The process of scrambling, mixing up or changing data in a way that makes it unreadable to anyone but the owner or intended recipient. (pg. 354)

A. Authentication

B. Nonrepudiation

C. Encryption

D. Ciphering

C. The encrypted data is scrambled and unscrambled with cryptographic keys.

Authentication verifies that the right person is accessing the data.

Nonrepudiation traces actions back to specific users.

A cipher is a way to encrypt data, but not necessarily the process.

The process that guarantees that the data received is the same as originally sent. (pg. 354)

A. Encryption

B. Authentication

C. Algorithm

D. Integrity

D. Integrity is designed to cover situations in which someone intercepts your data on-the-fly and makes changes.

Encryption makes data unreadable to unintended viewers.

An algorithm is the mathematical formula that underlies the cipher.

Not being able to deny having taken a specific action. (pg. 354)

A. Event tracking

B. Integrity

C. Activity monitoring

D. Nonrepudiation

D. Non repudiation

 Integrity guarantees that the data received is the same as originally sent.

Event tracking and activity monitoring are concepts that exist, but weren't the specific terms that applied.

When it comes to TCP/IP security, ___ combine encryption, integrity, non-repudiation, authentication and authorization to create complete security solutions in a way that makes sense for their specific purpose. (pg. 354)

A. Anti-malware applications

B. Protocols

C. Security suites

D. Policies

B. Protocols

Anti-malware apps and security suites may have features to help secure TCP/IP but are usually designed for an entire OS.

Policies is almost a synonym for protocols, but the latter is the more commonly used term.

What is the difference between cleartext, plaintext and ciphertext? (pg. 355)

Any encryption that uses the same key for both encryption and decryption is called ___ encryption. Any encryption that uses different keys for encryption and decryption is called ____ encryption. (pg. 358)

A. uniform, diverse

B. symmetric, asymmetric

C. unicode, multicode

D. static, dynamic

A method of cryptography that uses two different keys. (pg. 359)

A. stream cipher

B. checksum

C. AES

D. public-key

D. Public-key cryptography uses a public-key for encryption and a private key for decryption. This key pair is generated at the same time and is designed to work together.

Stream cipher and AES (Advanced Encryption Standard) are both symmetric-key encryption methods.

A checksum is an error-detection method that enables the receiver to detect the corruption of network packets.

A mathematical function ran on a string of binary digits of any length that results in a value of some fixed length. (pg. 361)

A. message digest

B. stream cipher

C. hash

D. checksum

C. A cryptographic hash function will always be the same length no matter how long or short the input and is a irreversible, meaning the original data from the hash can't be recreated.

A message digest and checksum are the same thing: the fixed-length value created from the hash after its run.

A stream cipher is a form of symmetric encryption in which each bit is encrypted one at a time on the fly.

A digitally signed electronic document issued by a trusted third party attesting to the identity of the holder of a specific cryptographic public key. (pg. 366)

A. Key Distribution Center

B. certificate

C. digital signature

D. Access Control List

B. A certificate includes a public key, some info about the file, and the digital signature of the trusted third party.

The other options are either a system in Kerberos (Key Distribution Center), secure part of message (digital signature) or list (Access Control List). Their names hint that they aren't documents.

The system for creating and distributing digital certificates issued by trusted third parties such as Let's Encrypt, Go Daddy, or Sectigo. (pg. 370)

A. digital authority

B. DigiCert

C. public-key authority

D. certificate authority

C.  A public-key authority is a hierarchy that consists of a root certificate authority (CA), with intermediate CAs between the root and the issued certificates.

DigiCert is a well-known CA that can act as the root and issue certificates.

The ACL access model where every resource is assigned a label that defines its security level. (pg. 372)

A. MAC

B. TCAC

C. DAC

D. RBAC

A. If the user lacks the security level in a mandatory access control (MAC) security model, he or she does not get access.

DAC and RBAC are also ACL access models, but TCAC is not.

The ACL access model that defines a user's access to a resource based on the roles the user plays in the network environment. (pg. 372)

A. Mandatory Access Control (MAC)

B. User account control (UAC)

C. Discretionary access control (DAC)

D. Role-based access control (RBAC)

D. RBAC leads to the idea of placing user accounts into various security groups that have clearly defined access to different resources on a network.

