Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
50 Cards in this Set
- Front
- Back
All of the following provide confidentiality protection as part of the underlying protocol EXCEPT:
a. SSL. b. SSH. c. L2TP. d. IPSec. |
c. L2TP.
|
|
Which of the following is a publication of inactivated user certificates?
a. Certificate revocation list b. Certificate suspension c. Recovery agent d. Certificate authority |
a. Certificate revocation list
|
|
Which of the following is a method of encrypting email?
a. S/MIME b. SMTP c. L2TP d. VPN |
a. S/MIME
|
|
If a certificate has been compromised, which of the following should be done?
a. Run the recovery agent. b. Put the certificate on the CRL. c. Put the certificate in key escrow. d. Suspend the certificate for further investigation. |
b. Put the certificate on the CRL.
|
|
After issuance a technician becomes aware that some keys were issued to individuals who are not authorized to use them. Which of the following should the technician use to correct this problem?
a. Recovery agent b. Certificate revocation list c. Key escrow d. Public key recovery |
b. Certificate revocation list
|
|
Which of the following is the MOST secure alternative for administrative access to a router?
a. SSH b. Telnet c. rlogin d. HTTP |
a. SSH
|
|
Which of the following is a CRL composed of?
a. Public Key Infrastructure (PKI) b. Expired or revoked certificates c. Certificate authorities d. Expired user accounts |
b. Expired or revoked certificates
|
|
Which of the following is the primary purpose of a CA?
a. LANMAN validation b. Encrypt data c. Kerberos authentication d. Issue private/public keys |
d. Issue private/public keys
|
|
An administrator wants to replace telnet with a more secure protocol to manage a network device. Which of the following should be implemented on the network?
a. SMTP b. SNMP c. SFTP d. SSH |
d. SSH
|
|
A user is attempting to receive digitally signed and encrypted email messages from a remote office. Which of the following protocols does the system need to support?
a. SMTP b. S/MIME c. ISAKMP d. IPSec |
b. S/MIME
|
|
An administrator is implementing a public website and they want all client connections to the server to be encrypted via their web browser. Which of the following should be implemented?
a. SSL b. SHA-1 c. Blowfish d. 3DES |
a. SSL
|
|
Which of the following is a way to encrypt session keys using SSL?
a. Session keys are sent unencrypted. b. Session keys are encrypted using an asymmetric algorithm. c. Session keys are sent in clear text because they are private keys. d. Session keys are encrypted using a symmetric algorithm. |
b. Session keys are encrypted using an asymmetric algorithm.
|
|
Which of the following is a required privilege that an administrator must have in order to restore a public/private key set on a certificate authority (CA)?
a. Recovery agent b. Registration authority c. Domain administrator d. Group administrator |
a. Recovery agent
|
|
Using an asymmetric key cryptography system, where can a technician generate the key pairs?
a. A certificate authority b. IETF c. A key escrow service d. A recovery agent |
a. A certificate authority
|
|
Which of the following facilitates the creation of an unencrypted tunnel between two devices?
a. AES b. HTTPS c. L2TP d. PPTP |
c. L2TP
|
|
A CRL contains a list of which of the following type of keys?
a. Both public and private keys b. Steganographic keys c. Private keys d. Public keys |
a. Both public and private keys
|
|
An administrator wants to ensure that when an employee leaves the company permanently, that the company will have access to their private keys. Which of the following will accomplish this?
a. Store the keys in escrow. b. Immediately delete the account. c. Store them in a CRL. d. Obtain the employees hardware token. |
a. Store the keys in escrow.
|
|
An organization has recently implemented a work from home program. Employees need to connect securely from home to the corporate network. Which of the following encryption technologies might BEST accomplish this?
a. PPTP b. IPSec c. L2TP d. PPPoE |
b. IPSec
|
|
Which of the following encryption methods is often used along with L2TP?
a. S/MIME b. SSH c. 3DES d. IPSec |
d. IPSec
|
|
All of the following are components of IPSec EXCEPT:
a. encapsulating security payload. b. Internet key exchange. c. temporal key interchange protocol. d. authentication header (AH). |
c. temporal key interchange protocol
|
|
IPSec connection parameters are stored in which of the following?
a. Security association database b. Security payload index c. Security parameter index d. Certificate authority |
a. Security association database
|
|
Which of the following protocols is used to ensure secure transmissions on port 443?
a. HTTPS b. Telnet c. SFTP d. SHTTP |
a. HTTPS
|
|
An administrator recommends that management establish a trusted third party central repository to maintain all employees private keys. Which of the following BEST describes the administrators recommendation?
a. Registration b. Certificate authority c. Recovery agent d. Key escrow |
d. Key escrow
|
|
Which of the following protocols can be implemented as an alternative to the overhead of a VPN?
a. L2TP b. PPTP c. SSH d. SSL |
d. SSL
|
|
Which of the following is responsible for establishing trust models?
a. The firewall b. The information security officer c. The certificate authority d. The key escrow agent |
c. The certificate authority
|
|
Which of the following protocols is used for encryption between email servers?
