Flashcards in IS3220 CHAPTER 3 Deck (97):
A set of rules and procedures, usually mathematical in nature. This can define how the encryption processes operate. Often very complex, many are publicly known; anyone can investigate and analyze the strengths and weaknesses of what is called an___?
A means of encoding and decoding information using related but different keys for each process is called ___?
(A key used to encode cannot decode, and vice versa. This is based on algorithms that use either key pairs or some other special mathematical mechanism. Different keys serve different purposes. Different keys are used by different members of the communication session. some systems use something different from keys altogether)
Examples of this include:
RADIUS, TACACS, and directory services such as LDAP and Active Directory.
This is called ___?
AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING (AAA) SERVICES
The process of confirming the identity of the combination of authentication and access control/authorization that provides either the identity of the sender of a message or controls who is to receive a message. This is called ___?
A common feature of hash algorithms. this effect ensures that small changes in the input data produce large changes in the outputted hash value. A single binary digit change in a file should produce a clearly recognizable difference in the resultant hash value. This is called ___?
A trusted third-party entity that issues digital certificates to verify and validate identities of people, organizations, systems, and networks digitally is called ___?
CERTIFICATE AUTHORITY (CA)
A communication pathway, circuity, or frequency dedicated or reserved for a specific transmission is called ___?
The seemingly random and unusable output from a cryptographic function applied to original data is called ___?
(This is the result of encryption. Decryption converts this back into plain text)
This is created between a client and a server either within the same local network or across a WAN link or intermediary network and is called ___?
This will support secure client interaction with the services of a resource host.
Removal of redundant or superfluous data or space to reduce the size of a data set is called___?
This consumes less storage space and increased the speed of data transmission.
An appliance firewall placed on the border or edge of an organization's network is called ___?.
The art and science of hiding information from unauthorized third parties is called ___?
This is divided into two main categories: encryption and decryption.
The process of converting cipher text back into plain text is called___?
A network connection that is always on and available for immediate transmission of data is called ___?
Most leased lines are this.
A network connection that is always on and available for immediate transmission of data is called ___?
AKA a dedicated connection.
DEDICATED LEASED LINE
An electronic proof of identity issued by a certificate authority is called ___?
This is an entity's public key encoded by the CA's private key.
A secure communication based on public-key cryptography that encodes a message or data with the public key of the intended recipient is called ___?
A public-key cryptography-based mechanism for proving the source (and possibly integrity) of a signed data set or message is called ___?
This uses the private key of a sender.
A LAN whose components are in multiple places that are interconnected by WAN VPN links is called ___?
The act of listening in on digital or audio conversations is called ___?
Network types usually require a sniffer, protocol analyzer, or packet capturing utility. This may be able to access unencrypted communication, depending on where it occurs.
A router positioned on the edge of a private network is called ___?
This is usually the last device owned and controlled by an organization before an ISP or telco connection.
This is used to grant outside entities access into a perimeter network and is called ___?
This is used to host resources designated as accessible to a limited group of external entities, such as business partners or suppliers, but not the general public.
______ occurs when a data set is too large for maximum supported size of a communication container, such as a segment, packet, or frame.
The original divides into multiple sections or fragments for transmission across the size-limited medium, then reassembles on the receiving end.
It can sometimes corrupt or damage data or allow outsiders to smuggle malicious content past network filters.
This requires a line between each business location and allows for a direct communication between one site and another. This is called ___?
A dedicated device hosting VPN software. It can connect hosts and/or networks. This is also known as an appliance VPN and is called ___?
The unique number produced by a hash algorithm when applied to a data set is called ___?
This verifies the integrity of date.
A set of mathematical rules and procedures that produce a unique number from a data set is called ___?
The process of verifying data integrity. It uses hash algorithms to produce unique numbers from datasets, known as hash values. If before and after hash values are the same, the data retain integrity and is called ___?
A VPN endpoint located on a host client or server is called___?
It relies on either a native feature of the operating system or a third-party application.
A VPN model where the remote client connects to the VPN server to gain access to the internal network is called ___?
A VPN created between a host and a network across a local or intermediary network is called ___?
(AKA a remote access VPN.)
A form of VPN establishing a secure VPN over trust VPN connections is called ___?
The act of authentication that confirms the identity of a user or host is called ___?
Any network, network link, or channel located between the endpoints of a VPN is called ___?
(Often the Internet)
The unique number used to guide an algorithm in the encryption and decryption process is called ___?
A valid key must be within the key space of an algorithm.
The cryptographic function ensuring that both endpoints of a commutation have the same symmetric key is called ?
It occurs by simultaneous key generation or with a digital envelope.
The set of associated keys including a public key and a private key used by public key cryptography is called ___?
Only the public key can decrypt data encrypted by the private key, and vice versa.
The range of valid keys used by an algorithm is called ___?
This is the bit length of the keys supported by the algorithm.
A VPN between two networks over an intermediary network is called ___?
AKA WAN VPN and site-to-site VPN.
The accumulation of delay each time a communication signal crosses a node or host is called ___?
