Unit 3 SYO-401- Chapter 7-9
what are three major areas of modern cryptography
Asymmetric cryptography hashing algorithms symmetric cryptography
what type of attack is carried out by probability that give enough time another value will be created with the same hash value
Birthday
individuals who specialize in the breaking of codes are known as
Crytanalysts those that develop or make codes are known as crytographers
what technology can you use to limit the harmful effects of employees using unapproved USB devices to copy documents at your company
DLP
Which algorithm isn't used to encrypt or decrypt messages but instead used merely for the secret sharing of a symmetric key between two parties
Diffie Hellman
what is the software technique that relies on inputting large amount of invalid data to make an application crash
Fuzzing Fuzzing is the technique of providing unexpected values as input to an application in order to make it crash
which organization oversees a number of committees and group, including the IETF
ISOC internet society is a professional group whose membership consists primarily of internet expert.
Which of the following algorithms is popular with wireless and WEP/WPA encryption
RC4 popular with wireless and WEP/WPA encryption. it is a streaming cipher that works with key sizes between 40 and 2048 bits and it is used in SSL and TLS
WHAT PROCESS DOES VIRTUALLY ALL STANARDS RELATING TO THE INTERNET THAT ARE ADOPTED GO THROUGH
RFC request for comment is essentially a proposed standard document that is requesting people review it and make comments on the proposed standard
which of the following are componets of Public Key Infrastructure(PKI)
RSA: RA: registration authority CA: certificate authority
what do you call the area of an application that is available to users(those who are authenticated as well as those who are not)
attack surface
what is the term used to define which application a user cannot install and run on a company issued mobile device
black listing
your company has started to utilitze free cloud storage space. What can you do to protect and maintain confidentiality of your confidential files stored in the free cloud storage area
use PKI to digitally sign each file prior to uploading them to the cloud provider
which of the following will contribute to network hardening
-updating network switch firmware to newest versions -Locking down all unused ports on the firewall -putting passwords on all remote configurable network hardware
how many basic types does the X. 509 certificates have
2
which of the following encryption algorithms has replaced DES as the current standard
AES advanced encryption standard has replaced DES as the current standard, and it uses the Rijindael algorithm. AES is the current product used by U.S governmental agencies. It supports key sizes of 128, 192, and 256 bits with 128 bits being the default
which encryption algorithm is based on Rijndael
AES advanced encryption standard is based on the Rijndael encryption algorithm
which organization is concerned with defining technology and other electrical standards
IEEE The institute for electrical and Electronics engineers is primarily concerned with standards for both electrical and electronic items ( including some computer and telecommunication equipment). Ethernet is an IEE standard
Juan want to send a digitally signed and encrypted message to Lee. In a PKI infrastructure, which of the following algorithms and keys is used to BEST complete these actions
Juan should create a hash of the message contents, create a hash signature, then use Lee's public key to encrypt the message using 3DES
which U.S. government agency publishes lists of known vulnerabilities in operating systems
NIST national institute of standards and technology develops standards for the U>S government. one of the many things they do is publish lists of known vulnerabilities in software and operating systems
what are the best two ways to take a key that might be a bit weak and make it stronger usually by making it longer
PBKDF2 Bcrypt
which of the following is a set of voluntary standards created by RSA and security leaders
PKCS
which PKCS standard describes general sysntax for data that may have cryptography applied to it such as digital signatures and digital envelopes
PKCS #7 PKCS 1: RSA cryptography standard 3: diffie-hellman key agreement standard 5: password based cryptography standard 7: cryptographic message syntax standard
what solution should you implement to fix security problems discovered within an OS
Path management system
a certificate authority (CA) is an organization that is not responsible for doing which of the following with certificates
Promoting
which of the following is the most recommended hashing algorithm
SHA SHA is a one way hash that provides a hash value that can be used with a encryption protocol
which two protocols will protect personal data as it is transmitted and also encrypt the data
SSH PGP/GPG
which encryption method allows a secure TCp level connection between two machines
SSL secure socket layer (SSL) encryption method allows a secure TCP-level connection between two machines
what type of encryption has the same key and processing algorithms
Symmetric symmetric algorithms require both end of an encrypted message to have the same key and processing algorithms. Symmetric algorithms generate a secret key that must be protected
what hardware based encryption uses a storage root key
TPM
what do you call the technique used to glean information about computer systems on a network and the services running its open ports
banner grabbing banner grabbing looks at the banner, or header information messages sent with data to find out about the system.
