OSI Model and Network Protocols, Exams of Nursing

A detailed overview of the osi (open systems interconnection) model, which is an abstract framework for how protocols should function in an ideal world. It covers the seven layers of the osi model, including the physical layer, data link layer, network layer, transport layer, session layer, presentation layer, and application layer. The document also discusses various network protocols and their associated tcp/udp ports, such as telnet, ftp, tftp, smtp, pop3, imap, dhcp, http, ssl, lpd, nfs, snmp, icmp, and igmp. Additionally, it covers concepts related to network security, including firewalls, endpoint security, and network devices like brouters and gateways. The document also touches on wireless communication technologies like frequency hopping spread spectrum (fhss), direct sequence spread spectrum (dsss), and orthogonal frequency division multiplexing (ofdm).

Typology: Exams

2023/2024

Available from 09/13/2024

LEARNIFYEXAMGURU
LEARNIFYEXAMGURU 🇺🇸

1

(1)

4.2K documents

1 / 22

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CISSP Exam Solved 100% Correct!!
CIA Triangle Answer- Cornerstone of infosec. Confidentiality, Integrity, Availability
Confidentiality (CIA Triangle) Answer- prevention of unauthorized disclosure of
information; prevention of unauthorized read access to data
Integrity (CIA Triangle) Answer- prevention of unauthorized modification of data;
prevention of unauthorized write access to data
Availability (CIA Triangle) Answer- ensures data is available when needed to
authorized users
Opposing forces to CIA Answer- DAD: disclosure, alteration, destruction
identification Answer- the process by which a subject professes an identity and
accountability is initiated; ex: typing a username, swiping a smart card, waving a
proximity device (badging in), speaking a phrase, etc - always a two step process
with authenticating
authentication Answer- verification that a person is who they say they are; ex:
entering a password or PIN, biometrics, etc - always a two step process with
identifying
authorization Answer- verification of a person's access or privileges to applicable
data
auditing (monitoring) Answer- recording a log of the events and activities related to
the system and subjects
accounting (accountability) Answer- reviewing log files to check for compliance and
violations in order to hold subjects accountable for their actions
non-repudiation Answer- a user cannot deny having performed a specific action
subject Answer- an entity that performs active functions to a system; usually a
person, but can also be script or program designed to perform actions on data
object Answer- any passive data within the system
ISC2 Code of Ethics Canons (4) Answer- 1. protect society, commonwealth,
infrastructure
2. act honorably, justly, responsibly, legally
3. provide diligent and competent service
4. advance and protect the profession
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16

Partial preview of the text

Download OSI Model and Network Protocols and more Exams Nursing in PDF only on Docsity!

CISSP Exam Solved 100% Correct!!

CIA Triangle Answer- Cornerstone of infosec. Confidentiality, Integrity, Availability Confidentiality (CIA Triangle) Answer- prevention of unauthorized disclosure of information; prevention of unauthorized read access to data Integrity (CIA Triangle) Answer- prevention of unauthorized modification of data; prevention of unauthorized write access to data Availability (CIA Triangle) Answer- ensures data is available when needed to authorized users Opposing forces to CIA Answer- DAD: disclosure, alteration, destruction identification Answer- the process by which a subject professes an identity and accountability is initiated; ex: typing a username, swiping a smart card, waving a proximity device (badging in), speaking a phrase, etc - always a two step process with authenticating authentication Answer- verification that a person is who they say they are; ex: entering a password or PIN, biometrics, etc - always a two step process with identifying authorization Answer- verification of a person's access or privileges to applicable data auditing (monitoring) Answer- recording a log of the events and activities related to the system and subjects accounting (accountability) Answer- reviewing log files to check for compliance and violations in order to hold subjects accountable for their actions non-repudiation Answer- a user cannot deny having performed a specific action subject Answer- an entity that performs active functions to a system; usually a person, but can also be script or program designed to perform actions on data object Answer- any passive data within the system ISC2 Code of Ethics Canons (4) Answer- 1. protect society, commonwealth, infrastructure

  1. act honorably, justly, responsibly, legally
  2. provide diligent and competent service
  3. advance and protect the profession

strictly applied in order; exam questions in which multiple canons could be the answer, choose the highest priority per this order policy Answer- mandatory high level management directives; components of policy

