Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security
Uploaded by all.hail.robots

ExamView 9780840024220 TB ch05

advertisement 
Chapter 5: Network Authentication and Remote Access^singVPN
TRUE/FALSE
1. Separation of duties reduces the chance of an individual violating information security policy and
breaching the confidentiality, integrity, and availability of information.
ANS: T
PTS: 1
REF: 174
2.
In order to implement MAC, a strict user and data classification scheme is required.
ANS: T
PTS: 1
REF: 174
3.
Most personal computer operating systems use the mandatory access control (MAC) model.
ANS: F
PTS: 1
REF: 176
4. Today, the widespread acceptance of IPSec with the IKE system means that proprietary protocols are
used far more often.
ANS: F
PTS: 1
REF: 201
5.
PPTP provides stronger protection than L2TP.
ANS: F
PTS: 1
REF: 203
MULTIPLE CHOICE
1. Which access control process documents the activities of the authenticated individual and systems?
a. Identification
c.
Auditing
b. Authorization
d.
Accountab
ility
ANS: D
PTS: 1
REF:
173
2. Which access control principle restricts users to having access appropriate to the level required for their
assigned duties?
a. Least privilege
c.
Role based controls
b. Need to know
d.
Separation of duties
ANS: A
PTS: 1 REF:
Which access control
principle
a. Least privilege
b. Need to know
173
is most frequently associated with data
classification?
c.
Role based controls
d.
Separation of duties
ANS: B
PTS: 1 REF:
173
4. A ______ is one in which the computer system enforces the controls without the input or
intervention of the system or data owner.
mandatory access control
(MAC)
a.
role based control
c. . discretionary access control
b.
network access control (NAC)
d (DAC)
ANS: C
PTS: 1
REF:
174
1
https://www.coursehero.com/file/32713432/ExamVie
w-9780840024220-TB-ch05pdf/
5. Which level in the U.S. military data classification scheme applies to any information or material the
unauthorized disclosure of which reasonably could be expected to cause damage to the national security?
a.
Secret data
c. Sensitive but unclassified (SBU) data
b.
Confidential data
d. Top secret data
ANS: B
PTS: 1
REF: 175
6. A bankffl automated teller machine (ATM), which restricts authorized users to simple account queries,
transfers, deposits, and withdrawals is an example of _________________ access control.
a.
content-dependent
c. temporal (time-based) isolation
b.
constrained user interface
d. classified
ANS: B
PTS: 1
REF: 178
7.
Biometrics (retinal scans, fingerprints, and the like) are mainly used for
by large
security-minded entities such as banking institutions and credit card centers for regulating access to
sensitive information, but biometrics are also gaining ground in the general corporate world.
a.
authentication
c. accountability
b.
auditing
d. authorization
ANS: A
PTS: 1
REF: 180
8.
A ____ attack is time-intensive, so they are rarely aimed at the target system in general.
a.
dictionary
c. brute-force
b.
war dialer
d. rainbow
ANS: C
PTS: 1
REF: 180
9.
A(n) ___ is a list of authorization rights attached to an object - in other words, who can access
that device or application and what can they do with it.
a.
access control list (ACL)
c. security association (SA) table
b.
rainbow table
d. state table
ANS: A
PTS: 1
REF: 183
10.
Client authentication is similar to user authentication but with the addition of
.
a.
integrated authorization
c. usage limits
b.
file restrictions
d. multifactor authentication
ANS: C
PTS: 1
REF: 184
11.
Which authentication method is used when you want a client to be authenticated for each
session?
a.
User authentication
c. Client authentication
b.
Session authentication
d. Centralized authentication
ANS: B
PTS: 1
REF: 185
12. Which centralized authentication method is the latest and strongest version of a set of authentication
protocols developed by Cisco Systems?
a.
TACACS+
c. Kerberos
b.
RADIUS
d. MD5
ANS: A
PTS: 1
REF: 187
2
https://www.coursehero.com/file/32713432/ExamView-9780840024220-TB-ch05pdf/
13.
Which centralized authentication method uses UDP?
a.
TACACS+
c. Kerberos
b.
RADIUS
d. MD5
ANS: B
PTS: 1
REF: 188
14.
A ____ is an automatic phone-dialing program that dials every phone number in a configured
range (e.g., from 555-1000 to 555-2000) and checks to see if a person, answering machine, or modem
answers.
a.
dictionary attack
c. brute force attack
b.
rainbow attack
d. war dialer
ANS: D
PTS: 1
REF: 190
15. The growth and widespread use of the Internet has been coupled with the use of encryption technology to
produce a solution for specific types of private communication channels: ___________________ .
a.
