Chapter 9: Practice Test 1 405
- D. The TGS, or Ticket-Granting Service (which is usually on the same server as the
KDC), receives a TGT from the client. It validates the TGT and the user’s rights to access
the service they are requesting to use. The TGS then issues a ticket and session keys to
the client. The AS serves as the authentication server, which forwards the username to
the KDC. It’s worth noting that the client doesn’t communicate with the KDC directly.
Instead, it will communicate with the TGT and the AS, which means KDC isn’t an
appropriate answer here. - D. Asynchronous communications rely on a built-in stop and start flag or bit. This makes
asynchronous communications less efficient than synchronous communications but better
suited to some types of communication. - C. Wave pattern motion detectors transmit ultrasonic or microwave signals into the
monitor area, watching for changes in the returned signals bouncing off objects. - C. Stateful packet inspection firewalls, also known as dynamic packet filtering firewalls,
track the state of a conversation and can allow a response from a remote system based
on an internal system being allowed to start the communication. Static packet filtering
and circuit-level gateways only filter based on source, destination, and ports, whereas
application-level gateway firewalls proxy traffic for specific applications. - B. A captive portal can require those who want to connect to and use WiFi to provide an
email address to connect. This allows Ben to provide easy-to-use wireless while meeting
his business purposes. WPA2 PSK is the preshared key mode of WPA and won’t provide
information about users who are given a key. Sharing a password doesn’t allow for data
gathering either. Port security is designed to protect wired network ports based on MAC
addresses. - B. Many modern wireless routers can provide multiple SSIDs. Ben can create a private,
secure network for his business operations, but he will need to make sure that the
customer and business networks are firewalled or otherwise logically separated from each
other. Running WPA2 on the same SSID isn’t possible without creating another wireless
network and would cause confusion for customers (SSIDs aren’t required to be unique).
Running a network in Enterprise mode isn’t used for open networks, and WEP is outdated
and incredibly vulnerable. - D. Unencrypted open networks broadcast traffic in the clear. This means that
unencrypted sessions to websites can be easily captured with a packet sniffer. Some
tools like FireSheep have been specifically designed to capture sessions from popular
websites. Fortunately, many now use TLS by default, but other sites still send user session
information in the clear. Shared passwords are not the cause of the vulnerability, ARP
spoofing isn’t an issue with wireless networks, and a Trojan is designed to look like safe
software, not to compromise a router. - D. The DES modes of operation are Electronic Codebook (ECB), Cipher Block Chaining
(CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter (CTR). The
Advanced Encryption Standard (AES) is a separate encryption algorithm.