MIS379 Exam Two
Terminal Access Controller Access Control System (TACACS)
used for mostly device administration. All data packets encrypted, flexible, reliable,
NTLM
Revised LM, uses unicode for better complexity
domain validation (DV), extended validation, subject alternative name, wildcard
SSL Web Server Certificates
Mandatory Access Control (MAC)
Admin sets security controls. End user can't change (implement, modify, or transfer) controls
Explain public key infrastructure (PKI)
3rd party (registration authority) verifies identity of a person and instructs the certificate authority to issue a digital certificate which also contains that person's public key. Certificate can then be used to prove identity and enable secure transactions
Privilege Bracketing
A company tells the IT department user access needs to be changed so privileges are only granted when needed, then revoked as soon as the task is finished, or the need has passed. Based on Account Management practices, what is the company asking the IT department to implement? A. Onboarding B. Identity and Access Managment (IAM) C. Offboarding D. Privilege bracketing
Permission Auditing
A network administrator regularly reviews group membership and access control lists for each resource. They also look for unnecessary accounts to disable. What is the administrator executing in this situation? A. Recertification B. Logging C. Permission auditing D. Usage auditing
%SystemRoot%\System32\Drivers\etc\hosts
A primary target for a hacker gaining access to a network is user passwords. Consider the file locations where Windows and Linux each store passwords and determine which of the following is NOT used for password storage. A. %SystemRoot%\System32\config\SAM B. /etc/passwd C. %SystemRoot%\System32\Drivers\etc\hosts D. /etc/shadow
Lightweight Directory Access Protocol (LDAP)
A protocol for a client application to access an X.500 directory.
The system's time setting is incorrect or the certificate has expired
A user enters the web address of a favorite site and the browser returns: "There is a problem with this website's security certificate." The user visits this website frequently and has never had a problem before. What could be the reasoning for this?
Password Recovery
Admin pass reset, pass recovery disks, active directory restore mode password, password recovery via web
Role-Based Access Control (RBAC)
Access decisions are based on the roles of individual users as part of an organization
Guest Zone
Allows untrusted or semi-trusted hosts on local network
Kerberos Authentication
An authentication protocol used in a Windows domain environment or on a Linux system; uses OS-generated keys, which makes this protocol more secure than having an administrator enter keys.
Honeynet
An entire dummy network used to lure attackers.
Pass the Hash Attack
An expoit in which an attacker steals a hashed user credential and, without cracking it, reuses it to trick an authentication system into creating a new authenticated session on the same network.
- Intrusion detection are security suites and appliances that combine automated network scanning with defense and remediation suites to prevent rogue devices from accessing the network. - Wireless monitoring can reveal whether there are unauthorized access points.
Analyze the techniques that are available to perform rogue machine detection and select the accurate statements. (Select two) A. Visual inspection of ports and switches will prevent rogue devices from accessing the network. B. Network mapping is an easy way to reveal the use of unauthorized protocols on the network or unusual traffic volume. C. Intrusion detection are security suites and appliances that combine automated network scanning with defense and remediation suites to prevent rogue devices from accessing the network. D. Wireless monitoring can reveal whether there are unauthorized access points.
An account consists of an identifier, credentials, and a profile.
Apply knowledge of identity and authentication concepts to select the true statement. A. A user profile must be unique. B. Credentials could include name, contact details, and group memberships. C. An identifier could be a username and password, or smart card and PIN code. D. An account consists of an identifier, credentials, and a profile.
The user is exposed to a DoS attack
Applying an understanding of how to mitigate password cracking attacks, how would restricting the number of failed logon attempts be categorized as a vulnerability? A. The user is exposed to a replay attack. B. The user is exposed to a brute force attack. C. The user is exposed to a DoS attack. D. The user is exposed to an offline attack.
Problems from weaknesses in network design
Single points of failure, complex overdependencies, availability over confidentiality or integrity, lack of documentation / change control, overdependence on perimeter security
Tokens can be allowed to continue without expiring in HTOP.
