15. C.
Because each switchport is its own collision domain, only nodes
that reside on the
same switchport will be seen during a scan.
16. D. A proxy acts as an intermediary between internal host
computers and the outside
world.
17. D. Network Address Translation (NAT) is a technology that funnels
all internal traffic
through a single public connection. NAT is implemented for both cost
savings and
network security.
18. C. An intrusion prevention system (IPS) plays an active role in
preventing further
suspicious activity after it is detected.
19. D. Simple Mail Transfer Protocol (SMTP) operates on port 25 and
is used for outgoing
mail traffic. In this scenario, the IDS SMTP configuration needs to be
updated.
20. D. A packet-filtering firewall operates at Layer 7 (and all layers) of
the OSI model and
thus filters traffic at a highly granular level.
Cryptography
1. A. Symmetric cryptography is also known as shared key
cryptography.
2. D. A certificate authority is responsible for issuing and managing
digital certificates as
well as keys.
3. B. Asymmetric encryption uses two separate keys and is referred to
as public key
cryptography. Symmetric algorithms use only one key that is used by
both the sender
and receiver.
4. C. Hashing is referred to as a cipher or algorithm or even a
cryptosystem, but it can be
�uniquely referred to as a nonreversible mechanism for verifying the
integrity of data.
Remember that hashing doesn’t enforce confidentiality.
5. C. A message digest is a product of a hashing algorithm, which may
also be called a
message digest function.
6. C. A public and private key are mathematically related keys, but
they are not identical.
In symmetric systems only one key is used at a time.
7. B. A public key is not necessarily stored on the local system, but a
private key will
always be present if the user is enrolled.
8. A. The number of keys increases dramatically with more and more
parties using
symmetric encryption; hence it does not scale well.
9. A. Hashing is intended to verify and preserve the integrity of data,
but it cannot
preserve the confidentiality of that data.
10. A. MD5 is the most widely used hashing algorithm, followed very
closely by SHA1 and
the SHA family of protocols.
11. C. PGP is a method of encrypting stored data to include emails,
stored data, and other
similar information. It is a form of public and private key encryption.
12. B. SSL is used to secure data when it is being transmitted from
client to server and
back. The system is supported by most clients, including web browsers
and email
clients.
13. D. PKI is used in the process of making SSL function. While it is
true that AES, DES,
and 3DES can be used in SSL connections, PKI is the only one used
consistently in all
situations.
14. C. IPsec operates at the Network layer, or Layer 3, of the OSI
model, unlike many
previous techniques.