  1. purpose: describes the need for policy
  2. scope: what systems, people, facilities, organizations are covered
  3. responsibilities: specific duties of involved parties
  4. compliance: effectiveness of policy, violations of policy procedure Answer- low level step by step guide for accomplishing a task standard Answer- describes the specific use of technology applied to hardware or software; mandatory guideline Answer- discretionary recommendations (e.g. not mandatory) baseline Answer- a uniform way of implementing a standard 3 access/security control categories Answer- 1. administrative: implemented by creating org policy, procedure, regulation. user awareness/training also fall here
  5. technical: implemented using hardware, software, firmware that restricts logical access to a system
  6. physical: locks, fences, walls, etc preventive access control (can be administrative, technical, physical) Answer- prevents actions from occurring by applying restrictions on what a user can do. example: privilege level detective access control (can be administrative, technical, physical) Answer- controls that alert during or after a successful attack; alarm systems, or closed circuit tv corrective access control (can be administrative, technical, physical) Answer- repairing a damaged system; often works hand in hand with detective controls (e.g. antivirus software) recovery access control (can be administrative, technical, physical) Answer- controls to restore a system after an incident has occurred; deterrent access control (can be administrative, technical, physical) Answer- deters users from performing actions on a system compensating access control (can be administrative, technical, physical) Answer- additional control used to compensate for weaknesses in other controls as needed risk formula Answer- risk = threat x vulnerability x impact

change management Answer- ensure that any change does not lead to reduced or compromised security; also responsible for roll backs; make all changes subject to detailed documentation and auditing data classification Answer- process of organizing items, objects, subjects, into groups, categories, or collections with similarities; formalize and stratify the process of securing data based on assigned labels of importance and sensitivity government/military classification Answer- TS > Sec > Confidential > sensitive > unclassified commercial/private section classifications Answer- confidential/private > sensitive > public senior manager role Answer- person who is ultimately responsible for the security and protection of an orgs assets; signs off on all activities and policy; overall success and failure rests on this role data owner Answer- responsible for classifying information for placement and protection within policy/solutions; often delegates actual management of the data to a custodian data custodian Answer- responsible for implementing the prescribed protection defined by the security policy and senior management; responsible for the day to day tasks of maintaining the data/system COBIT 5 (control framwork) Control Objectives for Information and Related Technology Answer- principles for governance and management of enterprise IT

  1. meeting stakeholder needs
  2. covering the enterprise end to end
  3. applying a single framework
  4. enabling a holistic approach
  5. separating governance from management regulatory policy Answer- required whenever industry or legal standards are applicable to your organization (NERC CIP, FISMA) advisory policy Answer- discusses behaviors and activities that are acceptable and defines consequences of violations (most fall into this category) informative policy Answer- provides information about a specific subject; ex: company goals, mission statements STRIDE threat categorization Answer- Spoofing, tampering, repudiation, information disclosure, denial of service, elevation of privilege

spoofing Answer- goal of gaining access to a target system through the use of a falsified identity; can be used against IP addresses, MAC address, user names, system names, SSIDs, email addresses, etc tampering Answer- any action resulting in the unauthorized changes or manipulation of data repudiation Answer- the ability of a user or attacker to deny having performed a specific action or activity (plausible deniability) information disclosure Answer- distribution of private, confidential, or controlled information to external or unauthorized entities denial of service (DoS) Answer- attempts to prevent authorized use of a resource. can be accomplished through flaw exploitation, connection overloading, or traffic flooding elevation of privilege Answer- a limited user account is transformed into an account with greater privileges and access DREAD threat rating system Answer- damage potential, reproducibility, exploitability, affected users, discoverability security governance Answer- collection of practices related to supporting, defining, and directing the security efforts of an organization third party governance Answer- system of oversight that may be mandated by law, regulation, industry standards, contractual obligation, or licensing agreements compliance Answer- the act of conforming to or adhering to rules, policies, regulations, standards, or requirements documentation review Answer- the process of reading the exchanged materials and verifying them against standards and expectations business continuity planning (BCP) Answer- assessing the risks to organizational processes and crafting policies, plans, and procedures to minimize the impact of those risks quantitative decision making Answer- involves the use of numbers and formulas to reach a decision; often expressed in terms of dollar value qualitative decision making Answer- non numerical factors such as emotion, investor/customer confidence, workforce stability, etc into account; often results in categories of prioritization (high medium low) Computer Fraud and Abuse Act (1986) Answer- changed the scope of the CCCA to include all "federal interest" computers; all government and financial systems

top secret Answer- applied to information, the unauthorized disclosure of which reasonable could be expected to cause exceptionally grave damage to national security secret Answer- applied to information, the unauthorized disclosure of which reasonable could be expected to cause serious damage to national security confidential Answer- applied to information, the unauthorized disclosure of which reasonable could be expected to cause damage to national security unclassified Answer- refers to any data that doesn't meet one of the descriptions for an escalated classification government/military data classifications Answer- top secret, secret, confidential, unclassified civilian data classifications Answer- confidential/proprietary, private, sensitive, public marking sensitive data Answer- when users know the value of the data, they are more likely to take care of it

