Unit 3 SYO-401- Chapter 7-9

what are three major areas of modern cryptography

Asymmetric cryptography hashing algorithms symmetric cryptography

what type of attack is carried out by probability that give enough time another value will be created with the same hash value

Birthday

individuals who specialize in the breaking of codes are known as

Crytanalysts those that develop or make codes are known as crytographers

what technology can you use to limit the harmful effects of employees using unapproved USB devices to copy documents at your company

DLP

Which algorithm isn't used to encrypt or decrypt messages but instead used merely for the secret sharing of a symmetric key between two parties

Diffie Hellman

what is the software technique that relies on inputting large amount of invalid data to make an application crash

Fuzzing Fuzzing is the technique of providing unexpected values as input to an application in order to make it crash

which organization oversees a number of committees and group, including the IETF

ISOC internet society is a professional group whose membership consists primarily of internet expert.

Which of the following algorithms is popular with wireless and WEP/WPA encryption

RC4 popular with wireless and WEP/WPA encryption. it is a streaming cipher that works with key sizes between 40 and 2048 bits and it is used in SSL and TLS

WHAT PROCESS DOES VIRTUALLY ALL STANARDS RELATING TO THE INTERNET THAT ARE ADOPTED GO THROUGH

RFC request for comment is essentially a proposed standard document that is requesting people review it and make comments on the proposed standard

which of the following are componets of Public Key Infrastructure(PKI)

RSA: RA: registration authority CA: certificate authority

what do you call the area of an application that is available to users(those who are authenticated as well as those who are not)

attack surface

what is the term used to define which application a user cannot install and run on a company issued mobile device

black listing

your company has started to utilitze free cloud storage space. What can you do to protect and maintain confidentiality of your confidential files stored in the free cloud storage area

use PKI to digitally sign each file prior to uploading them to the cloud provider

which of the following will contribute to network hardening

-updating network switch firmware to newest versions -Locking down all unused ports on the firewall -putting passwords on all remote configurable network hardware

how many basic types does the X. 509 certificates have

2

which of the following encryption algorithms has replaced DES as the current standard

AES advanced encryption standard has replaced DES as the current standard, and it uses the Rijindael algorithm. AES is the current product used by U.S governmental agencies. It supports key sizes of 128, 192, and 256 bits with 128 bits being the default

which encryption algorithm is based on Rijndael

AES advanced encryption standard is based on the Rijndael encryption algorithm

which organization is concerned with defining technology and other electrical standards

IEEE The institute for electrical and Electronics engineers is primarily concerned with standards for both electrical and electronic items ( including some computer and telecommunication equipment). Ethernet is an IEE standard

Juan want to send a digitally signed and encrypted message to Lee. In a PKI infrastructure, which of the following algorithms and keys is used to BEST complete these actions

Juan should create a hash of the message contents, create a hash signature, then use Lee's public key to encrypt the message using 3DES

which U.S. government agency publishes lists of known vulnerabilities in operating systems

NIST national institute of standards and technology develops standards for the U>S government. one of the many things they do is publish lists of known vulnerabilities in software and operating systems

what are the best two ways to take a key that might be a bit weak and make it stronger usually by making it longer

PBKDF2 Bcrypt

which of the following is a set of voluntary standards created by RSA and security leaders

PKCS

which PKCS standard describes general sysntax for data that may have cryptography applied to it such as digital signatures and digital envelopes

PKCS #7 PKCS 1: RSA cryptography standard 3: diffie-hellman key agreement standard 5: password based cryptography standard 7: cryptographic message syntax standard

what solution should you implement to fix security problems discovered within an OS

Path management system

a certificate authority (CA) is an organization that is not responsible for doing which of the following with certificates

Promoting

which of the following is the most recommended hashing algorithm

SHA SHA is a one way hash that provides a hash value that can be used with a encryption protocol

which two protocols will protect personal data as it is transmitted and also encrypt the data

