IS3230 CHAPTER 12 Flashcards Preview

IS3230 ACCESS CONTROL, KEY INFRASTRUCTURE > IS3230 CHAPTER 12 > Flashcards

Flashcards in IS3230 CHAPTER 12 Deck (37):
1

As part of AAA, this provides the ability of a system to collect statistic on networks or users for auditing and billing purposes. This enables the tracking of systems usage, start and stop times of resources, and number of packets, as well as other metrics that identify what was used and for how long is called ___.

ACCOUNTING

2

An IPSec authentication protocol that is used to prove the identity of the sender and ensure the data has not been tampered with is called ___.

AUTHENTICATION HEADER (AH)

3

Network service that provide security through a framework of access controls and policies, enforcement of policies, and information needed for billing purposes is called ___.

AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING (AAA)

4

____provides authentication over a PPP link.

CHALLENGE HANDSHAKE AUTHENTICATION PROTOCOL (CHAP)

5

Authentication and encryption protocol for IPSec that encrypts Internet Protocol (IP) packets and ensures their integrity is called ___.

ENCAPSULATED SECURITY PAYLOAD (ESP)

6

A framework enabling multiple authentication mechanisms over various connections is called ___.

EXTENSIBLE AUTHENTICATION PROTOCOL (EAP)

7

A tunneling protocol that encapsulates packets inside Internet Protocol (IP) tunnels is called ___.

GENERIC ROUTING ENCAPSULATION (GRE)

8

Provides identification to communication partners via a secure connection is called ___.

INTERNET KEY EXCHANGE (IKE)

9

A protocol that secures IP communications by authentication and encrypting each IP packet is called ___.

INTERNET PROTOCOL SECURITY (IPSec)

10

A protocol that provides the framework for the negotiation of algorithms, protocols, modes and keys for IKE is called ___.

INTERNET SECURITY ASSOCIATION AND KEY MANAGEMENT PROTOCOL (ISAKMP)

11

This sets up a point-to-point connection between two computer systems that can be transmitted over multiple types of networks is called ___.

LAYER 2 TUNNELING PROTOCOL (L2TP)

12

An algorithm that applies a hash function to a message, creating a 128-bit message digest. This algorithm is used to ensure the data has not been changed in any manner is called ___.

MESSAGE DIGEST 5 (MD5)

13

Proveds a service to dial-in users. This server allows a computer system to connect to the network through either a phone line or the Internet is called ___.

NETWORK ACCESS SERVER (NAS)

14

A protocol that allows computer systems to exchange key agreement over an insecure network is called ___.

OAKLEY

15

A data-link protocol that provides authentication over PPP is called ___.

PASSWORD AUTHENTICATION PROTOCOL (PAP)

16

A protocol for communication between two computers. Typically, the connection from the client to the server isomer a telephone line and is called ___.

POINT-TO-POINT PROTOCOL (PPP)

17

A protocol that seats up a point-to-point connection between two computer systems over an Internet Protocol (IP) network is called ___.

POINT-TO-POINT TUNNELING PROTOCOL (PPTP)

18

A server that provides an authentication service for users that are dialing into a network or accessing it from the Internet is called ___.

REMOTE ACCESS SERVER (RAS)

19

A client/server protocol that provides authentication, authorization, and accounting for a remote dial-in system is called ___.

REMOTE AUTHENTICATION DIAL IN USER SERVICE (RADIUS)

20

Records the configuration the computer systems need to support an IPSec connection is called ___.

SECURITY ASSOCIATION (SA)

21

A remote access client/server protocol that provides authentication and authorization capabilities to users that are accessing the network remotely and is not a secure protocol is called ___.

TERMINAL ACCESS CONTROLLER ACCESS CONTROL SYSTEM (TACACS)

22

A remote access client/server protocol. It is a Cisco proprietary protocol and provides authentication, authorization, and accounting is called ___.

TERMINAL ACCESS CONTROLLER ACCESS CONTROL SYSTEM PLUS (TACACS+)

23

The sending of messages to a single network destination. The opposite of this is broadcast, where data is sent to all network destinations is called ___.

UNICAST

24

1. RADIUS uses TCP.
TRUE OR FALSE

FALSE

25

2. AAA stands for ___.

Authentication
Authorization
Accounting

26

3. Which of the following bed describes the act of verifying that users are who they say they are?
1. Identification
2. Authentication
3. Authorization
4. Auditing

Authentication

27

4. Which of the following are authentication protocols used with PPP (Select three)
1. CHES
2. CHAP
3. EAP
4. MAP
5. PAP

CHAP
EAP
PAP

28

5. TACACS+ encrypts the entrée data packet.
TRUE OR FALSE

TRUE

29

6. What portion of TACACS+ provides AAA capabilities?
1. NAS
2. Client
3. TACACS+ daemon
4. XTACACS

TACACS+ daemon

30

7. What are examples of Web authentication? (Select three)
1. Knowledge-based authentication
2. Identification
3. Certificates
4. User ID/password
5. Remote access server

Knowledge-based authentication
Certificates
User ID/password

31

8. MD5 is a cryptographic ___ function.

Hash

32

9. Cisco developed the TACACS_ and XTACACS.
TRUE OR FALSE

TRUE

33

10. Which of the following is used to validate the communication between a RADIUS server and a RADIUS client?
1. NAM
2. TACACS daemon
3. RAS
4. Shared secret

Shared secret

34

11. PAP is a ___ handshake.

Two-way

35

12. CHAP is a ___ handshake.

Three-way

36

13. What is a program that runs in the background?
1. RAS
2. Encryption
3. Daemon
4. PAP

Daemon

37

14. What is the de facto standard for IPSec key exchange?
1. OAKLEY
2. IKE
3. ISAKMP
4. RADIUS

IKE