Comptia CertMaster CE security+ Section 2
Questions With 100% Correct Answers
A firewall - ✔✔ - any software or hardware device that protects a system or network by
blocking unwanted network traffic. Firewalls generally are configured to stop suspicious
or unsolicited incoming traffic through a process called implicit deny.
A stateful firewall - ✔✔ - A stateful firewall does track the active state of a connection
and is able to make decisions based on the contents of a network packet as it relates to
the state of the connection.
stateless firewall - ✔✔ - does not track the active state of a connection as it reaches the
firewall. It allows or blocks traffic based on some static value associated with that traffic.
An access control list (ACL) - ✔✔ - a list of objects with permissions attached to those
objects. The list specifies which entities (such as individuals) have the rights to access
specific resources and to what extent those resources may be modified (if at all).
Implicit deny - ✔✔ - The principle that establishes that everything that is not explicitly
allowed is denied.
A VPN concentrator - ✔✔ - A single device that incorporates advanced encryption and
authentication methods in order to handle a large number of VPN tunnels.
Remote access vs. site-to-site - ✔✔ - A remote access VPN connects individual remote
users to the private network, whereas a site-to-site VPN connects two private networks
together.
, Internet Protocol Security (IPSec) - ✔✔ - an open-source protocol framework for
security development within the TCP/IP family of protocol standards. IPSec is not
application dependent as it operates at the network layer (layer 3) of the OSI model.
IPSec transport mode - ✔✔ - IPSec encrypts just the IP payload, leaving the IP packet
header unchanged so it can be easily routed through the internet
IPSec tunnel mode - ✔✔ - both the packet contents and header are encrypted.
IPSec, Authentication Header (AH) - ✔✔ - One of the two protocols used in IPSec,
Authentication Header (AH) provides authentication for the origin of transmitted data as
well as integrity and protection against replay attacks.
IPSec, Encapsulation Security Payload (ESP) - ✔✔ - One of the two protocols used in
IPSec, provides the same functionality as Authentication Header (AH), with the addition
of encryption to support the confidentiality of transmitted data.
Split tunnel vs. full tunnel - ✔✔ - When a device is connected to the VPN in full tunnel
mode, all network traffic is sent through the tunnel and encrypted. In split mode, only
some of the traffic is sent through the tunnel and encrypted.
TLS/SSL (Transport Layer Security and Secure Sockets Layer) - ✔✔ - Secure Sockets
Layer (SSL) and Transport Layer Security (TLS) are security protocols that combine
digital certificates for authentication with public key data encryption.
Always-on VPN - ✔✔ - Some VPN concentrators support an always-on capability so
that the user's device will automatically connect to the VPN any time it has an Internet
connection.
Questions With 100% Correct Answers
A firewall - ✔✔ - any software or hardware device that protects a system or network by
blocking unwanted network traffic. Firewalls generally are configured to stop suspicious
or unsolicited incoming traffic through a process called implicit deny.
A stateful firewall - ✔✔ - A stateful firewall does track the active state of a connection
and is able to make decisions based on the contents of a network packet as it relates to
the state of the connection.
stateless firewall - ✔✔ - does not track the active state of a connection as it reaches the
firewall. It allows or blocks traffic based on some static value associated with that traffic.
An access control list (ACL) - ✔✔ - a list of objects with permissions attached to those
objects. The list specifies which entities (such as individuals) have the rights to access
specific resources and to what extent those resources may be modified (if at all).
Implicit deny - ✔✔ - The principle that establishes that everything that is not explicitly
allowed is denied.
A VPN concentrator - ✔✔ - A single device that incorporates advanced encryption and
authentication methods in order to handle a large number of VPN tunnels.
Remote access vs. site-to-site - ✔✔ - A remote access VPN connects individual remote
users to the private network, whereas a site-to-site VPN connects two private networks
together.
, Internet Protocol Security (IPSec) - ✔✔ - an open-source protocol framework for
security development within the TCP/IP family of protocol standards. IPSec is not
application dependent as it operates at the network layer (layer 3) of the OSI model.
IPSec transport mode - ✔✔ - IPSec encrypts just the IP payload, leaving the IP packet
header unchanged so it can be easily routed through the internet
IPSec tunnel mode - ✔✔ - both the packet contents and header are encrypted.
IPSec, Authentication Header (AH) - ✔✔ - One of the two protocols used in IPSec,
Authentication Header (AH) provides authentication for the origin of transmitted data as
well as integrity and protection against replay attacks.
IPSec, Encapsulation Security Payload (ESP) - ✔✔ - One of the two protocols used in
IPSec, provides the same functionality as Authentication Header (AH), with the addition
of encryption to support the confidentiality of transmitted data.
Split tunnel vs. full tunnel - ✔✔ - When a device is connected to the VPN in full tunnel
mode, all network traffic is sent through the tunnel and encrypted. In split mode, only
some of the traffic is sent through the tunnel and encrypted.
TLS/SSL (Transport Layer Security and Secure Sockets Layer) - ✔✔ - Secure Sockets
Layer (SSL) and Transport Layer Security (TLS) are security protocols that combine
digital certificates for authentication with public key data encryption.
Always-on VPN - ✔✔ - Some VPN concentrators support an always-on capability so
that the user's device will automatically connect to the VPN any time it has an Internet
connection.