  1. physical - labels that indicate classification on the data or system that processes it
  2. digital - header/footer, embed as a watermark; these would appear on a printout. storing sensitive data Answer- storage should protect against any type of loss, backups should be protected the same as original data; encryption data remanence Answer- data that remains on a hard drive as residual magnetic flux; can only be removed by degaussing erasing data Answer- performing a delete operation against a file(s); in most cases, deletion process only removes the directory or catalog link to the data (data still remains); not 100% reliable clearing data Answer- also known as overwriting; unclassified data is written over all addressable locations to the media; single character repeated, characters compliment, finishes with random bits; not 100% reliable on some media purging data Answer- more intense form of clearing that prepares media for reuse in less secure environments; performs the clearing process multiple times declassification Answer- involves any process that purges media or a system in preparation for reuse in an unclassified envrinoment sanitization Answer- combination of processes that removes data from a system of media; ensures data cannot be recovered by any means; can also refer to destruction or trusted purging degaussing Answer- strong magnetic field that erases data; does not affect optical drives or SSDs

destruction (of data) Answer- final stage in the life cycle of media and the most secure method of sanitizing media; incineration, crushing, shredding, disintegration, dissolving using caustic/acidic chemicals record retention Answer- involves retaining and maintaining important information as long as it's needed and destroying it when it is no longer needed system owner Answer- person who owns the system that processes sensitive data; develops the system security plan, maintains the plan, ensures proper security training, updates documentation as needed; typically the same person as the data owner, but not always data processors Answer- any system used to process data; EU Data Protection Law defines as a natural or legal person which processes personal data solely on behalf of the data controller Safe Harbor Program Answer- regulatory program that includes a set of overarcing principles; notice, choice, onward transfer, security, data integrity, access, enforcement administrators Answer- responsible for granting appropriate access to personnel, assigning permissions is the key function; typically use a role based control model security baselines Answer- provide a starting point and ensure a minimum security standard; often a standardized control framework scoping Answer- refers to reviewing baseline security controls and selecting only those that are applicable to the system you are trying to protect tailoring Answer- refers to modifying the list of security controls within a baseline so that they align with the mission of the organization data at rest Answer- stored data, resides in a permanent location awaiting access data in motion Answer- "on the wire", data being transmitted across a network between two systems cryptographic key Answer- the object in which crypto algorithms rely on to maintain their security; usually a large number (often binary), key space is the range of numbers the binary can represent defined by its bit size AND operation Answer- AND requires both inputs to be true, represented with the ^ symbol OR operation Answer- OR requires one or both inputs to be true, represented with the v symbol XOR operation Answer- XOR requires only one or the other input to be true, but cannot be both; represented with the plus sign enclosed in a circle

digital signature standard Answer- various specifications for a digital signature infrastructure as directed by NIST; SHA-2 for hashing - DSA, RSA, Elliptic Curve DSA for encryption digital certificates Answer- provide assurance that the people they are communicating with are who they claim to be, endorsed copies of an individual's public key (verified by a certificate authority), governed by the international standard X. digital certificate standard X.509 Answer- certificates contain the following:

  • version of X.
  • serial number
  • signature algorithm identifier
  • issuer name (the CA)
  • validity period
  • subject's name
  • subject's public key certificate authorities Answer- neutral organizations that offer notarization services for digital certificates; identity must be proven; assisted by registration authorities (RAs) certificate enrollment Answer- identity proven to CA, other identification documents could be requested, X.509 certificate created, CA then digitally signs the certificate certificate verification Answer- verified by checking the digital signature using the public key; key is authentic if =
  1. the digital signature of the CA is authentic
  2. you trust the CA
  3. the certificate is not on the certificate revocation list (CRL)
  4. the certificate actually contains the data you are trusting certificate revocation Answer- 1. compromise (private key disclosure)
  5. erroneously issued (issued without proper verification)
  6. details of the cert have changed
  7. security association has changed (termination, etc) public key infrastructure best practices Answer- 1. choose your encryption system wisely
  8. select your keys in an appropriate manner (length, performance, etc)
  9. keep your private key secret
  10. retire keys when they've served a useful life
  11. back up your key disk encryption by OS Answer- Windows - Bit Locker, Encrypting File System (EFS) OSX - FileVault Multiplatform - TrueCrypt