method of code breaking tries every possible combination of charaters in an attempt to guess the password or key
brute force
what type of encryption only encrypts the payload
Transport encryption encryption can be done in either tunneling or transport mode. in tunneling mode, the data or payload and message header are encrypted
what can a security admin do to protect company data when employees currently save data on company provided mobile devices
configure the devices so that removable media use it disabled removable media is an easy way to install viruses, Trojans and other malware onto a network
you want to prevent users form installing unapproved or harmful software on company computers. You can't change their current permissions because it may interfere with permissions need for other job responsibilities. what is the best cource of action
create an approved application list and block anything not on it
what type of attack uses a client side scripting language so it is possible for an attacker to trick a user who visits the site into having code execute locally
cross site scripting XSS
attack against a password uses common words to attempt to find the user password
dictionary
which type of attacks occurs by guessing words and combinations of words
dictionary
you want to prevent another spear phishing campaign at your company. What can you implement to improve the overall security posture by assuring their employees that email originated from the original sender
digital signatures digital signature is similar in function to a standard signature on a document. It validates the integrity of the message and the sender. The message is encrypted using the encryption system, and a second piece of information, the digital signature, is added to the message
you are replacing a non network root certificate server. Before you send the server hard drives to be destroyed by a third party company, you want to make sure the data cannot be accessed. which of the following if implemented would best reassure you this task will be competed successfully
disk wiping procedures disk hashing procedures
what do you call process of making a computing environment more secure from attacks and intruders
hardening while securing is what you are trying to accomplish, the process of making a computing environment (such as an operating system) is known as hardening
why would the receivers calculate the message authentication code value and compare it to the value sent in the message
if the values are equal, the message can be assumed to be intact and genuine
what do you call program or code snippet that execute when certain predefined event occurs
logic bomb
which of the following is another name for a web structure model
mesh mesh-the mesh trust model expands the concepts of the bridge model by supporting multiple paths and multiple root CAs
what prevents one party from denying action they carried out
non repudiation
what is the best way to protect a bootable USB drive with confidential company data from being lost or stolen
partition the USB and encrypt the non booting partition for data storage
what provides some additional functionality, or a non urgent fix, and are sometimes optional
patch
which new method of cryptography is based on the characteristics of the smallest particles known
quantum cryptography quantum cryptography is relatively new method of encryption. this method is based on the characteristics of the smallest particles known. In quantum cryptography, the sequence or position of photons represents the encrypted data
what should a certificate authority (CA) do to recover an accidentally issued certificate signing certificate
revoke the issued certificate through the CRL
what is an email spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data seemingly from a trusted person within the organization
spear phishing
what is the primary way to protect passwords against brute force attacks
specify a longer password length
a type of attack that occurs when an attacker pretends to be a legitimate client, using information it has gained from a legitimate client
spoofing spoofing occurs when attacker pretends to be something they are not in order to gain access
what are some of the biggest problem with vulnerability report and antispam programs
the number of false positives
what kind of cryptographic method involves scrambling the letters in a certain manner
transposition cipher a transposition cipher involves transposing or scrambling the letters in a certain manner. Typically, a message is broken into blocks of equal size and each block is then scrambled
what type of attack often mimics similar URLs or misspelled URL to misdirect users
typosquatting similar to URL hijacking is the likely cause.