Some amount of delay occurs between reception on one interface and transmission out of another interface. Too much latency causes communication timeouts.
A network communications line leased from an ISP or telco service is called ___?
This is usually a dedicated line between network locations or to the Internet.
This acronym is a device that communicates computer data across a telephone connection and is called ___?
Authentication that requires multiple valid proofs of identity used in simultaneous combination is called ___?
A network connection not always on and available for immediate transmission of data is called ___?
A connection must be established through a negation process before the channel is open and ready for data transmission. Dial-up and DSL are examples.
A security service that ensures that a sender cannot deny sending a message is called ___?
This service can be provided by public key cryptography, typically through a digital signature.
A form of cryptography in which each encryption key is used once before being discarded is called ___?
Keys are pseudorandom and never repeat.
Key length must match message length, so that each character is encrypted with a unique key character.
A mathematical operation performed in one direction relatively easily is called ___?
Reversing the operation is nearly impossible.
A form of network carrier line, often leased or dedicated, which uses fiber optic cables for very high-speed connections is called ___?
OPTICAL CARRIER (OC)
Commonly used as a technique for secured data exchange or verification of an identity and is called ___?
This is a method of communication through an alternative route, mechanism, or pathway other than the current one employed (the current communication is known as "in band").
OUT OF BAND
A type of business telephone network; these systems allow for multiple phone extensions, voice mailboxes, and conference calling and require specialized equipment and is called ___?
These systems are largely being replace by VOIP solutions.
PRIVATE BRANCH EXCHANGE (PBX)
The key of the public key cryptography key pair kept secret and used only by the intended entity is called a ___?
It decodes information encoded with its associated public key, encrypting information that can be decrypted only by its associated public key. This process validates the identity of the originator and creates a digital signature.
The mechanism of computer systems that produces partially random numbers using a complex algorithm and a seed value that is usually time based is called ___? Computers are currently unable to produce true random numbers and this approximates randomness.
PSEUDO RANDOM NUMBER GENERATOR (PRNG)
It decodes messages encoded with its associated private key, originates messages that only the holder of the associate private key can decrypt, and creates digital envelopes and is called ___?
The key of this cryptography key pair shared with other entities with whom the holder of the private key wishes to correspond.
A subset of asymmetric cryptography based on the use of key pair sets is called ___?
This uses public and private keys to create digital envelopes and digital signatures.
PUBLIC KEY CRYPTOGRAPHY
Any network accessible by entities from outside an organization is called ___?
Most often, use of this term implies the Internet, but many other public networks exist.
The process of triggering the enervation of a new symmetric encryption key and secure exchange of that key is called ___?
This can take place based on time, idleness, volume, randomness, or election.
This design grants individual telecommuters or traveling workers easy access to the VPN endpoint concepts: edge router, corporate firewall, or VPN appliance and is called ___?
Also known as host-to-site VPN since it supports single-host VPN connections into a LAN site.
REMOTE ACCESS VPN
A VPN used to connect to a remote or mobile host into a home computer or network is called ___?
AKA host-to-host VPN.
A VPN used to connect a remote or mobile host into office network workstation. This is called ___?
The ability of a product or service to provide adequate performance across changes in size, load, scope, or volume is called ___?
A VPN that uses encryption to protect the confidentiality of its transmissions is called ___?
A VPN used to connect networks is called ___?
AKA a LAN-to-LAN VPN or WAN VPN.
A VPN crafted by software rather than hardware is called ___?
It may be a feature of the operating system or third-party application.
A VPN connection that allows simultaneous access to the secured VPN link and unsecured access to the Internet across the same connection is called ___?
Cryptography based on algorithms that use a single shared secret key is called ___?
The same key encrypts and decrypts data and the same key must be shared with all communication partners of the same session.
The act of working from a home, remote, or mobile location while connecting into "the employer's private network", often using a VPN is called ___?
The problem when too much data crosses a network segment. This results in reduced throughput, increased latency, and lost data is called ___?
A mechanism of authentication using a third entity known and trusted by two parties is called ___?
This allows the two communicating parties, who were originally strangers to each other, to establish an initial level of inferred trust.
TRUSTED THIRD PARTY
A VPN that uses dedicated channels, rather than VPNs, to provide privacy to its transmissions is called ___?
A mechanism to establish a secure remote access connection across an intermediary network, often the Internet is called ___?
This allows inexpensive insecure links to replace expensive security links.
This allows for cheap long-distance connections established over the Internet.
Both endpoints need only a local Internet link.
VIRTUAL PRIVATE NETWORK (VPN)
A hardware VPN device is called ___?
A VPN between two networks over an intermediary network is called ___?
AKA as LAN-to-LAN VPN and site-to-site VPN.