MAC and DAC are also ACL models, but UAC is specifically a Windows security feature used within a specific device.

___ protocol enables two devices to connect, authenticate with a username and password, and negotiate the network protocol the devices will use. (pg. 373)

A. Point-to-Point (PPP)

B. Peer-to-Peer (P2P)

C. Ad-hoc

D. Challenge Handshake Authentication (CHAP)

A. PPP handles authentication for point-to-point connections.

P2P is a networking architecture that distributes tasks or workloads between different nodes on a network, made popular in file sharing sites and services.

An ad hoc network is a temporary LAN.

CHAP is a protocol that PPP uses to securely establish a connection between two devices.

The AAA philosophy is designed for the idea of port authentication - the concept of allowing remote users authentication to a port on another network. What are the three As? (pg. 376-377)

A. Authorization

B. Authenticaton

C. Access

D.Accounting

A., B. and D.

Authentication - a computer tring to connect to the network must present some form of credential for access to the network.

Authorization - once authenticated, the computer determines what it can or can't do on the network.

Accounting - the authenticating server should log events, such as logins, session action, and so on.

The AAA standard that was created to support ISPs with hundreds if not thousands of modems in hundreds of computers to connect to a single central database. (pg. 377)

A. TACACS+

B. NAS

C. RADIUS

D. Kerberos

C. RADIUS (Remote Authentication Dial-In User Service) consists of three devices: the RADIUS server, a number of network access servers (NASs), and a group of systems that connect to the network in some way.

TACACS+ is a AAA protocol developed to support a network with many routers and switches.

Kerberos is an authentication protocol for TCP/IP networks with many clients all connected to a single authentication server.

The protocol developed by Cisco to support AAA in a network with many routers and switches. (pg. 378)

A. RADIUS

B. KDC

C. NAS

D. TACACS+

D. Terminal Access Controller Access Control System Plus (TACACS+) is very similar to RADIUS in function, but uses TCP port 49 by default and seperates authorization, authentication and accounting into different parts.

TACACS+ uses PPP hashes like RADIUS, but can also use Kerberos as part of the authentication scheme.

An authentication protocol for TCP/IP networks with many clients all connected to a single authenticating server. (pg. 378)

A. TACACS+

B. RADIUS

C. Kerberos

D. PPP

C. Kerberos has no connection to PPP; whereas the latter is about connecting two devices, the former is about having many clients all connected to a single authenticating server.

RADIUS and TACACS+ are protocols that PPP use.

The Kerberos___ service supplies both session tickets and session keys in an Active Directory domain. (pg. 379)

A. Ticket-Granting Ticket (TGT)

B. Key Distribution Center (KDC)

C. Ticket-Granting Service (TGS)

D. Authentication Server (AS)

When a client logs onto the domain, it sends a request that includes a hash of the username and password to the (1)___. The (2)___ compares the results of that hash to its own hash, and should they match, sends a (3)___ and a timestamp. The client is now authenticated but not yet authorized.

The client then sends the timestamped (4)___ to the (5)___ for authorization. The (6)___ sends a timestamped service ticket back to the client. This token is the key that the client uses to access any single resource on the entire domain. (pg. 379)

A. Ticket-Granting Ticket

B. Ticket-Granting Service

C. Authentication Server

D. Key Distribution Center

(1) and (2) = Authentication Server

(3) and (4)= Ticket-Granting Ticket

(5) and (6) = Ticket-Granting Service

The ability to log in only one time and use the same token to access any allowed resource on an entire network. (pg. 380)

A. Secure Shell (SSH)

B. Account manager

C. Single sign-on (SSO)

D. Directory Server Authentication

C. With SSO, a single authentication provides access to multiple applications by passing the authentication token seamlessly to configured applications.

Directory Server Authentication refers to systems requiring authentication for each application but using the same credentials from a directory server.

SSH is a secure protocol replacement for Telnet.

Account managers are useful applications for keeping up with usernames and passwords, but they aren't built for using the same token across an entire network.

