Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Exam 6: Security Technology: Access Controls, Firewalls, and Vpns

arrow
Exam 1: Introduction to Information Security87 Questionsadd course
Exam 2: The Need for Security91 Questionsadd course
Exam 3: Legal, Ethical, and Professional Issues in Information Security84 Questionsadd course
Exam 4: Planning for Security110 Questionsadd course
Exam 5: Risk Management108 Questionsadd course
Exam 6: Security Technology: Access Controls, Firewalls, and Vpns117 Questionsadd course
Exam 7: Security Technology: Intrusion Detection and Prevention Systems, and Other Security Tools121 Questionsadd course
Exam 8: Cryptography109 Questionsadd course
Exam 9: Physical Security78 Questionsadd course
Exam 10: Implementing Information Security78 Questionsadd course
Exam 11: Security and Personnel78 Questionsadd course
Exam 12: Information Security Maintenance116 Questionsadd course
Select questions type
  • Essay
  • Multiple Choice
  • Short Answer
  • True False
  • Matching
  • Select Tags
search iconSearch Question
flashcardsStudy Flashcards
Select questions type
  • Essay
  • Multiple Choice
  • Short Answer
  • True False
  • Matching
  • Select Tags

The ____________________ authentication system is named after the three-headed dog of Greek mythology that guards the gates to the underworld.

Free
(Short Answer)
4.9/5
(38)
Question 1
Correct Answer:
Verified

Kerberos

Authentication server (AS), which is a Kerberos server that authenticates clients and servers.

Free
(Short Answer)
4.8/5
(36)
Question 2
Correct Answer:
Answered by Examlex AI Copilot

The Authentication Server (AS) is a critical component of the Kerberos network authentication protocol. Kerberos is designed to provide strong authentication for client/server applications by using secret-key cryptography. Here's how the AS fits into the Kerberos authentication process:

1. **Initial Contact**: When a user wishes to authenticate, they provide their credentials (typically a username and password) to the Kerberos client software on their workstation.

2. **Communication with AS**: The client software then contacts the Authentication Server. The user's password is used to encrypt a timestamp, creating an authentication request, which is sent to the AS.

3. **Verification**: The AS verifies the user's information against a database of users. If the user is found and the timestamp is within an acceptable range, the AS assumes that the request is legitimate.

4. **TGT Issuance**: The AS responds by sending back two items to the client: a Ticket-Granting Ticket (TGT) and a session key. The TGT is encrypted with the Ticket Granting Service (TGS) secret key, so the client cannot read it. The session key is encrypted with the key derived from the user's password so that only the client can decrypt it.

5. **Client Decryption**: The client decrypts the session key using the user's password. The TGT, which the client cannot decrypt, is stored for later use.

6. **Access to Services**: When the client needs to access a service on the network, it uses the session key to request a service ticket from the Ticket Granting Service (TGS). The TGS can decrypt the TGT and, if the request is valid, will issue a service ticket for the client.

7. **Service Authentication**: The client then presents the service ticket to the desired network service. The service verifies the ticket and grants access if everything is in order.

The AS is thus the first step in the Kerberos authentication chain, responsible for verifying the identity of users and issuing TGTs that enable users to request service tickets for specific network resources. This process ensures that user credentials are not sent over the network in plain text, reducing the risk of eavesdropping or replay attacks.

Kerberos uses asymmetric key encryption to validate an individual user to various network resources. _________________________

Free
(True/False)
4.7/5
(35)
Question 3
Correct Answer:
Verified

False - symmetric

The application layer proxy firewall is capable of functioning both as a firewall and an application layer proxy server.

(True/False)
4.9/5
(34)
Question 4

__________ access control is a form of __________ access control in which users are assigned a matrix of authorizations for particular areas of access.

(Multiple Choice)
4.9/5
(37)
Question 5

An extranet is a segment of the DMZ where no authentication and authorization controls are put into place.

(True/False)
4.9/5
(30)
Question 6

__________ firewalls are designed to operate at the media access control sublayer of the data link layer of the OSI network model.

(Multiple Choice)
4.8/5
(27)
Question 7

The ____________________ packet-filtering firewall can react to an emergent event and update or create rules to deal with that event.

(Short Answer)
4.8/5
(41)
Question 8

Known as the ping service, ICMP is a(n) __________ and should be ___________.

(Multiple Choice)
4.9/5
(36)
Question 9

The restrictions most commonly implemented in packet-filtering firewalls are based on __________.

(Multiple Choice)
4.8/5
(39)
Question 10

____________________ firewalls combine the elements of other types of firewalls-that is, the elements of packet filtering and proxy services, or of packet filtering and circuit gateways.

(Short Answer)
4.8/5
(30)
Question 11

Most firewalls use packet header information to determine whether a specific packet should be allowed to pass through or should be dropped. _________________________

(True/False)
4.9/5
(36)
Question 12

Port Address Translation assigns non-routing local addresses to computer systems in the local area network and uses ISP-assigned addresses to communicate with the Internet on a one-to-one basis. _________________________

(True/False)
4.8/5
(32)
Question 13

When Web services are offered outside the firewall, SMTP traffic should be blocked from internal networks through the use of some form of proxy access or DMZ architecture. _________________________

(True/False)
4.9/5
(47)
Question 14

A(n) intranet ​is a segment of the DMZ where additional authentication and authorization controls are put into place to provide services that are not available to the general public. _________________________

(True/False)
4.9/5
(39)
Question 15

The ____________________ Access Controller Access Control System contains a centralized database, and it validates the user's credentials at the TACACS server.

(Short Answer)
4.8/5
(29)
Question 16

Kerberos is based on the principle that the ____________________ knows the secret keys of all clients and servers on the network.

(Essay)
4.9/5
(38)
Question 17

A trusted VPN uses ____________________ circuits from a service provider who gives contractual assurance that no one else is allowed to use these circuits and that they are properly maintained and protected.

(Short Answer)
4.9/5
(33)
Question 18

Using an application firewall means the associated Web server must be exposed to a higher level of risk by placing it in the DMZ.

(True/False)
5.0/5
(29)
Question 19

All traffic from the trusted network is allowed out.

(Essay)
4.8/5
(38)
Question 20
Showing 1 - 20 of 117
close modal

Filters

  • Essay(0)
  • Multiple Choice(0)
  • Short Answer(0)
  • True False(0)
  • Matching(0)