Pretty Good Privacy Answer- secure email system created by Phil Zimmerman in 1991; centered around the 'web of trust' concept Secure Multipurpose Internet Mail Extensions (SMIME) Answer- protocol that uses RSA encryption and relies on X.509 certificates; already integrated into Outlook and Outlook Web Access, Mozilla Thunderbird, and Mac OSX Mail secure sockets layer (SSL) Answer- developed by Netscape; used in conjunction with HTTP over port 443 to negotiate encrypted communications between servers/clients; hybrid of asymmetric and symmetric transport layer security (TLS) Answer- proposed replacement for SSL (1999); uses TCP over port 443; based on SSL but with enhancements link encryption Answer- protects an entire comm circuit; creates a secure tunnel between two points using either a hardware or software solution that encrypts all traffic before routing and decrypts traffic as it arrives; all data encrypted (header, trailer, address, routing data); usually used in lower OSI layers end to end encryption Answer- only protects comm between two parties; performed independently of link encryption; does not encrypt header, trailer, routing info so it is faster but more susceptible to attacks; usually implemented at the higher OSI layers IP Sec Answer- architecture that supports secure communications set forth by the Internet Engineering Task Force between two entities; generally to connect 2 networks; modular framework, primary use is for VPNs; commonly paired with Layer 2 Tunneling Protocol (L2TP); two main components - authentication header (AH), encapsulating security payload (ESP) IP Sec transport mode Answer- only the packet payload is encrypted; designed for peer to peer communciation IP Sec tunnel mode Answer- the entire packet, including header, is encrypted; designed for gateway to gateway communication wired equivalent privacy (WEP) Answer- provides 64 and 128 bit encryption over a wireless LAN; part of the IEEE 802.11 standard; this algorithm is no secure, however wifi protected access (WPA) Answer- improves on WEP by adding the Temporal Key Integrity Protocol (TKIP); further improvement in WPA2 which adds AES cryptography analytic attack Answer- algebraic manipulation that attempts to reduce the complexity of the algorithm; focus on the logic of the algorithm itself implementation attack Answer- exploits weaknesses in the implementation of the cryptography system; focuses on exploiting the software code statistical attack Answer- exploits statistical weakness such as floating point errors and inability to produce truly random numbers; vulnerability in hardware

rule based access control Answer- predefined rules state which subjects can access which objects discretionary access controls Answer- the subject has some ability to define the objects to access; within limits, the subject is allowed to define a list of objects to access as needed; more dynamic security token Answer- separate object that is associated with a resource and describes its security attributes capabilities list Answer- maintains a row of security attributes for each controlled object; not as flexible as a token, but provide for quicker lookups when a request is made security label Answer- permanent part of the object to which it's attached; once it's set, it cannot be altered trusted computing base (TCB) Answer- combination of hardware, software, an controls that work together to form a trusted base to enforce security policy reference monitor Answer- the part of the TCB that validates access to every resource prior to granting access requests security kernel Answer- the collection of components in the TCB that work together to implement reference monitor functions state machine model Answer- describes a system that is always secure no matter what state it is in; boots into a secure state, maintains a secure state through all transitions, and allows subjects to access resources only in a secure manner information flow model Answer- focuses on the flow of information based on a state machine model; ex: Bell-LaPadula and Biba models; designed to prevent unauthorized, insecure, or restricted information flow often between different levels of security noninterference model Answer- loosely based on the information flow model but instead is concerned how the actions of a subject at a higher security level affect the system state or the actions of a subject at a lower security level composition theories Answer- build on the notion of how inputs and outputs between multiple systems relate to one another cascading (composition theory) Answer- input for one system comes from the output of another system feedback (composition theory) Answer- one system provides input to another system, which reciprocates by reversing those roles (system A provides input for B and then B provides for A)

hookup (composition theory) Answer- one system send input to another system but also send input to external entities Take-Grant model Answer- employs a directed graph to dictate how rights can be passed from one subject to another or from a subject to an object; a subject with the grant right can grant another subject or object any other right they possess access control matrix Answer- table of subjects and objects that indicates the actions or functions that each subject can perform on each object; each column is an access control list and each row is a capabilities list Bell-LaPadula Model Answer- developed in the 1970s; focused primarily on confidentiality; 3 principles

