What feature of IPSec ensures data integrity during transmission?

What feature of IPSec ensures data integrity during transmission?

• Anti-replay
• Non-repudiation
• Encryption
• Authentication 

EXPLANATION

Internet Protocol Security (IPSec)

Cisco IOS uses the industry-standard IPSec protocol suite to enable advanced VPN features. The PIX IPSec implementation is based on the Cisco IOS IPSec that runs in Cisco routers.
IPSec acts at the network layer, protecting and authenticating IP packets between a PIX Firewall and other participating IPSec devices (peers), such as other PIX Firewalls, Cisco routers, the Cisco Secure VPN Client, the VPN 3000 Concentrator series, and other IPSec-compliant products.
IPSec enables the following Cisco IOS VPN features:

• Data confidentiality—The IPSec sender can encrypt packets before transmitting them across a network.
• Data integrity—The IPSec receiver can authenticate packets sent by the IPSec sender to ensure that the data has not been altered during transmission.
• Data origin authentication—The IPSec receiver can authenticate the source of the IPSec packets sent. This service is dependent upon the data integrity service.
• Antireplay—The IPSec receiver can detect and reject replayed packets.

Read More

What does DNS stand for?

What does DNS stand for?

• Domain Name Service
• Destination Notation System
• Domain Name System
• Dynamic Naming Server 

EXPLANATION

Domain Name System

The Domain Name System is a hierarchical decentralized naming system for computers, services, or other resources connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating

 

Read More

Which authentication method uses a secret shared key to ensure authentication?

Which authentication method uses a secret shared key to ensure authentication?

• Certificates
• Kerberos v5
• Windows Authentication
• Pre-shared keys 

EXPLANATION

In cryptography, a pre-shared key (PSK) is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used.. Key. To build a key from shared secret, the key derivation function is typically used

Pre-Shared Keys in IPsec. The following section is related to site-to-site VPNs only and NOT to remote access VPNs. The pre-shared key is merely used for authentication, not for encryption! IPsec tunnels rely on the ISAKMP/IKE protocols to exchange the keys for encryption, etc.

 

Read More

Which protocol provides encapsulation for IPSec in transport mode?

Which protocol provides encapsulation for IPSec in transport mode?

• L2TP
• PAP
• PPTP
• PPP 

EXPLANATION

PAP - Passes cleartext username and password during authentication and is NOT Secure.

In computer networking, Layer 2 Tunneling Protocol is a tunneling protocol used to support virtual private networks or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself. Rather, it relies on an encryption protocol that it passes within the tunnel to provide privacy.

Read More

Two-factor authentication can include something you have and one of the following:

Two-factor authentication can include something you have and one of the following:

• Something you make up
• Something unique
• Something encrypted
• Something you know 

EXPLANATION

Multi-factor authentication is a method of confirming a user's claimed identity in which a user is granted access only after successfully presenting 2 or more pieces of evidence to an authentication mechanism: knowledge, possession, and inherence.

Authentication is the first step in access control, and there are three common factors used for authentication: something you know, something you have, and something you are. This article provides you with good understanding of the three factors of authentication and how they can be used together with multifactor authentication.

Read More

Which of the following is not an example of an application vulnerability?

Which of the following is not an example of an application vulnerability?

• Fail-open error handling
• Running with least privilege
• Failure to properly close database connections
• Lack of sufficient logging 

EXPLANATION

All security mechanisms should deny access until specifically granted, not grant access until denied, which is a common reason why fail open errors occur. Other errors can cause the system to crash or consume significant resources, effectively denying or reducing service to legitimate users.

 Exploitation of insufficient logging and monitoring is the bedrock of nearly every major incident. Attackers rely on the lack of monitoring and timely response to achieve their goals without being detected

Read More

Which RAID level uses a combination of disk striping and mirrored volumes?

Which RAID level uses a combination of disk striping and mirrored volumes?

• RAID 0
• RAID 1
• RAID 5
• RAID 10 

 EXPLANATION

 

Some levels can be combined to produce a two-digit RAID level. RAID 10, then, is a combination of levels 1 (mirroring) and 0 (striping), which is why it is also sometimes identified as RAID 1 + 0. Mirroring is writing data to two or more hard drive disks (HDDs) at the same time – if one disk fails, the mirror image preserves the data from the failed disk. Striping breaks data into “chunks” that are written in succession to different disks. This improves performance because your computer can access data from more than one disk simultaneously. Striping does not, however, provide redundancy to protect information, which is why it is designated 0.

The Advantages Of RAID 10

Combining these two storage levels makes RAID 10 fast and resilient at the same time. If you need hardware-level protection for your data and faster storage performance, RAID 10 is a simple, relatively inexpensive fix. RAID 10 is secure because mirroring duplicates all your data. It's fast because the data is striped across multiple disks; chunks of data can be read and written to different disks simultaneously.

Read More