a. TLS b. PPTP c. L2TP d. S/MIME |
a. TLS
|
|
To prevent the use of previously issued PKI credentials which have expired or otherwise become invalid, administrators should always design programs to check which of the following?
a. PKI b. CRL c. Escrow d. CA |
b. CRL
|
|
To prevent the use of stolen PKI certificates on web servers, which of the following should an administrator ensure is available to their web servers?
a. Registration b. CA c. CRL d. Key escrow |
c. CRL
|
|
Which of the following describes an implementation of PKI where a copy of a users private key is stored to provide third party access and to facilitate recovery operations?
a. Registration b. Recovery agent c. Key escrow d. Asymmetric |
c. Key escrow
|
|
Which of the following verifies control for granting access in a PKI environment?
a. System administrator b. Certificate authority c. Recovery agent d. Certificate revocation list |
b. Certificate authority
|
|
Which of the following are the authentication header modes?
a. Encrypt and Route b. Transport and Tunnel c. Tunnel and Encrypt d. Transport and Encrypt |
b. Transport and Tunnel
|
|
Which of the following is the purpose of the AH?
a. Provides non-repudiation b. Provides integrity c. Provides authorization d. Provides confidentiality |
b. Provides integrity
|
|
Which of the following describes the insertion of additional bytes of data into a packet?
a. Header injection b. TCP hijacking c. Encapsulating d. Padding |
d. Padding
|
|
Which of the following is true regarding authentication headers (AH)?
a. The authentication information is a keyed hash based on all of the bytes in the packet. b. The authentication information hash will increase by one if the bytes remain the same on transfer. c. The authentication information hash will remain the same if the bytes change on transfer. d. The authentication information may be the same on different packets if the integrity remains in place. |
a. The authentication information is a keyed hash based on all of the bytes in the packet.
|
|
Which of the following is MOST commonly used to secure a web browsing session?
a. SHTTP b. SSH c. HTTPS d. S/MIME |
c. HTTPS
|
|
Which of the following is an example of a trust model?
a. SSL/TLS b. Internet key exchange c. Recovery agent d. Managing the CA relationships |
d. Managing the CA relationships
|
|
Which of the following is the common mail format for digitally signed and encrypted messages?
a. SMTP b. SSL c. MIME d. S/MIME |
d. S/MIME
|
|
Which of the following is the common way of implementing cryptography on network devices for encapsulating traffic between the device and the host managing them?
a. S/MIME b. SNMP c. SSH d. SMTP |
c. SSH
|
|
All of the following are attributes of an x.509 certificate EXCEPT:
a. the symmetric key of the owner. b. the public key of the owner. c. the version of the certificate. d. the issuer. |
a. the symmetric key of the owner.
|
|
Which of the following BEST describes using a third party to store the public and private keys?
a. Public key infrastructure b. Recovery agent c. Key escrow d. Registration authority |
c. Key escrow
|
|
Which of the following describes the cryptographic algorithm employed by TLS to establish a session key?
a. RSA b. Diffie-Hellman c. Blowfish d. IKE |
b. Diffie-Hellman
|
|
Which of the following describes how TLS protects against man-in-the-middle attacks?
a. The client compares the actual DNS name of the server to the DNS name on the certificate. b. The client relies on the MD5 value sent by the server. c. The client compares the server certificate with the certificate listed on the CRL. d. The client relies on the MAC value sent by the server. |
a. The client compares the actual DNS name of the server to the DNS name on the certificate.
|
|
A technician is conducting a web server audit and discovers that SSLv2 is implemented. The technician wants to recommend that the organization consider using TLS. Which of the following reasons could the technician use to support the recommendation?
a. SSLv2 reduces server performance. b. SSLv2 is susceptible to network sniffing. c. SSLv2 only uses message authentication code values. d. SSLv2 is susceptible to man-in-the-middle attacks. |
d. SSLv2 is susceptible to man-in-the-middle attacks.
|
|
Which of the following is a way to gather reconnaissance information from a printer resource?
a. HTTP b. SMTP c. RADIUS d. SNMP |
d. SNMP
|
|
Which of the following ports need to be open to allow a user to login remotely onto a workstation?
a. 53 b. 636 c. 3389 d. 8080 |
c. 3389
|
|
In PKI, the CA is responsible for which of the following?
a. Maintaining the CRL b. Maintaining the cipher block chain c. Maintaining all private keys d. Maintaining the browsers PKI store |
a. Maintaining the CRL
|
|
In PKI, which of the following entities is responsible for publishing the CRL?
a. CA b. ACL c. Recovery agent d. User |
a. CA
|
|
Which of the following can be used to encrypt FTP or telnet credentials over the wire?
a. SSH b. HTTPS c. SHTTP d. S/MIME |
a. SSH
|
|
Which of the following could be used to restore a private key in the event of a CA server crashing?
a. Trust model verification b. Key escrow c. CRL d. Recovery agent |
d. Recovery agent
|
|
When a server and workstation communicate via SSL, which of the following keys are being used? (Select TWO).
a. Public key b. Cipher key c. Session key d. Recovery key e. Keylogger |
a. Public key
c. Session key |