  1. simple security property: a subject may not read information at a higher sensitivity level (no read up)
  2. star security property: a subject may not write to an object at a lower sensitivity (no write down)
  3. discretionary security property: the system uses an access matrix to enforce discretionary access control Biba Model Answer- inverted Bell-LaPadula model; focused more on integrity; 2 principles
  4. simple integrity property: a subject cannot read an object at a lower integrity level (no read down)
  5. star integrity property: a subject cannot modify an object at a higher integrity level (no write up) Clark-Wilson Model Answer- focused on integrity; uses a three part relationship known as access control triple; subjects do not have direct access to objects which are accessed only through programs; relies on 2 principles - well formed transactions and separation of duties Clark-Wilson components Answer- constrained data item (CDI): data item whose integrity is protected by the security model unconstrained data item (UDI): data item that is not controlled by the security model integrity verification procedure (IVP): scans data items and confirms their integrity transformation procedures (TPs): the only procedures that are allowed to modify a CDI restricted interface model Answer- uses classification based restrictions to offer only subject specific authorized information and functions Brewer and Nash Model Answer- created to change dynamically based on a user's previous activity; applies to a single integrated database, it seeks to create security domains that are sensitive to the notion of conflict of interest

Red Book (Rainbow Series) Answer- applies to network based systems and context Green Book (Rainbow Series) Answer- password management and creation guidelines protection ring Answer- organize code and components in an OS into concentric rings; the deeper inside the circle, the higher the privilege level; innermost ring (level

  1. is the kernel dedicated security mode Answer- equivalent to a single state system; each user must have clearance for all information processed by the system, users must have access approval for all info processed by the system, valid need to know for all information processed by system system high security mode Answer- each user must have clearance for all information processed by the system, users must have access approval for all info processed by the system, valid need to know for only some of the information processed by the system compartmented security mode Answer- each user must have clearance, each user must have access approval for ONLY any info they will access to on the system (read: more info may reside on the system outside what the user may have access for), valid need to know for only some of the info processed by the system user mode Answer- basic mode used by the CPU when executing applications; allows the execution of only a portion of its full instruction set; designed to protect users from damaging the system privileged mode Answer- designed to give the operator system access to the full range of instructions supported by the CPU; aka privileged mode, supervisory mode, system mode, kernel mode; register memory addressing Answer- information accessed from one of the CPU registers; closest to the CPU, fastest access time immediate addressing Answer- the operand is supplied as part of the command or instruction for the CPU to process direct memory addressing Answer- CPU is provided with the actual address of the memory location to access; must be located on the same memory page as the instruction being executed indirect memory addressing Answer- CPU supplied with the memory location address but indirect involves addresses who are not on the same page as the current instruction running; may be used as an operand database aggregation Answer- database functions that combine records from one or more tables to produce potentially useful information

inference Answer- using several pieces of nonsensitive information to gain access to information that should be classified at a higher level defense in depth Answer- security strategy used to provide a protective multilayer barrier against various forms of attack platform as a service (PaaS) Answer- concept of providing a computing platform and software solution stack as a virtual or cloud based service; provides all the aspects of a platform and offers avoidance of having to purchase and maintain high en hardware and software locally software as a service (SaaS) Answer- derivative of PaaS; provides on demand online access to specific software applications or suites without the need for local installation infrastructure as a service (IaaS) Answer- provides not just on demand operating solutions but complete outsourcing options grid computing Answer- form of parallel distributed processing that loosely groups a significant number of processing nodes to work toward a specific processing goal layering mechanism Answer- implemented structure similar to the ring model used for operating modes and is applied to each operating system process abstraction mechanism Answer- "block box" doctrine that says users of an object don't necessarily need to know the details of how the object works data hiding mechanism Answer- ensures the data existing at one level of security is not visible to processes running at different security levels process isolation mechanism Answer- requires that the operating system provide separate memory spaces for each process's instructions and data; OS enforces boundaries hardware segmentation Answer- prevents the access of information that belongs to a different process/security level; enforces these requirements through the use of hardware controls instead of the OS covert channel Answer- used to pass information over a path that is not normally used for communication; it may not be protected by the system's normal security controls data diddling Answer- known as an incremental attack; occurs when an attacker gains access to a system an makes small, random, or incremental changes to data technology convergence Answer- the tendency for various technologies to evolve and merge over time time of check (TOC) / time of use (TOU) Answer- TOC - subject checks on the status of a needed object

