Chapter 4

Question 1

Identification vs. Authentication

Answer 1

Identification is claiming, Authentication is proving you are someone

Question 2

Mutual Authentication

Answer 2

A client authenticates the server and vice versa

Question 3

Authentication factors

Answer 3

Something you are, know, have etc

Question 4

a pin and a password is SFA/MFA

Answer 4

Single factor, only something you know

Question 5

layered security is synonymous with

Answer 5

defense in depth

Question 6

NAC

Answer 6

Network Access Control

Question 7

NAC is part of

Answer 7

operational security

Question 8

operational security encompasses everything not related to

Answer 8

design and physical security of the network

Question 9

Security tokens are similar to

Answer 9

certificates

Question 10

security tokens contain

Answer 10

rights and access privileges

Question 11

Security tokens are created when

Answer 11

at login time, and destroyed when the session ends

Question 12

what is a federation

Answer 12

a collection of networks that agree on some standard of operation, e.g. security

Question 13

federated identity

Answer 13

is a means of linking user’s identity to multiple business boundaries

Question 14

transitive access

Answer 14

party A trusts B, B trusts C, therefore A trusts C

Question 15

PAP

Answer 15

Authentication protocol (password authentication protocol) sends password and uid in plaintext

Question 16

SPAP

Answer 16

Shiva PAP - replaced PAP, encrypts credentials

Question 17

CHAP

Answer 17

Challenge Handshake AP - client generates random number and is asked for it periodically

Question 18

TOTP

Answer 18

time-based one-time password

Question 19

HOTP

Answer 19

HMAC based one time password

Question 20

Account lockout threshold

Answer 20

how many attempts before lockout happens

Question 21

Reset account lockout counter after

Answer 21

counter reset to 0 after a certain amount of time has passed

Question 22

PPP stands for

Answer 22

Point to Point protocol

Question 23

Does PPP provide data security?

Answer 23

no

Question 24

PPP encapsulates in

Answer 24

NCP - Network Control Protocol

Question 25

Authentication in PPP is handled in

Answer 25

LCP - link control protocol

Question 26

PPP is unsuitable for

Answer 26

Wan connections

Question 27

PPTP

Answer 27

Point to point tunneling protocol

Question 28

PPTP does what?

Answer 28

Encapsulates and encrypts PPP packets

Question 29

PPTP downside

Answer 29

it negotiates connection in the clear

Question 30

what method was created by Cisco for dial up

Answer 30

Layer 2 Forwarding

Question 31

Layer 2 forwarding is encrypted

Answer 31

false

Question 32

Layer 2 forwarding works well over LANS

Answer 32

false

Question 33

What method is a joint venture between Cisco and Microsoft

Answer 33

Layer 2 tunneling protocol

Question 34

Layer 2 Tunneling is a hybrid of

Answer 34

PPTP and L2f

Question 35

Layer 2 tunneling protocol is encrypted

Answer 35

false

Question 36

Layer 2 tunneling protocol can provide data security

Answer 36

only through protocols like ipsec

Question 37

Secure Shell uses encryption

Answer 37

true

Question 38

IPsec is built in to

Answer 38

IPv6

Question 39

RADIUS stands for

Answer 39

Remote Authentication Dial-in User Service

Question 40

Radius protocol is a _______ standard

Answer 40

IETF

Question 41

Radius allows a single server to perform authentications

Answer 41

true

Question 42

TACACS stands for

Answer 42

Terminal Access Controller Access-Control System

Question 43

Latest flavor of TACACS is

Answer 43

TACACS+

Question 44

TACACS+ is widely implemented by

Answer 44

Cisco

Question 45

TACACS+ allows for authentication from multiple methods T/F

Answer 45

True

Question 46

SAML stands for

Answer 46

Security Assertion Markup Language

Question 47

SAML is based on

Answer 47

XML

Question 48

SAML is mainly used by

Answer 48

service providers

Question 49

LDAP stands for

Answer 49

Lightweight Directory Access Protocol

Question 50

Secure LDAP is called

Answer 50

LDAPS

Question 51

LDAPS is encypted with

Answer 51

SSL/TLS

Question 52

Kerberos uses a ______ to manage authentication

Answer 52

Key distribution center

Question 53

KDC authenticates a _______

Answer 53

principal

Question 54

A Kerberos principal is

Answer 54

a user, program or system

Question 55

Kerberos issue what kinds of tickets

Answer 55

Ticket granting ticket and service ticket

Question 56

Downside to kerberos

Answer 56

if kerberos server goes down

Question 57

SSO stands for

Answer 57

Single Sign On

Question 58

MAC

Answer 58

Mandatory Access Control

Question 59

MAC access is defined how

Answer 59

all access is predefined

Question 60

DAC

Answer 60

Discretionary Access Control

Question 61

DAC handles access with more/less flexibility than MAC

Answer 61

more

Question 62

RBAC

Answer 62

Role based Access Control or Rule based Access and Control

Question 63

Rule Based Access Control

Answer 63

limits the user to setting in preconfigured policies (allow list or deny list)

Question 64

Access control list can reject packets based on their types T/F

Answer 64

True

Question 65

Firewall rules consist of

Answer 65

Block the connection Allow the connection Allow the connection only if it is secured

Question 66

Switch ports (noun)

Answer 66

ports that only allow certain MAC address

Question 67

802.1X is a _________ standard

Answer 67

IEEE

Question 68

802.1X is a standard for what

Answer 68

port-based security for wireless network access control

Question 69

Network Bridging

Answer 69

A device on the network has another NAC (wireless, 4G) that allows an attacker to jump networks

Question 70

Trusted Operating System (TOS)

Answer 70

Meets the government's criteria

Question 71

Common Criteria

Answer 71

most common standard for becoming a TOS

Question 72

Common Criteria distinguishes OSs by

Answer 72

EAL, Evaluation Assurance Level (higher the better)