Secure Networks

Question 1

What protocol is session oriented and provides either 40bit or 128 bit encryption?

Answer 1

SSL

Question 2

What are the characteristics of CHAP?

Answer 2

Challenge handshake authentication protocol… Used over PPP links and encrypts usernames and passwords.

Question 3

What is PAP?

Answer 3

Password Authentication Protocol. Standard authentication protocol for PPP. Does transmit Usernames and passwords in clear.

Question 4

What makes EAP Unique?

Answer 4

More of a framework for authentication than a protocol. Allows for 3rd party integration.

Question 5

What is PPTP?

Answer 5

PPTP - Point To Point Tunneling Protocol. Derived from PPP and works at layer 2.

Question 6

Describe the differences between L2F and L2TP

Answer 6

L2F - Layer 2 Forwarding vs L2TP - Layer 2 Tunneling Protocol. L2F does not encrypt.

Question 7

Describe IPSec

Answer 7

Most commonly used VPN. It is both a protocol and a security mechanism for L2TP.

Question 8

What are the 2 main components of IPsec?

Answer 8

Authentication Header (AH) - provides Authentication, integrity, and non repudiation.
Encapsulating Security Payload (ESP) - Provides encryption.  Operates at Layer 3.

Question 9

In IPsec what is the difference between Transport Mode and Tunnel Mode?

Answer 9

In tunnel mode the entire packet is encrypted and in transport mode the header is not encrypted.

Question 10

What is the address range for a private Class A network?

Answer 10

10.0.0.0 - 10.255.255.255

Question 11

What is the address range for a private class B network?

Answer 11

172.16.0.0. - 172.31.255.255

Question 12

What is the address range for a private class C network?

Answer 12

192.168.0.0 - 192.168.255.255

Question 13

What is stateful NAT?

Answer 13

Basic NAT operation… Mapping of clients and internal addresses is maintained and managed during the session.

Question 14

What is Static NAT?

Answer 14

Fixed address mapping. Used when and internal client needs to be accessed from the outside.

Question 15

What is Dynamic NAT?

Answer 15

Allows multiple clients to share a few external IP addresses.

Question 16

What is APIPA?

Answer 16

Automatic Private IP Addressing - Method of assigning IP address when DHCP fails. Primarily used in Windows

Question 17

What is RFC 1918?

Answer 17

Standard for private IP addressing.

Question 18

What is the difference between Circuit and Packet Switching?

Answer 18

Circuits depend on fixed connections for session communication and packets break payloads into smaller packets. oe Analog vs Digital.

Question 19

What is a BRI?

Answer 19

Basic Rate Interface - 2 B Channel communication with a throughput of 64 Kbps per channel.

Question 20

What is a PRI?

Answer 20

Primary Rate Interface - Allows multiple 64 Kbps B channels (2 - 23) and a single 64 Kbps D Channel.

Question 21

What is the purpose of the D Channel?

Answer 21

Manages the link.

Question 22

What is the CSU/ DSU and its purpose?

Answer 22

Border management in a WAN connection. CSU - Channel Service Unit
DSU - Data Service Unit

Question 23

What is X.25?

Answer 23

Older packet switched technology used mainly in Europe.

Question 24

What is Frame Relay?

Answer 24

Layer 2 packet switched. It supports multiple PVC (Permanent Virtual Circuit) over a single connection.

Question 25

What is a PVC

Answer 25

Permanent virtual circuit. Like a dedicated leased line. Always on and ready to go.

Question 26

What is an SVC

Answer 26

Switched Virtual Circuit. Operates more like a dial up connection. Some delay in opening the connection for use.

Question 27

What is the Committed Information Rate?

Answer 27

CIR is the basic connection bandwidth before any bursting is taken into consideration.

Question 28

What is ATM and when is it best used?

Answer 28

Asynchronous Transfer Mode - Packet Switching. Breaks packets into fixed 53 byte cells. Best used for high throughput environments.

Question 29

What is transparency in design?

Answer 29

The ability to apply security that cannot be seen/ observed by users.

Question 30

What are some checksum validation methods?

Answer 30

MD5 and SHA

Question 31

What are some basic security mechanisms when deploying an SMTP server?

Answer 31

Change basic settings (ie passwords).
Apply patches.
DO NOT enable open relay. This makes you a target for spammers.

Question 32

Which of the following VPN protocols do not offer native data encryption?
A. L2F
B. L2TP
C. IPSec
D. PPTP

Answer 32

L2F
L2TP
PPTP

Question 33

At which OSI layer does the IPsec protocol function?

Answer 33

Network layer

Question 34

When designing a security systems for internet delivered email, which of the following is least important?
A. Non repudiation
B. Availability
C. Message Integrity
D. Access Restriction

Answer 34

B. Availability

Question 35

Which of the following is typically not a discussion topic with end users regarding email retention policies?
A. Privacy
B. Auditor Review
C. Length of retention
D. Backup method

Answer 35

D. - Backup method

Question 36

Which of the following is a type of connection that can be described as a logical circuit that always exists and is waiting for data to be sent?
A. ISDN
B. PVC
C. VPN
D. SVC

Answer 36

B. PVC

Question 37

What authentication protocol offers no encryption or protection for logon credentials?
A. PAP
B. CHAP
C. SSL
D. Radius

Answer 37

A. - PAP