TACACS+
c. split tunneling
b.
virtual private networks (VPNs)
d. multifactor authentication
ANS: B
PTS: 1
REF: 190
16.
___ are hardware devices or software modules that perform encryption to secure data,
perform
authentication to make sure the host requesting the data is an approved user of the VPN, and perform
encapsulation to protect the integrity of the information being sent.
a.
Endpoints
c. Concentrators
b.
Access points
d. Tunnels
ANS: A
PTS: 1
REF: 192
17.
IPSec ___ use a complex set of security protocols to protect information, including Internet Key
Exchange (IKE), which provides for the exchange of security keys between the machines in the VPN.
a.
endpoints
c. tunnels
b.
access points
d. concentrators
ANS: D
PTS: 1
REF: 193
18.
VPNs protect packets by performing IP , the process of enclosing a packet within another one
that has different IP source and destination information.
a.
tiering
c. encryption
b.
tunneling
d. encapsulation
ANS: D
PTS: 1
REF: 194
19.
Some VPNs use the term to describe everything in the protected network behind the
gateway.
a.
safe house
c. encapsulation
b.
encryption domain
d. tunnel
ANS: B
PTS: 1
REF: 196
20. Point-to-Point Protocol (PPP) over Secure Sockets Layer (SSL) and Point-to-Point Protocol (PPP) over
Secure Shell (SSH) are two __________________ -based methods for creating VPNs.
a.
Microsoft
c. UNIX
b.
IBM
d. Linux
ANS: C
PTS: 1
REF: 203
3
https://www.coursehero.com/file/32713432/ExamView-9780840024220-TB-ch05pdf/
21.
Which term refers to two connections over a VPN line?
a.
High speed Internet connection
c. Dual tunneling
b.
Cross-over communication
d. Split tunneling
ANS: D
PTS: 1
REF: 204
COMPLETION
1.
is the process by which a computer system recognizes a userffl identity.
ANS: Identification
PTS: 1
REF: 178
2. ______________________________________ is the act of confirming the identity or user account.
ANS: Authentication
PTS: 1
REF: 179
3.
The generally accepted definition of
refers to guessing, breaking,
and/or
stealing passwords to gain access to a system or application.
ANS: cracking
PTS: 1
REF: 180
4.
A(n) is basically an internal network restricted to employees within the
organization, also using Internet technologies.
ANS: intranet
PTS: 1
REF: 190
5.
A TCP/IP is a channel or pathway over a packet network used by the
VPN.
ANS: tunnel
PTS: 1
REF: 192
MATCHING
Match each item with a statement below.
a.
Site-to-site VPN
f.
PPTP
b.
Client-to-site VPN
g.
L2TP
c.
VPN appliance
h.
Mesh configuration
d.
Software VPN
i.
Hub-and-spoke
configuration
e.
IPSec/IKE
1.
A hardware device specially designed to terminate VPNs and join multiple LANs.
2. Used when a dial-up user has an old system that doesn^ support L2TP and needs to use PPP to establish a
VPN connection to your network.
3.
A network accessible to remote users who need dial-in access.
4.
A single VPN router contains records of all SAs in the VPN.
4
https://www.coursehero.com/file/32713432/ExamView-9780840024220-TB-ch05pdf/
5. Each participant in the VPN has an approved relationship, called a security association (SA), with every
other participant.
6. Rapidly becoming the protocol of choice for VPN connections of all sorts and should be used when the
other protocols are not acceptable.
7.
Used when a dial-up user needs to establish a VPN connection with your network.
8. Generally less expensive than hardware systems, and they tend to scale better on fast-growing networks.
9.
Links two or more networks.
1. ANS : C
PTS : 1
REF : 197
2. ANS : F
PTS : 1
REF : 203
3. ANS : B
PTS : 1
REF : 197
4. ANS : I
PTS : 1
REF : 199
5. ANS : H
PTS : 1
REF : 199
6. ANS : E
PTS : 1
REF : 203
7. ANS : G
PTS : 1
REF : 203
8. ANS : D
PTS : 1
REF : 197
9. ANS : A
PTS : 1
REF : 197
SHORT ANSWER
1. List and briefly describe the six functional characteristic categories that can be used to categorize access
controls.
ANS:
There are a number of ways to categorize access controls. One way is by their functional characteristics, each
control falling into one of the following categories:
•
Deterrent - Discourages or deters an incipient incident
•
Preventative - Helps an organization avoid an incident
•
Detective - Detects or identifies an incident or threat when it occurs
•
Corrective - Remedies a circumstance or mitigates the damage done during an incident
•
Recovery - Restores operating conditions to normal
•
Compensating - Resolves shortcomings
PTS: 1
REF: 174
2.
Describe how rule-based access controls can be implemented in the DAC model.
