sec +
Antivirus Resistence
*Key word is morphic* -Stealth -Modification -Armor -Retrovirus -Slow and Sparse infectors -Metamorphic -Polymorphic
Trojans
-A malicious program concealed within a benign one -Many are designed to provide covert surveillance or control of infected host
ARP Attacks
-Address Resolution Protocol (Sits on switch) -Maps IPv4 addresses to hardware (MAC) interfaces -ARP Poisoning - Dsniff, Ettercap, Cain and Abel -MAC Flooding
AES
-Advanced Encryption Standard -Block Sipher -128 bits and key size of 128, 192, or 256 bits -Best encryption
Spyware
-Allows attacker to record system configuration and user actions -Key Logging, screenshots, remote logging -Pretty bad
Preventing Malware
-Backups -Apply OS/Application Patches -Install Malware Protection Software (Update regularly, configure to run on-access, filter email/IM/websites) -Restrict system privileges -Educate Users -Audit/Continuous Monitoring -Keep up-to-date with threats
Man in the Middle
-Eavesdropping -Intercept Packets (Without sender or receiver knowing) -Can monitor contents of packets (unless encrypted) -Could modify packets and send on
802.11b
1 1 Mbps (5.5, 2, and 1 fallback) / 2.4 GHz
802.11
1 or 2 Mbps / 2.4 GHz
Three Control Types
1) Management 2) Operational 3) Technical
Hashing Algorithms
1) Must be one-way 2) Variable-length input produces fixed-length output 3) Algorithm must have few or no collisions
Vulnerability Scan Tasks
1) Passively Test Security Controls 2) Interpret Results 3) Identify Vulnerabilities 4) Identify Lack of Security Controls 5) Identify Common Misconfigurations
Cloud Computing Concerns
1) Regulatory Compliance 2) User Privileges 3) Data Integration/Segregation
What is the order of volatility from most to least?
1. CPU Cache 2. Memory 3. Temporary File System 4. Hard Drive 5. Physical configuration 6. Archival media
POP Port
110
An SNMP Agent receives requests on UDP port: 161 138 162 139
161
L2F Port
1701
What firewall ports are used to transmit clear text data?
20, 21, 69
Which TCP port is used by SMTP?
25
CIO Chief Information Officer
A "C" level executive position in some organizations. A CIO focuses on using methods within the organization to answer relevant questions and solve problems
CTO Chief technology officer
A "C" level executive position in some organizations. CTOs focus on the technology and evaluate new technologies
What is a TLS?
A cryptographic protocols used to secure data transmission over the Internet.
What is a VDI?
A form of desktop virtualization that allows you to host multiple users desktop environments on a central server.
PAT Port address translation
A form of network address translation
What is a PAP?
A method of authentication that uses passwords, presented in plaintext, to authenticate.
CSR Control Status Register
A register in a processor used for temporary storage of data
SAN storage area network
A specialized network of high-speed storage devices
What does SCADA do?
A system commonly found in energy and oil plants that analyzes real time data which is used to control plant or industrial equipment.
OLA open license agreement
A volume licensing agreement allowing an organization to install software on multiple systems
Digital Certificate
A wrapper for a subject's public key
EMI shielding protects the transferred data from: (Select all that apply) A Outside interference B Phishing C Eavesdropping D Decryption F Bluesnarfing
A, C
Port 1812
AAA Server using UDP on Port 1812
AAA Authentication Authorization and Accounting
AAA protocols are used in a remote access systems. For example TACACS+ is an AAA protocol that uses multiple challenges and responses during a session. Authentication verifies a uses identification. Authorization determines if a user should have access. Accounting tracks a user's access with logs
Which DNS record is used to identify an IPv6 host?
AAAA
Port Scanners
Active Fingerprinting netstat Prove ports Xmas attack Open connections Block scans at firewalls or with Intrusion Detection System
Which security goal is compromised by a DDoS attack?
Availability
BIND Berkeley Internet Name Domain
BIND is DNS software that runs Linux and Unix servers. Most Internet-based replacement for BIOS
Compensating - Control Type
Backup controls once other controls fail
BPO
Blanket Purchase Order
SAN
Block level access Storage Area Network Difficult to manage
Birthday Attack
Brute force attack aimed at exploiting collisions in hash functions
A temporary area of memory allocated with a fixed size for holding data while it's waiting to be transferred to another location is known as: Cache Header Local Shared Object (LSO) Buffer
Buffer
What is RADIUS vulnerable to?
Buffer overflow attacks
BCP
Business Continuity Planning
BIA
Business Impact Analysis
Hardware-based RAID Level 0: (Select 2 answers) A Offers redundancy B Requires at least three drives to implement C Doesn't offer fault tolerance D Requires at least two drives to implement E Offers fault tolerance
C, D
AES-based encryption mode implemented in WPA2 is known as: CCMP TPM TKIP MTBF
CCMP
Hardware Security
Cable Locks Lockable Cabinets Device Locks Safes Protected Distribution
Host Security Management Plan
Central Plank in ensuring a secure, efficient, and well defined network
Centralized or Decentralized Key Management
Centralized - One Admin controls keys Decentralized - Each User controls keys
CA
Certificate Authority
What does CA stand for?
Certificate Authority
Administrative - Control Type
Comes down through policies, procedures, and guidelines
UNIX and Linux
Command line/text config file oriented Linux is based off of UNIX Linux versions: SUSE, Red Hat, Madriva
Registration Authorities
Complete identity checking and submit CSRS
Password Protection
Complexity Rules -Length -Character Combinations -Age User Practice -Remembering Passwords -Storing/Writing Down Passwords
Transitive Access
Compromise Trust relationships between sites
DNS Spoofing
Compromising victim's DNS server
Router
Connects multiple networks and routes packets from one network to another Work at Network Layer Fault Tolerant
What is rule-based management?
Consists of configuring rules on devices, such as routers and firewalls, which allow or deny traffic.
Bot-herder
Controls a botnet
Scarcity - Social Engineering
Convince someone that there is a limited quantity of something
ARP Poisoning
Corrupts MAC to IP correlations in a router to spoof or redirect traffic
Service Level Agreement
Defines services that will be provided
CCTV and Motion Detection
Detective Measure
Flood Guards
Detects attempts to open connections maliciously
Behavior-Based-Detection IDS
Detects variation in behavior
What does DACL stand for?
Discretionary Access Control list
Type C Fire Extinguisher
Electrical; Nonconductive chemicals
White Hats
Ethical Hackers. Probably paid internally.
Hoax
Fake Antivirus Cause Unnecessary Support Calls Use Vendor Sites to identify Malware
Block ciphers work by encrypting each plaintext digit one at a time. True or False?
False
The biggest advantage of public cloud is that all services provided through this type of cloud computing service model are offered free of charge. True or False?
False
FERPA
Family Educational Rights and Privacy Act
IT Contingency Planning
Fault Tolerance allowed
Type of Threats
Hackers, Crackers, Black Hats, White Hats, Script Kitties External Threats
Types of Encryption Technologies
Hash Asymmetric - One Key Symmetric - Sharing the same key
Network-Based IDS
IDS attaches to a point in the network where it can monitor traffic
802.11i
Implements WPA2
Security Audit
In-depth check of security
What is an Antivirus program?
Its a security tool used to protect devices from viruses.
Joe takes a message and sends it over to Ann.
Joe encrypts the plaintext with anns public key and send it over so she can decrypt it using her private key
JFS
Journaled File System
What is the 2nd step in the Kerberos process?
KDS will verify the credentials, if good a TGT is issued.
UDP 1701
L2TP
PORT TCP 389
LDAP
What authentication protocol provides access to directory server services?
LDAP (Lightweight Directory Access Protocol)
PORT TCP 636
LDAP/SSL
Switches
Layer 2 (Data Link Layer) and Layer 3 (Network Layer)
L2F
Layer 2 Forwarding; created by Cisco; similar to PPP; should not be used over WANs; authentication, but no encryption
What hash algorithm is used by common implementations of CHAP?
MD5
What two types of encryption are used in smartcards?
MD5, RSA
Hypervisor
Manages Guest VMs -Hardware system resources -Disk images and snapshots -Networking -Security/Sandboxing
What is Chalking?
Marking buildings with unsecured wireless networks, done by war drivers notifying other war drivers that there is an unsecured wireless network in a building.
Remote Authentication Dial-In User Service
Mechanism for authentication of remote network connections; centrally managed on a single server; single point of failure
MOU
Memorandum of Understanding
Phage Virus
Modifies and alters other programs and databases
CAC
Multi-Factor Authenication
What name table is called on by nbstat -a test11406?
NetBIOS over TCP/IP (nbstat)
PORT TCP 139
NetBios
UDP 138
NetBios
Digital Signatures
Non-Repudiation Message Integrity
Directory Traversal
Obtain access to host OS file system or shell If it has a v in it
What is Session Hijacking?
Occurs when a malicious user obtains access to another users active computer session to gain unauthorized access to computer services.
LANMAN
Old Microsoft protocol for authentication; replaced by NTLM
What does PCI DSS stand for?
Payment Card industry Data Security Standard
Attacker redirects name resolution entries from legitimate site to fraud site -> Victims
Pharming
Threat
Potential for a threat agent Path or tool used by the threat actor
PGP
Pretty Good Privacy; freeware email encryption system
Nonrepudiation
Prevents a party from denying actions they carried out
Key Recovery Agents
Process for backing up keys and/or recovering them
Full Disk Encryption
Processing overhead BitLocker, TrueCrypt
Screen Lock
Protected by password
Authentication
Proves a User or Process is who it claims to be Something you know - Password, Pin, PII
Business Continuity Concepts
Provide systems that are high availability and fault tolerant Provide backup mechanisms and resources
Public Cloud
Provider offers to public; usually a pay-as-you-go model
Wired Equivalent Protocol
Provides basic security for wireless networks; weakness in RC4 encryption algorithm; initialization vector (IV) short (24-bit), repeated, and is static
Radius Remote authentication dial-in user service
Provides central authentication for remote access clients RADIUS encrypts the password packets and uses UDP. In contrast, TACACS+ encrypts the entire authentication process and uses TCP
NIC Network interface card
Provides connectivity to a network
Assessment of risk probability and its impact based on subjective judgment falls into the category of: Environmental controls Quantitative risk assessment Forensic procedures Qualitative risk assessment
Qualitative
RIPEMED
RACE Integrity Primitives Evaluation Message Digest
Which of the following solutions does not offer fault tolerance? RAID 5 Disk duplexing RAID 0 Disk mirroring RAID 1
RAID 0
RFID radio frequency identification
RFID methods are often used for inventory control
What does RAM stand for?
Random Access memory
Application-Level Proxy
Reads the individual commands of the protocols being served; advanced
Failover
Reconstruct a system or switch to another system when a failure is detected
RPO
Recovery Point Objective
RTO
Recovery Time Objective
TCP
Reliable, 1-to-1, connection-oriented
Virtual Private Networks (VPN)
Remote Access VPN Site to Site VPN
What is EAL 4?
Requires positive security engineering based on good commercial development practices.
ARP
Resolves IPs to MACs
What is the most reliable method for recovering a secure user account?
Restore from backup
RC
Ron's Cipher; family of encryption produced by RSA; currently RC4, RC5, and RC6; RC5 is strong, using a key up to 2048-bits
RIP
Routing Information Protocol
Which of the following solutions provides a single sign-on capability for Web services? MOU OVAL SCADA SAML
SAML (Security Assertion Markup Language)
Which of the answers listed below refers to a control system providing the capability for real-time monitoring and gathering information related to industrial equipment? OVAL SCADA TACACS SCAP
SCADA (Supervisory Control And Data Acquisition)
PORT TCP 25
SMTP
Familiarity/Liking - Social Engineering
Same interests, activities, positive attention
Sandboxing
Sandboxing is the process of isolating a system before installing new applications or patches on it so as to restrict the software from being able to cause harm to production systems.
Input Validation
Send invalid data to the application to try to crash it
Bluejacking
Sending unsolicited messages via Bluetooth
SLA
Service Level Agreement
SLE
Single Loss Expectancy
What does SaaS stand for?
Software as a Service
Pay Portal
Software as a service
NOOP network operation system
Software that runs on a server and enables the server to manage resources on a network
What does SSD stand for?
Solid State Hard Drive
Web Application Firewall
Specifically designed to block threats over HTTP such as: -XSS -SQL Injection -DDoS
ISA Interconnection security agreement
Specifies technical and security requirements for connections between two or more entities. An ISA includes details on planning, establishing maintaining as disconnecting a secure connection between two or more entities
IP Spoofing and TCP/IP Hijacking
Spoofing IP Addresses TCP Hijacking (3-way hijacking, non-blind spoofing, blind spoofing) ICMP Redirect
Buffer Overflow
Stack Overflow Heap Overflow Array Index Overflow
The process of hiding a "secret" message inside an ordinary message or file is known as what?
Steganography
Preventative - Control Type
Stop something from happening
Memorandum of Understanding
Summary of which company is responsible for which portions of work
Flash Cookie
Super cookie
SCADA
Supervisory Control and Data Acquisition
What does SCADA stand for?
Supervisory Control and Data Acquistion
What is a RC4?
Symmetric algorithm that is a stream cipher that mostly supports 64-bit and 128-bit encryption. Common uses for wireless WEP and WPA encryption. Works with key sizes between 40 and 2,048
PORT TCP 49
TACACS+
UDP 69
TFTP
Key Stretching
Take a weak key and make it stronger by lengthening it
Assets
Tangible, Intangible, People, Market Value, Practical Value
What is a UDP attack?
Target a UDP service or maintenance protocol to overload services and perform denial of service attacks. Work by flooding random ports on a target computer with UDP packets.
PORT TCP 23
Telenet
Port number 23 is used by
Telnet
TKIP
Temporal Key Integrity Protocol
What does TKIP stand for?
Temporal Key Integrity Protocol
DHE Data-handling electronics
Term used at NASA indicating electronic systems in that handle data
TACACS
Terminal Access Controller Access-Control System
Telnet
Terminal emulation software to support a remote connection to another computer
What should you do after researching and documenting your disaster recovery plan?
Test
What should you do with patches before putting on the prod?
Test the patches on a test environment first and then put it on production
Fuzzing
Testing an application's input validation routines work well
BIA Business impact analysis
The BIA indetifies critical business or mission requirements and includes elements such as recovery time objectives (RTOs) and recovery point objectives (RPOs) but it doesn't identify solutions
MTU Maximum Transmission Unit
The MTU identifies the size of data that can be transferred.
OSI open systems interconnection
The OSI reference model conceptually divides different networking requirements into seven separate layers
What is MTTF?
The average time a device is expected to last before it fails.
What is MTTR?
The average time it will take to restore a system from failure.
What is WPA2?
The best encryption method, improved on WPA by using CCMP for data, privacy, integrity, and authentication.
SYN synchronize
The first packet in a TCP handshake. In a SYN flood attackers send this packet, but don't complete the handshake after receiving the SYN/ACK packet. A flood guard is a logical control that protects against SYN flood attacks
What is being called by net view \\test11406?
The net view command is being used to display resources that are being shared by a specific computer.
Mean Time Between Failure
The number of hours the manufacturer expects that a component will run before experiencing some sort of hardware problem
What is Risk acceptance?
The risk is recognized but no action is taken.
What does White Box penetration testing mean?
The tester has complete knowledge of the infrastructure.
What do Signature-based IDSs do?
They use specifically known patterns of unauthorized behavior called attack signatures to predict and detect subsequent similar attempts, then stores these signatures in the repository.
Key Escrow
Third party possesses a copy of cryptographic keys
What is the purpose of the Patriot Act?
This Act authorizes the interception of electronic communications if terrorism is suspected.
What is Implicit Deny?
This ensures that users may not access shared resources unless they have been explicitly allowed.
CCTV Closed-circuit television
This is a detective control that provides video surveillance. Video surveillance provides reliable proof of a person's location activity. It can be used by an organization to verify if any equipment or data is being removed.
TOTP
Time-Based One-Time Password
What is the advantage and disadvantage of using a differential backup?
To restore, you only need the most recent full back up and differential backup, however these types of backups take more time and require more storage media
What would be a real-world application of LDAP?
To set up a single sign on authentication system for a large enterprise network
Cloud Computing Risks
Transfer of risk Identify Responsibilities Legal/Regulatory Responsibility Insider Threats
Data In Transit
Transmitted over the network TLS IPsec PGP
TLS
Transport Layer Security
A replay attack occurs when an attacker intercepts user credentials and tries to use this information later for gaining unauthorized access to resources on a network. True False
True
FTPS is an extension to the FTP that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols. (True or False?)
True
True or false? Diffie-Hellman relies on public and private keys for encryption and decryption.
True
TPM
Trusted Platform Module
UTM
Unified Threat Management
You plan to use Windows BitLocker to Go to automatically encrypt a USB flash drive. You want to be able to retrieve the encrypted data from any laptop computer. What should you do?
Use A Password To Unlock This Drive
DNS Domain Name System
Used to resolve host names to IP addresses. DNS is the primary name resolution service used on the Internet and is also used to internal network
In which type of PKI model do trusted parties issue certificate to each other?
Web of trust
What is Transferring in terms of risk?
When you allow someone else to deal with the threat.
WPA2
Wi-Fi Protected Access 2; AES encryption with CCMP
Which of the following terms relates closely to the concept of residual risk? Firewall rules Virtualization Risk acceptance Quantitative risk assessment
acceptance
What is the best way to mitigate attacks through elevating a standard user account?
auditing failed and successful account management events
The MOST common exploits of Internet-exposed network services are due to...
buffer overflows
ISP Internet service provider
company that provides internet access to customers
What does an implicit deny on an ACL do?
denies any traffic not specifically allowed
What is the risk of using Halon fire suppression?
harm or kill employees
UDP 88
kerberos
LDAP lightweight directory access protocol
language used to communicate with directories such as microsoft's active directory. It provides a central location to manager user accounts and other directory objects. LDAP uses port 389 when unencrypted and port 636 when encrypted
When should a company perform a qualitative risk assessment?
limited time or budget
What does PAP stand for?
password Authentication Protocol
For what purpose would you install voice encryption on a mobile computer?
support secure VoIP
IGMP internet group management protocol
used for multicasting. Computers belonging to a multicasting group have a multicasting IP address in addition to a standard unicast IP address
HTTP hypertext transfer protocol
used for web traffic on the internet and in intranets HTTP uses port 80
WTLS Wireless transport layer security
used to a encrypt traffic for smaller wireless devices
Digital Certificates
-Based on X.509/PKIX/PKCS -File formats -Fields: Version Serial Number CA Signature Validity Subject's Public Key Extensions
Denial of Server (DOS)
-Cause a service to fail or become unavailable -DDoS attacks leverage bandwitch from compromised hosts/networks TCP/ICMP/UDP/Application Exploits Easy to use DoS tools Smurf
DES and 3DES
-Data Encryption Standard -DES is a block cipher using 64 bit blocks and 56 bit key -3DES is encrypted 3 separate times using different keys
Anti-Virus Software
-Database of virus signatures -Heuristic Scanning -Malware Removal/Quarantine -A-V Resistance
Wi-Fi Security Settings
-Disable SSID Broadcast -Keep firmware and drivers up to date -Change the default password -Enable MAC Address filtering -Disable DHCP
Symmetric Stream Cipher
-Encrypted 1 bit or byte at a time -Plaintext combined with a random keystream and Initialization Vector (IV) -RSA & RC4 are used today
Malicious Insider
-Has or has had authorized access -Employees, contractors, partners -Sabotage, financial gain, business advantage
Adware
-It's basically just pop ups. Not too bad. -Records some user activity but to lesser extent than spyware -Uses Cooking to deliver targeted advertisements -Legitimate adware should make privacy policy obvious
Types of Threat Agent
-Malicious Insider (Worst type of threat) -Accidental -Environmental (second worst) -Legal/Commercial
Anti-Spyware/Spam/Pop-Ups
-Most AV software protects against a range of malware and other threats -Tools may be used against specific web threats (Anti-Spyware, Anti-spam, Pop Up Blockers)
Ransomware
-Nuisance ("lock out" user by replacing shell) -Serious (encrypt data files or drives)
Cryptographic Hash Functions
-One way operational -Confidentiality -Authentication -Non-Repudiation -Integrity
Footprinting
-Overall holistic view of the network -Discover Network/Host Configuration -Network Mapping
Public Key Cryptography
-Prove that the owners of public keys are who they say they are -Anyone issuing public keys should have a digital certificate -Key is issues as a certificate by a Certificate Authority
Asymmetric Encryption
-Public Key Cryptography -One key encrypts or decrypts but not both -One key cannot be derived from the other -Private key must be kept secret -Public key is easy to distribute -Message size limits so not suitable for large amounts of data -Used for key exchange
Rootkits
-Replace key system files and utilities -Most powerful operate with system or kernel level privileges -It's what the rootkits are hiding that are dangerous
Certificate Revocation List
-Revoked or suspended certs go here -Has to have a constant connection with the CA
RSA
-SSL/TLS -Basis of many digital certificates and signature schemes -Maximum Message Size: Key Size - 11 bytes -Used for authentication, integrity, non-repudiation, key exchange
Symmetric Encryption
-Same secret key is used for encryption and decryption -Problem storing and distributing key securly
Cryptography
-Secret Writing -Plaintext is converted to ciphertext -Cipher is the means of change -Crytanalysis is the art of breaking or "Cracking" cryptographic systems
Fingerprinting
-Specific Information about a system -Identify Host Configuration -Scan TCP and UDP ports -Internet assigned numbers authority (IANA) numbering -Configure a Non-Default Port -Source versus destination port
Symmetric Block Cipher
-Split plaintext into equal size blocks -Subject to rounds of transpositions and substitutions
RC4
-Stream Cipher -Rivest Ciphers -Variable Length Key
Steganography
-Technique for obscuring the presence of a message -Covert Channels -Least significant bit
Replay Attack
-Trickery of the biometrics -Can also be used on wireless -Spoofing/Masquarade as a general attack (can take place at many levels) -Identity Theft/Social Engineering -Network Spoofing Atacks -Replay (Obtain some authentication data and use it to regain access) -Man in the Middle
Digital Signatures
-Used to prove identity of the sender of a message and to show that a message has not been tampered with -Integrity, Authentication, Non-Repudiation -Uses your private key. Other people use the public key to **verify**. -We only verify digital signatures
Different Type of Phishing
-Using Spoofed electronic communication to trick a user into providing confidential info -Spoof Emails or faked/hacked websites -Vishing (VoIP or IM) -Spear Phishing/Whaling (Targeting Senior Management) -Pharming (DNS Redirection) - Taking a legit website and making you go to a fraudulant website -Watering Hole - List of known website that people like to go to. Infecting one of them with malware. You can use pharming inside a watering hole.
