Exam 6: Security Technology: Access Controls, Firewalls, and Vpns

The presence of external requests for Telnet services can indicate a potential attack. _________________________

Key Distribution Center (KDC), which generates and issues session keys.

A routing table tracks the state and context of each packet in the conversation by recording which station sent what packet and when. _________________________

The application firewall is also known as a(n) ____________________ server.

In static filtering, configuration rules must be manually created, sequenced, and modified within the firewall. _________________________

Firewalls operate by examining a data packet and performing a comparison with some predetermined logical rules. _________________________

Kerberos ticket granting service (TGS), which provides tickets to clients who request services. In Kerberos a ticket is an identification card for a particular client that verifies to the server that the client is requesting services and that the client is a valid member of the Kerberos system and therefore authorized to receive services. The ticket consists of the client's name and network address, a ticket validation starting and ending time, and the session key, all encrypted in the private key of the server from which the client is requesting services.

When Web services are offered outside the firewall, HTTP traffic should be blocked from internal networks through the use of some form of proxy access or DMZ architecture.

In order to keep the Web server inside the internal network, direct all HTTP requests to the internal filtering firewall and configure the internal filtering router/firewall to allow only that device to access the internal Web server. _________________________

The DMZ can be a dedicated port on the firewall device linking a single bastion host.

One of the biggest challenges in the use of the trusted computer base (TCB) is the existence of explicit channels. _________________________

A VPN, used properly, allows use of the Internet as if it were a private network.

The primary disadvantage of stateful packet inspection firewalls is the additional processing required to manage and verify packets against the state table. _________________________

Authentication is a mechanism whereby unverified entities who seek access to a resource provide a label by which they are known to the system. _________________________

Authentication is the process of validating and verifying an unauthenticated entity's purported identity.

The architecture of a(n) ____________________ firewall provides a DMZ.

The RADIUS system decentralizes the responsibility for authenticating each user by validating the user's credentials on the NAS server.

Which of the following is not a major processing mode category for firewalls?

​Lattice-based access control is a form of access control in which users are assigned a matrix of authorizations for particular areas of access.

Most current operating systems require specialized software to connect to VPN servers, as support for VPN services is no longer built into the clients.