Based on knowledge of the fundamentals of One-time Passwords (OTP), which of the following choices represents the problem that exists with HMAC-based One-time Password Algorithm (HOTP) and is addressed by Time-based One-time Password Algorithm (TOTP)? A. HOTP isn't configured with a shared secret. B. The server isn't configured with a counter in HOTP. C. Only the HOTP server computes the hash. D. Tokens can be allowed to continue without expiring in HTOP.
Iris Scan
Biometric authentication methods have different error rates, with some methods being easier to fool than others. Which of the following methods is least likely to be tricked by an unauthorized user? A. Fingerprint scan B. Iris scan C. Facial recognition D. Voice recognition
TACACS+ is open source and RADIUS is a proprietary protocol from Cisco.
Both RADIUS (Remote Access Dial-In User Service) and TACACS+ (Terminal Access Controller Access-Control System) provide authentication, authorization, and accounting using a separate server (the AAA server). Apply an understanding of the protocols' authentication processes and select the FALSE statement. A. TACACS+ is open source and RADIUS is a proprietary protocol from Cisco. B. RADIUS uses UDP and TACACS+ uses TCP. C. TACACS+ encrypts the whole packet (except the header) and RADIUS only encrypts the password. D. RADIUS is primarily used for network access and TACACS+ is primarily used for device administration.
Password Cracker Attack Types
Brute force, dictionary attack / rainbow tables, hybrid attack
Password Crackers
Cain and Abel, John the Ripper, THC Hydra, Aircrack, l0phtcrack
Pretty Good Privacy (PGP)
Commercial encryption product owned by Symantec
All of the above
Compare X.509 certificates with Pretty Good Privacy (PGP) certificates and identify which of the following are true. A. X.509 certificates are signed by a single Certificate Authority, where PGPs are signed by multiple users. B. X.509 operates under a hierarchical trust model, where PGP uses a web of trust. C. X.509 and PGP are both implementations of the PKI Trust Model. D. All of the above
Kerberos uses timestamps and PKI does not.
Compare and contrast methods used by Kerberos and Private Key Infrastructure (PKI) to authenticate users and identify the true statement. A. Kerberos uses asymmetric cryptography while PKI uses symmetric cryptography. B. Kerberos and PKI both use passwords to authenticate users. C. Kerberos uses timestamps and PKI does not. D. Kerberos and PKI both provide Single Sign-On (SSO).
Password Authentication Protocol (PAP)
Completely unsecure
Credential Management Policies
Complexity rules, user (bad) practice, history and aging
Offline CA
Consider the Public Key Infrastructure (PKI) Trust Model. Are the following root the single point of failure? A. Single CA B. Intermediate CA C. Self-signed CA D. Offline CA
Non-repudiation
Consider the challenges with providing privilege management and authorization on an enterprise network. Which of the following would the network system administrator NOT be concerned with when configuring directory services? A. Confidentiality B. Integrity C. Non-repudiation D. DoS
Verification
Consider the lifecycle of an encryption key. Which of the following is NOT a stage in a key's lifecycle? A. Storage B. Verification C. Expiration and renewal D. Revocation
Yes
Consider the process of obtaining a digital certificate, are the following true? A. CAs ensure the validity of certificates and the identity of those applying for them. B. The registration function may be delegated by the CA to one or more RAs. C. When a subject wants to obtain a certificate, it completes a CSR.
SAML, Shibboleth, OpenID
Consider the role trust plays in federated identity management and determine which models rely on networks to establish trust relationships. (Choose three) A. SAML B. Shibboleth C. OpenID D. LDAP
802.1X provides PNAC, The authentication server is typically a RADIUS server
Determine which of the following statements about 802.1x are true. (Select two) A. The device requesting access is the authenticator under 802.1X. B. 802.1X provides PNAC. C. The authentication server is typically a RADIUS server. D. In port-based authentication, the port acts as a firewall.
