








































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Various authentication methods and security protocols used in network systems. It covers topics such as multifactor authentication, which combines two or more authentication methods to enhance security, and different protocols like radius, tacacs+, and eap that provide authentication, authorization, and accounting (aaa) services for network devices and remote access. The document also touches on attack vectors like social engineering, war driving, and dns poisoning, as well as mitigation techniques like honeypots and penetration testing. Overall, this document provides a comprehensive overview of authentication mechanisms and network security concepts that are relevant for network administrators, security professionals, and students studying computer networking and cybersecurity.
Typology: Exams
1 / 48
This page cannot be seen from the preview
Don't miss anything!









































Which of the following are terms for an area of an enterprise network, separated by firewalls, which contains servers that must be accessible both from the Internet and from the internal network? (Choose all that apply.) A. Intranet B.DMZ C.EGP D. Stateless network E.Perimeter network F.Screened subnet - answerB, E, F. Servers that must be accessible both from the internal network and from the Internet are typically located in an area of the enterprise called a screened subnet, a perimeter network, or a demilitarized zone (DMZ). This area is separated from both the Internet and the internal network by firewalls, which prevents unauthorized Internet users from accessing the internal network. Intranet is another term for the internal network. Edge Gateway Protocol (EGP) is a type of routing protocol, and stateless is a type of firewall; neither apply to this definition. Which of the following authentication protocols do Windows networks use for Active Directory Domain Services (AD DS) authentication of internal clients? A. RADIUS B.WPA C.Kerberos D. EAP-TLS - answerC. Windows networks that use AD DS authenticate clients using the Kerberos protocol, in part because it never transmits passwords over the network, even in encrypted form. Remote Authentication Dial-In User Service (RADIUS) is an authentication, authorization, and accounting service for remote users connecting to a network. Windows does not use it for internal clients. WiFi Protected Access 2 (WPA2) is a security protocol used by wireless Local Area
Which of the following statements best defines multifactor user authentication? A. Verification of a user's identity on all of a network's resources using a single sign- on B.Verification of a user's identity using two or more types of credentials C.Verification of a user's identity on two devices at once D. Verification of a user's membership in two or more security groups - answerB. Multifactor authentication combines two or more authentication methods, requiring a user to supply multiple credentials. This reduces the likelihood that an intruder would be able to successfully impersonate a user during the authentication process. The term multifactor does not refer to the number of resources, devices, or groups with which the user is associated. Which of the following services are methods of tracking a user's activities on a network? (Choose all that apply.) A. Authentication B.Authorization C.Accounting D. Auditing - answerC, D. Accounting and auditing are both methods of tracking and recording a user's activities on a network, such as when a user logged on and how long they remained connected. Authentication is the confirmation of a user's identity, and authorization defines the type of access granted to authenticated users. When a user supplies a password to log on to a server, which of the following actions is the user performing? A. Authentication B.Authorization C.Accounting D. Auditing - answerA. Authentication is the process of confirming a user's identity. Passwords are one of the authentication factors commonly used by network devices. Authorization defines the type of access granted to authenticated users. Accounting and auditing are both methods of tracking and recording a user's activities on a network, such as when a user logged on and how long they remained connected.
When a user swipes a finger across a fingerprint scanner to log on to a laptop computer, which of the following actions is the user performing? A. Authentication B.Authorization C.Accounting D. Auditing - answerA. Authentication is the process of confirming a user's identity. Fingerprints and other biometric readers are one of the authentication factors commonly used by network devices. Authorization defines the type of access granted to authenticated users. Accounting and auditing are both methods of tracking and recording a user's activities on a network, such as when a user logged on and how long they remained connected. Which of the following security protocols can authenticate users without transmitting their passwords over the network? A. Kerberos B. 802.1X C. TKIP D. LDAP - answerA. Kerberos is a security protocol used by Active Directory that employs a system of tickets to authenticate users and other network entities without the need to transmit credentials over the network. IEEE 802.1X does authenticate by transmitting credentials. Temporal Key Integrity Protocol (TKIP) and Lightweight Directory Access Protocol (LDAP) are not authentication protocols. Which of the following statements about authentication auditing are not true? A. Auditing can disclose attempts to compromise passwords. B.Auditing can detect authentications that occur after hours. C.Auditing can identify the guess patterns used by password cracking software. D. Auditing can record unsuccessful as well as successful authentications. - answerC. Auditing of authentication activities can record both successful and unsuccessful logon attempts. Large numbers of logon failures can indicate attempts to crack passwords. Auditing tracks the time of authentication attempts, sometimes enabling you to detect off-hours logons that indicate an intrusion. Auditing does not record the passwords specified during authentications, so it cannot identify patterns of unsuccessful guesses.