One of the answers below lists some of the past and current authentication protocols used in Microsoft networks arranged from oldest / obsolete up to the current recommendation. Which of the answers lists the protocols in the correct order? 1 LANMAN › NTLM › NTLMv2 › Kerberos 2 NTLM › NTLMv2 › Kerberos › LANMAN 3 NTLM › NTLMv2 › LANMAN › Kerberos 4 Kerberos › NTLM › NTLMv2 › LANMAN
1
In the OSI model, DOCSIS, DSL, Ethernet physical layer, ISDN, RS-232 resides at the ______ layer
1 Physical
Five types of dealing with risk
1) Avoidance 2) Transference 3) Mitigation 4) Deterrence 5) Acceptance
Virtualization Concerns
1) Breaking out of the virtual machine 2) Network and security controls can intermingle
Technical Controls
1) Identification and Authentication 2) Access Controls 3) Audit and Accountability 4) System and Communication Protection
Incident Response Steps
1) Identify 2) Investigate 3) Repair 4) Document and Report 5) Adjust Procedures
Operational Controls
1) Personnel Security 2) Physical and Environmental Protection 3) Contingency Planning 4) Configuration Management 5) Maintenance 6) System and Information Integrity 7) Media Protection 8) Incident Response 9) Awareness Training
Management Controls
1) Risk Assessment 2) Planning 3) System and Services Acquisition 4) Certification, Accreditation, and Security Assessment
Which of the answers listed below refer(s) to the Advanced Encryption Standard (AES): (Select all that apply) 1 Symmetric-key algorithm 2 128-, 192-, and 256-bit keys 3 Asymmetric-key algorithm 4 Block cipher algorithm 5 Stream cipher algorithm
1, 2, 4
Which of the following are symmetric-key algorithms? (Select 3 answers) 1 AES 2 DES 3 RSA 4 Diffie-Hellman 5 3DES
1, 2, 5
A fraudulent email requesting its recipient to reveal sensitive information (e.g. user name and password) used later by an attacker for the purpose of identity theft is an example of: (Select 2 answers) 1 Phishing 2 Watering hole attack 3 Social engineering 4 Bluejacking 5 Vishing
1, 3
What are the features of Elliptic Curve Cryptography (ECC)? (Select 2 answers) 1 Asymmetric encryption 2 Shared key 3 Suitable for small wireless devices 4 High processing power requirements 5 Symmetric encryption
1, 3
Penetration testing: (Select all that apply) 1 Bypasses security controls 2 Only identifies lack of security controls 3 Actively tests security controls 4 Exploits vulnerabilities 5 Passively tests security controls
1, 3, 4
Which of the following fall(s) into the category of social engineering attacks? (Select all that apply) 1 Whaling 2 MITM attack 3 Shoulder surfing 4 Bluejacking 5 Dumpster diving 6 Bluesnarfing 7 Tailgating 8 Vishing
1, 3, 5, 7, 8
Which of the following answers apply to smurf attack? (Select 3 answers) 1 IP spoofing 2 Privilege escalation 3 DDoS 4 Polymorphic malware 5 MITM attack 6 Large amount of ICMP echo replies
1, 3, 6
Which of the following security controls provide(s) confidentiality? (Select all that apply) 1 Encryption 2 Certificates 3 Digital signatures 4 Steganography 5 Hashing
1, 4
Hardware-based RAID Level 1: (Select 3 answers) 1 Requires at least 2 drives to implement 2 Is also known as disk striping 3 Offers improved performance in comparison to RAID 0 4 Offers improved reliability by creating identical data sets on each drive (failure of one drive does not destroy the array as each drive contains identical copy of the data) 5 Is also referred to as disk mirroring
1, 4, 5
Which of the following security controls provide(s) integrity? (Select all that apply) 1 Hashing 2 Steganography 3 Fault tolerance 4 Digital signatures 5 Non-repudiation 6 Encryption
1, 4, 5
What are 2 security issues or threats associated with data being stored on social media networking accounts?
1. Data can be modified by any individual 2. Data can be obtained by any individual
Single Loss Expectancy (SLE) = Asset Value (AV) x Exposure Factor (EF). The Exposure Factor (EF) used in the formula above refers to the impact of the risk over the asset, or percentage of asset lost when a specific threat is realized. Which of the following answers lists the EF value for an asset that is entirely lost? 0 100 1.0 0.1
1.0
Private IP Ranges
10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255
Which of the ports listed below are used by client applications designed to retrieve email messages from mail servers? (Select 2 answers) 110 443 3389 143 25
110, 143
Which ports enable retrieving email messages from a remote server?
110, 143
RPC Port
111
SFTP Port
115
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol
128-bit AES encryption and 48-bit IV for Wi-Fi
IPv6
128-bit addresses
What bit sizes can be used with AES?
128-bit, 192-bit, or 256-bit
NetBIOS Ports
135 137 Name Service 138 Datagram Service 139 Session Service
Which of the following ports are used by NetBIOS? (Select all that apply) 136 137 161 138 162 139
137, 138, 139
Which of the port numbers listed below are used by NetBIOS?
137, 138, 139
IMAP Port
143
IMAP runs on TCP port
143
Which 2 ports are typically used by email clients?
143, 110
SNMP Ports
161 Agent 162 Manager
An SNMP management station receives SNMP notifications on UDP port: 161 137 162 138
162
L2TP Port
1701
PPTP Port
1723
What is WEP?
1st encryption method available for wireless networks.
What is the function of Windows Defender software? 1 Allowing and blocking applications through Windows Firewall 2 Protection against spyware and other potentially unwanted software 3 Reviewing computer's status and resolving issues 4 Management of User Account Control (UAC) settings
2
In the OSI model, IEEE 802.2, L2TP, LLDP, MAC, PPP, ATM, MPLS resides at the ______ layer
2 Data Link
Hardware-based RAID Level 5: (Select 2 answers) 1 Continues to operate in case of failure of more than 1 drive 2 Requires at least 3 drives to implement 3 Offers increased performance and fault tolerance (single drive failure does not destroy the array and lost data can be re-created from the remaining drives) 4 Requires at least 5 drives to implement 5 Is also referred to as disk duplexing
2, 3
Which of the following solutions add(s) redundancy in areas identified as single points of failure? (Select all that apply) 1 Virtualization 2 RAID 3 Hot site 4 UPS 5 Backup generator 6 PSU
2, 3, 4, 5
Which of the security control types listed below fall(s) into the category of preventative controls? (Select all that apply) 1 IDSs 2 Fencing 3 Hardware locks 4 Motion sensors 5 Warning signs 6 Mantraps
2, 3, 6
Which of the following answers refer to the applications / features of quantum cryptography? (Select 2 answers) 1 High availability 2 Protection against eavesdropping 3 Loop protection 4 Secure key exchange 5 Host-based intrusion detection
2, 4
FTP Ports
20 Data 21 Control
FTP runs by default on ports
20, 21
File Transfer Protocol (FTP) runs by default on port(s): (Select all that apply) 25 23 20 21 22
20, 21
You are configuring a host firewall. You need to prevent files from being updated or downloaded in clear text. Which ports should you block?
20, 21, 69
International Data Encryption Algorithm
218-bit key encryption used by PGP
A network administrator wants to replace service running on port 23 with a more reliable solution. Which of the following ports would be in use after implementing this change? 20 21 22 25
22
SSH and SCP Port
22
What port does SSH use?
22
A hacker has captured network traffic with cleartext commands sent from the client to the server console. Which of the following ports is being used by the network admin for the client-server communication? 49 23 68 22
23
Telnet Port
23
SMTP Port
25
Which of the following TCP port numbers is used by the Simple Mail Transfer Protocol (SMTP)? 110 25 22 143
25
Which of the following default port numbers is not used by a remote administration tool? 23 22 3389 25
25
Which of the following answers lists a /27 subnet mask? 255.255.255.0 255.255.255.128 255.255.255.192 255.255.255.224
255.255.255.224
What is the purpose of non-repudiation? 1 Hiding one piece of data in another piece of data 2 Ensuring that received data hasn't changed in transit 3 Preventing someone from denying that they have taken specific action 4 Transforming plaintext into ciphertext
3
IPSec works at which of the following layers of the TCP/IP model?
3 Network
In the OSI model, AppleTalk, ICMP, IPsec, IPv4, IPv6 resides at the ______ layer
3 Network
Address Resolution Protocol (ARP) translates: (Select all that apply) 1 Link layer addresses into IP addresses 2 Domain names into IP addresses 3 IP addresses into MAC addresses 4 Network layer addresses into link layer addresses
3, 4
Which of the following answers list(s) the characteristic features of pharming? (Select all that apply) 1 Port scanning 2 Dictionary attack 3 DNS poisoning 4 Rainbow table 5 Domain spoofing
3, 5
TCP/IP Protocol Suite
3-1-1-2
IPv4
32-bit addresses
MS WBT Server Port
3389
RDP Port
3389
default port number for a Microsoft-proprietary remote connection protocol?
3389
LDAP Port
389
Lightweight Directory Access Protocol (LDAP) runs on port: 49 389 3389 636
389
In the OSI model, NBF, TCP, UDP resides at the ______ layer
4 Transport
In the OSI model, TCP resides at the ______ layer
4 Transport
TCP/IP Layers
4) Application 3) Transport/Host-to-Host 2) Internet 1) Network Access/Network Interface/Link
Restoring data from an incremental backup requires: (Select 2 answers) 1 Copy of the last incremental backup 2 All copies of differential backups made since the last full backup 3 Copy of the last differential backup 4 All copies of incremental backups made since the last full backup 5 Copy of the last full backup
4, 5
A network administrator has been asked to set up a VPN link on a connecting host with no dedicated VPN client application installed. Which of the following ports should be in use to enable this type of connection? 119 443 23 139 143
443
HTTPS Port
443
SSL Port
443
Which TCP port is used by HTTPS?
443
TACACS Port
49
TACACS+ runs on TCP port: 389 49 636 88
49
In the OSI model, RPC, SCP, PAP, TLS, FTP, HTTP, HTTPS, SMTP, SSH, Telnet, resides at the ______ layer
5 Session
What # protocol is used by Encapsulating Security Payload (ESP) in IPSec?
50
What protocols would be allowed through the firewall AH and Encapsulating Security Protocol (ESP) for a VPN?
50, 51
DNS Port
53
DNS runs on port
53
Which of the following ports is used by DNS? 53 67 23 68 52
53
802.11g
54 Mbps / 2.4 GHz
802.11a
54 Mbps / 5 GHz
In the OSI model, CSS, GIF, HTML, XML, JSON, S/MIME, resides at the ______ layer
6 Presentation
A network administrator wants to secure the existing access to a directory service with SSL/TLS encryption. Which of the following ports would be in use after implementing this change? 636 139 389 443
636
LDAPS Port
636
The non-standard, enhanced version of the LDAP protocol providing the capability for encrypted transmission runs on port: 49 3389 636 389
636
DHCP Ports
67 Server 68 Client
TFTP Port
69
Which of the answers listed below refers to a port number for a lightweight protocol typically used for transferring boot files and configuration files between hosts in a secure Intranet environment? 20 69 21 22
69
Which of the port numbers listed below is used by the Trivial File Transfer Protocol (TFTP)? 88 139 22 69
69
In the OSI model, NFS, SMB, AFP, FTAM, NCP resides at the ______ layer
7 Application
OSI Layers
7) Application 6) Presentation 5) Session 4) Transport 3) Network 2) Data-link 1) Physical
An HTTP traffic can be enabled by opening port
80
HTTP Port
80
Wireless tech
802.1x vs WPA2
iSCI Ports
860 3260
Which of the following is the default port number used by the Kerberos authentication system? 80 3389 88 443
88
Which of the following port numbers is used by Kerberos? 23 80 22 88
88
FTPS Ports
989 Data 990 Control
Client computers on a network use POP3 over SSL to received e-mail. The e-mail service uses standard port assignment. What port on the Internet face of the firewall should allow inbound packets?
995
Which of the following answers lists the IPv6 loopback address? ::/128 FF00::/8 ::1 127.0.0.1
::1
Which of the following correctly identifies some of the contents of an end user's X.509 certificate? A User's public key, object identifiers, and the location of the user's electronic identity B User's public key, the serial number of the CA certificate, and the Certificate Revocation List (CRL) entry point C User's public key, the Certificate Authority (CA) distinguished name, and the type of symmetric algorithm used for encryption D User's public key, the certificate's serial number, and the certificate's validity dates
A (User's public key, the certificate's serial number, and the certificate's validity dates)
What is a Nmap?
A 3rd party GUI and command line utility.
What is Key escrow?
A 3rd party that maintains encryption keys to access encrypted data.
MAC Media access control
A 48-bit address used to uniquely identify network interface cards. It also called a hardware address or a physical address and is commonly displayed as six pairs of hexadecimal characters. Port security on a switch can limit access using MAC filtering. Wireless access points can use MAC filtering to restrict access to only certain clients, though an attacker can easily beat this.
What is RSA?
A Asymmetric Algorithm cryptosystem that can be used for encryption and digital signatures, that functions on the difficulty of factoring two prime numbers.
COOP Continuity of Operations Plan
A COOP site provides an alternate location for operations after a critical outage. A hot site includes personnel, equipment, software, and communications capabilities of the primary site with all the data up to date. A hot site can take over for a failed primary with a hour. A cold site will have power and connectivity needed for COOP activation, but little else. A warm site she is a comprise between a hot site and a cold site.
DBA Database admin
A DBA admin databases on database servers
What is a STP?
A Layer 2 protocol that is used to help prevent network loops.
MITM man in the middle
A MITM attack is a form of active interception an attacker to intercept traffic and insert malicious code sent to other clients. Kerberos provides mutual authentication and helps prevent MITM attacks
IIS internet information services
A Microsoft windows web server. IIS comes free with Microsoft windows server products
Control
A System or procedure put in place to mitigate risk
What is a SQL Injection?
A Type of attack where SQL code is used to gain access to a database.
VLAN virtual local area network
A VLAN can logically group several different computers together or logically separate computers, without regard to their physical location. It is possible to create multiple VLANs with a single switch.
MPLS Multi-Protocol later switch
A WAN topology provided by some telecommunications companies. Direct data to nodes using labels rather than IP addresses
What is an AppLocker?
A Windows feature that allows control of applications that users are allowed to access, by enabling administrators to effectively manage security at the user level by limiting the applications that can be launched on systems.
UPS uninterruptible power supply
A battery backup system that provides fault tolerance for power and can protect against power fluctuations. UPS provide short-term power giving the system enough time to shut down smoothly, or to transfer to generate power
IaaS Infrastructure as a Service
A cloud computing technology useful for heavily utilized systems and networks organizations can limit their hardware footprint and personnel costs by renting access to hardware such as servers compare to PaaS and Saas
What is a Honeynet?
A collection of honeypots specifically designed to deceive or trap attackers. They decoy as a vulnerable system offering legitimate data and resources.
What is XSS?
A common type of security vulnerability with web pages and applications. An attacker is able to use a script to bypass access controls.
What is half duplex?
A communication mode that permits two-way communications but in only one direction at a time.
DLL Dynamic Link Library
A compiled set of code that can be called from other programs
What is a SQL injection?
A computer attack where malicious users insert SQL code statements in entry fields.
BIOS Basic Input/output System
A computer's firmware used to manipulate different settings such as the date and time boot drive, and access passwords
IDS Intrusion detection system
A detective control used to detect attacks after they occur. A signature-based IDS (also called definitions-based) uses a database of predefined traffic patterns. An anomaly-based IDS (also called behavior-based) starts with a performance baseline of normal behavior and compares network traffic against this baseline. An IDS can be either host-based (HIDS) or network-based (NIDS) In contrast, a firewall is a preventative control that attempts to prevent the attacks before they occur. An IPS is a preventative control that will stop an attach in progress
What is an IDS?
A device that monitors a host or network for traffic patterns or known attacks, and alerts an administrator of the ongoing issue.
CVE Common Vulnerabilities and Exposures (CVE)
A dictionary of publicly known security vulnerabilities and exposures
DSA digital signature algorithm
A digital signature is an encrypted hash of a message. The sender's private key encrypts the hash of the message to create the digital signature. The recipient decrypts the hash with the sender's public key, and if successful, it provides authentication, non-repudiation and integrity. Authentication identifies the sender. Integrity verifies the message has not been modified. Non-repudiation is used with online transactions and prevents the sender from later denying they sent the e-mail
HDD Hard disk drive
A disk drive that has one or more platters and spindle. In contrast, USB flash drives use flash memory
DRP Disaster recovery plan
A document designed to help a company respond to disasters, such as hurricanes, floods and fires. It includes a hierarchical list of critical systems and often prioritizes services to restore after an outage. Testing validates the plan. Recovered systems are tested before returning them to operating and this can include a comparison to baselines. The final phase of disaster recovery includes a review to identify any lessons learned and may include an update of the plan
TCO Total cost of ownership
A factor considered when purchasing new products and services. TCO attempts to identify the cost of a product or service over its lifetime
What is Windows To Go?
A feature in Windows 8.1 Enterprise that allows users to boot and run Windows 8.1 Enterprise from a removable storage device.
EFS encryption file system
A feature within NFTS on Windows systems that supports encrypting individual files or folders for confidentiality
PCAP packet capture
A file that contains packets captured from a protocol analyzer or sniffer
WAF Web application firewall
A firewall designed to protect a web application, such as a web server. A WAF inspects the contents of traffic to a web server, can detect malicious content and block it.
DNAT destination network address translation
A form a NAT that changes the destination IP address for incoming traffic. It is used for port forwarding
DNAT dynamic network address
A form of NAT that uses multiple public IP addresses. In contrast, PAT uses a single public IP addresses. It hides addresses on an internal network
What is a combination attack?
A form of dictionary attack that uses two dictionaries, matching each word from one dictionary to every word in the other dictionary.
What is a Combination Attack?
A form of dictionary attacks that uses two dictionaries, matching each word in one dictionary to every word in the other dictionary.
What is a SSD?
A form of permanent storage. Area where the operating system or files are stored.
What is spear phishing?
A form of social engineering that uses targeted emails to try to obtain personal information from a specific entity.
SPIM spam over internet messaging
A form of spam using instant messaging that targets instant messaging users
CIRT Computer Incident Response Team
A group of experts that respond to security incidents. Also known as CERT, SIRT, or IRT
CERT Computer Emergency Response Team
A group of experts that respond to security incidents. Also known as CIRT, SIRT or IRT.
VTC Video teleconferencing
A group of interactive telecommunications technologies that allow people in two or more locations to interact with two-way video and audio transmissions
VoIP Voice over IP
A group of technologies used to transmit voice over a public network such as the Internet. VPN sometimes uses VoIP
RIPEMD Race integrity primitives evaluation message digest
A hash function used for integrity. It creates fixed length hashes of 128, 160 256 or 320 bits
MD5 Message digest 5
A hashing function used to provide integrity. MD5 uses 128 bits. A hashes are compared to each other to verify that integrity has been maintained
SHA Secure Hash Algorithm
A hashing function used to provide integrity. SHAI uses 160 bits and SHA-256 uses 256 bits. Hashing algorithms always provide a fixed-size bit-string regardless of the size of the hashed data. By comparing the hashes at two different times, you can verify integrity of the data.
What is a backdoor?
A hidden way to gain access to a file, system, or building. Usually associated with malicious behavior.
Describe mandatory access control (MAC).
A hierarchical access model managed by administrators
ISSO Information systems security officer
A job role within an organization focused on information security
Key Pair Usage
A key used to sign a document should not be used to encrypt a document
PAM pluggable authentication modules
A library of API's used for authentication-related services
CSU Channel Service Unit
A line bridging device used with T1 and similar lines. It typically connects with a DSU as a CSU/DSU
CRL Certification Revocation List
A list of certificates that have been revoked. Certificates are commonly revoked if they are compromised. The Certificate authority (CA) that issued the certificate publishes a CRL, and a CRL is public
ACL Access Control list
A list of rules used to grant access to a resource. In NTFS a list of ACEs makes up the ACL for a resource. In a firewall, an ACL identifies traffic that is allowed or blocked based on IP address, networks, ports and some protocols (using the protocol ID)
What is a VLAN?
A logical subnetwork of computers in a local area network, whose computers can be on any cable segment on the LAN and still reside on the same subnet.
FCoE Fiber Channel over Ethernet
A lower-cost alternative to traditional SANs. It supports sending Fiber Channel commands over an IP network
iSCSI internet small computer systems interface
A lower-cost alternative to traditional SANs. It supports sending traditional SCIS commands over an IP network
What is a VTP?
A messaging protocol used on VLANs developed by Cisco, to advertise the switching information and configuration changes on a VLAN to all the switches on a network.
What is MAC?
A method involving providing a clearance level user and classification labels to resources.
CSR Certificate signing request
A method of requesting a certificate from a CA. It starts by creating an RSA-based private/public key pair and then including the public key in the CSR
What is Steganography?
A method used to conceal the existence of data by hiding it within another piece of data.
What is a Asymmetric encryption?
A method used to prevent unauthorized users from seeing data, using a key pair, a public key and private key, for the encryption and decryption process.
SCAP Security Content Automation Protocol
A method with automated vulnerability management, measurement and policy compliance evaluation tools
What is a TPM?
A microchip contained on a computers motherboard that secures and protects information by storing the cryptographic keys used to encrypt and decrypt data.
SONET synchronous optical network technologies
A multiplexing protocol used to transfer data over optical fiber
Active Directory Naming Strategy
A naming strategy allows better administrative control over network resources Naming computer and user objects
What is a switch?
A network device that acts as a common connecting point for various nodes, they are responsible for forwarding data from the source to only nodes to which they are addressed.
DLP Data loss protection
A network-based DLP system can examine and analyze network traffic. It can detect if confidential company data or any PII data is included in e-mail and reduce the risk of internal users e-mailing sensitive data outside the organization
What is Shoulder Surfing?
A person trying to view confidential information by looking over someone's shoulder.
BCP Business continuity plan
A plan that helps an organization predict and plan for potential outages of critical services or functions. It includes disaster recovery elements that provide the steps used to return critical functions to operation after an outage. A BIA is part of a BCP and the BIA drives decisions to create redundancies such as failover clusters or alternate sites
BYOD Bring your own device
A policy allowing employees to connect personally owned devices such as tablets and smartphones, to a company network. Data security is often a concern with BYOD policies and organizations often use VLANs to isolate mobile devices
IPS intrusion prevention system
A prevention control that will stop an attack in progress. It is similar to an active IDS except that it's placed in line with traffic. An IPS can actively monitor data streams, detect malicious content, and stop attacks in progress.
What is a VPN?
A private network that is configured by tunneling through a public network, such as the internet.
What is a FTP?
A protocol that is used to send files between hosts on a network, such as transferring a spreadsheet from a local server.
What does SSL do?
A protocol used to secure communications over the Internet using encryption, authentication, and digital certificates.
What is a Cold Site?
A redundant site location that provides only the most basic environment to carry on with business. Provides wiring, ventilation, plumbing, and possibly raised flooring for routing cables.
HSM hardware security module
A removable or external device that can generate, store, and manage RSA keys used to asymmetric encryption. High-volume ecommerce sites use HSMs to increase the performance of SSL sessions. High-availability clusters needing encryption services can use clustered HSMs.
CAR Corrective Action Report
A report used to document actions taken to correct an event, incident or outage
What is a sandbox?
A restricted environment used to segregate a program from other programs to prevent poorly written or malicious code from being spread to other areas on a computer.
Evil Twin
A rogue AP masquerading as a legitimate one
PSK preshared key
A secret shared among different systems wireless networks support personal mode, where each device uses the same PSK. In contrast, enterprise mode uses an 802.1x or RADIUS server for authentication
UTM unified threat management
A security appliance that combined multiple security controls into a single solution. UTM appliances can inspect data streams for malicious content and often include URL filtering malware inspection and content inspection components
DEP Data execution prevention
A security feature in some operating systems. It helps prevent an application or service from executing code from a nonexecutable memory region.
What is a Big Data Analysis?
A security procedure used to detect abnormal behavior, the audit is commonly used to identify abnormal spending patterns and possible credit card fraud.
USB Universal Serial Bus
A serial connection used to connect peripherals such as printers, flash drives and external hard disk drives. Data on USB drives can be protected against loss of confidentiality with encryption. They combine high volume and transfer speeds with ease of concealment and often result in data leakage
RAS remote access service
A server used to provide access to an internal network from an outside location. RAS is also known as Remote Access Server and sometimes referred to as Network Access Service (NAS)
NAT Network address translation
A service that translates pubic IP addresses to private and private IP addresses to public. it hides addresses on an internal network
DHCP Dynamic Host Configuration Protocol
A service used to dynamically assign TCP/IP configuration information to clients DHCP is often used to assign IP addresses, subnet masks, default gateways, DNS server addresses, and much more
What is a TFTP?
A simple file transfer protocol used for transferring boot or configuration information to network devices.
Baseline
A snapshot of the typical activity on your network or on any given host.
What is tailgating?
A social engineering attack that I performed when someone tries to access a secure area by following someone who has access to the secure area.
What is a BitLocker?
A software based FDE solution included in Windows operating systems, used to encrypt and protect the entire operating system volume.
SDLC Software Development life cycle
A software development process. Many different models are available
PIV personal identity verification card
A specialized type of smart card used by United States federal agencies. It is similar to a CAC
CAC Comman Access Card
A specialized type of smart card used by the United States department of defense. It includes photo identification and provides confidentiality, integrity, authentication and non-repudiation for the users. It is similar to a PIV.
CAN Controller Area Network
A standard that allows microcontrollers and devices to communicate with each other without a host computer
RTP real-time transport protocol
A standard used for delivering audio and video over an IP network
What is a DMZ?
A subnet on a network which contains corporate network devices that are exposed to an untrusted network. commonly the internet.
DNSSEC Domain name system security extensions
A suite of specifications used to protect the integrity of DNS records and prevent DNS poisoning attacks
What is AES?
