CSS 211 - Introduction to Network Security

Review for Second Test

The following questions are provided to help you study for the first test. Do not expect to see these exact questions on the test.

1. What is the series of IEEE standards that relate to wireless networking called?
   
   
2. What is the difference between ciphertext and plaintext? Define each of them.
   
   
3. What are some commonly used 802.11 "alphabetic" standards?
   
   
4. What are the two methods used in the original 802.11 standard to control access?
   
   
5. Describe the difference between how Open System authentication works and how Shared Key authentication works.
   
   
6. What is beaconing? Why could it be considered as a security risk?
   
   
7. What are two elements that are sent in clear text in an association frame?
   
   
8. Compare the authentication and encryption methods used in WPA to those used in WEP.
   
   
9. What does WEP stand for? What does WPA stand for?
   
   
10. What are the authentication and encryption methods used in WPA2 personal security?
    
    
11. What are the authentication and encryption methods used in WPA2 enterprise security?
    
    
12. What normal access point function is moved to switches when using thin access points?
    
    
13. According to access control terminology, what is each of these things:
    1. subject
    2. object
    3. owner
    4. custodian
    5. user
    6. authorization
    7. access
       
       
14. What are some differences between MAC, DAC, and the two versions of RBAC?
    
    
15. Why would an organization choose to implement separation of duties as a security measure?
    
    
16. What does the principle of least privilege tell us to do under access control?
    
    
17. What is the difference between an implicit denial and an explicit denial of a permission?
    
    
18. Why would an administrator prefer using Group Policies over Access Control Lists? What would be a characteristic of a network that would make this a better choice?
    
    
19. What are the two types of hashes found in Windows networks for passwords? Which is newer?
    
    
20. What are some common attack methods regarding passwords? What efficient method uses files found easily on the Internet?
    
    
21. What are some commonly used restrictions set on passwords to increase security?
    
    
22. What are three types of locks discussed in the text? What would make each one a preferred choice?
    
    
23. What does the text tell us about the difference between identification and authentication?
    
    
24. What does the text tell us about the difference between authorization and access?
    
    
25. Why is accounting a key element to security?
    
    
26. What is a one time password (OTP)?
    
    How might you use a one time password that uses a token device?
    
    How might you use a one time password that does not use a token device?
    
    
27. Give an example of authenticating a user based on something he has, something he knows, and something he is.
    
    What label would be applied to this kind of authentication?
    
28. What are some standard biometric identification methods?
    
    
29. What examples are given in the text of Federated Identity Management?
    
    
30. What is a ticket in the Kerberos system?
    
    
31. What are some differences between DAP and LDAP?
    
    
32. A RADIUS server would use an Extended Authentication Protocol to manage connections. What are the two examples of an EAP that the text considered safer than the others?
    
    
33. How is a VPN connection different from other RAS connections?
    
    
34. The text defines a risk as the likelihood that a threat agent will exploit a vulnerability.
    Define each of the terms shown in bold some other way.
    
    
35. Which of the five management steps determines what the network looks like at the moment, and how much might be lost to an attack?
    
    Which step lists all the information assets of an organization?
    
    Which step calculates the value of a loss?
    
    
36. In the risk assessment step, we use several financial/accounting type acronyms. Identify each of these.Why might an automated patch update service be useful for a large organization?
    Asset Value
    Exposure Factor
    Single Loss Expectancy (and how it is calculated)
    Annualized Rate of Occurrence
    Annualized Loss Expectancy
    
    
37. What are the three divisions of port addresses?
    
    Which two are managed by IANA?
    
    
38. What are the three states a port could be in according to the text? What do the states mean about a port?
    
    
39. What is a scanning tool that could be used to list and locate all the devices attached to a network?
    
    
40. What is another name for a protocol analyzer?
    
    What is the mode it must place a NIC in to operate?
    
    
41. What is the name of the reporting standard language developed by DHS for vulnerability reporting?
    
    
42. What is penetration testing with regard to network security?
    
    
43. What are some of the log types that are used in Log Management?