Rule-Based Access Control
Determines what accesses should be granted based on a list of predefined rules
The purpose for which a certificate was issued.
Define key usage with regard to standard extensions?
True
Digital Certificates contain subject's public key and information identifying subject and validity (T/F)
Not all hosts on the network can talk to one another.
Evaluate the following choices based on their potential to lead to a network breach. Select the choice that is NOT a network architechture weakness. A. The network architechture is flat. B. Services rely on the availability of several different systems. C. The network relies on a single hardware server. D. Not all hosts on the network can talk to one another.
ARP operates at layer 2, Mutual authentication is not prevalent at layer 2
Evaluate the following statements and determine which explains why layer 2 is vulnerable to Man-in-the-Middle (MitM) attacks. (Select two) A. ARP operates at layer 2 B. DNS operates at layer 2 C. Mutual authentication is not prevalent at layer 2 D. Firewalls are not secure at layer 2
Digital Certificates
Establish association with subject identity and public key, once identity is verified and certificate is created, the CA digitally signs it with the private key
A user logs in using a password and a smart card
Give an example representing Two-Factor Authentication (2FA)?
STP
Given layer 2 does not recognize Time to Live, evaluate the potential possible problems to determine which of the following options prevents this issue. A. ICMP B. L2TP C. NTP D. STP
Purpose of a server certificate
Guarantee the identity of e-commerce sites and other websites that gather and store confidential information.
One-Time Password Tokens
Hardware Token: Code generated on fob, not transmitted Software Token: 2-step verification, sent to trusted resource
Authentication, Authorization, and Accounting (AAA) Architecture
Host credentials of access devices (network access devices bad place to store credentials)
172.20.26.1
If a company's IP address is in the Class B private range, which of the following IP addresses is can be utilized? A. 172.20.26.1 B. 192.168.0.1 C. 10.10.1.0 D. 172.16.256.1
- It is exponentially more difficult to ensure the key is not compromised with multiple backups of a private key. - If a private key or secret key is not backed up, the storage system represents a single point of failure.
If not managed properly, is the following true of certificate and key management representing critical vulnerabilities?
Pros of Encryption
Keeps data safe / Prevents data breaches Assists in confidentiality, availability, and integrity Secures personal data across many devices (and through transfer)
Key Generation, certificate generation, storage, revocation, expiration / renewal
Key life-cycle
Cons of Encryption
Lose keys, lose data associated with that key Expensive to maintain and upkeep systems Performance penalties for retrieving data
Network zone
Manage / filter traffic between zones, containers for hosts with the same security requirements
Federation
Many Internet companies, such as Google and Facebook, allow users to share a single set of credentials between multiple services providers. For example, a user could logon to Amazon using their Facebook credentials. Which term correctly defines this example? A. Federation B. Single sign-on C. Permission D. Access control
DAC
Many access control models are rule-based. Consider how each of the following models determines how users receive rights and determine which model is NOT rule-based. A. RBAC B. DAC C. MAC D. ABAC
Asymmetric encryption
More complex, newer, uses public and private keys
Core, Permission, Access
Network topology design has a hierarchy. Reflect on Physical and Data layers of the OSI model implementation and select the layers Cisco recommends for campus design. (Choose three) A. Core B. Permission C. Access D. Distribution
Federation
Networks under separate administrative control share users (Facebook/Google Sign-In)
Outline and explain requirements of good password policy
No personally identifying information, no shorter than 16 characters MINIMUM, complexity in passwords (numbers, letters, upper/lower, special chars), unique passwords across accounts, do not share or write them down, change frequently, use password manager
Challenge Handshake Authentication Protocol (CHAP)
One-way authentication. However, performed through a 3-way, local handshake (challenge, response, and acceptance messages) between a server and a client.