A symmetric algorithm block cipher designed by Rijndael to replace DES and has a standardized block size of 128bits.
What is a CAST encryption?
A symmetric algorithm that uses a 64-bit block to support 64-bit and 128-bit keys, and a 128-bit block to support 256-bit keys.
AES Advanced Encryption Standard
A symmetric algorithm used to encrypt data and provide confidentiality. AES is a quick, highly secure, and used in a wide assortment of cryptography schemes. It includes key sizes of 128 bits, 192 bits or 256 bits
3DES Triple Digital Encryption Standard
A symmetric algorithm used to encrypt data and provide confidentially. It was originally designed as a replacement for DES. It uses multiple keys and multiple passes and is not as efficient as AES, but is still used in some applications, such as when hardware doesn't support AES
What is Non-intrusive Scanning?
A system can be scanned for specific information such as specific registry values, missing security updates, and services that are listening on a specific port.
What is a Network Mapper?
A tool used to determine the devices that are connected within a specific network.
SELinux Security-Enhanced Linux
A trusted operating system platform that prevents malicious or suspicious code from executing on both Linux and UNIX systems. It is one of the few operating systems that use the MAC model
What is a NVRAM?
A type of computer memory that does not lose its contents when the device is powered off.
What is a Brute force attack?
A type of password-guessing attack in which every possible password is guessed until it finds the correct one.
What is a RAM?
A type of volatile memory.
ECDHE elliptic-curve diffie-Hellman
A version of diffie-Hellman that uses ECC to generate encryption keys. Ephemeral keys are re-created for each session
VM virtual machine
A virtual system hosted on a physical system. A physical server can host multiple VMs as servers. Virtualization can reduce the footprint of an organization's server room a datacenter and helps eliminate wasted resources. It also helps reduce the amount of physical equipment reducing overall physical security requirements. A VM escape is an attack that allows to access the host system from within the virtual system.
Vulnerability
A weakness that could be triggered accidentally or exploited intentionally because of a Security Breach
What is a PortQry?
A windows command that can be used to perform a port scan of a system. Must be downloaded from the Microsoft web site.
BPA Business partners agreement
A written agreement that details the relationship between business partners, including their obligations toward the partnerships
What is the goal of tabletop exercises? (Select all that apply) A Disaster recovery planning B Active test of security controls C Discussing a simulated emergency situation D Passive test of security controls
A, C
What access control method is most commonly used to control access to resources in a peer-to-peer network?
ACL
What is used to enforce rule-based access control?
ACLs
DAC
ACLs Ownership Flexible Decentralized
What access control method is most commonly used to control access to resources in a peer-to-peer network?
ACLs (Access control list)
What is ideally used to encrypt the contents of a USB flash drive?
AES
What type of encryption should you use to encrypt a USB flash drive?
AES
You need to encrypt the contents of a USB flashdrive. Which type of encryption should you use?
AES
AES256
AES using 256-bit keys; qualifies to handle Top Secret information
Describe the two components of IPSec
AH, ESP (Authentication Head: provides authentication and integrity; Encapsulating Security Payload: encrypts payload)
Which of the answers listed below refers to the correct formula for calculating probable financial loss due to a risk over a one-year period? SLE = AV x EF ALE = ARO x SLE SLE = ALE x AV ALE = AV x EF
ALE = ARO x SLE
Explain the formula for ALE (Annualized Loss Expectancy)
ALE = SLE x ARO (Revenue loss from a single occurrence x the number of times you expect a risk to occur during the year)
In quantitative risk assessment, this term is used for estimating the likelihood of occurrence of a future threat. ALE AV ARO SLE
ARO (annual rate of occurrence)
The basic formula for calculating ALE uses what two values?
ARO, SLE (The number of times you can expect a risk to occur during a year. Revenue loss from a single risk occurrence.)
The Type of Attack that You Have to Be Internally To Attack?
ARP Attack
Which of the following acronyms refers to a set of rules enforced in a network that restrict the use to which the network may be put? OEM AUP UAT ARO
AUP (Acceptable Use Policy)
Cloud Elasticity
Ability to scale to meet demand as needed
Rootkit
Able to hide things from the OS; best to catch at installation
AUP
Acceptable Use Policy
CAC and PIV
Access Cards
Directory Services
Access Control Lists (ACLs)
Remote Access
Access to a network does not require the user to be physically present Dial Up Leased Line DSL Cable Analog Internal or External Modems Baseline Privacy Interface (BPI) Data Over Cable System Interface Specification (DOCSIS)
ASP
Active Server Pages - Similar to CGI
WI-FI Topologies
Ad-Hoc - Wireless adaptor allows connections to and from other devices Infrastructure - Adapter is configured to connect through an access point to other wireless wired devices
System Hardening
Adding antivirus, firewalls, etc; removing unneeded services and software; updating and patching
Command Injection Attack
Adding commands to the end of URLs in order to execute arbitrary code on the server
Geotagging
Adding geographical data to photographs and messages
Physical Security Controls
Admin or Technical Goals/Functions: -Preventive (Visible Consequences) -Deterrent (Cable Locks) -Detective (Cameras) -Corrective (Relocating Cameras) -Compensating (Restoring System after Attack)
Asset Management Forms
Administrative
Security Policy
Administrative
AES
Advanced Encryption Standard
What does AES stand for?
Advanced Encryption Standard
Lockout
After several attempts
External Threats
Agents/Motivations Accidental/Malicious Structured/Unstructured
Blanket Purchase Order
Agreement between government agency and a private company for ongoing purchases
802.1X
Aka EAP (Extensible Authentication Protocol) Access Point passes authentication information to a RADIUS server on the wire network for validation.
Time-Based One-Time Password
Algorithm that uses a time-based factor to create unique passwords
Smart Card
All Authentication Types
What should be done with a Patch once it has been created to fix an issue?
All Patches should be tested in a lab environment before they are installed
Mandatory Access Control
All access is predefined; inflexible; most secure
Incremental Backup
All changes since last backup of any kind are archived
Differential Backup
All changes since last full backup are archived
Full Backup
All changes to data are archived
Unified Threat Management
All-in-one appliance; combines firewall with intrusion prevention, antivirus, filtering, etc.; also known as a Next Generation Firewall (NGFW)
How should you configure your ports to secure IMAP connections?
Allow 993, deny 143
An authoritative DNS server must transfer zone data to six secondary DNS servers. What configuration provides the best security?
Allow zone transfer to specific IPs
MaaS monitoring as a service or management as a service
Allows an organization to outsource the management and monitoring of IT resources
Lightweight Directory Access Protocol
Allows queries of directories (X.500-based); used by Active Directory
FACL File System Access Control
An ACL used for file systems. As an example, NTFS uses the DAC model to protect files and folders
AUP Acceptable use policy
An AUP defines proper system usage. It will often describe the purpose of computer systems and networks, how users can access them, and the responsibilities of users when accessing the system
What is ECC?
An Asymmetric algorithm that uses elliptic curves that work as a public key algorithm.
HMAC Hash-based message authentication Code
An HMAC is a fixed length string of bits similar to other hashing algorithms such as MD5 and SHA-1, but it also uses a secret key to add some randomness to the result
WIDS Wireless intrusion detection system
An IDS used for wireless networks
NIPS Network-based intrusion prevention system
An IPS that monitors the network. An IPS can actively monitor data streams, detect malicious content and stop attacks in progress
WIPS Wireless prevention system
An IPS used for wireless networks
What is a Trusted OS?
An Operating system that has been evaluated and proven that is meets government security requirements
RTO recovery time objective
An RTO identifies the maximum amount of time it can take to restore a system after an outage. It is related the RPO and the BIA often includes both RTOs and RPOs
RBAC Role-based access control
An access control model that uses roles to define access. Role-based access control is based on a set of approval instructions such as an access control list. Other access models are MAC and DAC.
RBAC Rule-Based access control
An access control model that uses rules to define access. Rule-based access control is based on a set approved instructions such as an access control list. Other access control models are MAC and DAC
DAC Discretionary Access Control
An access model where all objects have owners and owners can modify permission for the objects (files and folders). Microsoft's NTFS users the DAC model. Other access control models are MAC and RBAC
What is an IPS?
An active detection monitoring solution that can be implemented within a network to detect malicious activity and attempt to stop it.
What is a TOTP?
An algorithm that uses a clock based synchronous token device consisting of a clock combined with a base secret key. Used to generate a password for the user.
SHTTP secure hypertext transfer protocol
An alternative to HTTPS, infrequently used
NoSQL Not only Structured Query Language
An alternative to traditional SQL databases. NoSQL databases use unstructured query language queries instead of a traditional SQL queries
DHE Diffie-hellman ephemerL
An alternative to traditional diffie-Hellman. Instead of using static keys that stay the same over a long period, DHE uses ephemeral keys, which change for new session. sometimes listed as EDH
OSCP online certificate status protocol
An alternative to using a CRL. It allows entities to query a CA with the serial number of a certificate. The CA answers with good, revoked or unknown
BAC Business Availability Center
An application that shows availability and performance of applications used or provided by a business
What is a RSA?
An asymmetric cryptosystem that can be used for encryption as well as creating digital signatures. Key sizes for RSA vary between 1,024 and 4,096.
ECC Elliptic curve cryptography
An asymmetric encryption algorithm commonly used with smaller wireless devices. It uses smaller key sizes and requires less processing power than many other encryption methods
What is a Diffie-Hellman?
An asymmetric encryption algorithm that is used for encryption only. It enables the sharing of secret keys between two users.
DoS Denial-of-Service
An attack from a single source that attempts to disrupt the services provided by another system. Examples include SYN flood, smurf and some buffer overflow attacks. Compare to DDoS
DDoS Distributed denial-of-service
An attack on a system launched from multiple sources intended to make a computer's resources or service unavailable to users. DDoS attacks are often launched from zombies in botnets. DDoS attacks typically include sustained, abnormally high network traffic. A performance baseline helps administrators detect a DDoS. Compared to DDos
XSRF Cross-site request forgery
An attack that causes users to perform actions on websites without their knowledge. In some cases, attackers use header manipulation to steal cookies and harvest passwords
What is CSRF?
An attack that exploits the trust between a website and a client browser. ex. sending unauthorized commands to the site from a trusted user.
What is a DDoS attack?
An attack that is simultaneously performed by multiple systems and are used to prevent users from accessing targeted resources.
What is TCP/IP hijacking?
An attack that works when an attacker gains access to a network and disconnects a host from the network. The attacker then adds another computer in the network using the same IP address in an attempt to pass itself off as the original.
What is Cross-site scripting?
An attacker inserts a script within seemingly legitimate URL. Used to steal personal information, ex. Login Credentials.
What is Phishing?
An attacker sending an email to users to gain personal information.
EAP Extensible Authentication Protocol
An authentication framework that provides general guidance for authentication methods. Variations include LEAP and PEAP.
What is an identification authentication service?
An authentication method that requires a human to verify if someone is who they claim to be.
What is Kerberos?
An authentication service that is based on a time sensitive ticket granting system.
What is Biometrics?
An authentication that uses unique parts of the human body to authenticate.
BOTS Network Robots
An automated program or system used to perform one or more tasks. A malicious botnet is group of computers called zombies and controlled through a command-and-control server. Attackers use malware to join computers and to botnets. Zombies regularly check in with the command-and-control server and can launch DDoS attacks against other victims. Botnet activity often includes hundreds of outbound connections, and some botnets use Internet
What is a SSH?
An encryption network protocol uses to encrypt protocol data that does not have built in security. ex. FTP and Telnet
CCMP Counter Mode with Cipher Block Chaining Message Authentication Code Protocol
An encryption protocol based on AES used with WPA2 for wireless security. It is more secure then TKIP, used with the original release of WPA.
What is a Key Recovery agent?
An entity that can backup and restore keys, to access any encrypted data.
What is Banner Grabbing?
An enumeration based attack that is used to obtain information about the service running on a computer.
CRC Cyclical Redundancy Check
An error detection code used to detect accidental changes that can affect that integrity of data
EAP-TLS extensible authentication protocol transport later security
An extension of EAP sometimes used with 802.1x. It allows systems to use some older authentication methods such as PAP within a TLS tunnel. It requires a certificate on the 802.1x server but not on the clients
EAP-TLS extensible authentication protocol-transport layer security
An extension of EAP sometimes used with 802.1x. This is one of the most secure EAP standards and is widely implemented. The primary difference between PEAP and EAP-TLS is that EAP-TLS requires certificate on the 802.1x server and on each of the wireless clients
FTPS file transfer protocol secure
An extension of FTP that uses SSL or TLS encrypt FTP traffic. Some implementations of FTPS use ports 989 and 990
HIPS Host-based intrusion prevention system
An extension of a host based IDS. Designed a react to real time to catch an attach in action.
XTACACS Extended Terminal Access Controller access-control system
An improvement over TACACS developed by Cisco Systems and proprietary to Cisco systems. TACACS+ is more commonly used
DSU Data service Unit
An interface used to connect equipment to a T1 and similar lines. It typically connects with a CSU as a CSU/DSU
PAP password authentication protocol
An older authentication protocol where passwords are sent across the network in clear text. Rarely used today
TACACS Terminal access controller access-control system
An older remote authentication protocol that was commonly used in UNIX networks, TACAS+ is more commonly used
DES Digital Encryption Standard
An older symmetric encryption standard used to provide confidentiality. DES uses 56 bits and is considered cracked
HOTP HMAC-based one time passwords
An open standard used for creating one-time passwords, similar to those used in a tokens or key fobs. It combines a secret key and an incrementing counter, and then uses HMAC to create a hash of the result. HOTP passwords do not expire until they are used.
CA Certificate Authority
An organization that manages, issues, and signs certificates and is part of a PKI. Certificates are an important part of asymmetric encryption. Certificates include public keys along with details on the owner of the certificate and on the CA that issued the certificate. Certificate owners share their public key by sharing a copy of their certificate.
IV Initialization vector
An providers randomization of encryptions keys to help ensure that keys are not reused. WEP was susceptible to IV attacks because it used relatively small IVs. In an IV attack, the attacker uses packet injection, increasing the number of packets to analyze and discovers the encryption key
Honeypots and Honeynets
Analyze and identify attacks Act as decoys Low interaction - Software that simulates a host and typical services High interaction - Complete simulated systems
Architecture Review
Analyze the systems on which the web application depends
What is a Web security gateway?
Analyzes packets to mitigate downloading of malware
ALE
Annual Loss Expectancy. ALE = SLE x ARO
What does ARO stand for?
Annual Rate of Occurrence
ARO
Annualized Rate of Occurrence
An SMTP server is the source of email spam in an organization. Which of the following is MOST likely the cause?
Anonymous relays have not been disabled
**Exploit, Exploitable, Exploiting**
Answer: **Pen Test, Penetration Test**
Which anti-malware tool are you use against Junk Email?
Anti-Spam
Which anti-malware tool are you use against Tracking Software?
Anti-spyware
Mean Time Between Failures
Anticipated lifetime of a component (can be repaired)
Mean Time To Failure
Anticipated lifetime of a component (cannot be repaired)
Which anti-malware tool are you use against Infected Files?
Antivirus
Which one of these describes Steganography
Anything involving sound files
Web Servers
Apache IIS nginx
What is an UTM?
Appliances, or all in one security appliances, consolidate several security mechanisms into one.
SaaS Software as a Service
Applications provided over the internet. Webmail is an example of a cloud-based technology. Compare to IaaS and PaaS
Software as a Service
Applications remotely run over the web
Patch Management
Apply all latest **Only apply specific**
What is change management?
Approve hardware and software changes to not reduce network performance, security, or increase cost without reason
DMZ Demilitarized zone
Area between two firewalls separating the internet and an internal network. A DMZ provides a layer of protection for internet-facing servers. It allows access to a server or service for internet users while segmenting and protecting access to the internal network.
Least Privilege
Assign the minimum possible rights
Identification
Associates a Subject with an action performed on a network system -Identifier (Username) -Credentials (Pin code, or pictures of things) -Profile (Info stored about subject, giving a name to the pictures) Issuance Enrollment (Ends when credentials are met) Identity Management (Identity Proofing)
Companion Virus
Attaches itself to legitimate programs
ASR
Attack Surface Reduction
Directory Traversal Attack
Attack tries to gain access to the root directory of the target system, usually through command injection attacks
Bombing
Attacker generates a large number of HTTP requsts or SMTP mail messages designed to overwhelm the server
What is a Vishing attack?
Attackers calling people and trying to get them to provide personal information by pretending to be a trusted source (bank or credit company).
Retrovirus
Attacks or bypasses antivirus software
Multipartite Virus
Attacks the system in multiple ways
What is a Man in the Middle attack?
Attacks work by placing software that can intercept data between two unaware hosts, often performed between a server and a client and used to impersonate both parties.
Brute Force Attacks
Attempts every possible combination in the key space in order to derive a plaintext (password) from a ciphertext (hash)
SSO (Single Sign On)
Authenticate Once - Authorize Many Simplifies Account Management Problem - Compromising Account may compromise multiple applications Difficult to implement on public networks
Which of the following remote access processes is best described as matching user supplied credentials with those previously stored on a host server?
Authentication
Which part of the AAA framework deals with verification of the identity of a person or process? Authorization Non-repudiation Authentication Accounting
Authentication
What does AH stand for?
Authentication Header
AH
Authentication Header protocol performs a cryptographic hash on the packet plus a shared secret key
CHAP Challenge Handshake authentication Protocol
Authentication mechanism where a server challenges a client MS-CHAPv2 is an important over CHAP and uses mutual authentication.
SSO single sign-on
Authentication method where users can access multiple resources on a network using a single account. SSO can provide central authentication against a federal database for different operating systems
Extensible Authentication Protocol
Authentication protocol for wireless networks; implemented as LEAP and PEAP
NTLM new technology LANMAN
Authentication protocol intended to improve LANMAN. The LANMAN protocol stores passwords using a hash of the password by first dividing the password into 27 character blocks and then converting all lowercase letters to uppercase. This makes LANMAN easy to crack. NTLM stores passwords in LANMAN format for backward compatibility, unless the passwords are greater than 15 characters. NTLMv1 is older and has known vulnerabilities. NTLMv2 is newer and secure.
What is SSO?
Authentication that enables users to log to a system only once to access all resources within a network to which they have been assigned rights.
Social Engineering Principles
Authority Intimidation Consensus/Social Proof Scarcity Urgency Familiarity/Liking Trust
What Makes Social Engineering Attacks Effective
Authority Intimidation Consensus/Social Proof Scarcity Urgency Familiarity/Liking Trust
Which part of the AAA framework deals with granting or denying access to resources? Authentication Identification Accounting Authorization
Authorization
Which part of the AAA framework incorporates the time-of-day restrictions requirement? Authentication Non-repudiation Accounting Authorization
Authorization
Dynamic Routers
Automatically discover routes by communicating with each other Protocols used to goven dynamic router exchanges: OSPF - Open shortest path first RIP - Routing Information Protocol BGP - Border gateway protocol
nines
Availability
Risk Mitigation Options
Avoidance Transference Acceptance - with continuous monitoring
Stealth Virus
Avoids detection by masking itself
Which of the following answers refers to a key document governing the relationship between two business organisations? ISA ALE SLA BPA
BPA (business partners agreement)
Working Copy Backups
Backups on site for immediate recovery; also known as shadow copies
Black Hat
Bad Hackers for personal gain, not for money
RACE Integrity Primitives Evaluation Message Digest
Based on MD4; replaced by RIPEMED-160
SCP secure copy
Based on SSH, SCP allows users to copy encrypted files over a network. SCP uses port 22
A HIDS that recognizes possible attacks by monitoring attempts to make unauthorized changes to files is an example of what kind of monitoring methodology?
Behavior based
Twofish
Blowfish with 128-bit blocks
The practice of sending unsolicited messages over Bluetooth is known as: Phishing Bluejacking Vishing Bluesnarfing
Bluejacking
The practice of gaining unauthorized access to a Bluetooth device is referred to as: Pharming Bluesnarfing Vishing Bluejacking
Bluesnarfing
BGP
Border Gateway Protocol
Symmetric Algorithms
Both ends of an encrypted message have to use the same key and processing algorithms; faster than asymmetric
BYOD
Bring Your Own Device
BYOD
Bring your own device
What does BYOD stand for?
Bring your own device
Which of the following answers lists an example order of volatility for a typical computer system? A Memory dump, disk files, temporary files, archival media B Archival media, disk files, temporary files, memory dump C Memory dump, temporary files, disk files, archival media D Temporary files, memory dump, archival media, disk files
C
Which wireless protocol provides data confidentiality and integrity using AES?
CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol)
A United States federal government initiative aimed at enabling agencies to continue their essential functions across a broad spectrum of emergencies is known as: OVAL TACACS COOP OCSP
COOP (Continuity Of Operations)
Which of the solutions listed below allow(s) to check whether a digital certificate has been revoked? (Select all that apply) CIRT CRL OCSP CRC ICMP
CRL, OCSP
UTP unshielded twisted pair
Cable type used in networks that do not have any concerns over EMI. RFL or cross talk. If these are a concern, STP is used
STP shielded twisted pair
Cable type used to networks that includes shielding to prevent interference from EMI and RFI. It can also prevent data from emanating outside the cable.
Password Crackers
Cain and Abel John the Ripper THC Hydra Aircrack L0phtcrack
LDAP Injection
Can execute commands and alter data; filter input to prevent
Keys
Cannot keep the cipher itself secret Key ensures ciphertext remains protected even when the operation of the cipher is known Key size determines how difficult it is for a computer to guess the key
Which of the answers listed below refers to a solution allowing administrators to block Internet access for users until they perform required action? Mantrap Honeypot Captive portal Access Control List (ACL) Firewall
Captive portal
Sniffers
Captures Frames from Network. Hardware or Software.
CMP
Certificate Management Protocol
What does CPS stand for?
Certificate Practice Statement
What does CRL stand for?
Certificate Revocation List
CRL
Certificate Revocation List; latency in revoking certificates
What does CSR stand for?
Certificate Signing Request
In forensic procedures, a chronological record outlining persons in possession of an evidence is referred to as: Proxy list Order of volatility Access log Chain of custody
Chain of custody
You are investigating some malware that has infected a server in your company. You make a digital copy of the hard drive that you can analyze. You place the original drive in a secure cabinet. What aspect of incident response does this illustrate?
Chain of custody
CHAP
Challenge Handshake Authentication Protocol
What does CHAP stand for?
Challenge Handshake Authentication Protocol
CHAP
Challenge Handshake Authentication Protocol - 3 Way handshake Challenge Response Verification One way authentication only
What does CCB stand for?
Change Control Board
Header Manipulation
Change HTTP header values to falsify access
Which of the examples listed below falls into the category of operational security controls? Change management Encryption Antivirus software Mantrap
Change management
Your boss is concerned that an administrator might accidently introduce a security vulnerability when installing a new server. What can you use to mitigate the risk?
Change management
Polymorphic Virus
Changes form to avoid detection
What is TKIP?
Changes the encryption keys for ever packet sent.
Trusted Platform Module
Chip in a device to generate and store the private key
What does CCMP stand for?
Cipher Block Chaining Message Authentication Code Protocol
Alarm Systems
Circuit Motion Duress
A sticky note with a password kept on sight in user's cubicle would be a violation of which of the following policies? Data labeling policy Clean desk policy Acceptable Use Policy (AUP) User account policy
Clean desk policy
Infrastructure as a Service
Clients pay for virtualized resources
Community Cloud
Cloud that serves a group of similar users; requires joint interests and limited enrollment
What should be performed during software development and after software release?
Code Review
What type of action allows an attacker to exploit the XSS vulnerability? Code injection Banner grabbing PIN recovery Input validation
Code injection
ASSII American Standard Code for Information Interchange
Code used to display characters
What does a protocol analyzer do?
Collect traffic from the network and provide usage statistics
Federation
Collection of computer networks that agree on standards of operation
Active Fingerprinting
Collects data and server information such as role of server. Port Scanners. Christmas Attack.
Hybrid Attack
Combination of dictionary and brute force
Fixed Systems
Combines fire detectors and fire-suppression systems
What is a Hybrid attack?
Combines multiple types of password guessing attacks.
Security Policy
Commitment to Secure working practices, Risk Assessment, Tested, documented procedures and security controls, Compliance
CGI
Common Gateway Interface - Scripting mechanism allowing a web server to process data supplied by a client
CC
Common criteria is an ISO standard defining security frameworks.