D. TKIP-RC4 - answerA. Network Access Control (NAC) is a mechanism that defines standards of equipment and configuration that systems must meet before they can connect to the network. Lightweight Directory Access Protocol (LDAP) provides communication between directory service entities. Remote Authentication Dial-In User Service (RADIUS) is an authentication, authorization, and accounting service for remote users connecting to a network. Temporal Key Integrity Protocol (TKIP) with the RC4 cipher is an encryption protocol used on wireless networks running the WiFi Protected Access (WPA) security protocol. Which of the following describes the primary difference between Single Sign-On (SSO) and same sign-on? A. SSO enables users to access different resources with one set of credentials, whereas same sign-on requires users to have multiple credential sets. B.SSO credentials consist of one username and one password, whereas same sign-on credentials consist of one username and multiple passwords. C.SSO requires the user to supply credentials only once, whereas with same sign-on, the user must supply the credentials repeatedly. D. SSO requires multifactor authentication, such as a password and a smartcard, whereas same sign-on requires only a password for authentication. - answerC. SSO uses one set of credentials and requires the user to supply them only once to gain access to multiple resources. Same sign-on also uses a single set of credentials, with one password, but the user must perform individual logons for each resource. Neither SSO nor same sign-on calls for multifactor authentication. Which of the following is the best description of biometrics? A. Something you know B.Something you have C.Something you are D. Something you do - answerC. Biometrics is a type of authentication factor that uses a physical characteristic that uniquely identifies an individual, such as a fingerprint or a retinal pattern. Biometrics is therefore best described as something you are, as opposed to something you know, something you have, or something you do Which of the following authentication factors is an example of something you have? A. A fingerprint
B.A smartcard C.A password D. A finger gesture - answerB. Something you have refers to a physical possession that serves to identify a user, such as a smartcard. This type of authentication is typically used as part of a multifactor authentication procedure because a smartcard or other physical possession can be lost or stolen. A fingerprint would be considered something you are, a password is something you know, and a finger gesture is something you do. Which of the following statements best describes the primary scenario for the use of TACACS+? A. TACACS+ was designed to provide authentication, authorization, and accounting services for wireless networks. B.TACACS+ was designed to provide authentication, authorization, and accounting services for the Active Directory service. C.TACACS+ was designed to provide authentication, authorization, and accounting services for remote dial-up users. D. TACACS+ was designed to provide authentication, authorization, and accounting services for network routers and switches. - answerD. Terminal Access Controller Access Control System Plus (TACACS+) is a protocol designed to provide Authentication, Authorization, and Accounting (AAA) services for networks with many routers and switches, enabling administrators to access them with a single set of credentials. It was not designed to provide AAA services for wireless networks, Active Directory, or remote dial-in users. The new door lock on your company's datacenter door requires you to supply both a PIN and a thumbprint scan. Which of the following types of authentication factors does the lock use? (Choose all that apply.) A. Something you have B.Something you know C.Something you are D. Something you do - answerB, C. A PIN, like a password, is something you know, and a thumbprint, or any other biometric factor, is something you are. An example of something you have would be a smartcard, and an example of something you do would be a finger gesture
Which of the following authentication factors is an example of something you are? A. A fingerprint B.A smartcard C.A password D. A finger gesture - answerA. Something you are refers to a physical characteristic that uniquely identifies an individual, such as a fingerprint or other form of biometric. This type of authentication is often used as part of a multifactor authentication procedure because a biometric element can conceivably be compromised. A finger gesture would be considered something you do, a password is something you know, and a smartcard is something you have. Which of the following is an implementation of Network Access Control (NAC)? A. RADIUS B. 802.1X C. LDAP D. TACACS+ - answerB. NAC is a set of policies that define security requirements that clients must meet before they are permitted to connect to a network. 802.1X is a basic implementation of NAC. Remote Authentication Dial-In User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+) are Authentication, Authorization, and Accounting (AAA) services. They are not NAC implementations themselves, although they can play a part in their deployment. Lightweight Directory Access Protocol (LDAP) provides directory service communications. Which of the following is not one of the roles involved in an 802.1X transaction? A. Supplicant B.Authentication server C.Authorizing agent D. Authenticator - answerC. An 802.1X transaction involves three parties: the supplicant, which is the client attempting to connect to the network; the authenticator, which is a switch or access point to which the supplicant is requesting access; and the authentication server, which is typically a Remote Authentication Dial-In User Service (RADIUS) implementation that verifies the supplicant's identity. There is no party to the transaction called an authorizing agent.
