Take the quiz (either here or use the PTP software) if you want to use the score to help you decide how much time to spend on this chapter. Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes,” found at the end of the book, includes both the answers and explanations. You can also find answers in the PTP testing software.
Table 18-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping
Caution
The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark that question as wrong for purposes of the self-assessment.
Giving yourself credit for an answer you incorrectly guess skews your self-assessment results and might provide you with a false sense of security.
1. How are security and privacy related?
a. Security primarily relates to controlling access to a network, while privacy relates to preventing unauthorized users from accessing data.
b. The tools used to ensure privacy and provide security largely overlap.
c. Security is not related to privacy; these are entirely different fields of work and study.
d. Security primarily relates to individuals, while privacy primarily relates to organizations.
2. Confidentiality is concerned with
a. Preventing unauthorized users from accessing data.
b. Encrypting data while it is being carried over the network.
c. Making certain is not changed while being stored or transmitted.
d. Deleting data once you are done with it.
3. How does resilience play a role in data integrity?
a. Resilience does not play a role in data integrity.
b. Having multiple copies of data prevents an attacker from taking the only copy.
c. Having multiple copies of data allows an operator to detect and correct changes in the data.
d. Resilience prevents an attacker from blocking access to an application or data store.
a. Designing security into systems, rather than waiting until a system is deployed to “bolt on” security
b. Moving equipment as far left in the rack as possible
c. Shifting access controls as close to the user as possible
d. Moving troubleshooting as close to design as possible
5. Are IP addresses considered PII?
a. Yes, but it does not matter because the network is using IP addresses for their original design.
b. No, an IP address cannot identify an individual user.
c. No, IP addresses are not legally classified as PII.
d. Yes, and they should be handled as PII in logging systems.
a. Removing information from a data set to prevent the identification of individual users
b. Suppressing, injecting noise, aggregating, and segmenting data to decrease the possibility an individual user can be identified
c. Removing data from packets so the transmitting application can no longer be identified
d. Encrypting data so an individual user’s data cannot be examined by an unauthorized party
7. How can operators use aggregation to protect user privacy in network logging?
a. Aggregation is a control plane concept; it is not related to user privacy.
b. Host information can be removed from source and destination IP addresses, leaving just the subnet.
c. Sets of packets can be stored in a single store, separate from other stores, to prevent unauthorized access to an entire flow.
d. Moving all private data onto a single host helps prevent attackers from accessing it.
8. How do identity stores relate to AAA servers?
a. AAA servers contain separate lists of users than a centralized identity store.
b. AAA servers store authentication information, while identity stores store only directory information.
c. AAA servers often rely on identity stores for user credentials and authorizations.
d. AAA servers do not rely on identity stores.