PGP pretty good privacy
Commonly used to secure email communications between two private individuals but is also used in companies. It provides confidentiality, integrity, authentication and non-repudiation. It can digitally sign and encrypt email. It uses both asymmetric and symmetric encryption
What does CaaS stand for?
Communication as a Service
What is a rainbow table attack?
Compares the passwords hash to a large database of pre-computed hashes.
Virtualization Technologies
Computer - Platform that will host the virtual env Hypervisor - Manages the virtual machine env and facilities interaction with hardware and computer Guest OS - OS's installed on the virtual environment
CERT
Computer Emergency Response Team
CFAA
Computer Fraud and Abuse Act
CSIRT
Computer Security Incident Response Team
Honeypot
Computer designed to lure attackers (enticement, not entrapment)
IT Information technology
Computer systems and networks used within organizations
Uses of Cryptography
Confidentiality Authentication and Access Control Non-Repudiation Integrity
CIA
Confidentiality (Encryption), Integrity (Hashing), Availability, (Non-Repudiation)
What are the three components of CIA?
Confidentiality, Integrity, Availability
CIA
Confidentiality, Integrity, and Availability
Your network connects to the Internet through a single firewall. The internal network is configured as a single subnet. You need to deploy a public Web server to provide product information to your customers. What should you do?
Configure a DMZ and deploy the Web server on the DMZ
You are deploying a corporate telephony solution. The network includes several branch offices in remote geographical locations. You need to provide VoIP support among all office locations. You need to design a network infrustructure to support communications. You need to minimize the impact on network security. You need to minimize the cost related to deploying the solution. What should you do?
Configure a DMZ in each office
Packet Filtering Firewalls
Configured with Access Control Lists (ACLs)
Layered Security or Defense in Depth
Configuring security controls within the perimeter to cope with instances where firewalls are breached
What is the first thing you should do when responding to a security incident?
Contain the incident
How is a password policy described?
Containing restriction information such as length, complexity, and history requirements.
You are part of an incident response team. You change the passwords relating to all affected systems. You also back up the affected systems. These are exampes of which part of the incident handling procedure?
Containment
Ticket Granting Ticket
Contains information about the client plus a timestamp and validity period
Which of the following functionalities allows a DLP system to fulfil its role? Motion detection Environmental monitoring Content inspection Loop protection
Content inspection
Windows Management Tools
Control Panel Management Consoles Admin Tools
Urgency - Social Engineering
Convince someone that time is of the essence
Authority - Social Engineering
Convince someone you are in a position of authority
Which of the following can be used to explain the reasons a security review must be completed?
Corporate security policy
Restricted Information
Could seriously damage the organization of released (trade secrets, proprietary processes, etc.)
CCMP
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol
What should you do to ensure that messages between an SNMP management station and SNMP agents are encrypted?
Create IPSec filters for ports 161 and 162
Tunneling
Create a tunnel through the internet between the remote host and the private network. VPN. Going through an unsecured network to make it secure.
Your network is configured as a Windows Server 2008 Active Directory domain. The network includes two file servers FS0 and FS1. Folders from both file servers are shared to the network. You need to configure the same access permissions for 20 domain users to folders shared from FS0 to FS1. The users that need access to this set of folders may change over time. You need to minimize the effort needed to deploy and maintain this solution. What should you do?
Create one domain security group
What is rule-based access control?
Creating rules on a system to determine which actions are allowed or not allowed.
CBF
Critical Business Functions
What does XSS stand for?
Cross Site Scripting
XSS
Cross-Site Scripting
What does CSRF stand for?
Cross-site Request Forgery
Hardware Security Module
Cryptoprocessor usually associated with PKI systems; typically a PCI adapter
Advanced Encryption Standard
Current standard; developed by Daemen and Rijmen; 128-bit default key; supports 192- and 256-bit keys as well
CESA
Cyberspace Electronic Security Act
What is the function of archive bit? A Setting file attribute to read-only B Search indexing C Creating an additional copy of a file D Indicating whether a file has been modified since the last backup
D
An access control method based on the identity of subjects and/or groups to which they belong is called: HMAC DAC MAC RBAC
DAC
You are deploying a network for a small project group. Each group member should be responsible for securing access to his or her own computer's resource. What access control model should you use?
DAC
Access Control Models
DAC RBAC MAC
A workstation that is being used as a zombie set to attack a web server on a certain date is most likely part of a...
DDoS
Which of the following acronyms refers to software or hardware based security solutions designed to detect and prevent unauthorized use and transmission of confidential information outside of the corporate network? DEP RADIUS DLP PGP
DLP
Which of the following is employed to allow distrusted hosts to connect to services inside a network without allowing the hosts direct access to the internal networks?
DMZ
Web Server Hardening
DMZ Remove sample files disable directory browsing use throttling to manage connections
Most Secure Type of Biometrics
DNA
What name table is called on by nslookup test11406?
DNS (nslookup) - DNS server name
UDP 53
DNS name queries
Inserting invalid information into a name resolution server's database is known as what? (Choose two)
DNS poisoning, DNS spoofing
PORT TCP 53
DNS zone transfers
DES
Data Encryption Standard
DLP
Data Loss Prevention
What does DLP stand for?
Data Loss Prevention
What is the defining charateristic of a trusted operating system?
Data cannot be altered or moved, access rights are required to view data.
Contactless Smart Cards
Data is transferred using a tiny antenna in the card
Personally Identifiable Information
Data that can be used to uniquely identify an individual
RSA
De-facto public standard public-key encryption; uses large integers; works for both encryption and digital signatures
Standard
Deals with specific issues or aspects of a business; derived from policies
Protocol Analyzer
Decodes and presents frames for analysis Network monitoring Wireshark
What is the Private key used for?
Decrypts the message
3DES
Default VPN Mode
Implicit Deny
Default to refusing a request unless there is a rule following it. Everything will be denied unless I allow it. Explicit Allow.
Layered Security
Defense in Depth
How can you prevent access to servers on a subnet based on the IP address of the source and port being used while minimizing the changes necessary to the network?
Define an ACL on the router to the subnet
You need to prevent access to servers on subnet based on the IP address of the source and the port being used. Your network uses dedicated router devices throughout the network. You need to minimize the network changes necessary to configure the solution and also minimize the administrator effort necessary to maintain the solution. What should you do?
Define an ACL on the router to the subnet
X.509 Standard
Defines certificate formats and fields for public keys, as well as how to distribute them X.509 v2 for CRL X.509 v3 for Certificate MD2 RSA for Signature SHA1 for Digital Signature
MOU Memorandum of understanding
Defines responsibilities of each party, but it is not as strict as an SLA or an ISA. If the parties will be handling sensitive data, they should include an ISA to ensure strict guidelines are in place to protect the data while in transit.
What does DMZ stand for?
Demilitarized Zone
DMZ
Demilitarized Zones - Also referred to as a perimeter network. Traffic cannot pass through it.
You need to ensure that Active Directory domain user Alice does not have read access to the folder named Graphics. The Graphics folder is shared to the network from the server named FS0. The disk partition on which Graphics is located is formatted as NTFS. What should you do?
Deny read access to the folder through local access security
What is implicit deny?
Denying all traffic automatically
Topology
Description of how a computer network is physically or logically organized
Spanning Tree Protocol
Design to provide loop protection
Armored Virus
Designed to be difficult to detect or analyze
Edge or Border Router
Designed to connect a private network to the internet Repackage data from the private LAN frame to the WAN internet access frame
Wi-Fi Protected Access
Designed to replace WEP; uses RC4 encryption algorithm along with TKIP
Challenge Handshake Authentication Protocol
Designed to stop MiTM attacks; connecting machine generates random number/hash, server periodically challenges the client and asks for the random number to verify
DNAT
Destination Network or Port Forwarding The router takes requests from the internet for a particular application and sends them to a designated host and port on the LAN
Intrusion Detection System
Detects network intrusions; can be either host-based (H-IDS) or network-based (N-IDS); might be able to block traffic, but primarily a traffic-auditing device
Security Assessment Techniques
Determine a methodology and scope NIST SP 800-115 -Testing -Examining -Interviewing
Six Control Type Subcategories
Deterrent Preventative Detective Compensating Technical Administrative
Dictionary and Rainbow Attacks
Dictionary can be used where there is a good change of guessing the password Rainbow tables refine the dictionary approach. Precomputing Hash chains.
Certificate Policies
Different levels of authentication -SSL Web Server -Code Signing -Registered Domain -Personal Email
Which of the following answers refers to a solution for secure exchange of cryptographic keys? (Select best answer) Data Encryption Standard (DES) In-band key exchange Diffie-Hellman Out-of-band key exchange
Diffie-Hellman
Network traffic on port 389 indicates existence of an active: VPN connection Message transfer agent Directory service Web server
Directory service
An HTTP exploit which allows attackers to access restricted directories and execute commands outside of the web server's root directory is known as: Dictionary attack URL hijacking Watering hole attack Directory traversal attack
Directory traversal
You want to ensure that your network mail system is designed to minimize the risk that an outside attacker could use your mail system to send malicious e-mails. Your mail system includes several mail clients and an SMTP mail server. What should you do?
Disable open relays (at the SMTP server)
Port Security
Disabling ports MAC limiting and filtering 802.1X
What does DAC stand for?
Discretionary Access Control
DAC
Discretionary Access Control Decentralized work group: peer to peer The owner controls access to the resource by granting rights through the object's access control list
Formal Access Control Methods
Discretionary Access Control (DAC) Role Based Access Control (RBAC)* Mandatory Access Control (MAC) Rule Based Access Control (RBAC)* - FIREWALLS
Attacker Collecting Credit Card Details -> Phone Based Victim
Dishing
RAID 1
Disk mirroring; 100% redundancy; each drives has a complete copy of data; also known as disk duplexing
RAID 3 or 4
Disk striping (RAID 0) with parity disk; ensures data can be recovered from parity information if a drive fails
RAID 5
Disk striping with parity; most common form of RAID; parity information spread across all disks in the array; minimum of 3 disks, maximum of 32; cannot survive multiple disk failures
RAID 0
Disk striping; multiple drives mapped as a single drive; performance, not fault tolerance; one failure means total failure
JBOD just a bunch of disks
Disks installed on a computer but not as a RAID
What does DDoS stand for?
Distributed Denial of Service
What is the most difficult attack to reverse engineer
Distributed Denial of Service?
Linux Patch Management
Distributions and software repositories Source code vs precompiled Use MD5 to made a hash of the compiled package
Establishing a Methodology
Do everything or just a few things Identify Only or Identify and Exploit Attack Profile (Black Box (blind), White Box (Full disclosure), Grey Box(Somewhere in between)) Environment and Disclosure
Risk Avoidance
Do not engage in actions associated with risk
What 2 characteristics describe xmas attack? (2 answers)
DoS, IP Spoofing
Interconnection Security Agreement
Documents technical requirements of systems connected between two organizations
Circuit-Level Proxy
Doesn't deal with the contents of the packet
Windows Active Directory
Domain Controller Trees and Forrests
What does DNS stand for?
Domain Name System
DNS Security
Domain Name System Distributed hierarchical system for resolving names to IP addresses Works over port 53
The DNS service is used for translating: Link layer addresses into IP addresses IP addresses into MAC addresses Domain names into IP addresses Network layer addresses into link layer addresses
Domain names into IP addresses
Which of the following terms refers to a backup technique that allows for creating an exact copy of an entire drive and replicating the drive to a new computer or to another drive on the same computer in case of hard drive failure? (Select best answer) Disk striping Drive imaging Full backup Differential backup
Drive imaging
Firmware Updates
Driver Updates - Software that provides an interface between the OS and the device Firmware Updates - Software instructions stored on a ROM chip or flash memory
War Driving
Driving around with a wireless enabled laptop scanning for insecure WLANS
Screened Host
Dual-Homed Proxy Server Not as defensive as DMZ
Making sure that proper procedures are followed during an investigation during a security incident and that the rights of the suspect are respected is known as:
Due process
Social Engineering Tactics
Dumpster Diving for Info Should Surfing for password Lunchtime Attack Tailgating to gain entry
DHCP Security
Dynamic Host Configuration Protocol Automatic method for allocating IP addresses, subnet masks, and optional parameters, such as the default gateway Helps to avoid errors with manually configuring Prevent rogue DHCP servers Prevent DoS attacks by rogue clients DHCP Scope is Full could be an answer DHCP Server is Full is not an answer
Which of the answers listed below refers to a common target of cross-site scripting? Physical security Alternate sites Dynamic web pages Removable storage
Dynamic web pages
Which of the answers listed below refers to an authentication framework frequently used in wireless networks and point-to-point connections? DLP OCSP EAP LDAP
EAP
Which of the following protocols is used with 802.1X to authenticate to a client network?
EAP (Extensible Authentication Protocol)
Mobile Device Security
ECC
What type of encryption do we use for Mobile Devices
ECC (Elliptic Curve Cryptography)
Which of the protocols listed below uses elliptic curve cryptography for secure exchange of cryptographic keys? ECC LANMAN ECDHE OCSP
ECDHE (Elliptic curve Diffie-Hellman)
Key Exchange and Session Keys
ECDHE and 3DES
Encryption File System
EFS - File and folder encryption
What IPSec protocol provides confidentiallity?
ESP (Encapsulating Security Payload)
Which IPSec protocol provides confidentiality?
ESP (Encapsulating Security Payload, also provides integrity)
Family Educational Rights and Privacy Act
Educational institutions may not release information without authorization
When reviewing access to network file servers, which permissions should you check first?
Effective permissions
EMI
Electromagnetic Interference -Equipment or cabling in close proximity to noise source
ECC
Elliptic Curve Cryptography
What does ECC stand for?
Elliptic Curve Cryptography
ECC
Elliptic Curve Cyptography Trapdoor functions
Pretty Good Privacy
Email communication Standard
What does ESP stand for?
Encapsulating Security Payloads
ESP
Encapsulation Security Payload Provides confidentiality and authentication by encrypting the packet
What can be done to prevent cookie poisoning?
Encrypt cookies before transmission
What is the Public key used for?
Encrypt messages sent from a user.
Transport Encryption
Encrypting data as it is sent over a network
Secure Electronic Transaction
Encryption for credit card numbers
Ephemeral Key
Encryption key exists only for a single session
HTTPS hypertext transfer protocol secure
Encrypts HTTP traffic with SSL or TLS using port 443
Transport Mode
Encrypts just the payload
Tunnel Mode
Encrypts the original IP header and replaces it with another
Access Review
Ensure a user's access level is still appropriate
Spanning Tree Protocol
Ensures loop-free Ethernet LANs (Layer 2)
Design Review
Ensures that security is one of the requirements for the application
NDA non-disclosure agreement
Ensures that third parties understand their responsibilities. It is commonly embedded as a clause in a contract with the third party. Most NDAs prohibit sharing data unless you are the data owner
On-Boarding and Off-Boarding procedures
Ensuring devices are brought into and out of the organization securely
Trojan Horse
Enter a system or network under the guise of another program
What is a KRA?
Entities that have the ability to recover cryptographic keys, key components, and encrypted plain text.
What does DHE stand for?
Ephemeral Diffie-Hellman
Transport Layer Security
Essentially an updated version of SSL
Secure Sockets Layer
Establishes a TCP-based secure connection between two machines
Business Impact Analysis
Evaluate all the critical systems in an organization to define impact and recovery plans
Signature-Based-Detection IDS
Evaluates attacks based on attack signatures and audit trails
What does EAL stand for?
Evaluation Assurance Level
EAL
Evaluation Assurance Levels
Types of Monitoring System Logs
Event Log Audit Log Security Log Access Log
Application Log
Events logged by applications or programs; useful on database/SQL servers
dB to Power Rule
Every 3 dB doubles the power
Full Archival Method
Everything is stored forever
Which of the terms listed below refers to a rogue access point? Trojan horse Backdoor Computer worm Evil twin
Evil twin
Nmap has been run against a server and more open ports than expected have been discovered. Which of the following would be the FIRST step to take?
Examine the process using the ports
Cross-Site Scripting
Executes malicious code locally on the client machine; best way to prevent is to filter input
What is Session hijacking?
Exploiting a valid session in an attempt to gain unauthorized access. Classified as man in the middle attacks.
Macro Virus
Exploits macro functionality within applications
What does EF Stand for?
Exposure Facture
FTPS
Extends FTP to use TLS
EAP
Extensible Authentication Protocol
EAP
Extensible Authentication Protocol Defines framework for negotiating authentication mechanisms rather than the actual details of them Replaced CHAP 1) Supplicant - Client requesting authentication 2) Authenticator - Device that receives the authentication request 3) Authentication Server - Performs the authentication
XML
Extensible Markup Language - Means of describing information so that it can be transferred between different applications
Lightweight Extensible Authentication Protocol
Extension of EAP created by Cisco; being phased out for PEAP; requires mutual authentication; susceptible to dictionary attacks
Security Zones
External Perimeter Public Restricted Secure
Which of the following daemons is MOST likely to be the cause if an unauthorized user obtains a copy of a Linux system's /etc/passwd file?
FTP configured to allow anonymous user access.
Port TCP 21
FTP control port
Port TCP 20
FTP data port (active mode)
Large amount of processing power required to both encrypt and decrypt the content of the message causes that symmetric-key encryption algorithms are much slower when compared to algorithms used in asymmetric encryption. True or False
False
Log analysis should not take into account the difference between the reading of a system clock and standard time as this impedes the reconstruction of the sequence of events during an attack or security breach. True False
False
One of the advantages of the Remote Authentication Dial-In User Service (RADIUS) is that it provides encryption for the entire authentication process. True False
False
The two basic techniques for encrypting information include symmetric encryption (also called public-key encryption) and asymmetric encryption (also called secret-key encryption.) True or False?
False
True or false? Symmetric keys are the easiest to centrally manage.
False (they are the hardest)
What can be used to prevent external electrical fields from effecting sensitive equipment?
Faraday cage
Blowfish
Fast, symmetric 64-bit block cipher with keys from 32- to 448-bits
Computer Security Act
Federal agencies must identify and protect systems with sensitive information
Fibre Channel
Fibre Channel Hardware Initiator Target FC Switch
FAT
File Allocation Table; FAT-16 or FAT-32; on old Windows systems
What does FTP stand for?
File Transfer Protocol
What does FTPS stand for?
File Transfer Protocol over Secure Sockets Layer
Which types of servers should be placed on a private network?
File and print servers
Certificate Signing Request
File containing the information that the subject wants to use in the certificate
Watering Hole Attack
Find a site frequented by the intended victim and poison it, then use the site to attack the true target
Penetration Testing
Find ways to bypass security controls Find ways to remove or disable controls
Define Identification
Finding out who someone is
Something You Are
Fingerprint, Face, Signature
Three Legged Firewall
Firewall with 3 Network Ports: 1) External Interface 2) DMZ 3) Internal Interface
Rule BAC
Firewalls (Implicit Deny)
Perimeter Security
Firewalls that protect from the outside
Type B Fire Extinguisher
Flammable Liquids; uses fire-retardant chemicals
Type D Fire Extinguisher
Flammable metals; composition varies
Vulnerability
Flaws, holes, and weaknesses in a system
Network Intrusion Prevention System
Focuses on preventing attacks; detects the responds to attacks; subset of NIDS
An employee gets a call from a knowledgeable person who knows everything about the company, is listed in the directory, and claims there is an emergency? What should be done?
Follow established procedures and report any abnormal incidents.
DNS Server Vulnerabilities
Footprinting - Obtaining information about a private network DoS Poisoning - Redirection attack. Correct records on DNS server.
OS operating system
For example SELinux is a trusted OS that help prevent malicious code from executing
ID Identification
For example, a protocol based on a number. AH is identified with protocol ID number 51 and ESP is identified with protocol ID number 50
Appliances
Free-standing devices that operate largely self-contained
Backup Types
Full - All data Incremental - Only includes things that have changed since the last backup Differential - Includes information that has changed since the last full backup Copy
What does FDE stand for?
Full Disk Encryption
What data security system is most vulnerable to cold boot attacks?
Full disk encryption
What type of data loss prevention system is most susceptible to a cold boot attack?
Full disk encryption
WPA2
Fully compliant with 802.11i WLAN security standard but adds AES (Advanced Encryption Standard)
Collision in Hash Functions
Function produces the same has value for two different plaintexts Used for forging a digital signature
GPG
GNU Privacy Guard; alternative to PGP
GPS global positioning system
GPS tracking can help locate lost mobile devices. Remote wipe, or remote sanitize erases all data on lost devices. Full disk encryption protects the data on the device if it is lost
Trust - Social Engineering
Gaining trust, usually through reciprocation
Bluesnarfing
Gaining unauthorized access via Bluetooth
What is Non-credentialed Vulnerability Scanning?
Gathers basic details about the system.
Privilege Escalation
Get privileges from process to install malware
Birthday Attack
Given enough time, a value can be found that results in the same hash as the password
Cyber Security Enhancement Act
Gives federal agencies easy access to ISPs to monitor communications
Computer Fraud and Abuse Act
Gives federal authorities to prosecute hackers, spammers, and others
Cyberspace Electronic Security Act
Gives law enforcement right to access encryption keys and methods
Gray Hats
Go in between good and bad side of hacking. Should be feared. Exploit the system and then your wallet.
Authorization
Granting Users Rights to Resources Policy Enforcement Policy Definition (ACLs)
What is discretionary access control?
Granting permissions to users or groups to a resource, usually done by creator of the resource and the permissions are configured busing thee DACL.
Given Username and Password
Gray
GPO group policy object
Group Policy is used within Microsoft Windows to manage users and computers. It is implemented on a domain controller within a domain. Administrators use it to create password policies lock down the GUI configure host-based firewalls and much more.
LAN Local area network
Group of hosts connected within a network
Cluster
Group of servers. Provide fault tolerant servers. Configure nodes for failover.
Which type of IDS is more ambitious and informative than the other types?
HIDS
Engineering department computers are deployed on a screened subnet. You need to protect the computers against malware attacks. What should you do?
HIDS (Install a HIDS on each of the department's computers.)
What should be done to secure a web server that is reachable from the internet, is located in the core internal corp network, and cannot be redesigned or moved?
HIDS, Host based firewall
You are deploying an application server on your network that will require a higher level of defense against potential software threats than other servers on your network. You want the server to actively defend itself against active attacks and potential malware infections. You need to provide this protection without impacting other servers already deployed on your network. What should you use?
HIPS (host-based intrusion prevention system)
HOTP
HMAC-Based One-Time Protocol
What does HOTP stand for?
HMAC-based One Time Password
PORT TCP 80
HTTP
SSL is used to provide encryption for which communication protocol?
HTTP
PORT TCP 443
HTTPS
TCP port 443 is used by: Simple Mail Transfer Protocol (SMTP) File Transfer Protocol (FTP) Hypertext Transfer Protocol over TLS/SSL (HTTPS) Internet Message Access Protocol (IMAP)
HTTPS
HVAC Heating ventilation and air conditioning
HVAC systems increase availability by regulating airflow within datacenter and server rooms. They use hot and cold to regulate the cooling, thermostats to ensure a relatively constant temperature, and humidity controls to reduce the potential for the static discharges and damage from condensation. They are often integrated with fire alarm systems and either have dampers or the ability to be turned off in the even of a fire
White Hat, Black Hat, Gray Hat
Hackers
HSM
Hardware Security Module or Hierarchical Storage Management
What is an HSM?
Hardware Security Module (a hardware device that can manage and maintain cryptographic keys)
Virtualization Pros
Hardware Utilization Reduced Infrastructure Centralized Admin Controls
VPN Concentrator
Hardware device used to create remote access VPNs; Cisco models use Scalable Encryption Processing (SEP)
Trusted Platform Module
Hardware/chip that assists with hash key generation and storing cryptographic keys, passwords, and certificates
Which of the following answers refers to the contents of a rainbow table entry? Hash / Password IP address / Domain name Username / Password Hash / Account name
Hash / Password
HOTP
Hash Based One time password Algorithm
Types of Hash Functions
Hash Based Message "Authentication" Code (HMAC) Used for Password Storage and Checksums (Integrity) Secure Hash Algorithm (SHA) - Most Secure Message Digest Algorithm (MDA/MD5) RACE RIPEMD
SHA, MD5, and RIPEMD are examples of: Trust models Encryption algorithms Hash functions Virus signatures
Hash functions
What does HMAC stand for?
