Exam 6: Security Technology: Access Controls, Firewalls, and VPNS

In Kerberos, a(n) ____________________ is an identification card for a particular client that verifies to the server that the client is requesting services and that the client is a valid member of the Kerberos system and therefore authorized to receive services.

When Web services are offered outside the firewall, SMTP traffic should be blocked from internal networks through the use of some form of proxy access or DMZ architecture. _________________________

The screened subnet protects the DMZ systems and information from outside threats by providing a network with intermediate security, which means the network is less secure than the general-public networks but more secure than the internal network.

Telnet protocol packets usually go to TCP port __________, whereas SMTP packets go to port __________.

A common DMZ arrangement is a subnet firewall that consists of two or more internal bastion hosts behind apacket-filtering router, with each host protecting the trusted network. _________________________

A content filter is essentially a set of scripts or programs that restricts user access to certain networking protocols and Internet locations.

The primary disadvantage of stateful packet inspection firewalls is the additional processing required to manage and verify packets against the state table. _________________________

An extranet is a segment of the DMZ where no authentication and authorization controls are put into place.

A ____________________ mode VPN establishes two perimeter tunnel servers to encrypt all traffic that will traverse an unsecured network. The entire client packet is encrypted and added as the data portion of a packet addressed from one tunneling server to another.

Because the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the ____________________ host.

All organizations with a router at the boundary between the organization's internal networks and the external service provider will experience improved network performance due to the complexity of the ACLs used to filter the packets.

What must a VPN accomplish to offer a secure and reliable capability while relying on public networks

Kerberos is based on the principle that the ____________________  knows the secret keys of all clients and servers on the network.

____________________ is a firewall type that keeps track of each network connection between internal and external systems using a table and that expedites the processing of those communications.

The primary benefit of a VPN that uses _________ is that an intercepted packet reveals nothing about the true destination system.

The false reject rate describes the number of legitimate users who are denied access because of a failure in the biometric device. _________________________

Though not used as much in Windows environments, terminal emulation is still useful to systems administrators on Unix/Linux systems.

Firewalls operate by examining a data packet and performing a comparison with some predetermined logical rules. _________________________

__________ access control is a form of __________ access control in which users are assigned a matrix of authorizations for particular areas of access.

When a bastion host approach is used, the host contains two NICs, forcing all traffic to go through the device. _________________________