Page 66 - StudyBook.pdf
P. 66
50 Chapter 1 • General Security Concepts: Access Control, Authentication, and Auditing
6. You are performing a security audit for a company to determine their risk from
various attack methods.As part of your audit, you work with one of the com-
pany’s employees to see what activities he performs during the day that could
be at risk.As you work with the employee, you see him perform the following
activities:
■ Log in to the corporate network using Kerberos
■ Access files on a remote system through a Web browser using SSL
■ Log into a remote UNIX system using SSH
■ Connect to a POP3 server and retrieve e-mail
Which of these activities is most vulnerable to a sniffing attack?
A. Logging in to the corporate network using Kerberos
B. Accessing files on a remote system through a Web browser using SSL
C. Logging into a remote UNIX system using SSH
D. Connecting to a POP3 server and retrieving e-mail
7. You are reading a security article regarding penetration testing of various
authentication methods. One of the methods being described uses a time-
stamped ticket as part of its methodology.Which authentication method would
match this description?
A. Certificates
B. CHAP
C. Kerberos
D. Tokens
8. You are validating the security of various vendors that you work with to ensure
that your transactions with the vendors are secure.As part of this, you validate
that the certificates used by the vendors for SSL communications are valid.You
check one of the vendor’s certificates and find the information shown in Figure
1.1. From the information shown, what vendor would you have to trust as a
CA for this certificate to be valid?
www.syngress.com