application layer (layer 7) Answer- interfaces user applications, network services, or OS with the protocol stack; TCP port 23 Answer- telnet - terminal emulation network application that supports remote connectivity for executing commands and running applications; does not support transfer of files TCP ports 20/21 Answer- file transfer protocol (FTP) - network application that supports the exchange of files that requires anonymous or specific authentication UDP port 69 Answer- trivial file transfer protocol (TFTP) - supports an exchange of files that does not require authentication TCP port 25 Answer- simple mail transfer protocol (SMTP) - used to transmit email from client to server TCP port 110 Answer- post office protocol (POP3) - pull email messages from an inbox on an email server to an email client TCP port 143 Answer- internet message access protocol (IMAP) - pull email messages from an inbox on an email server to an email client; more secure than POP UDP ports 67/68 Answer- dynamic host configuration protocol (DHCP) - uses port 67 for server point to point response and port 68 for client request broadcasts - used to assign TCP/IP settings to systems on bootup TCP port 80 Answer- hypertext transport protocol (HTTP) - used to transmit web page elements from a web server to web browser TCP port 443 Answer- secure sockets layer (SSL) - VPN like security protocol that operates at the transport layer; designed to support HTTPS but is capable fo securing any application layer protocol TCP port 515 Answer- line print daemon (LPD) - used to spool print jobs and send print jobs TCP ports 6000-6063 Answer- X Window - gui api for command line operating systems TCP port 2049 Answer- network file system (NFS) - used to support file sharing between dissimilar systems UDP port 161 Answer- simple network management protocol (SNMP) - used to collect network health and status information by polling monitoring devices from a central monitoring station Internet Control Message Protocol (ICMP) Answer- determines the health of a network or a specific link; utilized by ping, traceroute, pathping, and other network

management tools; IP header protocol field value is 1 (0x01); susceptible to ping DoS and floods resulting in limited use on networks Internet Group Management Protocol (IGMP) Answer- allows systems to support multicasting - the transition of data to multiple specific recipients; used by IP hosts to register their dynamic multicast group membership; via IGMP a server can transmit data for an entire group rather than a separate signal for each recipient; IP protocol field value is 2 (0x02) Address Resolution Protocol (ARP) / Reverse ARP Answer- ARP is used to resolve IP addresses into MAC addresses (while RARP is used to resolve MAC addresses into IP addresses); both function using caching and broadcasting; sometimes exploited using ARP cache poisoning - bogus info is inserted into the ARP cache to trigger default gateway transmission Wired Equivalent Privacy (WEP) Answer- designed to provide the same level of security and encryption on wireless networks as is found on wired networks; provides protection from packet sniffing and eavesdropping; uses a static shared key for encryption and a hash value is used to verify received packets weren't modified; cracked almost as soon as it was released Wi-Fi Protected Access (WPA) Answer- designed as a temporary replacement for WEP; the amendment to replace WEP took years, so WPA established itself in the marketplace and is still used today; based on the LEAP and TKIP cryptosystems and a secret static passphrase; 1 passphrase can be brute-forced and LEAP/TKIP can now both be cracked WPA2 Answer- unrelated to WPA (separate technologies) but was intended to be the original replacement for WEP, WPA2 was used instead; official amendment known as 802.11i; uses Counter Mode Cipher Block Chaining Message Authentication Code Protocol (based on AES encryption) Protected Extensible Authentication Protocol (PEAP) Answer- encapsulates EAP methods within a TLS tunnel that provides authentication and encryption; EAP is usually not encrypted, so this provides for that Lightweight Extensible Authentication Protocol (LEAP) Answer- Cisco alternative to TKIP for WPA; known exploit exists and should be avoided if possible; use EAP-TLS in lieu of Network Access Control (NAC) Answer- concept of controlling access to an environment through strict adherence to and implementation of security policy; reduce zero-day attacks, enforce policy, use identities to perform access control firewall Answer- essential for managing and controlling network traffic; block or filter traffic; unable to block viruses or malicious code static packet filtering firewall Answer- filters traffic by examining data from the packet header; unable to provide user authentication or tell where a packet originated from; known as first generation firewalls; easy to spoof