sec +

Antivirus Resistence

*Key word is morphic* -Stealth -Modification -Armor -Retrovirus -Slow and Sparse infectors -Metamorphic -Polymorphic

Trojans

-A malicious program concealed within a benign one -Many are designed to provide covert surveillance or control of infected host

ARP Attacks

-Address Resolution Protocol (Sits on switch) -Maps IPv4 addresses to hardware (MAC) interfaces -ARP Poisoning - Dsniff, Ettercap, Cain and Abel -MAC Flooding

AES

-Advanced Encryption Standard -Block Sipher -128 bits and key size of 128, 192, or 256 bits -Best encryption

Spyware

-Allows attacker to record system configuration and user actions -Key Logging, screenshots, remote logging -Pretty bad

Preventing Malware

-Backups -Apply OS/Application Patches -Install Malware Protection Software (Update regularly, configure to run on-access, filter email/IM/websites) -Restrict system privileges -Educate Users -Audit/Continuous Monitoring -Keep up-to-date with threats

Man in the Middle

-Eavesdropping -Intercept Packets (Without sender or receiver knowing) -Can monitor contents of packets (unless encrypted) -Could modify packets and send on

802.11b

1 1 Mbps (5.5, 2, and 1 fallback) / 2.4 GHz

802.11

1 or 2 Mbps / 2.4 GHz

Three Control Types

1) Management 2) Operational 3) Technical

Hashing Algorithms

1) Must be one-way 2) Variable-length input produces fixed-length output 3) Algorithm must have few or no collisions

Vulnerability Scan Tasks

1) Passively Test Security Controls 2) Interpret Results 3) Identify Vulnerabilities 4) Identify Lack of Security Controls 5) Identify Common Misconfigurations

Cloud Computing Concerns

1) Regulatory Compliance 2) User Privileges 3) Data Integration/Segregation

What is the order of volatility from most to least?

1. CPU Cache 2. Memory 3. Temporary File System 4. Hard Drive 5. Physical configuration 6. Archival media

POP Port

110

An SNMP Agent receives requests on UDP port: 161 138 162 139

161

L2F Port

1701

What firewall ports are used to transmit clear text data?

20, 21, 69

Which TCP port is used by SMTP?

25

CIO Chief Information Officer

A "C" level executive position in some organizations. A CIO focuses on using methods within the organization to answer relevant questions and solve problems

CTO Chief technology officer

A "C" level executive position in some organizations. CTOs focus on the technology and evaluate new technologies

What is a TLS?

A cryptographic protocols used to secure data transmission over the Internet.

What is a VDI?

A form of desktop virtualization that allows you to host multiple users desktop environments on a central server.

PAT Port address translation

A form of network address translation

What is a PAP?

A method of authentication that uses passwords, presented in plaintext, to authenticate.

CSR Control Status Register

A register in a processor used for temporary storage of data

SAN storage area network

A specialized network of high-speed storage devices

What does SCADA do?

A system commonly found in energy and oil plants that analyzes real time data which is used to control plant or industrial equipment.

OLA open license agreement

A volume licensing agreement allowing an organization to install software on multiple systems

Digital Certificate

A wrapper for a subject's public key

EMI shielding protects the transferred data from: (Select all that apply) A Outside interference B Phishing C Eavesdropping D Decryption F Bluesnarfing

A, C

Port 1812

AAA Server using UDP on Port 1812

AAA Authentication Authorization and Accounting

AAA protocols are used in a remote access systems. For example TACACS+ is an AAA protocol that uses multiple challenges and responses during a session. Authentication verifies a uses identification. Authorization determines if a user should have access. Accounting tracks a user's access with logs

Which DNS record is used to identify an IPv6 host?

AAAA

Port Scanners

Active Fingerprinting netstat Prove ports Xmas attack Open connections Block scans at firewalls or with Intrusion Detection System

Which security goal is compromised by a DDoS attack?

Availability

BIND Berkeley Internet Name Domain

BIND is DNS software that runs Linux and Unix servers. Most Internet-based replacement for BIOS

Compensating - Control Type

Backup controls once other controls fail

BPO

Blanket Purchase Order

SAN

Block level access Storage Area Network Difficult to manage

Birthday Attack

Brute force attack aimed at exploiting collisions in hash functions

A temporary area of memory allocated with a fixed size for holding data while it's waiting to be transferred to another location is known as: Cache Header Local Shared Object (LSO) Buffer

Buffer

What is RADIUS vulnerable to?

Buffer overflow attacks

BCP

Business Continuity Planning

BIA

Business Impact Analysis

Hardware-based RAID Level 0: (Select 2 answers) A Offers redundancy B Requires at least three drives to implement C Doesn't offer fault tolerance D Requires at least two drives to implement E Offers fault tolerance

C, D

AES-based encryption mode implemented in WPA2 is known as: CCMP TPM TKIP MTBF

CCMP

Hardware Security

Cable Locks Lockable Cabinets Device Locks Safes Protected Distribution

Host Security Management Plan

Central Plank in ensuring a secure, efficient, and well defined network

Centralized or Decentralized Key Management

Centralized - One Admin controls keys Decentralized - Each User controls keys

CA

Certificate Authority

What does CA stand for?

