Practice Questions
Resources
Page1 Page2 Page3 Page4 Page5 Page6 Page7
61. Some of the features of Kerberos authentication system:
62. A biometric authentication depends on the physical characteristic
of a human being. It is not something that can be remembered. Usually, bio
authentication is very secure, though not widely used due to cost constraints.
63. The standard 802.1x corresponds to wireless network access protocols.
Various wireless LAN protocols are given below:
Note that IEEE 802.11x is the standard that pertains to wireless LANs.
64. IPSec uses authentication Header (AH), and Encapsulating Security
Payload (ESP) protocols for transporting packets securely over the Internet.
Note that PPTP and L2TP are tunneling protocols, where as IPSec provides
strong encryption.
65. File Transfer Protocol (FTP) transfers files
in unencrypted form. Even the authentication occurs in clear text for FTP
and Telnet. A hacker may gain access to an FTP server by exploiting this
weakness.
66. Netstumbler can be used to sniff wireless networks
during wardriving. The software tool provides several details of a wireless
network such as SSID. PPTP is a tunneling protocol. WAP is a protocol, and
not a software tool. ActiveX is a software component used with Microsoft
programming languages such as Visual C.
67. Non-repudiation prevents
either the sender or the receiver of messages from denying having sent or
received a message.
68. A secure web page using SSL (Secure Socket
Layer) starts with https instead of usual http. SSL uses asymmetric key
with 40 or 128-bit cipher strength.
69. The host-to-host configuration
provides the highest security for the data. However, a Gate-to-Gateway VPN
is transparent to the end users.
70. Any software is inherently prone
to vulnerabilities. Therefore, software manufacturers provide updates or
patches to the software from time to time. These updates usually take care
of any known vulnerabilities. Therefore, it is important to apply these
updates.
Additional functionality is also one of the reasons for applying
software updates. However, many times, it is not the compelling reason to
apply the updates.
71. The Packet Filters work at Network Layer of
OSI model.
72. The employees of a Company typically use Intranet within the
Company. The customers and vendors of the Company use Extranet. An Extranet
is basically an extension of Intranet using public Internet. A typical use
is when a Company has multiple vendors and do the order processing, and
inventory control on-line.
Note that, on the other hand, Internet is
accessible to everybody, i.e. general public.
The benefit of implementing
Intranets and Extranets is security and customization. Intranets and Extranets
are relatively safe because general public cannot access these networks.
Intranets and Extranets are usually connected securely by means of Virtual
Private Network (VPN).
73. IDS stands for Intrusion Detection System. There are primarily two
types of IDSs. These are Network based IDS (NIDS), and Host based IDS (HIDS).
If the IDS monitors network wide communication, it is called Network based
IDS, and if the IDS monitors security on a per host basis, it is called
Host based IDS.
74. The first thing to be done when an intrusion
is detected is to contain the damage. For example, if the intrusion is in
the form of an unauthorized user, ensure that the user cannot access any
network resource.
75. ISAKMP (Short for Internet Security Association
and Key Management Protocol) defines payloads for exchanging key generation
and authentication data.
76. A cryptographic hash function is a "one-way"
operation. It is practically not possible to deduce the input data that
had produced the output hash.
You can decrypt an encoded message using
matching secret key. Similarly, Digital certificate is issued by a CA, and
can be decrypted to find the contents of the certificate.
77. The
disadvantages of using symmetric encryption over asymmetric encryption are
given below:
78. Whether required or not, several services are installed by default.
Disabling the services that are not required will ensure better security
for the system.
79. A rootkit is a collection of tools that enable
administrator-level access to a computer. Typically, a hacker installs a
rootkit on a computer after first obtaining user-level access, either by
exploiting a known vulnerability or cracking a password. Once the rootkit
is installed, it allows the attacker to gain root access to the computer
and, possibly, other machines on the network.
A rootkit may consist of spyware and other programs that: monitor traffic,
keystrokes, etc. using a "backdoor" into the system.
80.
Computer based access controls prescribe not only who or what process may
have access to a given resource, but also the type of access that is permitted.
These controls may be implemented in the computer system or in external
devices. Different types of access control are:
Mandatory Access Control (MAC) secures information by assigning sensitivity labels on objects (resources) and comparing this to the level of sensitivity a subject (user) is operating at. MAC ensures that all users only have access to that data for which they have matching or greater security label (or security clearance). In general, MAC access control mechanisms are more secure than DAC. MAC is usually appropriate for extremely secure systems including multilevel secure military applications or mission critical data applications.
Discretionary Access Control (DAC): Discretionary Access Control (DAC) is a means of restricting access to information based on the identity of users and/or membership in certain groups. Access decisions are typically based on the authorizations granted to a user based on the credentials he presented at the time of authentication (user name, password, hardware/software token, etc.). In most typical DAC models, the owner of information or any resource is able to change its permissions at his discretion. DAC has the drawback of the administrators not being able to centrally manage these permissions on files/information stored on the web server.
Role Based Access Control (RBAC): In Role-Based Access Control (RBAC), access decisions are based on an individual's roles and responsibilities within the organization. For instance, in a corporation, the different roles of users may include those such as chief executive, manager, executive, and clerk. Obviously, these members require different levels of access in order to perform their functions, but also the types of web transactions and their allowed context vary greatly depending on the security policy. In Role Based Access Control, the administrator sets the roles. Therefore, this type of access control is sometimes considered as a subset of MAC.
Rule Based Access Control (RBAC): The access to a resource in Rule Based Access Control is based a set of rules. ACLs (Access Control Lists) are used for this type of access control. In Rule Based Access Control, the administrator sets the rules. Therefore, this type of access control is sometimes considered as a subset of MAC.
Cert-Ex™ Exam Simulators, Cert-Ex™ Network Simulator, Cert-Ex™ Cheatsheets are written independently by CertExams.com and not affiliated or authorized by respective certification providers. Cert-Ex™ is a trade mark of CertExams.com or entity representing Certexams.com.Security+® is a trademark of CompTIA™ organization.
