Syngress - Eleventh Hour Network+ Exam N10-004 Study Guide (11 ...
Syngress - Eleventh Hour Network+ Exam N10-004 Study Guide (11 ...
Syngress - Eleventh Hour Network+ Exam N10-004 Study Guide (11 ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
142 CHAPTER 8 Security Standards and Services<br />
user in a method similar to this, but could not serve to authenticate<br />
the server. Answer D is incorrect because tokens are used for one-way<br />
authentication.<br />
3. Correct answer and explanation: D. All these options have their own<br />
benefits and detriments. A combination of all of them in a multifactor<br />
authentication system would provide the highest level of security although<br />
it would be quite an inconvenience to the user.<br />
Incorrect answers and explanations: Answer A is incorrect because, while<br />
this is a valid solution for the multifactor authentication requirement, it is<br />
not the most secure solution. Answer B is incorrect because this too is not<br />
the most secure solution. Answer C is incorrect as well because any twofactor<br />
authentication method is not as secure as a four-factor authentication<br />
method.<br />
4. Correct answer and explanation: B. Use LDAP over SSL/TLS to encrypt<br />
the authentication data. This will ensure that no LDAP authentication<br />
is performed unencrypted so that anyone capturing the packets on the<br />
network will be able to read it easily.<br />
Incorrect answers and explanations: Answer A is incorrect because LDAP<br />
doesn’t encrypt data transmitted between the client and the server. Answer<br />
C is incorrect because even though it is important to use strong passwords,<br />
it does not protect the authentication data from being captured by a packet<br />
sniffer. Answer D is incorrect because HTTP/S is a protocol for transferring<br />
Web pages securely.<br />
5. Correct answer and explanation: D. Answer D is correct because a packet<br />
filter will evaluate each packet and either block or allow the traffic from<br />
reaching its destination based on the rules defined. In this case, the packet<br />
filter would examine the packets for the bad IP addresses and the action<br />
taken on the packets would be to drop or block them.<br />
Incorrect answers and explanations: A, B, and C. Answer A is incorrect<br />
because NAT is the process of mapping external to internal IP addresses,<br />
which is not being described here. Answer B is incorrect because a proxy<br />
server functions as a middle device which passes information from a<br />
requesting client to a destination server, and then, once a response is<br />
received from the server back to the proxy, the proxy passes the information<br />
back to the requesting client. Proxy servers can be used to speed<br />
up responses by caching content such as Web pages, and they can also be<br />
used for security purposes to keep the internal clients hidden from the<br />
external world. Answer C is incorrect because stateful inspection is when a<br />
device, typically a firewall, keeps track of state of network connections. This<br />
allows the firewall to detect when packets have been modified or if they<br />
are not appropriate to be transmitted, but by only analyzing the header<br />
information, the firewall remains efficient.