IS3220 CHAPTER 3 Flashcards Preview

IS3220 NETWORK SECURITY, FIREWALLS, & VPNS > IS3220 CHAPTER 3 > Flashcards

Flashcards in IS3220 CHAPTER 3 Deck (97):
1

A set of rules and procedures, usually mathematical in nature. This can define how the encryption processes operate. Often very complex, many are publicly known; anyone can investigate and analyze the strengths and weaknesses of what is called an___?

ALGORITHM

2

A means of encoding and decoding information using related but different keys for each process is called ___?
FYI
(A key used to encode cannot decode, and vice versa. This is based on algorithms that use either key pairs or some other special mathematical mechanism. Different keys serve different purposes. Different keys are used by different members of the communication session. some systems use something different from keys altogether)

ASYMMETRIC CRYPTOGRAPHY

3

Examples of this include:
RADIUS, TACACS, and directory services such as LDAP and Active Directory.
This is called ___?

AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING (AAA) SERVICES

4

The process of confirming the identity of the combination of authentication and access control/authorization that provides either the identity of the sender of a message or controls who is to receive a message. This is called ___?

AUTHENTICITY

5

A common feature of hash algorithms. this effect ensures that small changes in the input data produce large changes in the outputted hash value. A single binary digit change in a file should produce a clearly recognizable difference in the resultant hash value. This is called ___?

AVALANCHE EFFECT

6

A trusted third-party entity that issues digital certificates to verify and validate identities of people, organizations, systems, and networks digitally is called ___?

CERTIFICATE AUTHORITY (CA)

7

A communication pathway, circuity, or frequency dedicated or reserved for a specific transmission is called ___?

CHANNEL

8

The seemingly random and unusable output from a cryptographic function applied to original data is called ___?
(This is the result of encryption. Decryption converts this back into plain text)

CIPHERTEXT

9

This is created between a client and a server either within the same local network or across a WAN link or intermediary network and is called ___?
This will support secure client interaction with the services of a resource host.

CLIENT-TO-SERVER VPN

10

Removal of redundant or superfluous data or space to reduce the size of a data set is called___?
This consumes less storage space and increased the speed of data transmission.

COMPRESSION

11

An appliance firewall placed on the border or edge of an organization's network is called ___?.

CORPORATE FIREWALL

12

The art and science of hiding information from unauthorized third parties is called ___?
This is divided into two main categories: encryption and decryption.

CRYPTOGRAPHY

13

The process of converting cipher text back into plain text is called___?

DECRYPTION

14

A network connection that is always on and available for immediate transmission of data is called ___?
Most leased lines are this.

DEDICATED CONNECTION

15

A network connection that is always on and available for immediate transmission of data is called ___?
AKA a dedicated connection.

DEDICATED LEASED LINE

16

An electronic proof of identity issued by a certificate authority is called ___?
This is an entity's public key encoded by the CA's private key.

DIGITAL CERTIFICATE

17

A secure communication based on public-key cryptography that encodes a message or data with the public key of the intended recipient is called ___?

DIGITAL ENVELOPE

18

A public-key cryptography-based mechanism for proving the source (and possibly integrity) of a signed data set or message is called ___?
This uses the private key of a sender.

DIGITAL SIGNATURE

19

A LAN whose components are in multiple places that are interconnected by WAN VPN links is called ___?

DISTRIBUTED LAN

20

The act of listening in on digital or audio conversations is called ___?
Network types usually require a sniffer, protocol analyzer, or packet capturing utility. This may be able to access unencrypted communication, depending on where it occurs.

EAVESDROPPING

21

A router positioned on the edge of a private network is called ___?
This is usually the last device owned and controlled by an organization before an ISP or telco connection.

EDGE ROUTER

22

This is used to grant outside entities access into a perimeter network and is called ___?
This is used to host resources designated as accessible to a limited group of external entities, such as business partners or suppliers, but not the general public.

EXTRANET VPN

23

______ occurs when a data set is too large for maximum supported size of a communication container, such as a segment, packet, or frame.
The original divides into multiple sections or fragments for transmission across the size-limited medium, then reassembles on the receiving end.
It can sometimes corrupt or damage data or allow outsiders to smuggle malicious content past network filters.

FRAGMENTATION

24

This requires a line between each business location and allows for a direct communication between one site and another. This is called ___?

FULL MESH

25

A dedicated device hosting VPN software. It can connect hosts and/or networks. This is also known as an appliance VPN and is called ___?

HARDWARE VPN

26

The unique number produced by a hash algorithm when applied to a data set is called ___?
This verifies the integrity of date.