Hash-based Message Authentication Code
You created a mirror image of the data needed for forensic investigation. You need to be able to quickly determine if your investigative procedures cause the data to change. What should you use to determine this?
Hashes
What is a MD5?
Hashing algorithm that creates a 128-bit message digest.
What is a SHA-1?
Hashing algorithm that creates a 160-bit message digest.
Which type of attacks works by modifying the data contained in IP packets?
Header Manipulation
HIPAA
Health Insurance Portability and Accountability Act
What does HVAC stand for?
Heating, Ventilation, and Air Conditioning
HFS/HFS Plus
Hierarchical Filesystem; Mac filesystem
HA
High Availability
Attacker posts link to Fake AV Software -> Broad Set of Victims
Hoax
HSPD-12
Homeland Security Presidential Directive 12 Access to federal property must be controlled by a secure ID and authentication mechanism
HIDS
Host Based IDS Captures Information from a specific host
Desktop Virtual Platforms
Host based hypervisors Virtual labs Support legacy applications Software test environment Security Control testing Training
What does HIPS stand for?
Host based intrusion prevention system
HIDS
Host-Based IDS
Application Virtualization
Hosting or Streaming individual software applications on a server
Which of the following backup site types allows for fastest disaster recovery? Cold site Hot site Warm site Cross-site
Hot
Acceptable Use Policy
How employees can use company systems and resources, software and hardware
Mean Time To Restore
How long it takes to repair a component
What is ARO?
How many times per year a threat is expected to occur.
What is a hybrid cloud?
Hybrid clouds combine features of public and private clouds but can expose host computers to users outside your organization.
L2TP
Hybrid of PPTP (Microsoft) and L2F (Cisco); no data security, no encryption
Which of the protocols listed below is used by the PING utility? IPsec SNMP FCoE ICMP
ICMP (Internet Control Message Protocol)
Ping of Death
ICMP message larger than the system can handle causing crash
Which ports do you need to allow on an Internet-facing firewall that uses NAT-T to support an L2TP/IPSec VPN connection?
ID 50, UDP 500, UDP 4500
Which of the following examples falls into the category of technical security controls? Change management Acceptable Use Policy (AUP) Intrusion Detection System (IDS) Incident response procedure
IDS (Intrusion Detection System)
NIDS Network-based intrusion detection system
IDS to monitor a network. It can detect network-based attacks, such as smurf attacks. A NIDS cannot monitor encrypted traffic and cannot monitor traffic on individual hosts
A company has implemented a VPN and over time associates are created each being more secure than the last. What would be implemented to automate the selection of the BEST security association for each user?
IKE (Internet Key Exchange)
TCP port 143 is used by: Hypertext Transfer Protocol (HTTP) Simple Mail Transfer Protocol (SMTP) Internet Message Access Protocol (IMAP) Remote Desktop Protocol (RDP)
IMAP
Port TCP 993
IMAP SSL/TLS
PORT TCP 143
IMAP4
Default Gateway
IP Spoofing
In order to be internal to a network to do this attack
IP Spoofing
L2TP tunneling relies on what for security?
IPSec
What is used to provide secure communication over a L2TP VPN connection?
IPSec
What kind of encryption method can be implemented at the Network layer (3) of the OSI model?
IPSec
Which of the following VPN implementations consists of taking IPv6 security features and porting them to IPv4?
IPSec
UDP 500
IPSec (for VPN with IKE)
Which protocols operate(s) at layer 3 (the network layer) of the OSI model?
IPSec, IPV6, IPv4, ICMP
Which of the following authentication protocols offer(s) countermeasures against replay attacks? (Select all that apply) PAP IPsec OCSP Kerberos CHAP
IPSec, Kerberos, CHAP
AH authentication Header
IPsec includes both AH and ESP. AH provides authentication and integrity, and ESP provides confidentiality, integrity, and authentication. AH is identified with protocol ID number 51
ESP Encapsulation Security Protocl
IPsec includes both AH and ESP. AH provides authentication and integrity, and ESP provides confidentiality, integrity, and authentication. ESP is identified with protocol ID number 50
Which of the following authentication protocols offer(s) countermeasures against replay attacks? (Select all that apply) IPsec MPLS PAP Kerberos CHAP
IPsec, Kerberos, CHAP
Which of the answers listed below refers to an agreement established between the organizations that own and operate connected IT systems to document the technical requirements of the interconnection? ISA ALE MOU BPA
ISA (Interconnection Security Agreement)
What does IPSec use to determine when to create a new set of keys?
ISAKMP (Internet Security Association and Key Management Protocol)
Why is Data Important?
IT/Admin, Prod Dev, Sales/Marketing, Financial. Legal/Reg/Contractual.
Change and Configuration Management
ITIL Service Asset Configuration Item Baseline Configuration Management System
Which of the answers listed below refers to an attack aimed at exploiting the vulnerability of WEP? MITM attack Smurf attack IV attack Xmas attack
IV (initialization vector)
A solution vendor bills customers for access to a three-tier application based on usage. The application is deployed in the vendor's data center as sets of clustered virtual machines. Which type of network design element is exemplified?
IaaS (Infrastructure as a service)
What is the function of a Common access card?
IdenAcceSignEncrPhys (To provide personal identification, computer and network access, email digital signing and encryption, and to control physical access through one specialized smart card)
ACE Access control Entry
Identifies a user or a group that is granted permission to a resource. ACEs are contained within a DACL in NTFS
IPv4 Internet protocol version 4
Identifies host using a 32-bit IP address. IPv4 is expressed in dotted decimal format with decimal numbers separated by dots or periods like this 192.168.1.1
IPv6 Internet protocol version6
Identifies hosts using a 128-bit address. IPv6 is expressed as eight groups of four hexadecimal characters (numbers and letters), such as this FE80: 0000:0000:0000: 20D4:3FF7:003F:DE62
MTTR mean time to recover
Identifies the average time it takes to restore a failed system. Organization that have maintenance contracts often specify the MTTR as part of the contract
dBi Dicibels-istropic
Identifies the gain of an antenna and is commonly used with omnidirectional antennas. It references an istropic antenna that can theoretically transmit the signal equally in all directions. Higher numbers indicate the antenna can transmit and receive over greater distances
dBd Decibels-dipole
Identifies the gain of an antenna compared with a type of dipole antenna. Higher dBd numbers indicate the antenna can transmit and receive over greater distances
SSID Service set identifier
Identifies the name of wireless network. Disabling SSID broadcast can hide the network from casual users but an attacker can easily discover it with a wireless sniffer. It's recommended to change the SSID from the default name
dBm decibles-milliwatt
Identifies the power level of the WAP and refers to the power ratio in decibles referenced to one milliwatt. Higher numbers indicate the WAP transmits the signal over a greater distance
Rogue Machine Detection
Identifying and removing machines on the network that are not supposed to be there
What is the purpose of the Cyber Security Enhancement Act?
If a computer crime over the internet is suspected, this act provides federal agencies access to ISPs and the right to monitor data communications.
Forward Secrecy
If one cryptographic key is compromised, subsequent keys are still safe
Hotfix
Immediate, urgent patch; usually not optional
Social Engineering
Impersonation - Dominate or charm targets. Exploit Weak Authentication. Reasons for Effectiveness: -Familiarity/Liking -Consensus/Social Proof -Authority and Intimidation -Scarcity and Urgency
You are designing a solution to protect your network from Internet-based attacks. You need to provide: * Pre-admission security checks * Automated remediation The solution should integrate existing network infrastructure devices. What should you do?
Implement NAC
Host Based Firewall
Implemented on a Software Application running on a single host
Technical - Control Type
Implemented through technology
What is due care?
Implementing the right security controls to protect company assets
Guidelines
Implements by providing information on how to accomplish policies and maintain standards
DSL Digital subscriber line
Improvement over traditional dial-up to access the Internet.
Code Review
In depth examination of the way the application is written
Key Exchange
In-Band: within the same medium Out-of-band: within separate medium
Vulnerability Assessment
In-depth Analysis of Security Systems and policies Identify weaknesses that MAY exist Generally passive techniques Discover vulnerabilities without exploiting them Identify lack of security controls/misconfigurations
IRT
Incident Response Team
How is Acceptable Use policy described?
Includes information on appropriate use of company asset.
How is a Physical Security policy described?
Includes information on controls that should be implemented such as door locks and fencing
How is Privacy policy described?
Includes process information on why and how customer information is used
How is Change Management policy described?
Includes process information when alterations are made to the network
Malware malicious software
Includes viruses, Trojans, adware, spyware, rootkits, backwoods, logic bombs and ransomware
Discretionary Access Control
Incorporates some flexibility; users share information dynamically
Alarm
Indication of current, ongoing problem
PII personally identifiable information
Information about individuals that can be used to trace a person's identity, such as a full name, birthdate, biometric data and identifying numbers such a social security number (SSN). Organization have an obligation to protect PII and often identify procedures for handling and retaining PII in data policies
Internal Information
Information needed to run the business (personnel records, customer lists, ledgers, etc.)
Full Distribution Information
Information released to the public
* As a Service
Infrastructure Network Software Platform
IaaS
Infrastructure as a Service
What does IaaS stand for?
Infrastructure as a Service
Business Impact Analysis
Initial Risk Investigation or analysis: 1) Identify the critical functions or processes of the business or organization 2) Identify the assets and resources on which the organization depends 3) Identify Threats to the organization's functions and assets 4) Assess the risk to each function or asset, given the threats
OATH
Initiative for Open Authentication Big PKI Providers
NAC network access control
Inspects clients for health and can restrict network access to unhealthy clients to a remediation network. Clients run agents and these agents report status to a NAC server. NAC is used for VPN and internal clients. MAC filtering is a form of NAC.
Application Aware Devices
Inspects the contents of packets at the application layer
Your business uses instant messaging to enable technical support personnel to communicate easily with customers. What should you do to secure technical support computers against potential instant messaging security risks?
Install antivirus
Which of the answers listed below exemplifies an implementation of risk transference methodology? Insurance policy Security guard Antivirus software User education
Insurance policy
In forensic analysis, taking hashes ensures that the collected evidence retains: Confidentiality Integrity Order of volatility Availability
Integrity
Which (3) security services are provided by digital signatures?
Integrity, authentication, non-repudiation
What is EAL 5?
Intended for high levels of security assurance, and it requires special design considerations to be able to achieve this level.
Private Information
Intended for only internal use; also known as working documents or work product
ISA
Interconnection Security Agreement
Trunks
Interconnections between switches VLAN Trunking Protocol (VTP) VTP Server or VTP Client
Attack Service
Interfaces Services Application Service Ports
EMI electromagnetic interference
Interference caused by motor, power lines, and fluorescent lights. Cables can be shielded to protect signals from EMI. Additionally, EMI shielding prevents signal emanation, so it can prevent someone from capturing network traffic
RFI Radio frequency interference
Interference from RF sources such as AM or FM transmitters. RFI can be filtered to prevent data interference and cables can be shielded to protect signals from RFI
What is a Proxy Server?
Intermediary between a host and a computer hosting another service.
Proxy Firewall
Intermediary between your network and another network; process requests; examines data and forwards or refuses
IDEA
International Data Encryption Algorithm
IEEE Institute of electrical and electronic engineers
International organization with a focus on electrical electronics and information technology topics. IEEE standards are well respected and followed by vendors around the world
OVAL open vulnerability assessment language
International standard proposed for vulnerability assessment scanners to follow
IANA
Internet Assigned Numbers Authority
What does IKE stand for?
Internet Key Exchange
IKE
Internet Key Exchange protocol aka ISAKMP (Internet Security Association and Key Management Protocol) Part of the IPsec protocol suite that handles authentication and key exchange
IMAP
Internet Message Access Protocol Allows a client to manage the mailbox on the server. Connect over Port 143 Supports permanent connections to a server and connecting multiple clients to the same mailbox simultaneously.
IPSec
Internet Protocol Security; LAN-to-LAN connections; provides authentication and encryption of data and headers; either tunneling or transport mode
What does ISAKMP stand for?
Internet Security Association and Key Management Protocol
iSCI
Internet Small Computer Systems Interface; allows data storage and transfers; used for creating storage area networks
IDS
Intrusion Detection System
What does IDS stand for?
Intrusion Detection System
IDS
Intrusion Detection Systems Real-time analysis of either network traffic or system and application logs
NIPS
Intrusion Detection and Prevention System
What does IPS stand for?
Intrusion Prevention System
Virtualization Cons
Investment costs Performance and Security
What is Log analysis?
Involves a regular inspection of the recorded log files.
What is Port security?
Involves enabling a port and then associating a computers MAC address to the enabled port.
What is Mitigation in terms of risk?
Involves implementing a control that will reduce the risk
Limited Distribution Information
Is not secret but is not private
What does a SAN do?
It Provides a dedicated network connection for block level data storage.
What does DAC do?
It Provides users with access to company resources based on their identity and the groups to which they belong.
What does Iaas do?
It Provides users with the uses of a fully functioning physical infrastructure, which is owned and maintained by a 3rd party provider.
What does a Web Proxy do?
It allows frequently accessed content to be cached, and control what sites or content users are able to access.
What is a Web Proxy?
It allows frequently accessed content to be cached, as well as control what sites or content users are able to access.
What does PaaS do?
It allows users to create and operate custom web application easily.
What does a VLAN do?
It can be used logically to segment networks within existing networks.
What is does the PKI Hierarchical Trust Model do?
It contains a single root CA that is used to provide information. Often referred to as the Tree Model.
What is does the PKI Mesh Trust Model do?
It contains multiple root CAs in which multiple paths are provided to each root CA. Also Known As the web model.
What is does the PKI Bridge Trust Model do?
It contains two root CAs in which a peer to peer relationship is established
What is accountability security?
It dictates who is responsible for a particular item, such as making sure that data is accurate.
What does NaaS do?
It enables users to buy network services without actually purchasing physical network hardware to support the infrastructure.
What does SaaS do?
It enables users to lease software and applications from a provider rather than buying them.
What does a Protocol Analyzer do?
It enables you to view a captured frame's contents in a readable format by decoding the frame. Capture and decode network traffic to help identify erroneous packets.
What is availability security?
It helps ensure that data and security controls are all functioning whenever users need access to the information system.
What is integrity security?
It helps ensure that the data users are working on is accurate.
What is order of volatility?
It identifies that evidence should be collected from the most volatile system components to the least volatile.
What does a Hardware-based FDE do?
It implements the encryption and decryption process inside of the hard disk drives, isolating these processes and associated keys from the operating system to protect from security risks, such as root kits.
What is the reciprocation influence tactic?
It involves helping someone in the hope that they will return the favor.
What is Risk Transference?
It involves moving the risk to an organization that is better equipped to handle it.
What is Deterring in terms of risk?
It involves threatening to take legal punishment towards the person who are attacking the asset.
What is AppLocker?
It is a Windows feature that allows for control of the applications that users are allows to access, by enabling administrators to effectively manage security by limiting the application launched on a system.
What does HMAC do?
It is a hashing algorithm that uses a secret key along with the hashing algorithm to calculate the message authentication code.
What does SHA-2 do?
It is a hashing algorithm with 2 different versions; SHA-256 and SHA-512.
What is an Application blacklist?
It is a list of application that should not be allowed to run on the computer.
What is a CRL?
It is a list of computer certificates that can no longer be trusted.
What does CHAP do?
It is a method of authentication that encrypts passwords through the Message Digest 5 (MD5) hashing scheme.
What is a PCI DSS?
It is a standardization of how to handle electronic payments.
What does HVAC do?
It is a system used to provide a well maintained and environmentally controlled area.
What does NAT do?
It is a technology that conceals internal addressing schemes from external networks.
What is log analysis?
It is defined if object access auditing is enabled.
What is a Firewall?
It is either a hardware or software security tool that permits or denies network traffic based on a set of created rules.
When should a users password account be reset?
It is not appropriate for a network technician to change a users account without their knowledge or consent.
What is a CA used for?
It is part of a PKI to issue, revoke, and distribute certificates.
What is a CPS?
It is used by a CA for issuing certificates and implementing policies.
What is CSR?
It is used by a user within a PKI to request certificate from a CA.
What is a Rainbow Table Attack?
It is used to attempt to reverse a password's has value, by comparing the password's hash to a large database of pre-computed hashes.
What is a risk assessment?
It is used to determine the probability of a threat occurring, including the potential loss if the threat occurs.
What is a open proxy server?
It is used to direct request to and from any location on the internet.
What is a Forward proxy server?
It is used to direct requests from an internal network to web servers on the internet.
What is Non-repudiation?
It is used to ensure that a person or party cannot deny something.
What is MDM Software?
It is used to help manage, monitor, and support BYOD devices in a company.
What is the scarcity influence tactic?
It is used to make people feel as though they need to take advantage of the current situation.
What is an application whitelist?
It is used to prevent unauthorized applications from running.
What is continuous auditing?
It is used to provide an automatic method of completing risk and control assessment audit tasks on a scheduled basis.
What is a Hot Spare?
It is used to recover from a failed device and will then assume the workload.
What is Continuous monitoring?
It is used to replace point in time audits by providing a constant network state view as well as state of risk snapshots regarding security, network, and data.
What is a disk quota?
It is used to specify how much data a user can consume.
What is a Key Escrow?
It is used to store copies of private or secret keys in a secure central location.
What is a hoax?
It is usually carried out via email or by phone, and it involves giving false story that requires an action.
What is IKEv2?
It is version 2 of IKE that is one way that actual authentication keys can be distributed.
What does a load balancer do?
It lets you distribute network traffic evenly across two or more network links or computers, to prevent downtime or bandwidth issues during periods of peak traffic.
What is a Smurf attack?
It make use of IP spoofing and broadcast to ping groups of network host from a spoofed IP address that belongs to a target system.
What is the obligation influence tactic?
It makes the person feel as if they are obligated to perform a task, based on social, legal, or contract requirements.
What does HIPS do?
It monitors network traffic and can stop or block malicious traffic.
What does a UPS do?
It protects computers and peripheral devices from data loss or data corruption caused by power failures or fluctuations in the AC current.
What does an ISAKMP do?
It provides a framework for authentication and key exchange within IPsec.
What does a DNS Server do?
It provides name resolution service for a network It associates a devices host name with the devices IP address.
What is a DNS Server?
It provides name resolution services for a network, associating a devices host name with the device IP address.
What is does the PKI Hybrid Trust Model do?
It provides the most flexibility of any trust model.
What does RBAC do?
It provides users with access to company resources based on a job role or assigned tasks.
What is a Content filtering proxy server?
It restricts user access to certain web sites based on content such as URL, domain name, words or words combinations, and blocks content that an administrator has deemed undesirable.
XSS Cross-site scripting
It scripting allows an attacker to redirect users to malicious websites and steal cookies. E-mail can include an embedded HTML image object or a JavaScript image tag as part of malicious cross-site scripting attack. Websites prevent cross-site scripting attacks with input validation to detect and block input that include HTML and JavaScript tags. Many sites prevent the use of < and > characters to block cross-site scripting
What does a Software-based FDE do?
It uses a computers CPU to perform encryption and decryption, resulting in degraded system performance.
What is the authority influence tactic?
It uses the power of a person with authority to get information from other people
What is a Symmetric encryption?
It uses the same key for decrypting and encrypting information.
What is WPA?
It was designed as a replacement for WEP to overcome the security flaws of WEP. It uses TKIP.
What is an OTP?
Its a dynamic password to be used only once after which they become invalid.
Port 88
KDC runs on port 88 using TCP or UDP
What is the 4th step in the Kerberos process?
KDS verifies the authentication of the TGT and issues a client to server ticket to the user.
High Availability
Keep services and systems operational during an outage
Grandfather, Father, Son Method
Keeping multiple rolling backups at various fixed times (e.g., one every week, another every month, and another each year)
Stateful Packet Inspection
Keeps a state table and tracks every communications channel
Assigning a unique key, called a ticket, to each user that logs on to the network is a characteristic feature of: SAML Secure LDAP RADIUS Kerberos
Kerberos
What computer network authentication protocol is designed to ensure mutual authentication?
Kerberos
What does KDC stand for?
Key Distribution Center
What entity within a PKI is able to provide digital keys to an authorized third party?
Key Escrow
Key Lifecycle
Key Generation Certificate Generation Distribution Storage Revocation Expiration
What does KRA stand for?
Key Recovery Agent
Diffie Helman
Key agreement protocol Secure Key Exchange Generates Ephemeral Keys
What is the name of a storage solution used to retain copies of private encryption keys? Trusted OS Key escrow Proxy server Recovery agent
Key escrow
Diffie-Hellman
Key exchange; used to send keys across public networks
Five Nines Availability
Key services should be available 99.999% of the time
PORT TCP 636
LDAP/TLS
Which wireless authentication protocol is vulnerable to password cracking?
LEAP (Lightweight Extensible Authentication Protocol)
Which of the following acronyms refers to flash cookies? RPO BCP LSO CRP
LSO (Local Shared Object)
MAC
Labels and Clearance Inflexible
L2TP
Layer 2 Tunneling Protocol No Authentication or Confidentiality
IPsec
Layer 3 security protocol Provides flexibility and confidentiality and integrity/anti-replay Processor intensive Two protocols used: Authentication Header & Encapsulation Security Payload
Configuring a Firewall
Least Access Implicit Deny
Risk Deterrence
Let the enemy know the consequences of an attack
Which of the following examples falls into the category of deterrent security control types? Lighting Access lists Motion detection Alarms
Lighting
LDAP
Lightweight Directory Access Protocol
LEAP
Lightweight EAP Developed to resolve weakness in Wired Equivalent Privacy (WEP)
LEAP
Lightweight Extensible Authentication Protocol
Risk
Likelihood and impact (or consequence) of an actor exercising a vulnerability
Risk
Likelihood of an attack being successful
Threat
Likely dangers associated with a risk
What is most effective in preventing brute-force password hacking?
Limited log on attempts
Rule-Based Access Controls
Limits user with preconfigured policies; uses allow and deny lists; implemented with access control lists (ACLs)
LNC
Link Control Protocol
DACL Discretionary Access Control List
List of Access Control Entries (ACEs) in Microsoft's NTFS. Each ACE includes a security identifier (SID) and a permission
Consensus/Social Proof - Social Engineering
Listening, validating, or charming
What does LSO stand for?
Local Shared Objects
LSO
Locally Shared Object; also known as a Flash cookie
Ransomware
Locks a system until a third party is paid
Accounting
Logging (Account for actions, detect intrusions, choosing what to log) Surveillance Incident Report (What, When Who)
LUN
Logical Unit Number
Smart card access control relies on what kind of access control method?
Logical token
Security Log
Logs successful and unsuccessful logon events; in Windows, the Access Log
Trend
Long-term shifts in activity
Network Boundaries or Perimeters
Look at diagram
Anomaly-Detection IDS
Looks for activity out of the ordinary
Which of the answers listed below refers to the most common access control model used in Trusted OS implementations? HMAC MAC RBAC DAC
MAC
What is the strictest access control model?
MAC (Mandatory Access Control)
Access control based on security labels associated with each data item and each user are known as...
MAC (Mandatory Access control)
Which of the following access control models uses subject and object labels?
MAC (Mandatory Access control)
Which of the following access control models would be MOST compatible with the concept of least privilege?
MAC (Mandatory Access control)
Switch Vulnerabilities
MAC Flooding - Overloading the switch's MAC cache ARP Poisoning - Poisons the switch's ARP table with a false MAC-IP address mapping VLAN Hopping - Exploits the native VLAN feature of 802.1Q VLAN Trunking Protocol (VTP) Attacks - VTP propogates the VLAN
A company wants a VLAN, and thinks it will be secure because it's using MAC addressing and that DTP will facilitate network efficiency. What issues should be discussed?
MAC addresses can be spoofed, rogue devices can configure ports
A network access control method whereby the 48-bit address assigned to each network card is used to determine access to the network is known as: Hardware lock Post-admission NAC Rule-Based Access Control (RBAC) MAC filter
MAC filter
What hash algorithm is used for passwords over 14 characters long?
MD5
Message Digest
MD5 most recent; 128-bit hash value; weak collision resistance; SHA1 or SHA2 recommended instead
Which of the following is an example of active eavesdropping? Phishing DDoS Xmas attack MITM
MITM (Man in the middle)
A document established between two or more parties to define their respective responsibilities in accomplishing a particular goal or mission is known as: BPA MOU SLE ISA
MOU (Memorandum of understanding)
Which of the following terms is used to describe the average time required to repair a failed component or device? MTBF MTU MTTR MPLS
MTTR
What is a Alarmed Carrier?
