Answer: B

Explanation:

Authentication Header (AH) is a member of the IPsec protocol suite. AH operates directly on top of IP, using IP protocol number 51.

Answer: A

Explanation:

Time-based one-time password (TOTP) tokens are devices or applications that generate passwords at fixed time intervals. In this case, itu2021s every 30 seconds.

Answer: D

Explanation:

Multifactor authentication requires a user to provide two or more authentication factors for authentication purposes. In this case, a smart card (something they have) is one and a PIN (something they know) is the second.

Answer: C

Explanation:

A rogue Certification Authority (CA) certificate allows malicious users to impersonate any Web site on the Internet, including banking and e-commerce sites secured using the HTTPS protocol. A rogue CA certificate would be seen as trusted by Web browsers, and it is harmful because it can appear to be signed by one of the root CAs that browsers trust by default. A rogue Certification Authority (CA) certificate can be created using a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure Web sites.

Answer: C

Explanation:

Authentication systems or methods are based on one or more of these five factors: Something you know, such as a password or PIN

Something you have, such as a smart card, token, or identification device

Something you are, such as your fingerprints or retinal pattern (often called biometrics) Something you do, such as an action you must take to complete authentication Somewhere you are (this is based on geolocation)

Multifactor authentication is authentication that uses two of more of the authentication factors listed above.

In this question, we can use voice recognition (something you are) and a one-time PIN token (something you have) to provide two factors of authentication. The one-time PIN token is a small device that generates a one-time PIN to enable access.

Answer: D

Explanation:

Discretionary access control (DAC) allows access to be granted or restricted by an objectu2021s owner based on user identity and on the discretion of the object owner.

Answer: D

Explanation:

TACACS+ is not compatible with TACACS and XTACACS, and makes use of TCP.

Answer: A

Explanation:

The finance department can check if any of the bank's certificates are in the CRL or not. If a certificate is not in the CRL then it is still valid.

The CRL (Certificate revocation list) is exactly what its name implies: a list of subscribers paired with digital certificate status. The list enumerates revoked certificates along with the reason(s) for revocation. The dates of certificate issue, and the entities that issued them, are also included. In addition, each list contains a proposed date for the next release.

Answer: B,C,F

Explanation:

B: Triple DES (3DES) is the common name for the Triple Data Encryption Algorithm (TDEA or Triple DEA) symmetric-key block cipher, which applies the Data Encryption Standard (DES) cipher algorithm three times to each data block.

C: Advanced Encryption Standard (AES) is a block cipher that has replaced DES as the current standard, and it uses the Rijndael algorithm. It was developed by Joan Daemen and Vincent Rijmen. AES is the current product used by U.S. governmental agencies. F: Blowfish is an encryption system invented by a team led by Bruce Schneier that performs a 64-bit block cipher at very fast speeds.

Answer: C

Explanation:

A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates. The CA affirms the identity of the certificate owner.