Answers to Questions 36-40
36. TACACS+ is an update to TACACS and is backwards compatible. True/False
Explanation: Despite the similarity of the Acronym's TACACS+ is NOT compatible with TACACS (Terminal Access Controller Access Control System)
& Section 2.1.4: TACACS/XTACACS/TACACS+
37. The SA (Security Association) for IPSec is managed by
Explanation: The Internet Security Association and Key Management Protocol (ISAKMP) define a framework for security association management and cryptographic key establishment for the Internet.
AH and ESP are types of IPSec communications, but they do not manage SA's. AES is an encryption algorithm.
& Section 2.1.7: IPSec
38. WEP has security issues because:
A. It was limited by export regulations
B. It uses RC4, a stream cipher. WEP needs an Initialization Vector for RC 4 to overcome the "lossy" nature of radio. The short key length of IV forces reuse.
C. 802.11 was not meant to be secure
D. All choices are correct
E. No choice is correct
Explanation: WEP uses RC4 (a shared-secret stream cipher). An IV is needed to overcome signal loss. The short key length forces the IV key to re-use, a no-no in basic security concepts.
& Section 2.1.8: (Remote Access) Vulnerabilities
39. SPAM carries what sort of costs (choose all that apply):
A. Loss of productivity
B. Loss of bandwidth
C. Revenue drain supporting un-wanted traffic
D. Credit card fraud losses
Explanation: Because it is cheap to purchase email addresses, there is a great deal of spam. The sheer volume of spam costs productivity time deleting it, consumes bandwidth, requiring additional bandwidth to be purchased.
Depending on the content of spam, a user subjected to it could suffer a credit card fraud loss, but that is not the main issue with Spam.
& Section 126.96.36.199: Spam
40. Email hoaxes:
A. Spread fear
B. Cost productivity
C. Improve a firm's image
D. Have no impact
Explanation: This one is obvious. Refer to the web links for sites to confirm hoaxes.
& Section 188.8.131.52: Hoaxes
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.