In an 802.1X transaction, what is the function of the supplicant? A. The supplicant is the service that issues certificates to clients attempting to connect to the network. B.The supplicant is the service that verifies the credentials of the client attempting to access the network. C.The supplicant is the network device to which the client is attempting to connect. D. The supplicant is the client user or computer attempting to connect to the network. - answerD. An 802.1X transaction involves three parties: the supplicant, which is the client attempting to connect to the network; the authenticator, which is a switch or access point to which the supplicant is requesting access; and the authentication server, which is typically a Remote Authentication Dial-In User Service (RADIUS) implementation that verifies the supplicant's identity. The supplicant is not involved in issuing certificates. In an 802.1X transaction, what is the function of the authenticator? A. The authenticator is the service that issues certificates to clients attempting to connect to the network. B.The authenticator is the service that verifies the credentials of the client attempting to access the network. C.The authenticator is the network device to which the client is attempting to connect. D. The authenticator is the client user or computer attempting to connect to the network. - answerC. An 802.1X transaction involves three parties: the supplicant, which is the client attempting to connect to the network; the authenticator, which is a switch or access point to which the supplicant is requesting access; and the authentication server, which is typically a Remote Authentication Dial-In User Service (RADIUS) implementation that verifies the supplicant's identity. The authenticator is not involved in issuing certificates. An 802.1X transaction involves three roles: the supplicant, the authenticator, and the authentication server. Of the three, which role typically takes the form of a RADIUS implementation? A. The supplicant B.The authenticator C.The authentication server
D. By default, both RADIUS and TACACS+ use UDP. - answerA. Remote Authentication Dial-In User Service (RADIUS) uses User Datagram Protocol (UDP) ports 1812 and 1813 or 1645 and 1646 for authentication, whereas Terminal Access Controller Access Control System Plus (TACACS+) uses Transmission Control Protocol (TCP) port 49. Which of the following standards provides Authentication, Authorization, and Accounting (AAA) services for network routers and switches? A. RADIUS B.TACACS+ C.Kerberos D. LDAP - answerB. Terminal Access Controller Access Control System Plus (TACACS+) is a protocol designed to provide AAA services for networks with many routers and switches, enabling administrators to access them with a single set of credentials. Remote Authentication Dial-In User Service (RADIUS) provides AAA services, but not for routers and switches. Kerberos and Lightweight Directory Access Protocol (LDAP) are not AAA services. Which of the following terms refers to the process of determining whether a user is a member of a group that provides access to a particular network resource? A. Authentication B.Accounting C.Authorization D. Access control - answerC. Authorization is the process of determining what resources a user can access on a network. Typically, this is done by assessing the user's group memberships. Authentication is the process of confirming a user's identity. Accounting is the process of tracking a user's network activity. Access control is the creation of permissions that provide users and groups with specific types of access to a resource. Which of the following terms refers to the process of confirming a user's identity by checking specific credentials? A. Authentication B.Accounting
C.Authorization D. Access control - answerA. Authentication is the process of confirming a user's identity by checking credentials, such as passwords, ID cards, or fingerprints. Authorization is the process of determining what resources a user can access on a network. Accounting is the process of tracking a user's network activity. Access control is the creation of permissions that provide users and groups with specific types of access to a resource. Which of the following terms refers to the process by which a system tracks a user's network activity? A. Authentication B.Accounting C.Authorization D. Access control - answerB. Accounting is the process of tracking a user's network activity, such as when the user logged on and logged off and what resources the user accessed. Authentication is the process of confirming a user's identity by checking credentials. Authorization is the process of determining what resources a user can access on a network. Access control is the creation of permissions that provide users and groups with specific types of access to a resource. Which of the following statements are true about a public key infrastructure? (Choose all that apply.) A. Data encrypted with a user's public key can be decrypted with the user's public key. B.Data encrypted with a user's public key can be decrypted with the user's private key. C.Data encrypted with a user's private key can be decrypted with the user's private key. D. Data encrypted with a user's private key can be decrypted with the user's public key. - answerB, D. In a public key infrastructure, data encrypted with a user's public key can only be decrypted with the user's private key, and data encrypted with a user's private key can only be decrypted with the user's public key. This enables the system to provide both message encryption and nonrepudiation. If data encrypted with a user's public key could be decrypted with that same public key, the system would provide no security at all. If data encrypted with a user's private key could be decrypted with that same private key, the user could only send secure messages to him- or herself.