HASH/HASH VALUE

27

A set of mathematical rules and procedures that produce a unique number from a data set is called ___?

HASH ALGORITHM

28

The process of verifying data integrity. It uses hash algorithms to produce unique numbers from datasets, known as hash values. If before and after hash values are the same, the data retain integrity and is called ___?

HASHING

29

A VPN endpoint located on a host client or server is called___?
It relies on either a native feature of the operating system or a third-party application.

HOST VPN

30

A VPN model where the remote client connects to the VPN server to gain access to the internal network is called ___?

HOST-TO-HOST VPN

31

A VPN created between a host and a network across a local or intermediary network is called ___?
(AKA a remote access VPN.)

HOST-TO-SITE VPN

32

A form of VPN establishing a secure VPN over trust VPN connections is called ___?

HYBRID VPN

33

The act of authentication that confirms the identity of a user or host is called ___?

IDENTITY PROOFING

34

Any network, network link, or channel located between the endpoints of a VPN is called ___?
(Often the Internet)

INTERMEDIARY NETWORK

35

The unique number used to guide an algorithm in the encryption and decryption process is called ___?
A valid key must be within the key space of an algorithm.

KEY/ENCRYPTION KEY

36

The cryptographic function ensuring that both endpoints of a commutation have the same symmetric key is called ?
It occurs by simultaneous key generation or with a digital envelope.

KEY EXCHANGE

37

The set of associated keys including a public key and a private key used by public key cryptography is called ___?
Only the public key can decrypt data encrypted by the private key, and vice versa.

KEY PAIR

38

The range of valid keys used by an algorithm is called ___?
This is the bit length of the keys supported by the algorithm.

KEY SPACE

39

A VPN between two networks over an intermediary network is called ___?
AKA WAN VPN and site-to-site VPN.

LAN-TO-LAN VPN

40

The accumulation of delay each time a communication signal crosses a node or host is called ___?
Some amount of delay occurs between reception on one interface and transmission out of another interface. Too much latency causes communication timeouts.

LATENCY

41

A network communications line leased from an ISP or telco service is called ___?
This is usually a dedicated line between network locations or to the Internet.

LEASED LINE

42

This acronym is a device that communicates computer data across a telephone connection and is called ___?

MODEM

43

Authentication that requires multiple valid proofs of identity used in simultaneous combination is called ___?

MULTI-FACTOR AUTHENTICATION

44

A network connection not always on and available for immediate transmission of data is called ___?
A connection must be established through a negation process before the channel is open and ready for data transmission. Dial-up and DSL are examples.

NON-DEDICATED CONNECTION

45

A security service that ensures that a sender cannot deny sending a message is called ___?
This service can be provided by public key cryptography, typically through a digital signature.

NON-REPUDIATION

46

A form of cryptography in which each encryption key is used once before being discarded is called ___?
Keys are pseudorandom and never repeat.
Key length must match message length, so that each character is encrypted with a unique key character.

ONE-TIME PAD

47

A mathematical operation performed in one direction relatively easily is called ___?
Reversing the operation is nearly impossible.

ONE-WAY FUNCTION

48

A form of network carrier line, often leased or dedicated, which uses fiber optic cables for very high-speed connections is called ___?

OPTICAL CARRIER (OC)

49

Commonly used as a technique for secured data exchange or verification of an identity and is called ___?
This is a method of communication through an alternative route, mechanism, or pathway other than the current one employed (the current communication is known as "in band").

OUT OF BAND

50

A type of business telephone network; these systems allow for multiple phone extensions, voice mailboxes, and conference calling and require specialized equipment and is called ___?
These systems are largely being replace by VOIP solutions.

PRIVATE BRANCH EXCHANGE (PBX)

51

The key of the public key cryptography key pair kept secret and used only by the intended entity is called a ___?
It decodes information encoded with its associated public key, encrypting information that can be decrypted only by its associated public key. This process validates the identity of the originator and creates a digital signature.

PRIVATE KEY

52

The mechanism of computer systems that produces partially random numbers using a complex algorithm and a seed value that is usually time based is called ___? Computers are currently unable to produce true random numbers and this approximates randomness.

PSEUDO RANDOM NUMBER GENERATOR (PRNG)

53

It decodes messages encoded with its associated private key, originates messages that only the holder of the associate private key can decrypt, and creates digital envelopes and is called ___?
The key of this cryptography key pair shared with other entities with whom the holder of the private key wishes to correspond.

PUBLIC KEY

54

A subset of asymmetric cryptography based on the use of key pair sets is called ___?
This uses public and private keys to create digital envelopes and digital signatures.