OpenPGP
Open source version of PGP (GNU Privacy Guard (GPG))
Key Recovery
Process allows for lost keys to be recovered
Key stretching
Protects against brute force, uses additional rounds to strengthen keys
Escrow
Placing archived keys with a trusted third party
Certificate life-cycle
Registration and generation, certificate signing request, renewal, revocation, suspension, key destruction
Explain certificate life-style
Registration/generation-creation of public/private keys Certificate signing request - Renewal - owner an request renewal, then granted with new public/private keys Revocation - cert can be revoked at anytime Suspension - Temporary suspension of certificate Key destruction - Once lifetime of cert is up, all copies of cert must be destroyed from all locations
Mutual authentication
Server authenticates to client before client authenticates server
Key uses
Server authentication, client authentication, code signing, email protection
Symmetric Encryption
Simplest, older, uses one key to encrypt and decrypt; both parties need to know the key
List five different factors that can be used to establish identity and give an example of each
Something you are, something you have, something you do, something you know, somewhere you are
Authentication
Something you know (password), something you have (smart card - NFC), something you are (fingerprint), something you do (signature), somewhere you are (mobile device w/ gps)
Multi-factor authentication
Strong authentication requires two or three types (not two of the same kind)
Public Key Infrastructure (PKI)
System for creating public and private keys using a certificate authority (CA) and digital certificates for authentication.
True
T/F: Hardware security modules (HSM) may be less susceptible to tampering and insider threats than software-based storage.
Biometric Technologies
Terrible. Fingerprint, retinal/iris, facial recognition, behavioral technologies,
Extensions, public key, version
The X.509 standard defines the fields (information) that must be present in a digital certificate for what required fields?
Attribute-Based Access Control (ABAC)
The organization specifies the use of objects based on some attribute of the user or system.
Discretionary Access Control (DAC)
The subject has total control over any object that the subject owns along with the programs that are associated with those objects
Screened Host
There are several types of security zones on a network. Analyze network activities to determine which of the following does NOT represent a security zone. A. Honeypot B. Screened host C. Wireless D. Guest
Hierarchal, peer-to-peer, hybrid
Trust models
Private, extranet, internet/guest
Types of network zones
Lan Manager (LM) authentication
Uses password as key rather than sending it over network
Authorization, accounting, identification, authentication
What are some of the main processes for an identity and account management (IAM) system?
A user's keyboard typing behavior is analyzed
What illustrates a user being authenticated, based on how identification and authentication are distinct in their functions.
DMZ
Where should an administrator place an internet-facing host on the network? A. DMZ B. Bastion host C. Extranet D. Private network
- Implement the principle of least privilege when assigning user and group account access. - Draft a password policy and include requirements to ensure passwords are resistant to cracking attempts.
Which of the following are considered best practices for Account Management? (Choose two) A. Implement the principle of least privilege when assigning user and group account access. B. Draft a password policy and include requirements to ensure passwords are resistant to cracking attempts. C. Identify group or role account types and how they will be allocated to users. D. Identify user account types to implement within the model, such as standard users and types of privileged users.
Hub
Which of the following devices contain all of the ports in the same collision domain? A. Switch B. Bridge C. Hub D. Ad hoc network
Manually configured routers use routing protocols.
Which of the following is NOT the function of a router? A. Routers can serve as a firewall. B. Routers can join networks together. C. Routers can subdivide networks. D. Manually configured routers use routing protocols.
Brute Force, Dictionary
Which of the following password cracker attacks are combined to create a hybrid attack? (Select two) A. Brute force B. Dictionary C. Rainbow table D. PTH
The local service account creates the host processes and starts Windows before the user logs on.
Windows has several service account types, typically used to run processes and background services. Which of the following statements about service accounts is FALSE? A. The Network service account and the Local service account have the same privileges as the standard user account. B. Any process created using the system account will have full privileges over the local computer. C. The local service account creates the host processes and starts Windows before the user logs on. D. The Local Service account can only access network resources as an anonymous user.
Digital Certificate Standards
X.509 and PKCS are standards for what?
ARP poisoning
an attack that convinces the network that the attacker's MAC address is the one associated with an allowed address so that traffic is wrongly sent to the attacker's machine