268. d. The network address translation (NAT) services are not needed in the Internet Protocol (IP) version 6 but are needed in the IPv2, IPv3, and IPv4. IP addresses are in a limited supply. NAT is the process of converting between IP addresses used within an intranet or other private network (called a stub domain) and the Internet IP addresses. This approach makes it possible to use a large number of addresses within the stub domain without depleting the limited number of available numeric Internet IP addresses. In the IP version 6, the NAT services are not needed because this version takes care of the problem of insufficient IP addresses with automatically assigning the IP addresses to hosts.
269. Which of the following fills the gap left by firewalls in terms of not monitoring authorized users’ actions and not addressing internal threats?
a. Sensors
b. Switches
c. Bridges
d. Routers
269. a. Firewalls do not monitor authorized users’ actions of both internal and external users, and do not address internal (insider) threats, leaving a gap. Sensors fill the gap left by firewalls with the use of monitors and scanners. A sensor is an intrusion detection and prevention system (IDPS) component that monitors, scans, and analyzes network activity.
The other three choices cannot fill the gap left by firewalls. A switch is a mechanical, electromechanical, or electronic device for making, breaking, or changing the connections in or among circuits. A bridge is a device that connects similar or dissimilar two or more LANs together to form an extended LAN. A router converts between different data link protocols and resegments transport level protocol data units (PDUs) as necessary to accomplish this conversion and re-segmentation.
270. In a domain name system (DNS) environment, which of the following is referred to when indicating security status among parent and child domains?
a. Chain of trust
b. Chain of custody
c. Chain of evidence
d. Chain of documents
270. a. The information system, when operating as part of a distributed, hierarchical namespace, provides the means to indicate the security status of child subspaces and (if the child supports secure resolution services) enable verification of a chain of trust among parent and child domains. An example means to indicate the security status of child subspaces is through the use of delegation signer (DS) resource records in the DNS.
The other three choices are not related to the chain of trust but they are related to each other. Chain of custody refers to tracking the movement of evidence, chain of evidence shows the sequencing of evidence, and chain of documents supports the chain of custody and the chain of evidence, and all are required in a court of law.
271. Which of the following is not an example of centralized authentication protocols?
a. RADIUS
b. TACACS
c. SSO
d. DIAMETER
271. c. RADIUS, TACACS, and DIAMETER are examples of centralized authentication protocols to improve remote access security. Centralized authentication servers are flexible, inexpensive, and easy to implement. Single sign-on (SSO) is an example of decentralized or distributed access control methodologies along with Kerberos, SESAME, security domains, and thin-client systems. SSO means the user is not prompted to enter additional authentication information for the session after the initial log-on is successfully completed.
272. Which of the following is not part of the Internet Engineering Task Force (IETF) AAA Working Group dealing with the remote access security?
a. Assurance
b. Authentication
c. Authorization
d. Accounting
272. a. Assurance includes techniques to achieve integrity, availability, confidentiality, and accountability, and metrics to measure them. The IETF’s AAA Working Group remote access security services are labeled as authentication, authorization, and accounting (AAA) services.
273. Analyzing data protection requirements for installing a local-area network (LAN) does not include:
a. Uninterruptible power source
b. Backups
c. Fault tolerance
d. Operating systems
273. d. Identifying information or data protection requirements involves reviewing the need for an uninterruptible power source, backups, and fault tolerance. Selection of an operating system is a part of operational constraints, not data protection requirements.