PUBLIC KEY CRYPTOGRAPHY

55

Any network accessible by entities from outside an organization is called ___?
Most often, use of this term implies the Internet, but many other public networks exist.

PUBLIC NETWORK

56

The process of triggering the enervation of a new symmetric encryption key and secure exchange of that key is called ___?
This can take place based on time, idleness, volume, randomness, or election.

REKEYING

57

This design grants individual telecommuters or traveling workers easy access to the VPN endpoint concepts: edge router, corporate firewall, or VPN appliance and is called ___?
Also known as host-to-site VPN since it supports single-host VPN connections into a LAN site.

REMOTE ACCESS VPN

58

A VPN used to connect to a remote or mobile host into a home computer or network is called ___?
AKA host-to-host VPN.

REMOTE-TO-HOME VPN

59

A VPN used to connect a remote or mobile host into office network workstation. This is called ___?

REMOTE-TO-OFFICE VPN

60

The ability of a product or service to provide adequate performance across changes in size, load, scope, or volume is called ___?

SCALABILITY

61

A VPN that uses encryption to protect the confidentiality of its transmissions is called ___?

SECURED VPN

62

A VPN used to connect networks is called ___?
AKA a LAN-to-LAN VPN or WAN VPN.

SITE-TO-SITE VPN

63

A VPN crafted by software rather than hardware is called ___?
It may be a feature of the operating system or third-party application.

SOFTWARE VPN

64

A VPN connection that allows simultaneous access to the secured VPN link and unsecured access to the Internet across the same connection is called ___?

SPLIT TUNNEL

65

Cryptography based on algorithms that use a single shared secret key is called ___?
The same key encrypts and decrypts data and the same key must be shared with all communication partners of the same session.

SYMMETRIC CRYPTOGRAPHY

66

The act of working from a home, remote, or mobile location while connecting into "the employer's private network", often using a VPN is called ___?

TELECOMMUTING

67

The problem when too much data crosses a network segment. This results in reduced throughput, increased latency, and lost data is called ___?

TRAFFIC CONGESTION

68

A mechanism of authentication using a third entity known and trusted by two parties is called ___?
This allows the two communicating parties, who were originally strangers to each other, to establish an initial level of inferred trust.

TRUSTED THIRD PARTY

69

A VPN that uses dedicated channels, rather than VPNs, to provide privacy to its transmissions is called ___?

TRUSTED VPN

70

A mechanism to establish a secure remote access connection across an intermediary network, often the Internet is called ___?
This allows inexpensive insecure links to replace expensive security links.
This allows for cheap long-distance connections established over the Internet.
Both endpoints need only a local Internet link.

VIRTUAL PRIVATE NETWORK (VPN)

71

A hardware VPN device is called ___?

VPN APPLIANCE

72

A VPN between two networks over an intermediary network is called ___?
AKA as LAN-to-LAN VPN and site-to-site VPN.

WAN VPN

73

1. Which of the following is NOT a valid example of a VPN?

1. A host links to another host over an intermediary network
2. A host connects to a network over an intermediary network
3. A network communicates with another network over an intermediary network
4. A host takes control over another remote host over an intermediary network
5. A mobile device interacts with a network over an intermediary network

A host takes control over another remote host over an intermediary network

74

2. Which of the following is NOT ensured or provided by a secured VPN?

1. Confidentiality
2. Quality of service
3. Integrity
4. Privacy
5. Authentication

Quality of service

75

3. Which of the following techniques make(s) a VPN private?

1. A single organization owning all the supporting infrastructure components
2. Leasing dedicated WAN channels from a telco
3. Encrypting and encapsulating traffic
4. 1 and 2
5. 1, 2, & 3

A single organization owning all the supporting infrastructure components

Leasing dedicated WAN channels from a telco

Encrypting and encapsulating traffic

1, 2, & 3

76

4. What is the primary difference between a VPN connection and a local network connection?

1. Speed
2. Resource access
3. Security
4. Access control models
5. Authentication factors

Speed

77

5. Which of the following is NOT a true statement?

1. VPN traffic should be authenticated and encrypted
2. VPNs require dedicated leased lines
3. Endpoints of a VPN should abide by the same security policy
4. VPNs perform tunneling and encapsulation
5. VPNs can be implemented with software or hardware solutions

VPNs require dedicated leased lines

78

6. What is a hybrid VPN?

1. A VPN with a software endpoint and a hardware endpoint
2. A VPN supporting remote connectivity and remote control
3. A VPN consisting of trusted and secured segments
4. A VPN supporting both symmetric and asymmetric cryptography
5. A VPN using both tunneling and encapsulation