SSH PGP/GPG

which encryption method allows a secure TCp level connection between two machines

SSL secure socket layer (SSL) encryption method allows a secure TCP-level connection between two machines

what type of encryption has the same key and processing algorithms

Symmetric symmetric algorithms require both end of an encrypted message to have the same key and processing algorithms. Symmetric algorithms generate a secret key that must be protected

what hardware based encryption uses a storage root key

TPM

what do you call the technique used to glean information about computer systems on a network and the services running its open ports

banner grabbing banner grabbing looks at the banner, or header information messages sent with data to find out about the system.

method of code breaking tries every possible combination of charaters in an attempt to guess the password or key

brute force

what type of encryption only encrypts the payload

Transport encryption encryption can be done in either tunneling or transport mode. in tunneling mode, the data or payload and message header are encrypted

what can a security admin do to protect company data when employees currently save data on company provided mobile devices

configure the devices so that removable media use it disabled removable media is an easy way to install viruses, Trojans and other malware onto a network

you want to prevent users form installing unapproved or harmful software on company computers. You can't change their current permissions because it may interfere with permissions need for other job responsibilities. what is the best cource of action

create an approved application list and block anything not on it

what type of attack uses a client side scripting language so it is possible for an attacker to trick a user who visits the site into having code execute locally

cross site scripting XSS

attack against a password uses common words to attempt to find the user password

dictionary

which type of attacks occurs by guessing words and combinations of words

dictionary

you want to prevent another spear phishing campaign at your company. What can you implement to improve the overall security posture by assuring their employees that email originated from the original sender

digital signatures digital signature is similar in function to a standard signature on a document. It validates the integrity of the message and the sender. The message is encrypted using the encryption system, and a second piece of information, the digital signature, is added to the message

you are replacing a non network root certificate server. Before you send the server hard drives to be destroyed by a third party company, you want to make sure the data cannot be accessed. which of the following if implemented would best reassure you this task will be competed successfully

disk wiping procedures disk hashing procedures

what do you call process of making a computing environment more secure from attacks and intruders

hardening while securing is what you are trying to accomplish, the process of making a computing environment (such as an operating system) is known as hardening

why would the receivers calculate the message authentication code value and compare it to the value sent in the message

if the values are equal, the message can be assumed to be intact and genuine

what do you call program or code snippet that execute when certain predefined event occurs

logic bomb

which of the following is another name for a web structure model

mesh mesh-the mesh trust model expands the concepts of the bridge model by supporting multiple paths and multiple root CAs

what prevents one party from denying action they carried out

non repudiation

what is the best way to protect a bootable USB drive with confidential company data from being lost or stolen

partition the USB and encrypt the non booting partition for data storage

what provides some additional functionality, or a non urgent fix, and are sometimes optional

patch

which new method of cryptography is based on the characteristics of the smallest particles known

quantum cryptography quantum cryptography is relatively new method of encryption. this method is based on the characteristics of the smallest particles known. In quantum cryptography, the sequence or position of photons represents the encrypted data

what should a certificate authority (CA) do to recover an accidentally issued certificate signing certificate

revoke the issued certificate through the CRL

what is an email spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data seemingly from a trusted person within the organization

spear phishing

what is the primary way to protect passwords against brute force attacks

specify a longer password length

a type of attack that occurs when an attacker pretends to be a legitimate client, using information it has gained from a legitimate client

spoofing spoofing occurs when attacker pretends to be something they are not in order to gain access

what are some of the biggest problem with vulnerability report and antispam programs

the number of false positives

what kind of cryptographic method involves scrambling the letters in a certain manner

transposition cipher a transposition cipher involves transposing or scrambling the letters in a certain manner. Typically, a message is broken into blocks of equal size and each block is then scrambled

what type of attack often mimics similar URLs or misspelled URL to misdirect users

typosquatting similar to URL hijacking is the likely cause.