access servers can employ to authenticate remote users? A. RADIUS B.IDS C.NGFW D. NAS - answerA. A Remote Authentication Dial-In User Service (RADIUS) server can provide Authentication, Authorization, and Accounting (AAA) services for remote access servers. Intrusion Detection Systems (IDSs), Next-Generation Firewalls (NGFWs), and Network Attached Storage (NAS) devices do not provide authentication services. Which element of the Confidentiality- Integrity- Availability (CIA) triad prevents unauthorized modification of protected data? A. Confidentiality B.Integrity C.Availability D. None of the above - answerB. The Integrity element of the CIA triad prevents data from being modified by unauthorized users. Confidentiality is protection against unauthorized viewing of data. Availability provides users with access to the data they need. Which of the following is an example of local authentication? A. A system that uses an external RADIUS server for authentication B.A system that uses the Kerberos protocol for authentication C.A system that authenticates users without network communication D. A system that requires a password and a retinal scan for authentication - answerC. Systems that use local authentication have user accounts stored on the computer, enabling users to log on without the need for any network communication. Systems that use Remote Authentication Dial-In User Service (RADIUS) or Kerberos for authentication require network communication. A password and a retinal scan is an example of a multifactor authentication system, which might or might not be local.
In some cases, network administrators create computers that function as enticing targets for attackers but that do not provide access to any legitimately sensitive services or information. Which of the following is the term used to describe this technique? A. DMZ B.Honeypot C.Root guard D. Spoofing - answerB. A honeypot is a computer configured to function as bait for attackers, causing them to waste their time penetrating a resource that provides no significant access. A demilitarized zone (DMZ) is the part of a network where administrators locate servers that must be accessible from the Internet. A root guard provides protection to switch ports. Spoofing is an attack technique in which an intruder modifies packets to assume the appearance of another user or computer Honeypots and honeynets belong to which of the following categories of devices? A. Mitigation techniques B.Network attacks C.Switch port protection types D. Firewall filters - answerA. A honeypot or honeynet is a type of mitigation technique that takes the form of a computer or network configured to function as bait for attackers, causing them to waste their time penetrating a resource that provides no significant access Which of the following best describes the process of penetration testing? A. Administrators create computers or networks that are alluring targets for intruders. B.Administrators attempt to access the network from outside using hacker tools. C.An organization hires an outside consultant to evaluate the security conditions on the network. D. An organization hires an outside consultant who attempts to compromise the network's security measures. - answerD. Penetration testing is when an outside consultant is engaged to attempt an unauthorized access to protected network resources. Testing by an internal administrator familiar with the security barriers would not be a valid test. While having a consultant examine the network's security from within can be useful, this is not a penetration test. Computers or networks that are alluring targets for intruders are called honeypots or honeynets.
solution for gathering and analyzing
information about a network's security events. Simple Network Management Protocol (SNMP) is a technology that gathers information about managed devices. SEIM and SEM/SIM are not correct abbreviations for Security Information and Event Management. A technician in the IT department at your company was terminated today and had to be escorted from the building. Your supervisor has instructed you to disable all of the technician's accounts, change all network device passwords to which the technician had access, and have the datacenter doors rekeyed. Which of the following terms best describes your supervisor's concern in asking you to do these things? A. Social engineering B.Internal threats C.Logic bombs D. War driving E.External threats - answerB. Your supervisor's concern is that the disgruntled technician might take advantage of his access to devices and facilities to sabotage the network. When an individual takes advantage of information gathered during his or her employment, it is called an internal (or insider) threat. An external threat is one originating from a non-employee. Social engineering is a form of attack in which an innocent user is persuaded by an attacker to provide sensitive information via email or telephone. A logic bomb is a code insert placed into a legitimate software product that triggers a malicious event when specific conditions are met. War driving is an attack method that consists of driving around a neighborhood with a computer, scanning for unprotected wireless networks. Which of the following is the best description of a software product with a zero-day vulnerability? A. A product with a vulnerability that has just been addressed by a newly-released fix B.A product with a vulnerability that has been addressed by a fix, which nearly all users have applied C.A vulnerability in a newly-released product for which no fix has yet been developed D. A vulnerability in a product which no attackers have yet discovered or exploited - answerC. A zero-day vulnerability is a serious software problem with a potential for exploitation in a newly released software product. The vulnerability has not yet been discovered, addressed, or patched by the software's developer, but it has been discovered by potential attackers. A zero-day vulnerability is one that has not yet been patched or fixed.