An encrypted connection between two endpoints. (pg. 384)

A. Tunnel

B. Session

C. PPP

D. TLS

A. Any packet that enters the encrypted tunnel, including a packet with unencrypted data, is automatically encrypted, goes through the tunnel, and is decrypted on the other end.

A session is the logical stream of data flowing between two programs and being communicated over a network. That data might not be encrypted.

PPP refers to Point-to-Point Protocol, which enables two devices to connect, authenticate and negotiate the network protocol they will use.

Transport Layer Security is a protocol that is most heavily used in securing Web pages.

True or false:

Security standards that include both authentication and encryption are often weaker than security standards that offer one or the other and work with other standards. (pg. 385)

Every Web browser today uses ___ for HTTPS-secured Web sites. (pg. 385)

A. TLS

B. IETF

C. IPsec

D. SSL

A. The Transport Layer Security (TLS) protocol was designed as an upgrade to SSL. SSL is limited to HTTP, FTP, SMTP and a few older TCP applications. TLS has no such restritions and is used in securing VoIP and VPNs as well.

Secure Sockets Layer (SSL) is a standard that requires a server with a certificate to create a secure encrypted tunnel between the server and client.

Internet Protocol Security (IPsec) is an authentication and encryption protocol suite that works at the Network layer. The Internet Engineering Task Force (IETF) oversees the IPsec protocol suite, managing updates and revisions.

The IPsec protocol works in two different modes:

In ___ mode, only the actual payload of the IP packet is encrypted: the destination and source IP address and other IP header information are still readable.

In ___ mode, the entire IP packet is encrypted and is encapsulated inside another IP packet at an endpoint. (pg. 386)

A. Secure

B. Express

C. Transport

D. Tunnel

C. and D. Transport mode and Tunnel mode

The Authentication Header protocol of IPsec handles authentication and data integrity, but provides no encryption. Encapsulating Security Payload (ESP) encypts the TCP segment, bthus providing confidentiality as well as integrity and authentication.

[image]

The protocol that enables secure data transfers between two hots and thus might have replaced FTP. (pg. 389)

A. Simple Network Management Protocol (SNMP)

B. Secure Copy Protocol (SCP)

C. Secure Shell (SSH)

D. SSH File Transfer Protocol (SFTP)

B. SCP works well but lacks features such as a directory listing. SCP still exists, especially with the well-known UNIX scp command-line utility.

SNMP is for acquiring information about a device.

SSH is a secure replacement protocol for Telnet, and SFTP is designed to bring FTP-style file transfer and management to it.

Protocol designed to bring secure, full-featured FTP style file transfer and management to SSH. (pg. 389)

A. SFTP

B.SNMP

C. SCP

D. LDAP

A. Although SSH File Transfer Protocol (SFTP) and FTP have similar names and perform the same job of transferring files, the way in which they do that job differs greatly.

Simple Network Management Protocol (SNMP) is for acquiring information about a device.

Secure Copy Protocol (SCP) is a more secure replacement for FTP.

Lightweight Directory Access Protocol (LDAP) is for use with databases like Active Directory.

Protocol for querying the state of network devices, collecting information such as CPU usage, network utilization and firewall hits. (pg. 390)

A. Transport Layer Security (TLS)

B. Simple Network Management Protocol (SNMP)

C. Network Time Protocol (NTP)

D. Lightweight Directory Access Protocol (LDAP)

B. SNMP uses special client programs called agents to collect network information from an Management Information Base, SNMP's version of a server.

TLS works at the Transport layer of the OSI model, not the Network layer.

NTP does exactly one thing: gives you the current time.

LDAP works with network databases.

A protocol used to query and change a database used by the network. (pg. 391)

A. SSL

B. HTTPS

C. LDAP

D. SNMP

C. Lightweight Directory Access Protocol (LDAP) databases track aspects of networks, such as users logged into the network, currently active DHCP clients, or the location of all the printers in the local network.

Secure Socket Layer (SSL) is a browser protocol that allows a client to request certificates from servers.

Hypertext Transfer Protocol Secure (HTTPS) is a secure form of HTTP, both of which are used for network file transfers.

Simple Network Management Protocol (SNMP) is used to gather information on network devices.