A VPN consisting of trusted and secured segments

79

7. What is the most commonly mentioned benefit of a VPN?

1. Cost savings
2. Remote access
3. Secure transmissions
4. Split tunnels
5. Eavesdropping

Cost savings

80

8. Which of the following is a limitation or drawback of a VPN?

1. Intermediary networks are insecure
2. VPNs are not supported by Linux OSs
3. VPNs are expensive
4. VPNs reduce infrastructure costs
5. Vulnerabilities exist at endpoints

Vulnerabilities exist at endpoints

81

9. On what is an effective VPN policy based?

1. A thorough risk assessment
2. Proper patch management
3. Business finances
4. Flexibility of worker local
5. Training

A thorough risk assessment

82

10. What form of VPN deployment prevents VPN traffic from being filtered?

1. Edge router
2. Extranet VPN
3. Corporate firewall
4. Appliance VPN
5. Host-to-Site VPN

Corporate firewall

83

11. What form of VPN deployment requires additional authentication for accessing resources across the VPN?

1. Site-to-site VPN
2. Corporate firewall
3. Host-to-site VPN
4. Edge router
5. Remote access VPN

Edge router

84

12. Which of the following is NOT a name for a VPN between individual systems?

1. Client-to-server
2. Host-to-Host
3. Remote-to-home
4. Host-to-site
5. Remote-to-office

Host-to-site

85

13. Which of the following is the primary distinction between tunnel mode and transport mode VPNs?

1. Whether or not it can support network to network links
2. Whether or not the payload is encrypted
3. Whether or not it can support host-to-host links
4. Whether or not the header is encrypted
5. Whether or not it supports integrity checking

Whether or not the header is encrypted

86

14. What VPN implementation grants outside entities access to secured resources?

1. Edge router VPN
2. Corporate VPN
3. Site-to-site VPN
4. Extranet VPN
5. Remote control VPN

Extranet VPN

87

15. What form of cryptography encrypts the bulk of data transmitted between VPN endpoints

1. Symmetric
2. Hashing
3. Public key
4. Transport mode
5. Asymmetric

Symmetric

88

16. What components create a digital signature that verifies authenticity and integrity?

1. Public key and session key
2. Private key and hashing
3. Hashing and shared key
4. Session key and public key
5. Shared key and hashing

Private key and hashing

89

17. By what mechanism do VPNs securely exchange session keys between endpoints?

1. Digital envelope
2. Digital forensics
3. Digital encapsulation
4. Digital certificate
5. Digital signature

Digital envelope

90

18. What are the two most important features of VPN authentication?

1. Single factor and replayable
2. Scalability and interoperability
3. Transparent and efficient
4. Interoperability and single factor
5. Replayable and scalable

Scalability and interoperability

91

19. What VPN access control issue can be enforced through VPN authentication?

1. Blocking unauthorized VPN users
2. Restricting access to the Internet
3. Limiting access to files
4. Filtering access to network services
5. Controlling access to printers

Blocking unauthorized VPN users

92

20. When designing the authorization for VPNs and VPN users, what should be the primary security guideline?

1. Scalability
2. Multi-factor
3. Distributed trust
4. Principle of least privilege
5. Grant by default, deny by exception

Principle of least privilege

93

21. All of the following statements about a host-to-host VPN are true EXCEPT?

1. Are commonly supported by the host OS
2. Must be implemented with VPN appliances
3. Can be interoperable between different OS products
4. Usually employs transport mode encryption
5. Can be established within a private network

Can be interoperable between different OS products

94

22. All of the following are commonly used in supporting a site-to-site VPN EXCEPT?

1. VPN appliance
2. Commercial firewall
3. Client VPN software
4. Edge router
5. VPN gateway proxy

Client VPN software

95

23. A VPN used to connect geographically distant users with the private network is located within which domain from the seven domains of a typical IT infrastructure?
1. LAN Domain
2. User Domain
3. System/Application Domain
4. Remote Access Domain
5. LAN-to-LAN Domain

User Domain

96

24. What feature or function in tunnel mode encryption is not supported in transport mode encryption?

1. The header is encrypted
2. The payload is encrypted
3. The source address is encrypted, but not the destination address
4. A footer is added to contain the hash value
5. Provides encryption protection from the source of a conversation to the destination

The header is encrypted

97

25. All of the following statements are true EXCEPT?

1. Encryption ensures VPN traffic remains confidential
2. It is possible to have a private VPN without encryption
3. VPN authentication ensures only valid entities can access the secured connection
4. Authorization over a VPN consists exclusively of granting or denying access to file resources
5. VPN authentication can include multi-factor options

VPN authentication can include multi-factor options