Made up of optical fibers deployed within the conduit. The carrier can be hidden above fan or below floors and it detects acoustic vibrations.
X.500
Main directory standard Are hierarchical
What is Loop protection?
Maintaining a loop free network.
Stateful Firewalls
Maintains stateful information about firewalls Information is stored in a dynamically updated state table
Stateless Firewall
Makes decisions on the data that comes in; simple decisions
MAC Flooding
Makes port into a HUB
What is a Sniffer Attack?
Makes use of protocol analyzers to inspect data as it is transmitted over a network, allowing all clear text data, including passwords to be captured and read by an attacker.
Malware
Malicious Software Computer Viruses Worms Logic Bombs/Fork Bombs Hoaxes Spam/Spit
Remote Access Security Problems
Malware protection is difficult because it is remote Security Info - Auth info is stored on the server Data Transfer Local Privileges Weak Authentication BEST SOLUTION TO RDP SECURITY PROBLEMS: Education Least priviledge
The U.S. National Institute of Standard and Technology (NIST) specifies three types of security controls. These controls are important in the federal information systems certification and accreditation process?
Management, operational, technical
What does MAC stand for?
Mandatory Access Control
MAC
Mandatory Access Control Resource access is restricted by system policies
Which of the following security controls is used to prevent tailgating? Hardware locks Mantraps Video surveillance EMI shielding
Mantraps
War Chaulking
Marking little symbols to advertise the presence of an ipen and exploitable access point
What is a Hashing Algorithm?
Mathematical functions that perform one-way encryption. MD5 and SHA-1
Recovery Time Objective
Maximum downtime considered acceptable
Backdoors
May be opened by malicious software or could derive from configuration oversight
MTBF
Mean Time Between Failures
MTTF
Mean Time To Failure
What does MTTF stand for?
Mean Time To Failure
MTTR
Mean Time To Restore
What does MTTR stand for?
Mean Time To Restore
What do you find on an SLA
Mean Time to Failure Mean Time Between Failure Key Performance Indicators
Define Authentication
Mechanism of verifying an identification
Interoperability Agreements
Memorandum of Understanding - Prelim or exploratory agreement Service Level Agreement - Legal protection for agreed service levels Business Partners Agreement Interconnection Security Agreement
MD
Message Digest
One Time Pad
Message and key are same size Impossible to crack (if key is sufficiently random)
Certificate Management Protocol
Messaging protocol between PKI entities
FDE full disk encryption
Method to encrypt an entire disk. TrueCrypt is an example
PAC proxy auto configuration
Method used to automatically configure systems to use a proxy server
MAC message authentication code
Method used to provide integrity for messages. A MAC uses a secret key to encrypt the hash. Some versions called HMAC
PORT TCP 1433
Microsoft SQL server
MS-CHAP Microsoft challenge handshake authentication protocol
Microsofts implementation of CHAP. MS-CHAPv2 provides mutual authentication.
What is the most common method to deal with threats?
Mitigation
What does MDM software stand for?
Mobile Device Management
Data Loss Prevention
Monitor systems' content to ensure it is not deleted or removed; also monitors who is using and transmitting the data
RAID redundant array for inexpensive or independent
Mulitple disks added together to increase performance or provide protection against faults
Multihomed
Multiple NICs on same device connecting it to several different networks
Contact Based Smart Cards
Must be physically inserted
Which of the following could cause communication errors with an IPSec VPN tunnel because of changes made to the IP header?
NAT
NIST National institute of standards and technology
NIST is part of the US department of Commerce, and it includes an Information technology laboratory (ITL). The ITL publishes special publications related to security that are freely available for download
NETBIOS network basic input/output system
Name resolution service for NetBIOS names on internal networks. NetBIOS also includes session services for both TCP and UDP communication. NetBIOS uses UDP port 137 and 138 and TCP port 139. It can use TCP pot 137 but rarely does.
NIST
National Institute of Standards and Technology
N+1
Needed components plus one to replace as needed
What open-source tool scans for general network security issues?
Nessus
TCP/UDP 137
NetBios (TCP rarely used)
NETBIOS
Network API Runs over TCP/IP on Ports 135, 137, 138, 139, and 445
NAC
Network Access Control; set of standards for clients trying to access network
NAPT
Network Address Port Translation Multiple private IP addresses to be mapped onto a single public address Also known as PAT
What does NAT stand for?
Network Address Translation
NAT
Network Address Translation Service translating between a private addressing scheme used by hosts on the LAN and a public addressing scheme used by an internet facing device Static Dynamic Overloaded Destination
NAS
Network Attached Storage File level access
NCP
Network Control Protocol
NIDS
Network Intrusion Detection Systems Packet Sniffer placed inside a firewall Has an analysis engine to identify malicious traffic and a console to allow configuration of the system
What does NIDS stand for?
Network Intrusion Detection system
NIPS
Network Intrusion Prevention System
What name table is called on by netsh test11406?
Network Shell (Netsh)
NAC
Network access control - Minimum security config that devices must meet to be granted network access. Endpoint Security Defense in Depth Manage portable devices in additional to servers and desktops Manage wireless and remove connections NAC says port is active
What does NaaS stand for?
Network as a Service
WLAN Wireless local area network
Network connected wirelessly
Protected Distribution System
Network is secure enough that classified information can be transmitted unencrypted
NIDS
Network-Based IDS
NetBIOS
Networl Basic Input Output System
NTFS
New Technology Filesystem; Windows filesystem since Windows NT
NTLM
New Technology LAN Manager Less vulnerable to cracking
WPA2 Wi-Fi Protected Access version 2
Newer security protocol used to protect wireless transmissions. It supports CCMP for encryption which is based on AES and stronger than TKIP which was originally released with WPA. In enterprise mode, it can use RADIUS to support 802.1x authentication. In personal mode it uses a preshared key (PSK)
NGFW
Next Generation Firewall
What does NVRAM stand for?
Non-Volatile Random Access Memory
Authentication Implementations
None - Anonymous access is granted Simple - Client must supply Domain Name and Password Simple and Security Layer (SASL) - Client and server negotiate the use of a supported security mechanism. Kerberos or TLS LDAPS
Federation
Notion that a network needs to be accessible to more than just a well-defined group Using your google credentials to log into other sites
ESN Electronic serial number
Numbers used to uniquely identify mobile devices
Which of the following provides the fastest way for validating a digital certificate? ICMP CRL Key escrow OCSP
OCSP (Online Certificate Status Protocol)
Storage Virtualization
OS passes control of physically locating data on disks to a virtualized layer
Which of the answers listed below refers to a security measure providing protection against various password-based attacks, specifically password sniffing and replay attacks? OTP LSO OCSP CRL
OTP (one time password)
What is an Account expiration time?
Often used with temporary employees, it is a date set automatically to deactivate the account based on the account expiration date and time set.
LANMAN local are network manager
Older authentication protocol used to provide a backward compatibility to Windows 9x clients. LANMAN passwords are easily cracked due to how they are stored
Which of the following antenna types would provide the best coverage for workstations connecting to a WAP placed in a central point of a typical office? (Select all that apply) Omnidirectional Unidirectional Bidirectional Non-directional
Omnidirectional, non directional
A set of switches is used to implement a VLAN. Where should you enable loop protection?
On all ports
Data At Rest
On persistent storage memory Encrypt It Apply ACLs (Access Control Lists)
Transitioning
On-boarding or off-boarding
What does OTP stand for?
One Time password
UAT User Acceptance Testing
One of the last phases of testing an application before its release
What is an ESP?
One of the two primary protocols that make up an IPsec. It Provides encryption for data and very limited authentication (data confidentiality).
What does AH do?
One of the two primary protocols that make up an IPsec. It provides integrity and protection against anti-replay attacks (data authentication).
1+1
One spare component for every one in use
What is Secure Hash Algorithm used for?
One way encryption
Transitive Trust
One way trust - child trusts parent but parent does not trust child Two way trust - Domains are peers and both trust one another equally Non-Transitive Trust - Trust relationship remains only between those domains Transitive Trust - Trust extends to other trust domains
What does OCSP stand for?
Online Certificate Status Protocol
OCSP
Online Certificate Status Protocol **Can verify certs when it's offline **Something that can be used instead of a CRL
OCSP
Online Certificate Status Protocol; real-time replacement for CRLs
Passive Fingerprinting
Only Collects Data. You must decide what the role of the server is. Key is *YOU*.
One-Time Pad
Only completely secure cryptographic implementation
Single-Factor Authentication
Only one type of authentication checked
OpenAuth
Open Authorization Protocol designed to facilitate the sort of transfer of information or resource between sites
OSPF
Open Shortest Path First
OWASP
Open Web Application Security Project
Which of the following would be the MOST common method for attackers to spoof email?
Open relays
Security Assertion Markup Language
Open standard based on XML for authentication and authorization data
Fault tolerant design that includes data backups and duplicate hardware is an example of:
Operational continuity planning
DAD
Opposite of CIA: Disclosure Alteration Destruction
In forensic procedures, a sequence of steps in which different types of evidence should be collected is known as: Order of volatility Layered security Chain of custody Transitive access
Order of volatility
OOV
Order of volatility
Implementing PKI
Organization - Policies, Standards, Admins Servers - Store, Distribute, Authenticate Certs Clients - Applications that allow users to read/trust/reject certs
WEP Wired Equivalent Privacy
Original wireless security protocol. Had significant security flaws and was replaced with WPA, and ultimately WPA2. WEP used RC4 incorrectly making it susceptible to IV attacks
VLANS
Originally designed to decrease broadcast traffic but is also beneficial in reducing the likelihood of having information compromised by sniffers
Succession Planning
Outlines who can step into positions as vacated or unavailable
Roles and Responsibilities
Overall Responsibility, Managerial (Building Control, ICT Accounting, Documentation), Technical, Non-Technical, Legal/Regulatory, Security Professional role
Private Cloud
Owned by organization, and they act as provider and consumer
P2P peer to peer
P2P application allow users to share files such as music, video and data over the internet. Data leakage occurs when users install P2P software and unintentionally share files. Organizations often block P2P software at the firewall and detect running software with port scans
Which of the following protocols transmits passwords over the network in an unecrypted form and is therefore considered unsecure? RADIUS PAP TACACS+ CHAP
PAP (Password Authentication Protocol)
Examples of key stretching algorithms include: (Select 2 answers) PBKDF2 RC4 NTLMv2 Bcrypt FCoE
PBKDF2, Bcrypt
Which of the protocols listed below encapsulates EAP within an encrypted and authenticated TLS tunnel? LDAP PAP Telnet PEAP
PEAP (Protected Extensible Authentication Protocol)
PEAP protected extensible authentication protocol
PEAP provides an extra layer of protection for EAP, PEAP-TLS uses TLS to encrypt the authentication process by encapsulating and encryption the EAP conversation in a transport layer security (TLS) tunnel. Since TLS requires a certification authority (CA) to issue certificates
A computer program (and related protocols) that uses cryptography to provide data security for electronic mail and other applications on the Internet is known as: SMTP PGP OCSP OVAL
PGP
GNU Privacy Guard (GPG) provides similar functionality and an alternative to: PAP IMAP4 PGP Windows Firewall
PGP
Which of the following acronyms refers to any type of information pertaining to an individual that can be used to uniquely identify that person? PIN ID PII PKI
PII
Cryptographic Standards
PKCS - Public Key Cryptographic Standards CMP - Certificate Management Protocol FIPS - Federal Information Processing Standards Suite B - Standards from NSA
What are the minimum requirements for implementing TLS on a Web site?
PKI certificate must be installed on the server
What is the Web of Trust model?
PKI model where trusted parties issue certificates to each other
PORT TCP 995
POP SSL/TLS
PORT TCP 110
POP3
What is port 995 used for?
POP3 over SSL
PORT TCP 1723
PPTP
Which WPA standard requires a passphrase before being granted access to the wireless network?
PSK (Pre shared key)
ITCP IT contingency plan
Part of risk management. Plan to ensure that IT resources remain available after a security incident outrage or disaster
KDC Key distribution center
Part of the Kerberos protocol used for network authentication. The KDC issues time-stamped tickets that expire
SQL/XML Injection
Pass application SQL or XML commands via user input or URI
PAP
Password Authentication Protocol
PAP
Password Authentication Protocol Authentication method developed as part of TCP/IP PPP (point to point protocol)
Which of the following examples meets the requirement of multi-factor authentication? Password and biometric scan Username and PIN Smart card and identification badge Iris and fingerprint scan
Password and biometric scan
One Time Password Tokens
Passwords generated automatically SecurID token from RSA
Firmware Version Control
Patch Management for static and embedded environments
You suspect an attempted attack against a data server running Microsoft Windows. You need to monitor real-time performance to compare it to the baseline data you collected when the server was deployed. What should you use?
Performance monitor
NDP Neighbor Discovery Protocol
Performs several functions on IPV6. For example, it performs functins similar to ARP which is used on IPv4. It also performs autoconfiguation of device IPv6 addresses and discovers other devices on the network such as the IPv6 address of the default gateway
Recovery Time Objective
Period following a disaster that a system may remain offline
What must be performed on a regular basis to ensure the validity and integrity of your backup system?
Periodic testing
Role BAC
Permissions based upon job description ACLs Non-Discretionary Centralized (Admin Control)
Certificate Authorities
Person or body responsible for issuing and guaranteeing certificates
PII
Personally Identifiable Information
PII
Personally Identifiable Information Data that can identify, contact, or locate an individual Explicit PII - Unique identifiers such as Full name and CC number Contextual PII - Shared attributes - Age, Race, Gender, Residence
Vishing
Phishing over VoIP
Doc Cabinets
Physical
Bio-metric Authentication
Physical - Fingerprint, Iris, Facial Behavioral - Signature, Voice, Typing High cost and error rates Something you Are
Employees in an organization that have a problem with changing things and they are also installing software that they should not be installing
Place these users in appropriate security groups Do application whitelisting
What is role-based access control?
Placing users into groups and then applying the privileges to the group.
CP Contingency planning
Plans for contingencies in the event of a disaster to keep an organization operational BCPs include contingency planning
PaaS
Platform as a Service
What does PaaS stand for?
Platform as a Service
OSI Model
Please Do Not Throw Sausage Pizza Away 1 - Physical 2 - Data Link (Point to Point Protocol) 3 - Network (IP, ICMP or Ping) 4 - Transport (TCP, UDP) 5 - Session (Synchronization and Send To Ports, SQL) 6 - Presentation 7 - Application (SMTP, Email)
PPP
Point to Point Protocol An encapsulation protocol Most widely used internet access and remote dial in protocol
PPTP
Point to Point Tunneling Protocol Runs on top of PPP and operates on Layer 2 No Authentication or Confidentiality
PPP
Point-to-Point Protocol
PPTP
Point-to-Point Tunneling Protocol; encapsulates and encrypts PPP packets for a single point-to-point connection; negotiation done in the clear
Data Loss Prevention (DLP)
Policy Server Endpoint Agents Network Agents
What Makes Social Engineering Attacks Ineffective
Policy and Standard Procedures Education and Training (Best way to mitigate) Accounting (Auditing and Surveillance)
Which anti-malware tool are you use against Adware?
Pop-up Blocker
UDP
Port 53
PAT
Port Address Translation or NAT overloading
PAT
Port Address Translation; uses single IP and assigns unique port to each session
PNAC
Port based Network Access Control Is opposite of NAC. Performing some sort of authentication of the attacked device before activating the port.
802.1X
Port-based security for wireless network access control; known as EAPOL
Pod Slurping
Portable devices (e.g., USB drives) plugged directly into systems to copy data
POP3
Post Office Protocol Mail retrieval protocol only Port 110 Works on hosts that are not available right away Designed to allow mail to be downloaded to the recipients email client at his or her convenience
A security stance whereby a host is being granted / denied permissions based on its actions after it has been provided with the access to the network is known as: Network separation Pre-admission NAC Quarantine Post-admission NAC
Post-admission NAC
Which of the following WAP configuration settings allows for adjusting the boundary range of the wireless signal? Fair access policy Power level controls Quality of Service (QoS) Wi-Fi Protected Setup (WPS) Bandwidth cap
Power level controls
PSK
Pre-shared Key is the key that is used to encrypt communications. Referred to as group authentication.
Which of the following sequence of steps would be contained in a computer response policy?
PreDeAnConErRePo (Preparation, detection and analysis, containment, eradication and recovery, post-incident activity)
Incidence Response Procedures
Preparation Detection and Analysis Containment, Eradication, and Recovery Post-Incident Activity
Data In Use
Present in volatile memory
Web of Trust
Pretty Good Privacy Peer-to-peer alternative to PKI Users Form their own trust relationships
What does a flood guard do?
Prevent DoS (A feature available on some firewalls that helps mitigate DoS attacks by preventing floods of login requests.)
What is the purpose of the Gramm-Leach-Billey Act?
Prevents Financial Institutions from sharing customer information for marketing purposes. Requires financial institutions to disclose their information-sharing policies with every customer.
Data Encryption Standard
Primary standard until replaced by AES; 56-bit key
What is EAL 1?
Primary used when the user wants assurance that the system will operate correctly but threats to security aren't viewed as serious.
A policy outlining ways of collecting and managing personal data is known as: Acceptable Use Policy (AUP) Audit policy Privacy policy Data Loss Prevention (DLP)
Privacy policy
Virtual Private Network
Private connection through a public network
Banner Grabbing
Probe Server to analyze responses Identify Application/Version/Posible Configuration Configure Servers and Applications not to leak information
IRP incident response procedure
Procedures documented in a incident response policy
What is separation of duties?
Process of breaking down tasks into separate processes which are performed by different employees, usually used to prevent fraudulent activity within a company.
Execution Control
Process of determining what additional software may be installed on a client or server beyond its baseline
What is rotation of duties?
Process of having a group of users rotate through different job roles, allowing a person to be able to perform multiple job roles.
IR incident response
Process of responding to a secu
Logic Bomb
Programs or code that executes when certain predefined events occur
Worms
Propagate in Memory/Over Network Links Consume Bandwidth May be able to compromise application or OS to deliver payload
What does SFTP do?
Protect the transfer of a spreadsheet from a remote server using SSH.
PDS
Protected Distribution System
What does PDS stand for?
Protected Distribution System
PEAP
Protected Extensible Authentication Protocol
PEAP
Protected Extensible Authentication Protocol Similar to EAP-TLS Supported by Microsoft
What does FTPS do?
Protects the transfer of a spreadsheet from a remote server using TLS
You suspect an attacker is sending damaged packets into your network as a way to compromise your firewall. You need to collect as much information about network traffic as possible. What should you use?
Protocol analyzer
NTP Network Time protocol.
Protocol used to synchronize computer times
Organizational Units
Provide a way of dividing a domain up into different administrative realms Do not create too many root containers
What is the function of DHE?
Provides a temporary session key for every key exchange, perfect forward secrecy, which means that a key cannot be compromised in the future.
VTC Video teleconferencing
Provides access to a private network over a public network such as the internet. VPN concentrators provide VPN access to large groups of users
ASP Application Service Provider
Provides an application as a service over a network
TACACS+ Terminal access controller access-control system+
Provides central authentication for remote access clients and used as an alternative to RADIUS. TACACS+ uses TCP port 49, compared with TACACS, which uses UDP port 49, It encrypts the entire authentication process, compared with RADIUS, which only encrypts the password. It uses multiple challenges and responses
PaaS Platform as a Service
Provides cloud customers with an easy-to-configure system and on-demand computing capabilities. Compare to IaaS and SaaS
Proxy Servers
Provides for protocol-specific outbound traffic
TCP transmission control protocol
Provides guaranteed delivery of IP traffic using a three-way handshake
MTBF mean time between failures
Provides measure of a system's reliability and is usually represented in hrs. The MTBF identifies the average time between failures. Higher MTBF numbers indicate higher reliability of a product or system
Policy
Provides the people in an organization with guidance about their expected behavior
You are looking for a method to manage access to a secure area. You want to allow entry through a locked gate automatically and track individuals going into and out of the area. Which method should you use?
Proximity reader
Web Security Gateway
Proxy server with web protection built in; virus scanner for incoming packets; monitors outgoing traffic; blocks inappropriate content, file-sharing sites, IM, etc.
What does PKI stand for?
Public Key Infrastructure
PKI
Public Key Infrastructure; framework, not a specific technology
PASS Method
Pull Aim Squeeze Sweep
A calculation of the Single Loss Expectancy (SLE) is an example of: Quantitative risk assessment Risk deterrence Qualitative risk assessment Incident management
Quantitative
What is the difference between quantitative and qualitative risk assessment?
Quantitative is strictly a dollar value assessment of loss, qualitative calculates intangible costs
What entity within PKI verifies user requests for digital certificates?
RA (Registration Authority)
Which component of PKI is necessary for a CA to know whether to accept or reject certificates from another CA? (Pick two)
RA, CRL
What is required to implement WPA-Enterprise wireless security?
RADIUS server
Drive Arrays
RAID 0 RAID 1 RAID 5 Nested RAIDS
RAID-0 disk striping
RAID-0 improves performance but does not provides fault tolerance
RAID-1 disk mirroring
RAID-1 uses two disks and provides fault tolerance
RAID-5 disk striping with parity
RAID-5 uses 3 or more disks and provides fault tolerance
Raid 6 disk striping with parity
RAID-6 uses four or more disks and provides fault tolerance. It can survive the failure of two drives
A task-based control model is an example of what?
RBAC (Role Based Access Control)
3389 is the default port number for: Lightweight Directory Access Protocol over TLS/SSL (LDAPS) Remote Desktop Protocol (RDP) Lightweight Directory Access Protocol (LDAP) Simple Network Management Protocol (SNMP)
RDP (Remote Desktop Protocol)
What algorithm can be used to authenticate a plain-text message?
RIPEMD (RACE Integrity Primitives Evaluation Message Digest)
What type of data security allows for control of data whether it is accessed inside or outside of the network?
RMS (Rights Management Service)
You are responsible for implementing a Data Loss Prevention (DLP) solution for your organization. You need to control access to secure data files and prevent unauthorized users from viewing file content. Data should be protected whether it is directly accessed or distributed outside the network. What should you use?
RMS (rights management service)
Which of the following acronyms refers to a maximum tolerable period of time required for restoring business functions after a failure or disaster? RAS RTO ROI RPO
RTO (Recovery time objective)
RFID
Radio Frequency ID attached to a device can be used to find locations
RFI
Radio Frequency Interference - Can cause data errors in wireless communications
Web Application Firewall
Real-time appliance that applies rules to block traffic to and from web servers to prevent attacks
IM instant messaging
Real-time direct text based communication between two or more people, often referred to as a chat.
What key encrypts data in an asymmetric encryption system?
Receipient's public key
What is an RTO
Recovery Time Objective (the length of time within normal business operations can be restored following a disturbance)
Pharming
Redirects traffic intended for one host to another
Separation of Duties
Reduce risk of fraud and organizational losses by requiring more than one person to accomplish key processes
RAID
Redundant Array of Independent Disks
What is chain of custody?
Refers to a security procedure used for the collection and storage of evidence.
What is a Bollard?
Refers to a series of strong posts designed to prevent or control access to areas by vehicles.
What is Directory Transversal?
Refers to a user exploiting security validation within an application by providing user input to traverse or cross the parent directory.
What is DLP?
Refers to software or hardware based systems that use dictionary databases and algorithms to scan data for confidential information.
Typo Squatting / URL Hijacking
Registering domains similar to legitimate ones to get traffic from typos
SQL
Relational Database Management System (RDBMS)
ESD Electrostatic discharge
Release of static electricity. ESD can damage equipment and low humidity causes a higher incidence of electrostatic discharge (ESD). High humidity can cause condensation on the equipment, which causes water damage
Computer Viruses
Rely on some sort of host file Vector (Executable, Script, Macro, Boot Sector) Payload
RAS
Remote Access Servers
RAS
Remote Access Service; Server service that offers ability to connect to remote systems; now known as RRAS
RADIUS
Remote Authentication Dial-In User Service
TCP/UDP 3389
Remote Desktop (RDP)
RDP
Remote Desktop Protocol
RDP
Remote Desktop Protocol MSFTs protocol for operation remote connections to a Windows machine
RPC
Remote Procedure Call
Which is a set of rules that defines which connections to a network are accepted or rejected?
