CertiGuide to Security+  9  Chapter 7:  Practice Exam Answers

Answers to Questions 16-20 1 Answers to Questions 26-30

21. What is a protocol used for carrying authentication, authorization, and configuration information between a Network Access Server and a shared Authentication Server?

A. RADIUS

B. PPTP

C. L2TP

D. IPSec

Explanation: RADIUS is a protocol for carrying authentication, authorization, and configuration information between a Network Access Server, which desires to authenticate its links and a shared Authentication Server. RADIUS uses a centralized database for simplified management. RADIUS is a standard published in RFC2138 as mentioned above.

The other protocols listed are network communication protocols, not authentication protocols responsible for carrying traffic between a NAS and an Authentication Server.

& Section 2.1.3: RADIUS

22. In a RADIUS architecture, which of the following acts as a client?

A. A Network Access Server

B. The end user

C. The authentication server

D. No Answer is Correct

Explanation: A Network Access Server (NAS) operates as a client of RADIUS. The client is responsible for passing user information to a designated RADIUS server, and then acting on the response, which is returned. Radius uses a centralized database, simplifying password management. The end user's computer does not make the RADIUS request. The NAS makes the request after receiving the network connection request from the end user.

& Section 2.1.3: RADIUS

23. The majority of commercial intrusion detection systems are:

A. Network-based

B. Host-based

C. Identity-based

D. Signature-based

Explanation: The majority of commercial intrusion detection systems are network-based. These IDSs detect attacks by capturing and analyzing network packets. Listening on a network segment or switch, one network-based IDS can monitor the network traffic affecting multiple hosts that are connected to the network segment, thereby protecting those hosts.

Historically, IDS started out as host-based, which is the other major type of IDS. Identity-based and signature-based are not types of IDS.

& Section 2.3.3.3: Packet Sniffing

& Section 3.1.9: IDS (Intrusion Detection System)

& Section 3.4: Intrusion Detection

& Section 3.4.1: Network Based (Intrusion Detection)

24. Which of the following is a drawback of Network-based IDSs?

A. It cannot analyze encrypted information.

B. It is very costly to set up.

C. It is very costly to manage.

D. It is not effective.

Explanation: Network-based IDSs cannot analyze encrypted information. This problem is increasing as more organizations (and attackers) use virtual private networks. Most network-based IDSs cannot tell whether or not an attack was successful; they can only discern that an attack was initiated. This means that after a network-based IDS detects an attack, administrators must manually investigate each attacked host to determine whether it was indeed penetrated.

& Section 2.3.3.3: Packet Sniffing

& Section 3.1.9: IDS (Intrusion Detection System)

& Section 3.4: Intrusion Detection

& Section 3.4.1: Network Based (Intrusion Detection)

25. Which of the following will you consider as clear-text protocols?

A. Telnet

B. FTP

C. POP

D. No Answer is Correct

Explanation: There are many clear-text protocols still in use today. Telnet is still alive and well. FTP and POP email both use clear-text protocols. Creating a server to emulate any of these services is trivial. Combining that and some DNS spoofing can cause "normal" traffic to come to your fake servers where the usernames and passwords can be obtained.

& Section 2.1.6: SSH

& Section 2.5.4: (File Transfer) Vulnerabilities

Answers to Questions 16-20 1 Answers to Questions 26-30