Study sets, textbooks, questions
Upgrade to remove ads
C480 - Lesson 15 CompTIA
Lesson 15 CompTIA Network+
Terms in this set (41)
(Authentication Header) An IPSec protocol that provides authentication for the origin of transmitted data as well as integrity and protection against replay attacks.
(dynamic multiport VPN) A software-based mechanism that allows VPNs to be built and deleted dynamically.
(Datagram Transport Layer Security) A communications protocol that is usually used with TCP-based protocol. DTLS refers to UDP secured with TLS. This is often used for VPNs.
The process of adding delivery information to the actual data in each layer of the OSI or TCP/IP model.
(group policy object) On a Windows domain, a way to deploy per-user and percomputer settings such as password policy, account restrictions, firewall status, and so on.
(Generic Routing Encapsulation) Tunneling protocol allowing the transmission of encapsulated frames or packets from different types of network protocol over an IP network.
(Hash-based Message Authentication Code) A method (described in RFC-2104) used to verify both the integrity and authenticity of a message by combining cryptographic hash functions, such as MD5 or SHA-1, with a secret key.
(Internet Protocol Security) A set of open, non-proprietary standards that are used to secure data through authentication and encryption as the data travels across the network or the Internet.
(Internet Security Association and Key Management Protocol) A framework for creating a Security Association (SA) which establishes trust between two hosts and agree upon secure protocols and cipher suites to exchange data. Commonly referred to as part of the Internet Key Exchange (IKE) protocol used in IPSec.
A specific piece of information that is used in conjunction with an algorithm to perform encryption and decryption.
(Layer 2 Tunneling Protocol) A VPN protocol for tunneling PPP sessions across a variety of network protocols such as IP, Frame Relay, or ATM.
(Microsoft Challenge Handshake Authentication Protocol) A protocol that strengthens the password authentication provided by Protected Extensible Authentication Protocol (PEAP).
(Point-to-Point Protocol) Dial-up protocol working at layer 2 (Data Link) used to connect devices remotely to networks.
(Point-to-Point Tunneling Protocol) Protocol developed by Cisco and Microsoft to support VPNs over PPP and TCP/IP. PPTP uses TCP port 1723. Encryption can be provided by Microsoft Point-to-Point Encryption.
(pre-shared key) A secret that was shared between two parties via a secure channel prior to its use in encrypted communications.
(Remote Access Service) A server configured to process remote connections.
(Secure Socket Tunneling Protocol) A protocol that uses the HTTP over SSL protocol and encapsulates an IP packet with a PPP header and then with an SSTP header.
(virtual private network) A secure tunnel created between two endpoints connected via an unsecure network (typically the Internet).
What are the three main topologies for implementing a VPN?
Many virtual private networks (VPNs) use a client-to-site topology, where one or more hosts connect to a site (a remote access VPN). Other options include site-to-site and host-to-host topologies.
How does TLS improve the security of a VPN connection compared to PPTP?
Transport Layer Security (TLS) uses a digital certificate on the VPN gateway to authenticate the remote host and create an encrypted tunnel before the user transmits authentication credentials.
What IPSec mode would you use for data confidentiality on a private network?
Transport mode with Encapsulation Security Payload (ESP). Tunnel mode encrypts the IP header information, but this is unnecessary on a private network. Authentication Header only provides authentication and integrity validation, not confidentiality.
What difference does DMVPN make to a hub and spoke VPN topology?
It allows the spokes to establish a direct connection, rather than relaying all communications via the hub.
What step can you take to prevent unauthorized use of a remote access server?
Define which user accounts have dial-in rights and ensure each user protects their authentication credentials.
A data transmission method that does not establish a connection between devices and where data may be delivered out of order and may be delivered over different paths.
Cable used to connect the serial port on a host or modem to the console port on a network appliance. Also called rollover cable.
A device used to provide remote access to the command-line interface of multiple switch and/or router appliances.
(File Transfer Protocol) A communications protocol that enables the transfer of files between a user's workstation and a remote host.
An IP address or FQDN used to access the management interface of a network appliance. Ideally, the management URL should use HTTPS to ensure a secure connection and prevent snooping of any administrative credentials used to gain access to the device.
(out of band) Accessing the administrative interface of a network appliance using a separate network from the usual data network. This could use a separate VLAN or a different kind of link, such as a dial-up modem.
(Remote Desktop Protocol) Microsoft's protocol for operating remote connections to a Windows machine (Terminal Services), allowing specified users to log onto the Windows computer over the network and work remotely. The protocol sends screen data from the remote host to the client and transfers mouse and keyboard input from the client to the remote host. It uses TCP port 3389.
Rollover cable is used to connect the serial port on a host or modem to the console port on a network appliance. Also called console cable.
(Secure File Transfer Protocol) A secure version of the File Transfer Protocol that uses a Secure Shell (SSH) tunnel as an encryption method to transfer, access, and manage files.
(Secure Shell) A remote administration and file-copy program that supports VPNs by using port forwarding, and that runs on TCP port 22.
A TCP/IP application protocol supporting remote command-line administration of a host (terminal emulation).
A switch that does not need configuration.
(Virtual Network Computing) Remote access tool and protocol. VNC is the basis of macOS screen sharing.
What TCP/IP application protocol is associated with TCP port 23?
What are the main uses of SSH?
Typically to provide a secure terminal to a remote Linux or UNIX host (or any other host with an SSH server installed).
What type of attack is RDP Remote Credential Guard designed to protect against?
Pass-the-Hash (PtH) attacks. In PtH, the attacker obtains credentials from an RDP session from the RDP server and tries to re-use them. Credential Guard is designed to prevent the RDP server from storing or processing the password hash.
What is a virtual terminal?
Configuring a management IP address on a switch to connect to its command line interface over the network (rather than via a serial port).
What distinguishes TFTP from FTP?
Trivial FTP only supports GET and PUT commands—not directory browsing, file deletion, and so on.
Other sets by this creator
WGU C255 - Climates & Biomes
Introduction to Geography - C255 - All Q…
Introduction to Geography - C255 - Chapter 1
Other Quizlet sets
final exam overview
ANS3043 Exam 4, Animal growth exam 4
human form: nutrition, body planes, chemistry