ANS:
With DAC model rule-based access controls, access to information is granted based on a set of rules specified
by a central authority. This is a DAC model because the individual user is the one who decides which rules
apply. Role-based models can also be implemented under DAC if an individual system owner wants to create
the rules for other users of that system or its data.
PTS: 1
REF: 177
5
https://www.coursehero.com/file/32713432/ExamView-9780840024220-TB-ch05pdf/
3.
Why is it important to rename a system default account?
ANS:
All operating systems come with a preinstalled user account (or accounts). This account - for example,®
ootSn the UNIX operating system or ® dministrator? in Windows operating systems - generally has
administrative access to the system and is used to create additional accounts.
Attackers know which default accounts are included with an operating system, so these accounts need to be
renamed. By doing so, you force attackers to spend more time discerning or guessing a username.
PTS: 1
REF: 178
4.
Describe how challenge-response passwords work.
ANS:
Each time the user logs in, the authenticating computer or firewall generates a new random number (the
challenge) and sends it to the user, who enters a secret PIN or password (the response). If the challenge and
PIN or password match the information stored on the authenticating server, the user gains access.
PTS: 1
REF: 182
5.
Describe how session authentication works.
ANS:
Session authentication requires authentication whenever a client system attempts to connect to a network
resource and establish a session (a period when communications are exchanged). Session authentication can
be used with any service. The client system wishing to be authenticated is usually equipped with a software
agent that enables the authentication process; the server or firewall detects the agent when the connection
request is made. When necessary, the firewall intercepts the connection request and contacts the agent. The
agent performs the authentication, and the firewall allows the connection to the required resource.
PTS: 1
REF: 184-185
6.
What is the advantage of using a hardware VPN appliance?
ANS:
The advantage of using a hardware VPN appliance is that it enables you to connect more tunnels and users
than software systems do. If the server goes offline or crashes for some reason, the hardware VPN appliance
doesn® go offline.
PTS: 1
REF: 197
7.
Describe the two IPSec modes of operation.
ANS:
IPSec works in two different modes: transport mode and tunnel mode. Transport mode is used to provide
secure communications between hosts over any range of IP addresses. Tunnel mode is used to create secure
links between two private networks. Tunnel mode is the obvious choice for VPNs; however, there are some
concerns about using tunnel mode in a client-to-site VPN because IPSec by itself does not provide for user
authentication. However, when combined with an authentication system like Kerberos, IPSec can
authenticate users.
PTS: 1
REF: 202
6
https://www.coursehero.com/file/32713432/ExamView-9780840024220-TB-ch05pdf/
8.
Describe the L2TP Layer 2 Tunneling Protocol (L2TP).
ANS:
L2TP is an extension of PPP. It uses IPSec rather than MPPE to encrypt data sent over PPP. It provides secure
authenticated remote access by separating the process of initiating a connection from the process of
forwarding the data encapsulated in PPP communications. Using L2TP, a host machine can make a
connection to a modem and then have its PPP data packets forwarded to another, separate remote access
server. When the data reaches the remote access server, its payload is unpacked and forwarded to the
destination host on the internal network.
PTS: 1
REF: 203
9.
Describe the drawbacks of using a VPN.
ANS:
They are complex and, if configured improperly, can create significant network vulnerabilities. Leased lines
may be more expensive, but the chance of introducing vulnerabilities is not as great because they create
point-to-point connections. VPNs also make use of the unpredictable and often unreliable Internet.
Multinational VPNs, in particular, can experience problems because packets being routed through various
hubs can encounter slowdowns or blockages that you can neither predict nor resolve. You then have to
explain to administration that the problem is occurring thousands of miles away and they^ l just have to wait
until it is fixed there.
PTS: 1
REF: 205
10.
Briefly describe multifactor authentication.
ANS:
Multifactor authentication uses two or more authentication factors to authenticate remote users. This means
combining something the user possesses, such as a token or smart card, with something physically associated
with the user, such as fingerprints or retinal scans. For such a system to work, each remote user needs to
have a smart card reader, a fingerprint reader, a retinal scanner, or some other (potentially expensive) device
along with a computer.
PTS: 1
REF: 207
7
https://www.coursehero.com/file/32713432/ExamView-9780840024220-TB-ch05pdf/
Related documents
A2.A.23: Solving Rationals: Solve rational equations and inequalities
A2.A.23: Solving Rationals: Solve rational equations and inequalities
Document17788189 17788189
Document17788189 17788189
A2.A.74: Using Trigonometry to Find Area: Determine the area of... parallelogram, given the measure of two sides and the included...
A2.A.74: Using Trigonometry to Find Area: Determine the area of... parallelogram, given the measure of two sides and the included...
Download
advertisement