2.9 Success Answers
1. Which of the following is a MUST have for all implementations of IPSec?
A. Security Association
B. Security ID
C. Serial number
D. Version number
Explanation: All implementations of IPSec must have a security association. The security association is a one-way connection that affords security services to the traffic carried by it. This means that in an encrypted session, there are two security associations - one for each direction. The Authentication Header (AH) or the Encapsulating Security Payload (ESP), but not both offer security services.
2. With IPSEC, in each encrypted session we can find ____________ SA(s).
Explanation: All implementations of IPSec must have a security association. The security association is a one-way connection that affords security services to the traffic carried by it. This means that in an encrypted session, there are two security associations - one for each direction. Security services are offered by either the Authentication Header (AH) or the Encapsulating Security Payload (ESP), but not both.
3. WEP offers
A. In theory, the same security that a wired LAN does
B. Greater protection than a wired LAN
C. Less protection than a wired LAN
D. No choice is correct
Explanation: The acronym for WEP is Wired Equivalent Privacy (Protection). It refers to encryption of radio waves using RC4 (shared-secret) key encryption. The correct answer is, in theory. WEP has been shown to not offer a great deal of protection. And it is better than nothing. A number of measures can be taken to increase the security of WEP. (Disable SSID broadcasts, reset the IV key frequently).
4. VPN provides
A. Access to a private LAN using a public infrastructure such as the Internet
B. Two firms to conduct business, accessing private data areas using a public infrastructure such as the Internet
C. All choices are correct
D. No choice is correct
Explanation: "The definition of a VPN has always been the network of secure links over a public IP infrastructure. Technologies that fit in this category included Point-to-Point Tunneling Protocol, Layer 2 tunneling protocol and IP Security" -- Quote from Network World: VPN definition gets fuzzy.
5. TACACS+ is an update to TACACS and is backwards compatible.
Explanation: Despite the similarity of the Acronyms TACACS+ is NOT compatible with TACACS (Terminal Access Controller Access Control System)
6. Email can be encrypted with
C. Symmetric key
D. Public-Private keys
Explanation: Both PGP and S/MIME are used to encrypt email. A symmetric (shared-secret) can be used between parties, or Public-private keys (such as PGP or S/MIME)
7. List the vulnerabilities of email
Explanation: Spam and hoaxes waste time and money. IM and SNMP are vulnerabilities of networks, but are not specifically issues with email.
8. SPAM carries what sort of costs (choose all that apply)
A. Loss of productivity
B. Loss of bandwidth
C. Revenue drain supporting un-wanted traffic
D. Credit card fraud losses
Explanation: Because it is cheap to purchase email addresses, there is a great deal of spam. The sheer volume of spam costs productivity time deleting it, consumes bandwidth, requiring additional bandwidth to be purchased. Depending on the content of spam, a user subjected to it could suffer a credit card fraud loss262.
9. SSL and TLS are similar but different, how?
A. Both create a secure channel between a client and a server. TLS and SSL interoperate completely.
B. Both create a secure channel between a client and a server. TLS supports older SSL connections.
C. Both create a plaintext channel between a client and a server. TLS and SSL interoperate completely.
D. Both create a plaintext channel between a client and a server. TLS supports older SSL connections.
E. No choice is correct
Explanation: SSL/TLS/WTLS provides a secure communication channel between a client and a server. TLS and SSL are not interoperable. TLS improved support for different types of encryption (Diffie-Hellman, Digital Signature Standard and Triple DES).
10. LDAP is a structure based on a
C. Web of Trust
D. No option listed is correct
Explanation: LDAP is based on X.500. Both LDAP and X.500 are based on a tree structure.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.