Remote access policy
What is a secure router configuration?
Remotely connecting to a server or computer, SSH can be used to provide highly encrypted and secure connections.
Your network has servers that are configured as member servers in a Windows Active Directory domain. You need to minimize the risk of unauthorized persons logging on locally to the servers. The solution should have minimal impact on local management and administration and should not limit administrator access. What should you do? (Choose two.)
Rename default accounts, require strong passwords
Shiva Password Authentication Protocol
Replaced PAP; encrypts username and password when transmitted to authentication server
WPA Wi-Fi Protected Access
Replaced WEP as a wireless security protocol without replacing hardware. Superseded by WPA2
Protected Extensible Authentication Protocol
Replaces LEAP; has native Windows support; establishes encrypted channel between server and client
TCP/IP Transmission control protocol/internet protocol
Represents the full suite of protocols
Users occasionally need to take files with them to remote locations. You need to minimize the risk that the data might be comprised. Employees are required to provide their own devices. You want to keep the cost incurred by the employess to a minimum. What should you do?
Require data encryption
Multi-Factor Authentication
Requires 2 or 3 Types Something You Know and Something You Have Something You Know and Something You Are NOT Something You Know and Something Else You Know
Wi-Fi Protected Access 2
Requires CCMP with 128-bit AES encryption and a 48-bit IV
Static Routers
Requires an admin to manually configure routers between each network
What is EAL 3?
Requires conscientious development efforts to provide moderate levels of security.
Gramm-Leach-Bliley Act
Requires financial institutions to notify customers that they are entitled to privacy
What is EAL 2?
Requires good design practice from product developers.
Mandatory Vacation Policy
Requires users to take time away from work; reduces fraud, improves productivity and morale
ARP Address Resolution Protocol
Resolves IP address to MAC addresses. ARP poisoning attacks can redirect traffic through an attacker's system by sending false MAC address updates. VLAN segregation helps prevent the scope of ARP poisoning attacks within a network
Application-Aware Device
Responds to and prioritizes traffic based on its content
Remote Access Server Security
Restrict Access to particular users or groups Restrict Access at certain times Enforce Strong Authentication Restrict privileges on the local network Log and audit logons and attempted logons Using callback for dial up access
What is the most accurate form of biometric authentication in common use?
Retinal scan
Temporal Key Integrity Protocol
Retrofit for WEP; places a 128-bit wrapper around WEP; has been broken
Assessment Types
Risk Threat Vulnerability
Disaster Recovery Plans
Risk and Cost
RBAC
Role Based Access Control Centrally controlled: client server Resource access and usage is defined by admins
Employees in HR need access to personel info, ops employees need access to production data, which of the following access control models would be MOST appropriate?
Role Based Access Control (RBAC)
What does RBAC stand for?
Role-based access control
RRAS
Routing and Remote Access Services; replaced RAS
ASP.NET
Runs on IIS
Host-Based IDS
Runs the IDS on a host computer system; can read memory, unlike NIDS
What protocol is used to encrypt e-mail messages for transmission and delivery?
S/MIME (Secure/Multipurpose Internet Mail Extensions)
PORT TCP 22
SCP
A network protocol for secure file transfer over Secure Shell (SSH) is called
SFTP
PORT TCP 22
SFTP
What is the encrypted version of FTP?
SFTP
What is designed to perform one-way encryption?
SHA
Which of the following is designed to perform one-way encryption? SHA AES RSA DES
SHA
Secure Hash Algorithm
SHA-2 most popular; 160-bit hash value; no issues
An agreement between a service provider and the user(s) defining the nature, availability, quality, and scope of the service to be provided is known as: SLE BPA SLA DLP
SLA
Port 25
SMTP (Email Server)
PORT TCP 465
SMTP SSL/TLS
UDP 161
SNMP
Which of the protocols listed below is used in network management systems for monitoring network-attached devices? RTP SNMP IMAP RTCP
SNMP (Simple Network Management Protocol)
A group that consists of SNMP devices and one or more SNMP managers is known as: SNMP trap Network Management System (NMS) SNMP community Management Information Base (MIB) Intranet
SNMP community
IDP 162
SNMP trap
Proximity/Location
SOMEWHERE You Are
PORT TCP 22
SSH
What protocol allows you to securely manage remote Linux computers?
SSH
Which of the following answers refers to a cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers? Telnet SSH Bcrypt TFTP
SSH
Which of the following protocols was designed as a secure replacement for Telnet?
SSH
SFTP
SSH File Transport Protocol
SSH secure shell
SSH encrypts a wide variety of traffic such as a secure fire transfer protocol (SFTP), Telenet and secure copy (SCP. SSH uses port 22
Which of the protocols run(s) on port number 22?
SSH, SCP, SFTP
Unblocking port number 22 enables what type of traffic? (Select all that apply) SSH SFTP FTP SCP FTPS
SSH, SFTP, SCP
A wireless network name is also referred to as:
SSID
Which of the following protocols are used for securing HTTP connections? (Select 2 answers) SCP Telnet SSL TTL SNMP TLS
SSL, TLS
Kerberos
SSO Key Distribution Center (KDC) - Authentication Service is responsible for authenticating user logon requests. Client sends the AS request to the Ticket Granting Service Kerberos is used internally as for an access directory SAML is used externally
A cloud computing infrastructure type where applications are hosted over a network (typically Internet) eliminating the need to install and run the software on the customer's own computers is called: Thick client SaaS Virtualization IaaS
SaaS
RADIUS and TACACS
Scalable authentication protocols Authentication, Authorization, and Accounting are performed by a separate server (AAA server) TACACS is more flexible and reliable
What is Credentialed Vulnerability Scanning?
Scanning tool being used to allow you to provide login credentials to authenticate to the system.
SET
Secure Electronic Transaction
What does SFTP stand for?
Secure File Transfer Protocol
SHA
Secure Hash Algorithm
LDAPS
Secure LDAP; encrypted with SSH/TLS
S/MIME
Secure Multipurpose Internet Mail Extensions; secure version of MIME
What does SSH stand for?
Secure Shell
SSH
Secure Shell Remote Administration Secure File Transfer Secure File Copy Support Port Forwarding - Authentication and Encryption
SSL
Secure Sockets Layer
What does SSL stand for?
Secure Sockets Layer
SSL/TLS
Secure Sockets Layer Transport Layer Security Client Requests connection and supplies information about itself Server selects best available cipher strength and responds with certificate Client checks the certificate then performs session key exchange Client and server establish encrypted communications
SSL VPN
Secure Sockets Layer, or more technically going forward TLS (Transport Layer Security), provides transmission encryption and authentication for application level TCP/IP services such as HTTP. Does not need any special software installed and configuration is simpler Do not extend network to the remote user or entire internet
The SCP protocol is used for
Secure file transfer
EAP-MD5
Secure hash of a user password CANNOT provide mutual authentication Vulnerable to Man In The Middle, Session Hijacking, and Password Cracking Attacks
Criteria For Comparing Encryption Technologies
Security - Bit Strength and Quality Performance - Processing power Cost - Some are free some are not
SAML
Security Assertion Markup Language
SAML
Security Association Markup Language Currently on 2.0 Used on Federated Networks Written in XML Communications are established using HTTP/HTTPS and Simple Object Access Protocol (SOAP)
CC Security Framework For a Security Target (ST) Has the Following components
Security Environment Security Objectives Target of Evaluation (TOE) TOE Security Reqs TOE Sec Specs TOE Implementation
SIEM
Security Information and Event Management Security logging and alerting
Kerckhoffs' Principle
Security of an algorithm should depend on the security of the key, not the security of the algorithm itself (i.e., how it works)
What is a 802.1x secure network?
Security standard used to provide authentication by passing EAP traffic over a wired or wireless network.
What is Bluejacking?
Sending unsolicited messages from a Bluetooth device to other Bluetooth devices.
Password Authentication Protocol
Sends username and password to the authentication server in plain text; no longer used
SCSI Small Computer System Interface
Set of standards used to connect peripherals to computers. Commonly used for SCSI hard disks and/or tape drives
Risk Transference
Share the burden of the risk with a third party (e.g., insurance)
What environmental control is part of TEMPEST compliance?
Shielding
SPAP
Shiva Password Authentication Protocol
AP Access point
Short for wireless access point (WAP). AP;s provide access to a wired network to wireless clients. Many AP's support isolation mode to segment wireless uses from other wireless users
IDS Analysis Engines
Signature Based Behavior Based Anomaly Based
Standard antivirus programs use what kind of monitoring methodology?
Signature based
What type of IDS reports possible attacks when it detects conditions that match the conditions contained in a database of attacks?
Signature based
Terminal Access Controller Access-Control System
Similar to RADIUS; accepts multiple methods for credentials, including Kerberos
SMTP
Simple Mail Transfer Protocol Specifies how mail is delivered from one system to another. Registered on the DNS using a Mail Exchanger (MX) Port 25 Only works on hosts that are permanently available
SNMP Security
Simple Network Management Protocol Framework for managing and monitoring Part of TCP/IP protocol suite
Risk Acceptance
Simply accept risk; risk is known, but cost of other options is greater than damage
PKI Trust Models
Single CA Hierarchical Mesh Bridge Mutual Authentication
Annual Loss Expectancy
Single Loss Expectancy * Annual Rate of Occurance
SPOF
Single Point Of Failure
Password Manager
Single Sign On for applications that do not support other applications
What does SSO stand for?
Single Sign-on
User ID and password is an example of what type of authentication?
Single factor
Which of the terms listed below refers to one of the hardware-related disadvantages of the virtualization technology? Single point of failure Server clustering Privilege escalation Power and cooling costs
Single point of failure
SFA
Single-Factor Authentication
Alert
Slightly below alarm; need to pay attention but not critical
What are Flash cookies?
Small pieces of data stored on a computer by web sites.
Something You Have
Smart Card, FOB
Snapshots
Snapshots are backups that can be used to quickly recover from poor updates, and errors arising from newly installed applications Point in time copy of the data
Vulnerability Scanners
Software Configured with list of known exploits/vulnerabilities Active or Passive Detection Host/OS or Web Application Standards Based Reporting Intrusive vs non-intrusive scanning Credentialed vs non-credentialed scanning Identifying lack of controls and misconfigurations Interpreting Scan Results (OVAL, CVE, SANS Top 20, Bugtraq)
SaaS
Software as a Service
Hybrid Cloud
Some combination of Public, Private, or Community clouds
What is Dumpster Diving?
Someone searching through garbage to try to find any information they could to plan an attack.
Finger Print Scan
Something You Are
Hand Geometry/Retina Scan
Something You Are
Retina Scan
Something You Are
Hardware Token
Something You Have
Password
Something You Know
Pattern/Birthdate
Something You Know
Pin Number
Something You Know
Certificate Server or Key Escrow
Something held independently
Password combined with PIN used as an authentication requirement is an example of: Multi-factor authentication Single Sign-On (SSO) Two-factor authentication Something that the user knows
Something that the user knows
WAP Wireless access point
Sometimes just called an access point (AP). Increasing the power level of a WAP increases the wireless coverage of the WAP. Decreasing the power levels, decreases the coverage. Coverage can also be manipulated by moving or positioning the wireless antenna.
GOST
Soviet symmetric cipher; 256-bit output
Attacker mass mails product info to parties that have already opted out of receiving ads -> Broad Set of Recipients
Spam
SPIM
Spam Over Instant Messaging
SPIT
Spam Over Internet Telephony
SPIM
Spam over instant messaging
STP
Spanning Tree Protocol
What does STP stand for?
Spanning Tree Protocol
AES256 Advanced Encryption Standard
Standard 256 bit. AES sometimes includes the number of bits used in the encryption keys and AES256 uses 256-bit encryption keys.
OpenID
Standard underpinning many of the sign on with features of modern websites
What allows you to configure NAT tables that allow computers on the Internet to initiate connections to hosts on an internal network with private IP address?
Static NAT
SAN
Storage Area Network
What does SAN stand for?
Storage Area Network
Code Escrow
Storage and release of source code by third party in the event of vendor's bankruptcy
SQL
Structured Query Language
Access Controls (ACLs)
Subjects (Users or Software) Objects (Resources such as servers, data) ACLs (Privileges subjects have on Users. White and Black lists) Select the Appropriate Control (Identification vs Authentication vs Authorization AND Accounting)
RC Ron's code or Riverst's Cipher
Symmetric encryption algorithm that includes versions RCS2, RC4, RC5 and RC6. RC4 is a secure stream cipher and RC5 and RC6 are block ciphers
Replication
Synchronous or Asynchronous
An exact copy of the entire state of a computer system is called: System image Restore point Hard copy Digital signature
System image
Which of the following answers refers to a Cisco-proprietary alternative to RADIUS? LDAP Kerberos SAML TACACS+
TACACS+
Port 49
TACACS+ reliability is improved by using TCP over port 49
What portS does DNS use?
TCP 53, UDP 53
Which of the ports listed below is used by TACACS+? UDP port 161 TCP port 49 UDP port 1701 TCP port 110 UDP port 49
TCP port 49
What is a suite of protocols used for connecting hosts on the Internet?
TCP/IP
An attacker exploits a valid session to gain access to a secure network computer. This is an example of what type of attack?
TCP/IP hijacking
Which of the protocols listed below does not provide authentication? FTP TFTP SCP SFTP
TFTP
What is the 3rd step in the Kerberos process?
TGT is presented along with a request for service to the KDS.
Which of the following protocols was introduced to strengthen existing WEP implementations without requiring the replacement of legacy hardware? PEAP TKIP CCMP WPA2
TKIP (Temporal Key Integrity Protocol)
What does LDAP use to provide security?
TLS (Transport Layer Security)
What type of encryption protocols are used by Secure LDAP (LDAPS)? (Select all that apply) TLS UDP SSL IP TCP
TLS, SSL
An algorithm used for computing one-time password from a shared secret key and the current time is known as: HOTP PAP TOTP CHAP
TOTP (Time-based One-time Password)
Risk Mitigation
Take steps to reduce risk
Proxy
Takes the request and checks if it is valid and re-transmit to destination.
What is a Whaling attack?
Targeting single individuals with an upper management position to try to gain personal information. Phishing but targeting people of power
Full Disk Encryption
Technical
Port Security
Technical
Which of the following would be considered a detrimental effect of a virus hoax? (two)
Technical support resources are consumed by increased user calls, and users are tricked into changing the system configuration
Data De-Duplication
Technique to consolidate multiple copies of the same file in a single location
CAPTCHA Completely Automated Public Turing Test to Tell Computers and Humans Apart
Technique used to prevent automated tools from interacting with a web site. Users must type in text, often from a slightly distorted image
What is Intrusive Scanning?
The Scanner attempts to detect a vulnerability by exploiting it.
What is the Purpose of the Computer Fraud and Abuse Act?
The act allows spammers, hackers, and terrorists to be prosecuted.
What is Risk avoidance?
The act of eliminating the cause of the risk altogether.
What is Risk Mitigation?
The act of reducing the factors that cause the risk.
Recovery Point Objective
The amount of data loss that a system can sustain, measured in time
What is the 6th step in the Kerberos process?
The client to server ticket verified (valid), service is granted to the user.
Which of the following problems will MOST likely occur if an HTML-based email has a mislabeled MIME type .exe attachment?
The executable can automatically execute
EAP-TLS
The latest and greatest. Mutual Authentication. An encrypted Transport Layer Security tunnel. Supplicant and Server are configured with certificates.
MTTF Mean time to failure
The length can expect a device to remain in operation before it fails. It is similar to MTBF, but the primary difference is that the MTBF metric indicates you can repair the device after it fails. The MTTF metric indicates that you will not be able to repair and device after it fails
What is Exposure Facture?
The percentage of the assets value that is expected to be lost if a threat occurs.
Recovery Point Objective
The point in time to which the system needs to be restored
SDLM software development life cycle methodology
The practice of using a SDLC when developing applications
What is a OCSP?
The process is used to revoke a certificate before it expires.
What is Bluesnarfing?
The process of accessing a Bluetooth-enabled device without permission.
What is Access Control?
The process of granting or denying user request for accessing specific resources or performing certain activities.
What is least privilege?
The process of only providing enough permission for the user to perform their duties.
What is authentication?
The process of verifying and validating user credentials.
What does Black Box penetration testing mean?
The tester has no prior knowledge of the infrastructure.
What does Grey Box penetration testing mean?
The tester has some knowledge of the internal structure.
Threat Vector
The way in which an attacker poses a threat
Network Attacks
There are no known attacks that go directly to your network
CIA Confidentiality, Integrity and availability
These 3 form the security triad. Confidentiality helps prevent the unauthorized disclosure of data. Integrity provides assurances that data has not been modified, tampered with or corrupted. Availability indicates that data and services are available when needed.
What is an Armored virus type
They are designed to be difficult to analyze
What are Hot and Cold Aisles?
They are environmental control that is used in a server room. Cold Air is produced in front of the devices (Cold) to keep the equipment from overheating (Hot)
What is a Digital signature?
They are used with to verify that a message was sent from a particular person and that it was not altered while it was being delivered.
What is a Companion virus type
They attach themselves to a legitimate program.
What is a Multipartite virus type?
They attack a system using multiple methods
What is a Polymorphic virus type?
They change themselves to avoid detection
What do Anomaly-based IDSs do?
They establish a baseline of daily usage traffic patters, then flag anything that deviates from the regular patterns as an intrusion.
What is a Reverse Proxy Server?
They manage specific types of inbound traffic and protect vulnerable servers in a network by listening for requests directed at them from the internet.
What is a Stealth virus type?
They mask themselves to avoid detection
What is a Phage virus type?
They modify other programs
What do Behavior-based IDSs do?
They observe and report the specific network behavior of users, then takes action if it detects any suspicious user activity patterns.
What do Heuristic-based IDSs do?
They observe traffic that enters the network and examines it to determine how it operates using artificial intelligence algorithms. Similar to antivirus software.
What does CCB do?
They oversee change management within an organization to help to ensure that any facility change is required and does not change the scope of the project.
TPM Trusted platform module
This is a hardware chip on the motherboard included on many newer laptops. A TPM includes a unique RSA asymmetric key and it can generate and store other keys used for encryption, decryption and authentication. TPM provides full disk encryption
A path or tool allowing an attacker to gain unauthorized access to a system or network is known as: Backdoor Threat vector Discretionary access Rootkit
Threat vector
Intimidation - Social Engineering
Threats, shouting, or guilt
What does TGT stand for?
Ticket Granting Ticket
TOTP
Time based One time password algorithm
What does TOTP stand for?
Time based One Time Password
Which IPsec mode provides encryption only for the payload (the data part of the packet): Protected Tunnel Transport Safe
Transport
What does TLS stand for?
Transport Layer Security
Mathematical
Trapdoor Function Simple to Perform when all values are known Difficult to reverse when not all values are known
Which type of report is most useful in predicting the possibility of an event occurring for security planning purposes?
Trend report
What does TFTP stand for?
Trivial File Transfer Protocol
What type of malware is often used to facilitate using unsuspecting users' computers to launch DDoS attacks?
Trojan
Backdoor
Troubleshooting/developer hook into system; or, insertion of a program or utility that creates an entrance for an attacker
A digital signature is a hash of a message that uniquely identifies the sender of the message and provides a proof that the message hasn't changed in transit. True or False?
True
In cryptography, the term "key stretching" refers to a mechanism for extending the length of the cryptographic key in order to make it more secure against brute force attacks. True or False?
True
True or false? Penetration testing is a simulated attack on a network.
True
Unlike stream ciphers which process data by encrypting individual bits, block ciphers divide data into separate fragments and encrypt each fragment separately. True or False?
True
VLAN membership can be set through: (Select all that apply) IP address Trunk port Physical Group permissions MAC
Trunk port, physical, MAC
What does TPM stand for?
Trusted Platform Module
Which IPsec mode provides encryption for the entire packet? Tunnel Host-to-host Payload Transport
Tunnel
PPTP point-to-point tunneling protocol
Tunneling protocol used with VPNs PPTP uses TCP port 1723
L2TP layer 2 tunneling protocol
Tunneling protocol used with VPNs. L2TP is commonly used with IPsec (L2TP/IPsec) L2TP uses port 1701
Dual-Homed
Two NICs on same device connecting it to two different networks
Mutual Authentication
Two or more parties authenticate each other
SCADA Supervisory control and data acquisition
Typically industrial control systems within large facilities such as power plants or water treatment facilities. SCADA systems are often contained within isolated networks that do not have access to the internet, but are still protected with redundant and diverse security controls. SCADA systems can be protected with NIPS systems and VLANs
URL hijacking is also referred to as: Banner grabbing Session hijacking Typo squatting DNS poisoning
Typo squatting
Rogue Machine
Unauthorized machine plugged into network
Detective - Control Type
Uncover a violation
What does UTM stand for?
Unified threat management
UPS
Uninterruptible Power Supply
What does UPS stand for?
Uninterruptible Power Supply
SID security identifier
Unique set of numbers and lets used to identify each user and each group in Microsoft environments
UDP
Unreliable, connectionless, best-effort
Spam/SPIT
Unsolicited Emails Can be vector for malware Spit delivered over IM/VOiP
NoSQL
Unstructured Data - Usually surround documents
802.11n
Up to 600 Mbps / 5 and 2.4 GHz
Windows Server Update Services
Update server that works as a proxy. It scans the network to identify clients and determines what updates they require.
Windows Updates
Updates - Widely released fixed for bugs Hotfixes - Patches supplied in response to customer requests Feature Packs - Add new functionality Service Packs - tested collections of updates and hotfixes
Triple-DES
Upgrade to DES that triples the length of the key to 168-bits
Removing Malware
Use AV Software - Automatically Clean - Quarantine (Prevent User Access) - Delete Host File and Restore From Backup Use Vendor Knowledge Base Persistent Rootkits May Require Drive Format and OS Reinstall
Quantum Cryptography
Use Quantum properties as the bases of a cryptosystem
TGS Session Key
Use in communications between the client and Ticket Granting Service
Asymmetric Algorithms
Use separate keys for encryption and decryption: public key and private key
Perfect Forward Security
Used Diffie Hellman key agreement to create session keys without using the server's private key
SQL structured query language
Used by SQL-based databases, such as Microsoft's SQL Server. Websites integrated with a SQL, database are subject to SQL, injection attacks. Input validation with forms and stored procedures help prevent SQL injection attacks. Microsoft's SQL server uses port 1433 by default
XML Extensible markup language
Used by many databases for inputting or exporting data. XML uses formatting rules to describe the data
IP internal protocol
Used for addressing
LAN Manager
Used for local workstation/workgroup logon Username Password Account ID - Challenge then Response - Uses password as key - Weakness is that it is not salted
Acceptable Use Policies
Used for mobile devices between corporations and employees
Point-to-Point Protocol
Used for remote access over a variety of other protocols; uses CHAP for authentication; no data security; implements NCP and LCP
What is a NIDS?
Used to audit, scan, and monitor a network infrastructure for signs of attacks.
PPP point-to-point protocol
Used to create remote access connections
What is an Account Lockout Policy?
Used to determine how many attempts a user has to provide the correct password before his account is locked out.
ICMP internet control message protocol
Used to diagnostics such as a ping. Many DoS attacks use ICMP. It is common to block ICMP at firewalls and routers. If ping fails, but other connectivity to a server succeeds, it indicates that ICMP is blocked.
IPsec internet protocol security
Used to encrypt traffic on the wire and can operate in both tunnel mode and transport mode. It uses tunnel mode for VPN traffic. IPsec is built into IPv6 but can also work with IPv4 and in includes both AH and ESP. AH provides authentication and integrity, and ESP provides confidentiality integrity and authentication. IPsec uses port 500 for IKE with VPN connections.
What is confidentiality security?
Used to ensure that information is not disclosed to unauthorized parties.
URI uniform resource identifier
Used to identify the name of a resource and always includes the protocol such as http://getcertifiedahead.com
What is Accounting?
Used to log network resource consumption based on user activity.
