Chapter 16 1 Network Access Control And Cloud

CHAPTER 16: NETWORK ACCESS CONTROL AND CLOUD SECURITY

TRUE OR FALSE

T F 1. Network access control authenticates users logging into the

network and determines what data they can access and actions

they can perform.

T F 2. Access requestors are also referred to as clients.

T F 3. A network access server does not include its own authentication

services.

T F 4. VLANs are common NAC enforcement methods.

T F 5. The Extensible Authentication Protocol supports multiple

authentication methods.

T F 6. EAPOL operates at the network layers and makes use of an IEEE

802 LAN, such as Ethernet or Wi-Fi, at the link level.

T F 7. There is a decreasing trend in organizations to move information

technology operations to a cloud computing infrastructure.

T F 8. Cloud computing gives you the ability to expand and reduce

resources according to your specific service requirement.

T F 9. The cloud provider in a private cloud infrastructure is responsible

for both the infrastructure and the control.

T F 10. The NIST cloud computing reference architecture focuses on the

requirements of “what” cloud services provide, not a “how to”

design solution and implementation.

T F 11. A cloud broker is useful when cloud services are too complex for a

cloud consumer to easily manage.

T F 12. For many clients, the most devastating impact from a security

breach is the loss or leakage of data.

T F 13. In using cloud infrastructures, the client necessarily cedes control

to the CP on a number of issues that may affect security.

T F 14. The threat of data compromise decreases in the cloud.

T F 15. Data must be secured while at rest, in transit, and in use, and

access to the data must be controlled.

MULTIPLE CHOICE

1. ___________ is an umbrella term for managing access to a network.

A. NAS B. ARC

C. NAC D. RAS

2. The _________ is the node that is attempting to access the network and may be

any device that is managed by the network access control system.

A. AR B. RAS

C. IP D. PS

3. The __________ determines what access should be granted.

A. authentication server B. policy server

C. supplicant D. access requestor

4. The __________ is an Internet protocol that enables dynamic allocation of IP

addresses to hosts.

A. VLAN B. IEEE 802.1X

C. EAPS D. DHCP

5. _________ is a client computer that is attempting to access a network.

A. EAP peer B. PSK

C. NAC D. RAS

6. Broad network access, measured service, resource pooling, and rapid

elasticity are essential characteristics of ___________.

A. PaaS B. network access control

C. cloud computing D. EAP-TLS

7. _________ saves the complexity of software installation, maintenance,

upgrades, and patches.

A. IaaS B. SaaS

C. EAP D. DHCP

8. In effect, ________ is an operating system in the cloud.

A. IEEE 802.1X B. PaaS

C. IaaS D. DHCP

9. _________ enables customers to combine basic computing services, such as

number crunching and data storage, to build highly adaptable computer

systems.

A. IaaS B. EAP peer

C. CP D. SaaS

10. With a _________ infrastructure, the cloud infrastructure is made available to

the general public or a large industry group and is owned by an organization

selling cloud services.

A. hybrid cloud B. private cloud

C public cloud D. community cloud

11. With a _________ infrastructure, the cloud infrastructure is shared by several

organizations and supports a specific community that has shared concerns.

A. community cloud B. public cloud

C. private cloud D. hybrid cloud

12. A _________ is a person or organization that maintains a business relationship

with, and uses service from, cloud providers.

A. cloud auditor B. cloud broker

C. cloud carrier D. cloud consumer

13. A ________ is a person, organization, or entity responsible for making a service

available to interested parties.

A. cloud broker B. cloud auditor

C. cloud provider D. cloud carrier

14. A ________ is a party that can conduct independent assessment of cloud

service, information sytem operations, performance, and security of the

cloud implementation.

A. cloud auditor B. cloud carrier

C. cloud broker D. all of the above

15. _________ is the provision of security applications and services via the cloud

either to cloud-based infrastructure and software or from the cloud to the

customers’ on-premise systems.

A. IaaS B. PaaS

C. SaaS D. SecaaS

SHORT ANSWER

1. The ___________ functions as an access control point for users in remote

locations connecting to an enterprise’s internal network.

2. __________ methods are the actions that are applied to ARs to regulate access to

the enterprise network.

3. A __________ provides a form of NAC by allowing or denying network traffic

between an enterprise host and an external user.

4. An __________ is a server computer that negotiates the use of a specific EAP

method with an EAP peer, validates the EAP peer’s credentials, and

authorizes access to the network.

5. A _________ is an entity at one end of a point–to-point LAN segment that seeks

to be authenticated by an autheticator attached to the other end of that link.

6. _________ is a model for enabling ubiquitous, convenient, on-demand network

access to a shared pool of configurable computing resources that can be

rapidly provisioned and released with minimal management effort or service

provider interaction.

7. NIST defines three service models, which can be viewed as nested service

alternatives: software as a service, platform as a service, and _________ as a

service.

8. With a ________ infrastructure, the cloud infrastructure is a composition of two

or more clouds that remain unique entities but are bound together by

standardized or proprietary technology that enables data and application

portability.

9. A _________ in an intermediary that provides connectivity and transport of

cloud services from CP’s to cloud consumers.

10. ___________ includes people, processes, and systems that are used to manage

access to enterprise resources by assuring that the identity of an entity is

verified, and then granting the correct level of access based on this assured

identity.

11. __________ are third party audits of cloud services.

12. _________ defines how the TLS protocol can be encapsulated in EAP messages.

13. ____________ is an EAP method for mutual authentication and session key

derivation using a Pre-Shared Key.

14. An _________ is an access point or NAS that requires EAP authentication prior

to granting access to a network.

15. The Cloud Security Alliance defines _______ as the provision of security

applications and services via the cloud either to cloud-based infrastructure

and software or from the cloud to the customers’ on-premise systems.

TRUE OR FALSE

MULTIPLE CHOICE

SHORT ANSWER