1. Which of the following is NOT a valid example of a VPN?
1. A host links to another host over an intermediary network
2. A host connects to a network over an intermediary network
3. A network communicates with another network over an intermediary network
4. A host takes control over another remote host over an intermediary network
5. A mobile device interacts with a network over an intermediary network
A host takes control over another remote host over an intermediary network
2. Which of the following is NOT ensured or provided by a secured VPN?
2. Quality of service
Quality of service
3. Which of the following techniques make(s) a VPN private?
1. A single organization owning all the supporting infrastructure components
2. Leasing dedicated WAN channels from a telco
3. Encrypting and encapsulating traffic
4. 1 and 2
5. 1, 2, & 3
A single organization owning all the supporting infrastructure components
Leasing dedicated WAN channels from a telco
Encrypting and encapsulating traffic
1, 2, & 3
4. What is the primary difference between a VPN connection and a local network connection?
2. Resource access
4. Access control models
5. Authentication factors
5. Which of the following is NOT a true statement?
1. VPN traffic should be authenticated and encrypted
2. VPNs require dedicated leased lines
3. Endpoints of a VPN should abide by the same security policy
4. VPNs perform tunneling and encapsulation
5. VPNs can be implemented with software or hardware solutions
VPNs require dedicated leased lines
6. What is a hybrid VPN?
1. A VPN with a software endpoint and a hardware endpoint
2. A VPN supporting remote connectivity and remote control
3. A VPN consisting of trusted and secured segments
4. A VPN supporting both symmetric and asymmetric cryptography
5. A VPN using both tunneling and encapsulation
A VPN consisting of trusted and secured segments
7. What is the most commonly mentioned benefit of a VPN?
1. Cost savings
2. Remote access
3. Secure transmissions
4. Split tunnels
8. Which of the following is a limitation or drawback of a VPN?
1. Intermediary networks are insecure
2. VPNs are not supported by Linux OSs
3. VPNs are expensive
4. VPNs reduce infrastructure costs
5. Vulnerabilities exist at endpoints
Vulnerabilities exist at endpoints
9. On what is an effective VPN policy based?
1. A thorough risk assessment
2. Proper patch management
3. Business finances
4. Flexibility of worker local
A thorough risk assessment
10. What form of VPN deployment prevents VPN traffic from being filtered?
1. Edge router
2. Extranet VPN
3. Corporate firewall
4. Appliance VPN
5. Host-to-Site VPN
11. What form of VPN deployment requires additional authentication for accessing resources across the VPN?
1. Site-to-site VPN
2. Corporate firewall
3. Host-to-site VPN
4. Edge router
5. Remote access VPN
12. Which of the following is NOT a name for a VPN between individual systems?
13. Which of the following is the primary distinction between tunnel mode and transport mode VPNs?
1. Whether or not it can support network to network links
2. Whether or not the payload is encrypted
3. Whether or not it can support host-to-host links
4. Whether or not the header is encrypted
5. Whether or not it supports integrity checking
Whether or not the header is encrypted
14. What VPN implementation grants outside entities access to secured resources?
1. Edge router VPN
2. Corporate VPN
3. Site-to-site VPN
4. Extranet VPN
5. Remote control VPN
15. What form of cryptography encrypts the bulk of data transmitted between VPN endpoints
3. Public key
4. Transport mode
16. What components create a digital signature that verifies authenticity and integrity?
1. Public key and session key
2. Private key and hashing
3. Hashing and shared key
4. Session key and public key
5. Shared key and hashing
Private key and hashing
17. By what mechanism do VPNs securely exchange session keys between endpoints?
1. Digital envelope
2. Digital forensics
3. Digital encapsulation
4. Digital certificate
5. Digital signature
18. What are the two most important features of VPN authentication?
1. Single factor and replayable
2. Scalability and interoperability
3. Transparent and efficient
4. Interoperability and single factor
5. Replayable and scalable
Scalability and interoperability
19. What VPN access control issue can be enforced through VPN authentication?
1. Blocking unauthorized VPN users
2. Restricting access to the Internet
3. Limiting access to files
4. Filtering access to network services
5. Controlling access to printers
Blocking unauthorized VPN users
20. When designing the authorization for VPNs and VPN users, what should be the primary security guideline?
3. Distributed trust
4. Principle of least privilege
5. Grant by default, deny by exception
Principle of least privilege
21. All of the following statements about a host-to-host VPN are true EXCEPT?
1. Are commonly supported by the host OS
2. Must be implemented with VPN appliances
3. Can be interoperable between different OS products
4. Usually employs transport mode encryption
5. Can be established within a private network
Can be interoperable between different OS products
22. All of the following are commonly used in supporting a site-to-site VPN EXCEPT?
1. VPN appliance
2. Commercial firewall
3. Client VPN software
4. Edge router
5. VPN gateway proxy
Client VPN software
23. A VPN used to connect geographically distant users with the private network is located within which domain from the seven domains of a typical IT infrastructure?
1. LAN Domain
2. User Domain
3. System/Application Domain
4. Remote Access Domain
5. LAN-to-LAN Domain
24. What feature or function in tunnel mode encryption is not supported in transport mode encryption?
1. The header is encrypted
2. The payload is encrypted
3. The source address is encrypted, but not the destination address
4. A footer is added to contain the hash value
5. Provides encryption protection from the source of a conversation to the destination
The header is encrypted