SNMP simple network management protocol
Used to manage network devices such as a routers or switches. SNMP agents report information via notifications known as SNMP traps or SNMP device traps
ARO Annualized rate of occurrence
Used to measure risk with annualized loss expectancy (ALE) and single loss expectancy (SLE). The ARO identifies how many times a loss is expected to occur in a year. The calculation is SLE X ARO=ALE
ALE Annualized loss expectancy
Used to measure risk with annualized rate of occurrence (ARO) and single loss expectancy (SLE). The ALE identifies the total amount of loss expected for a given risk. The calculation is SLE x ARO = ALE
S/MIME Secure/multipurpose internet mail extensions
Used to secure. S/MIME provides confidentiality integrity, authentication and non-repudiation. It can digitally sign and encrypt email including the encryption of email at rest (stored on a drive) and in transit (data sent over the network). It uses RSA
IMPA4 Interne t Message access protocol v4
Used to store email on servers and allow clients to manage their email on the server. IMAP4 uses port 143
TFTP trivial file transfer protocol
Used to transfer small amounts of data with UDP port 69 . In contrast, FTP is used to transfer larger files using TCP ports 20 and 21
FTP file transfer protocol
Used to upload and download files to an FTP server. FTP uses ports 20 and 21. Secure FTP (SFTP) uses SSH for encryption on port 22 FTP secure (FTPS) uses SSL or TLS for encryption.
IKE internet key exchange
Used with IPsec to create a secure channel over port 500 in a VPN tunnel
Infrastructure as a Service
User can provision, deploy, and run, but does not manage or control the underlying cloud infrastructure
Describe discretionary access control (DAC).
User have control over access to data and hardware
What is the 1st step in the Kerberos process?
User provides his credentials and then request a ticket from the KDS.
What is the 5th step in the Kerberos process?
User sends a request to the server service along with the ticket to get access to the service.
Federated Identity
User's identity linked with privileges across business boundaries
Role-Based Access Control
User's role dictates access capabilities; less flexible than Discretionary Access Control, more flexible than Mandatory Access Control
GUI graphical user interface
Users interact with the graphical elements instead of typing in commands from a text interface. Windows is an example of GUI
What vulnerability is created by establishing a network bridge between DSL connection to the Internet and an Ethernet connection to the LAN?
Users on the Internet can access files on the LAN
HMAC-Based One-Time Protocol
Uses Hash Message Authentication Code algorithm
Kerberos
Uses a key distribution center (KDC) to authenticate the principal then issue a ticket granting ticket (TGT) (similar to a token); whenever accessing a service, principal presents KDC with its TGT, TGT then sends principal a service ticket for access to service
Heuristic IDS
Uses algorithms to analyze traffic
What is a Symmetric algorithm?
Uses one key to both encrypt and decrypt a message in the encryption process. RC4 and AES.
What is a Sniffer attack?
Uses protocol analyzers to inspect data as it is transmitted over a network.
What is a Asymmetric Algorithm?
Uses two keys in the encryption process. ECC and RSA.
Digital Envelopes
Using Public Key (Symmetric) and Public Key together
What is an Evil twin attack?
Using a laptop as a wireless access point, it involves an attacker installing a rogue access point on a laptop to have others connect to the fake access point.
Which of the following terms refers to a logical grouping of computers that allow computer hosts to act as if they were attached to the same broadcast domain, regardless of their physical location? Honeynet Virtual Private Network (VPN) Demilitarized Zone (DMZ) Virtual Local Area Network (VLAN) SNMP community
VLAN
What does VTP stand for?
VLAN Trunking Protocol
Single Loss Expectancy
Value of Asset * Exposure Factor
Platform as a Service
Vendor allows apps to be created and run on their infrastructure; user can deploy, but they do not manage or control the underlying infrastructure
What is a registration authority (RA)?
Verifies user requests (for digital certificates in a PKI system)
CAST
Very fast and efficient algorithm that uses 40- to 128-bit keys; used in some Microsoft and IBM products
What is the best environment for testing software for malware in terms of risk and effort to recover the system?
Virtual
What does VDI stand for?
Virtual Desktop Infrastructure
What does VLAN stand for?
Virtual Local Area Network
VLAN
Virtual Local Area Network; allows you to segment groups of users and systems on the network; reduces size of broadcast domains; can segment network into different levels of data sensitivity
VPN
Virtual Private Network
What does VPN stand for?
Virtual Private Network
VPN
Virtual Private Network A type of tunneling. Going through an unsecured network to make it secure.
VDI virtualization desktop infrastructures
Virtualization software designed to reproduce a desktop operating system as a virtual machine on a remote server
What does VoIP stand for?
Voice over IP
RAM random access memory
Volatile memory within a computer that holds active processes, data and applications. Data in RAM is lost when the computer is turned off. Inspection of RAM can discover hooked processes from rootkins. Memory forensics analyzes data in RAM
Open Web Application Security Project
Voluntary group that forms secure coding practices for web-based, mobile, and back-end applications
Which of the following answers lists an example method for passive test of security controls? Tabletop exercises Pentest Vulnerability scan War chalking
Vulnerability scan
You are preparing to perform vulnerability analysis on a network. Which tools require a computer with a network adapter that can be placed in promiscuous mode? (Pick two)
Vulnerability scanner, Port scanner
Zero Day Attack
Vulnerability that has not been reported or fixed
Unencrypted Protocols
Vulnerable to -Eavesdropping -Replay -Session Hijacking
Which of the wireless security protocols listed below has been deprecated in favor of newer standards due to known vulnerabilities? PEAP CCMP WPA2 WEP
WEP
Which wireless protocol uses the pre-shared key (PSK) to encrypt data?
WEP
Wireless Packet Sniffing
WLANS are subject to data emanation or signal leakage
Which of the following wireless encryption schemes offers the highest level of protection? WEP WPA2 WAP WPA
WPA2
Which of the following solutions simplifies configuration of new wireless networks by providing non-technical users with a capability to easily configure network security settings and add new devices to an existing network? WPA WPS WEP WAP
WPS (Wi-Fi Protected Setup)
Which of the following wireless security features are not recommended and should not be used due to their known vulnerabilities? (Select 2 answers) WPS WAP WPA2 WAF WEP
WPS, WEP
What can you prevent when you deploy wireless devices inside a TEMPEST-certified building?
War driving
Which of the answers listed below refers to wireless site survey? Bluejacking Spear phishing War driving Shoulder surfing
War driving
Deterrent - Control Type
Warn a would-be attacker about consequences
Which (2) of the answers listed below refers to a Wi-Fi Protected Setup (WPS) exploit? Smurf attack Watering hole attack PIN recovery Birthday attack URL hijacking
Watering hole attack, pin recovery
WAF
Web Application Firewall
Web Proxies
Web Security Gateways Prevent viruses or Trojans infecting computers from the internet, block spam, and restrict web use to authorized sites
You have a server that hosts several different XML Web services. You need to install a device that can mitigate the risk of the Web server being attacked through data sent in a request. What should you use?
Web application firewall
-Internet assigned numbers authority (IANA) numbering
Well-Known (0-1024) Registered (49,151) Ephemeral
What is a Buffer Overflow Attack?
When an applications buffer is overloaded allowing access to other memory.
What is a buffer overflow attack
When an applications buffer is overloaded to allow access to other memory, not designated for the application, or crash the application altogether.
What is a replay attack?
When an attacker is repeating code in order to gain credits.
What is privilege escalation?
When attackers exploit a design flaw resulting in users being able to obtain a higher privilege level than intended.
What is Acceptance in terms of risk?
When no solution is implemented to protect an asset from the threat.
When should a users account be removed?
When the User will be permanently gone from the company, such as termination.
What is a time of day restriction?
When you configure settings on a user account that will allow them to only log on to the network during a specific time period.
What reason should a users lockout threshold be set to zero?
When you do not wish for the account to be locked in the event of failed password attempts.
When should a users account be disabled?
Whenever a user leaves a company for an extended period of time, such as maternity leave.
Given Username and Password with Job Title
White Box
What type of testing should you use to determine ways your network might be attacked by a malicious insider with detailed knowledge of your infrastructure?
White box
WPA
Wi-Fi Protected Access More secure than WEP. Adds ability to authenticate to a network using the 802.1X security model. Uses RC4 but also uses TKIP (Temporal Key Integrity Protocol)
WPA
Wi-Fi Protected Access; uses RC4 encryption with TKIP
WPS
Wi-Fi Protected Setup
WPS
Wi-Fi Protected Setup Vulnerable to brute force attack
What does WPA Stand for?
WiFi protected Access
Group Policy
Will be an answer on the test Means of applying security settings across a range of computers Security Templates provide basis for Group Policies
Attacker Gains Confidential Company Information -> Targeting CEO and Board Members
Willing
NTLM
Windows authentication protocol; uses MD4 and MD5
What does WEP stand for?
Wired Equivalent Privacy
WEP
Wired Equivalent Privacy RC4 Cipher Subject to attacks: -Brute force -Not Encrypted
WEP
Wired Equivalent Protocol
What does WPA stand for?
Wireless Access Point
What does WAP stand for?
Wireless Access Points
WIDS or WIPS
Wireless Intrusion Detection System Wireless Intrusion Prevention System
TKIP temporal key integrity protocol
Wireless security protocol introduced to address the problems with WEP, TKIP was used with WPA but many implementation of WPA now support CCMP
The term "Trusted OS" refers to an operating system: Admitted to a network through NAC Implementing patch management That has been authenticated on the network With enhanced security features
With enhanced security features
Type A Fire Extinguisher
Wood or paper fires; uses water or chemical
What is an ARP spoofing attack?
Work by using a fake MAC address to make it appear that the data was sent by another host.
What is a Hybrid Attack?
Works by combining multiple types of password guessing attacks, generally working by using dictionaries of commonly used passwords along with mutation rules.
Buffer Overflow
Writes more data into a memory location or buffer than can be held
LDAP
X.500 Lightweight Directory Access Protocol Provides no security and all transmissions are in plaintext
You discover attempts to comprise your Web site. The attacks are based on commands sent from authenticated users' Web browser to the Web site. The commands execute at the user's permission level. Users who have been contacted had no idea that the commands were being sent from their computers. What kind of attack does this represent?
XSRF (Cross-site request forgery or CSRF)
What type of attack can input filters prevent?
XSS (cross-site scripting)
What does the Zero Day mean?
Zero day refers to a new vulnerability or exploit that has not be discovered.
MAN Metropolitan area network
a computer network that spans a metropolitan area such as a city or a large campus
RA recovery agent
a designated individual who can recover or restore cryptographic keys. In the context of PKI a recovery agent can recover private keys to access encrypted data
SSD solid state drive
a drive used in place of a traditional hard drive. An SSD has no moving parts, but instead stores the contents as nonvolatile memory. SSDs are much quicker than traditional drives.
NTFS New technology file system
a file system used in Microsoft operating systems that proves security. NTFS uses the DAC model
IRC Internet relay chat
a form of real-time internet text messaging often used with chat sessions. Some botnets have used IRC channels to control zombie computers through a command and control server.
IRT internet Response Team
a group of experts that respond to security incidents. Also known as CERT, CIRT or SIRT
SIRT security incident response team
a group of experts that respond to security incidents. Also known as a CERT, CERT or IRT
NFC Near field communication
a group of standards used on mobile devices that allow them to communicate with other nearby mobile devices. Many credit card readers support payments using NFC technologies with a smartphone
APT advanced persistent threat
a group that has both the capability and targeted attacks
PBKDF2 password-based key derivation function 2
a key stretching technique that adds additional bits to a password as a salt. This method helps prevent brute force and rainbow table attacks Bcrypt is similar key stretching technique
VSAN virtual storage area network
a lower-cost alternative traditional SANs
TSIG transaction signature
a method of securely providing updates to DNS with the user of authentication
UEFI unified extensible firmware interface
a method used to boot some systems and intended to replace basic input/output system (BIOS) firmware
LEAP lightweight extensible authentication protocol
a modified version of the challenge handshake authentication protocol (CHAP) created by Cisco
PAN personal area network
a network of devices close to a single person
Personal Identification number
a number known by a user and entered for authentication. PINs are often combined with smart cards to provide two-factor authentication
ROI Return of investment or return on investment
a performance measure used to identify when an investment provides a positive benefit to the investor. It is sometimes considered when evaluating the purchase of new security controls
RC4 rivest cipher 4
a popular stream cipher. RC4 was implemented incorrectly in WEP causing vulnerabilities. A rare spelling for RC4 is RSA variable Key size encryption algorithm
802.1x
a port-based authentications protocol. Wireless can use 802.1X. For example, WPA2-Enterprise mode uses an 802.1x server (implemented as a radius server) to add authentication
RPO Recovery Point Objective
a recovery point objective identifies a point in time where data loss is acceptable. it is related to the RTO and the BIA often includes both RTO's and RPO's
SIEM security information and even management
a security system that attempts to look at security events throughout the organization
SIM subscriber identify module
a small smart card that contains programming and information for small devices such as cell phones
API Application programming interface
a software module or component that identifies inputs and outputs for an application
PBX Private branch exchange
a telephone switch used to telephone calls
GRE generic routing encapsulation
a tunneling protocol developed by Cisco Systems
SSTP secure socket tunneling protocol
a tunneling protocol that encrypts VPN traffic using SSL over port 443
What is the MOST significant flaw in pretty good privacy (PGP) authentication?
a user must trust the public key that is received.
What is a VoIP?
a voice over data implementation in which voice signals are transmitted in real or near-real time over IP networks.
MAC mandatory access control
access control model that uses sensitivity labels assigned to objects (files and folders) and subjects (users). SELunix (deployed in both Linux and UNIX platforms) is a trusted operating systems platform using the MAC model. Other access control models are DAC and RBAC
URL universal resource locator
address used to access web resources, such as http://getcertificatdgetahead.com. Pop up blockers can include URLs of sites where pop-ups are allowed
WPS Wi-Fi protected setup
allowed users to easly configure a wireless network, often by using only a pin. WPS brute force attacks can discover the PIN
HIDS Host-based intrusion detection system
an IDS used to monitor an individual server or workstation. It protects local resources on the host such as the operating system files
SPOF single point of failure
an SPOF is any component whose failure results in the failures of an entire system. Elements such as RAID failover clustering, UPS, and generators remove many single points of failure
SAML security assertions markup language
an XML-based standard used to exchange authentication and authorization information between different parties. SAML provides SSO for web-based applications
SLA Service level agreement
an agreement between company and a vendor that stipulates performance expectations such as minimum uptime and maximum downtime levels
What is a HOTP?
an algorithm that uses a counter based synchronous token device consisting of a base secret key and an internal counter inserted by a system administrator.
MBR master boot record
an area on a hard disk in its first sector. When the BIOS boots a system, it looks at the MBR for instructions and information on how to boot the disk and load the operating system. Some malware tries to hide here.
RSA
an asymmetric algorithm used to encrypt data and digitally sign transmissions. it is named after it creators rivest shamir and adleman and RSA is also the name of the company they founded together. RSA relies on the mathematical properties of prime numbers when creating public and private keys
SFTP secure FTP
an extension of secure shell (SSH) using SSH to transmit the files in an encrypted format. SFTP transmits data using port 22
RSTP Rapid spanning tree protocol
an improvement over stp. STP and RSTP protocols are enabled on most switches and protect against switching loops, such as those caused when two ports of a switch are connected together
When should you perform a penetration test on your network?
assess detection and alert effectiveness
PKI is based on which of the following types of encryption?
asymmetric
Disabling certain system functions or shutting down the system when risks are identified is an example of: Risk acceptance Risk avoidance Risk transference Risk deterrence
avoidance
What is TFTP commonly used for?
boot loader (TFTP is commonly used as a boot loader to boot devices over a network, ie to allow a machine to bring down an image remotely)
To preserve evidence for later user in court, which of the following needs to be documented?
chain of custody
Describe an SSL and TLS connection?
client and server negotiate the algorithms that will be used
RAT remote access tool
commonly used by APTs and other attackers. A RAT gives an attacker full control over a user's system from a remote location over the internet
What is a trusted OS?
data cannot be altered or moved, access rights are required to view data
What does an inline all-in-one security device do?
deep packet inspection and malware scanning of incoming email (can also be a single point of failure to a network)
A computer configured as a router protects your network from the Internet. You discover that the router has been reconfigured. How might an attacker have gained access to the router? (Pick two)
default account, rootkit
What is the security risk inherent in dedicated routers?
default user accounts
What type of risk management strategy is in place when accessing the network involves a login banner warning designed to inform potential attacker of the likelihood of getting caught? Risk avoidance Risk acceptance Risk deterrence Risk transference
deterrence
In a key escrow scheme, what key is sent to the third party for storage?
encryption key (to decrypt a private key file)
What is Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)?
encryption that uses AES on WPA2 (networks to provide confidentiality and message integrity)
You want to be able to identify changes in activity in critical Windows servers that might identify attempts to compromise the server or its data. You have installed antivirus software on the server and have locked down server configurations. What should you do next?
establish a performance baseline for each server
What can you use to reveal both known and unknown attacks without affecting normal operations?
firewall log analysis
GPG GNU privacy guard (GPG)
free software that is based on the OpenPGP standard. It is similar to PGP but avoids any conflict with existing licensing by using open standards
PK1 public key infrastructure
group of technologies used to request create manage store distribute and revoke digital certificates. Certificates are an important part of asymmetric encryption. Certificates include public keys along with details on the owner of the certificate and on the CA that issued the certificate. Certificate owners share their public key by sharing a copy of certificate
You are deploying an application server on your network. You need to control the types of traffic into and out of the server. You want to keep the effort and network changes necessary to implement and manage this to a minimum. What should you do?
host based firewall
HIPS
host intrusion prevention system (HIPS), for example, looks for anomalies, such as deviations in bandwidth, protocols and ports
A networking standard for linking data storage devices over an IP network is known as
iSCSI
Which of the protocols listed below facilitate(s) communication between SAN devices? (Select all that apply) SCSI MTBF iSCSI MTTF FCoE
iSCSI, FCoE
When is it appropriate to use vulnerability scanning to identify potential holes in a security design?
identify known security risks and actions
You are developing a Web application that will be accessible to the public. Users will be entering data that will be visible to other users. You want to design the application to minimize the possibility of cross-site scripting (XSS). What should you do?
implement user input filters
What is a Proxy server?
intermediary between a host and a computer hosting another service.
You need to restrict the Web sites that network users can visit. Users connect to the Internet through a perimeter network. What should you do?
internet content filter
You are determining environmental control requirements for a data center that will contain several computers? What is the role of an HVAC system in this environment? (Choose two.)
isolation in case of a fire, humidity levels
The Diffie-Hellman encryption algorithm relies on what being exchanged?
keys
HTML hypertext markup language
language used to create web pages served on the internet. HTML documents are displayed by web browsers and delivered over the internet using HTTP or HTTPS. It uses less than and greater than characters (< and >) to create tags. Many sites use input validation to block these tags and prevent cross-site scripting attacks
What can you use to determine if a newly developed software has any security issues relating to the operating system, network services or development code?
malware scan
The process of predicting threats and vulnerabilities to asses is known as threat...
modeling
SEH structured exception handler
module within an application that handles errors or exceptions. It prevents applications from crashing or responding to events that can be exploited by attackers
M-of-N Control
n Number of admins permitted to access the system, m must be present for access to be granted. m must be greater than 1 and n must be greater than m.
Which of the following types of IDS should be implemented to monitor traffic on a switch?
network based passive and network based active
What freeware forensic tools are used to capture packet traffic from a network?
nmap
Which of the following would be achieved by using encryption? (three)
non-repudiation, confidentiality, and integrity
Why should you require the sender to digitally sign sensitive e-mail message? (Pick two)
non-repudiation, validation
What is a limitation of using a CRL to determine whether or not a certificate is valid?
not real time
How many security associations are there in an IPSec encrypted session for each direction?
one
How many keys are required for a symmetric cryptosystem?
one to encrypt and decrypt
When is vulnerability scanning used?
passively scan for issues without testing ability to identify or respond
What is the best way to determine if users are selecting strong passwords?
password cracker
How should you test a network's ability to detect and respond to a DoS attack against applications running on web servers?
penetration testing
STP Spanning tree protocol
protocol enabled on most switches that protects against switching loops. A switching loop can be caused if two ports of a switch care connected together, such as those caused when two ports of a switch are connected together.
In what situation is a key escrow arrangment used?
provide decryption keys to a third party as needed
Which key is used to encrypt data in an asymmetric encryption system?
recipient's public key
What is ARP poisining?
redirect an IP to another MAC (An attack where someone with access to a network redirects an IP address to the MAC address of a computer that is not the intended recipient)
Jamming
reducing signal quality until it becomes unusable or disconnects occur
PTZ pan tilt zoom
refers to cameras that can pan (move left and right) tilt (move up and down) and zoom to get a closer or a wide view
How can you reduce shell injection privelage escalation attacks on a server application?
run the application with minimum permissions
What does it mean if a computer is listening on port 80?
running server software.
What is a practical application of a content filter?
scan outgoing email for credit card numbers or SSNs to block or quarantine
What is the best way to prevent cross-site request forgery (XSRF) attacks?
secure user specific tokens for form submissions
You are configuring antispam software for network computers. What should you have antispam software do when it identifies an e-mail as spam?
send to a seperate folder
Which of the following access decisions are based on a Mandatory Access Control (MAC) environment?
sensitivity labels
In Kerberos, what does the client computer present as authentication to the server that contains a resource?
session ticket
Describe how M of N works to recover a private key.
set number of key operators, certain required to recover
Which of the following types of IDS uses known patterns to detect malicious activity?
signature based
TOTP Time-based one-time password
similar to HOTP, but it uses a timestamp instead of a counter. One-time passwords created with TOTP expire after 30 seconds
PED personal electronic device
small devices such as cell telephones, radios CD players, DVD players, video cameras and MP3 players
virtualization
software to emulate hardware
All of the following types of attacks can be detected by an IDS EXCEPT:
spoofed email
What are the dangers of virus hoaxes? (Pick two)
spread, malicious instructions (Users spread them by forwarding them and overburden e-mail systems. Also, the message includes instructions to do something damaging)
What is fuzzing?
test vulnerabilities using random user input (in applications and noting the crashes and failures)
Data Handling
the process of managing information over its lifecycle
Which of the following is often misused by spyware to collect and report a user's activities?
tracking cookie
Contracting out a specialized technical component when the company's employees lack the necessary skills is an example of: Risk deterrence Risk avoidance Risk acceptance Risk transference
transference
UDP user datagram protocol
used instead of TCP when guaranteed delivery of each packet is not necessary. UDP uses a best-effort delivery mechanism
RDP remote desktop protocol
used to connect to remote systems. Microsoft uses RDP in different services such as a remote desktop services and remote assistance RDP uses either port TCP 3389 or UDP 3389
SSL secure sockets layer
used to encrypt traffic on the wire. SSL is used with HTTPS too encrypt HTTP traffic on the internet using both symmetric and asymmetric encryption algorithms. SSL uses port 443 when encryption HTTPS traffic
TLS transport layer security
used to encrypt traffic on the wire. TLS is the replacement for SSL and like SSL, it uses certificates issued by CA's PEAP-TLS uses TLS to encrypt the authentication process and PEAP-TLS requires a CA to issue certificates
SLE single loss expectancy
used to measure risk with annualized loss expectancy (ALE) and annualized rate of occurrence (ARO). The SLE identifies the expected dollar amount for a single event resulting in a loss. The calculation is SEL x ARO=ALE
What is a KDC?
used to store, maintain, and distribute session keys.
SMTP Simple mail transfer protocol
used to transfer email between clients and servers and between email servers and other email servers. SMPT uses port 25
POP3 post office protocol v3
used to transfer email from mail servers to clients (POP3) uses port 110
TGT ticket granting ticket
used with Kerberos a KDC (or TGT server) issues time stamped tickets that explore after certain time period.
How do you prevent attacks from buffer overflows?
user input validation (to prevent script injection.)
Your Web site has been the repeated target of cross-site request forgery (XSRF) attacks. You want to try to prevent these from occurring. What should you do?
user specific token for form submissions
What security does digitally signing email addresses provide? (2)
validation, non-repudiation (informs if a document has been changed after signing)
Which statement best describes hashing?
variable length input to fixed length string
MITRE and CERT are...
virus and malware cataloging organizations
POTS plain old telephone service.
voice grade telephone service available
An optimal WAP antenna placement provides a countermeasure against: (Select 2 answers) War chalking Tailgating War driving Shoulder surfing Site survey
war driving, site survey
What web security device could a company install to prevent users from downloading inappropriate content?
web security gateway