication mechanism

Which type of activity changes or falsifies information in order to mislead or re-direct traffic?

Spoofing

Which of the following best describes the purpose of using subnets?

Subnets divide an IP network address into multiple network addresses.

An SSL client has determined that the Certificate Authority (CA) issuing a server's certificate is on its list of trusted CAs. What is the next step in verifying the server's identity?

The CA's public key must validate the CA's digital signature on the server certificate

What action is taken when the private key associated with a digital certificate becomes compromised?

The certificate is revoked and added to the Certificate Revocation List

Certificate revocation should occur under all but which of the following conditions?

The certificate owner has held the certificate beyond the established lifetime timer

Which of the following would require that a certificate be placed on the CRL?

The private key is compromised

What is the purpose of key escrow?

To provide a means to recover from a lost private key

Which aspect of certificates makes them a reliable and useful mechanism for proving the identity of a person, system, or service on the Internet?

Trusted third-party

How many keys are used with Public Key Cryptography?

Two

You have a company network that is connected to the Internet. You want all users to have Internet access, but need to protect your private network and users. You also need to make a Web server publicly available to Internet users. Which solution should you use?

Use firewalls to create a DMZ. Place the web server inside the DMZ, and the private network behind the DMZ.

HTTPS can be used to provide security for what type of traffic?

Web

Which standard is most widely used for certificates?

X.509

Which of the following is the best device to deploy to protect your private network from a public untrusted network?

Firewall

You have been asked to deploy a network solution that requires an alternate location where operational recovery is provided within minutes of a disaster. Which of the following strategies would you choose?

Hot site

To obtain a digital certificate and participate in a PKI, what must be submitted and where should it be submitted?

Identifying data and a certification request to the registration authority (RA).

What is the primary purpose of a certificate?

Identity proofing


Set pelajaran terkait

Operating System Security Module 8

View Set

ISCI Exam Three- Chapter 24/Earth's Surface- Land and Water

View Set

Congenital and Genetic Disorders

View Set

Operations Management - Exam 3, Operations Management - Exam 2, Operations Management - Exam 1

View Set

oxygenation and perfusion coursepoint

View Set

PH1 Final, Public Health 1 Final (UCI)

View Set