Authentication and Access Control

Question 1

Nonpersistent or dissolvable NAC agents may help to make what possible?

BYOD initiative

Edge control

Unified voice services

Answer 1

BYOD initiative

A nonpersistent agent is one that is used to assess the device only during the onetime check-in at login. It can be used to support the assessment of endpoints not owned by the organization and as such can help to make a Bring Your Own Device (BYOD) policy possible

Question 2

What is the main difference between a private network and a public network?

In a private network, everyone has access; in a public network, only authorized users have access.

There is no difference; in both a private and public network, only authorized users have access.

In a private network, only authorized users have access; in a public network, everyone that is connected has access.

Answer 2

In a private network, only authorized users have access; in a public network, everyone that is connected has access.

On a private network, only authorized users have access to the data, whereas in a public network, everyone connected has access to the data

Question 3

You have a remote user who can connect to the Internet but not to the office via their VPN client. After determining the problem, which should be your next step?

Have the client reboot their host.

Make sure the user has the correct VPN address and password.

Have the client reinstall their VPN software.

Answer 3

Make sure the user has the correct VPN address and password.

After determining that the user has Internet access, your next step would be to verify the VPN address and password

Question 4

Which IP address should you deny into your internetwork?

168. 0.0.0/8
169. 0.0.0/8
170. 0.0.0/8

Answer 4

127.0.0.0/8

To have good security on your network, deny any addresses from your internal networks, deny any local host addresses (127.0.0.0/8), deny any reserved private addresses, and deny any addresses in the IP multicast address range (224.0.0.0/4)

Question 5

Which of the following is a tunneling protocol?

Layer 2 Tunneling Protocol (L2TP)

Internet Protocol Security (IPSec)

Secure Sockets Layer (SSL)

All of the above

Answer 5

All of the above

Tunneling is encapsulating one protocol within another protocol to complete a secure transmission. Options A, B, and C are all tunneling protocols you should be aware of, as well as Secure Sockets Layer Virtual Private Network (SSL VPN) and Point-to-Point Tunneling Protocol (PPTP)

Question 6

Which tunneling protocol is based on RSA public-key encryption?

SSL

L2TP

IPSec

Answer 6

SSL

SSL is based on RSA public-key encryption and is used to provide secure Session layer connections over the Internet between a web browser and a web server

Question 7

What is the minimum number of characters you should use when creating a secure password?

6

7

8

Answer 7

8

The minimum length should be 8 characters, and the maximum length should be 15 characters. A strong password is a combination of alphanumeric and special characters that is easy for you to remember but difficult for someone else to guess

Question 8

In which layer of the OSI model does IPSec operate?

Physical

Network

Transport

Answer 8

Network

IPSec works at the Network layer of the OSI model (Layer 3) and secures all applications that operate above it (Layer 4 and above). Additionally, because it was designed by the IETF and designed to work with IPv4 and IPv6, it has broad industry support and is quickly becoming the standard for VPNs on the Internet

Question 9

Which protocol works in both the transport mode and tunneling mode?

SSL

PPTP

IPSec

Answer 9

IPSec

IPSec works in both transport mode and tunneling mode. In transport mode, a secure IP connection between two hosts is created. Data is protected by authentication or encryption (or both). Tunnel mode is used between network endpoints to protect all data going through the tunnel

Question 10

Companies that want to ensure that their data is secure during transit should use which of the following?

Firewalls

Encryption

Data accounting

Answer 10

Encryption

Companies that want to ensure that their data is secure during transit should encrypt their data before transmission. Encryption is the process that encodes and decodes data

Question 11

Which network utilities do not have the ability to encrypt passwords? (Select two.)

FTP

SSH

Telnet

SCP

Answer 11

FTP

Telnet

Some older network utilities such as FTP and Telnet don’t have the ability to encrypt passwords

Question 12

To encode or read an encrypted message, what tool is necessary?

Routing table

Internet access

Encryption key

Answer 12

Encryption key

To encode a message and decode an encrypted message, you need the proper encryption key or keys. The encryption key is the table or formula that defines which character in the data translates to which encoded character

Question 13

Which of the following is not an enhancement provided by TLS version 2.0?

Improvements in the operation of the MD5/SHA-1 hashing function

Enhanced support for the Advanced Encryption Standard (AES)

Expansion of the use of TLS to VPNs

Answer 13

Expansion of the use of TLS to VPNs

TLS was available for use with VPNs in earlier versions prior to 2.0

Question 14

Which of the following is not a type of public-key encryption?

RSA Data Security

Pretty Good Privacy (PGP)

DES

Answer 14

DES

The Data Encryption Standard (DES) is not a type of public-key encryption

Question 15

Which of the following VPN protocols runs over TCP port 1723, allows encryption to be done at the data level, and allows secure access?

RADIUS

PPPoE

PPTP

Answer 15

PPTP

PPTP is a VPN protocol that was created by Microsoft and uses TCP port 1723 for authetication and Generic Routing Encapsulation (GRE) to encrpyt data at the Application level

Question 16

At which stage of PPPoE are the MAC addresses of the endpoints exchanged?

Session

Discovery

Transport

Answer 16

Discovery

PPPoE has only two stages: discovery and session. In the discovery phase, the MAC addresses of the endpoints are exchanged so that a secure PPP connection can be made

Question 17

When utilizing multifactor authentication, which of the following is an example of verifying something you are?

Smart card

Password

Fingerprint

Answer 17

Fingerprint

A fingerprint is an example of something you are. Other examples are retina scans and facial recognition

Question 18

Which of the following authentication methods allows for domain authentication on both wired and wireless networks?

RADIUS

CHAP

PKI

Answer 18

RADIUS

RADIUS servers provide both authentication and encryption services and can combine these into one service. RADIUS can be used for allowing or denying both wired and wireless access at the domain level

Question 19

Which user-client-server authentication software system combines user authentication and authorization into one central database and maintains user profiles?

RADIUS

TACACS+

Kerberos

Answer 19

RADIUS

RADIUS combines user authentication and authorization into one centralized database and maintains user profiles

Question 20

Which of the following is not a Network Access Control method?

CHAP

EAP

ICA

Answer 20

ICA

Independent Computing Architecture (ICA) is a protocol designed by Citrix Systems to provide communication between servers and clients. ICA is a remote-access method