Certificate Authority

Administrative - Control Type

Comes down through policies, procedures, and guidelines

UNIX and Linux

Command line/text config file oriented Linux is based off of UNIX Linux versions: SUSE, Red Hat, Madriva

Registration Authorities

Complete identity checking and submit CSRS

Password Protection

Complexity Rules -Length -Character Combinations -Age User Practice -Remembering Passwords -Storing/Writing Down Passwords

Transitive Access

Compromise Trust relationships between sites

DNS Spoofing

Compromising victim's DNS server

Router

Connects multiple networks and routes packets from one network to another Work at Network Layer Fault Tolerant

What is rule-based management?

Consists of configuring rules on devices, such as routers and firewalls, which allow or deny traffic.

Bot-herder

Controls a botnet

Scarcity - Social Engineering

Convince someone that there is a limited quantity of something

ARP Poisoning

Corrupts MAC to IP correlations in a router to spoof or redirect traffic

Service Level Agreement

Defines services that will be provided

CCTV and Motion Detection

Detective Measure

Flood Guards

Detects attempts to open connections maliciously

Behavior-Based-Detection IDS

Detects variation in behavior

What does DACL stand for?

Discretionary Access Control list

Type C Fire Extinguisher

Electrical; Nonconductive chemicals

White Hats

Ethical Hackers. Probably paid internally.

Hoax

Fake Antivirus Cause Unnecessary Support Calls Use Vendor Sites to identify Malware

Block ciphers work by encrypting each plaintext digit one at a time. True or False?

False

The biggest advantage of public cloud is that all services provided through this type of cloud computing service model are offered free of charge. True or False?

False

FERPA

Family Educational Rights and Privacy Act

IT Contingency Planning

Fault Tolerance allowed

Type of Threats

Hackers, Crackers, Black Hats, White Hats, Script Kitties External Threats

Types of Encryption Technologies

Hash Asymmetric - One Key Symmetric - Sharing the same key

Network-Based IDS

IDS attaches to a point in the network where it can monitor traffic

802.11i

Implements WPA2

Security Audit

In-depth check of security

What is an Antivirus program?

Its a security tool used to protect devices from viruses.

Joe takes a message and sends it over to Ann.

Joe encrypts the plaintext with anns public key and send it over so she can decrypt it using her private key

JFS

Journaled File System

What is the 2nd step in the Kerberos process?

KDS will verify the credentials, if good a TGT is issued.

UDP 1701

L2TP

PORT TCP 389

LDAP

What authentication protocol provides access to directory server services?

LDAP (Lightweight Directory Access Protocol)

PORT TCP 636

LDAP/SSL

Switches

Layer 2 (Data Link Layer) and Layer 3 (Network Layer)

L2F

Layer 2 Forwarding; created by Cisco; similar to PPP; should not be used over WANs; authentication, but no encryption

What hash algorithm is used by common implementations of CHAP?

MD5

What two types of encryption are used in smartcards?

MD5, RSA

Hypervisor

Manages Guest VMs -Hardware system resources -Disk images and snapshots -Networking -Security/Sandboxing

What is Chalking?

Marking buildings with unsecured wireless networks, done by war drivers notifying other war drivers that there is an unsecured wireless network in a building.

Remote Authentication Dial-In User Service

Mechanism for authentication of remote network connections; centrally managed on a single server; single point of failure

MOU

Memorandum of Understanding

Phage Virus

Modifies and alters other programs and databases

CAC

Multi-Factor Authenication

What name table is called on by nbstat -a test11406?

NetBIOS over TCP/IP (nbstat)

PORT TCP 139

NetBios

UDP 138

NetBios

Digital Signatures

Non-Repudiation Message Integrity

Directory Traversal

Obtain access to host OS file system or shell If it has a v in it

What is Session Hijacking?

Occurs when a malicious user obtains access to another users active computer session to gain unauthorized access to computer services.

LANMAN

Old Microsoft protocol for authentication; replaced by NTLM

What does PCI DSS stand for?

Payment Card industry Data Security Standard

Attacker redirects name resolution entries from legitimate site to fraud site -> Victims

Pharming

Threat

Potential for a threat agent Path or tool used by the threat actor

PGP

Pretty Good Privacy; freeware email encryption system

Nonrepudiation

Prevents a party from denying actions they carried out

Key Recovery Agents

Process for backing up keys and/or recovering them

Full Disk Encryption

Processing overhead BitLocker, TrueCrypt

Screen Lock

Protected by password

Authentication

Proves a User or Process is who it claims to be Something you know - Password, Pin, PII

Business Continuity Concepts

Provide systems that are high availability and fault tolerant Provide backup mechanisms and resources

Public Cloud

Provider offers to public; usually a pay-as-you-go model

Wired Equivalent Protocol

Provides basic security for wireless networks; weakness in RC4 encryption algorithm; initialization vector (IV) short (24-bit), repeated, and is static

Radius Remote authentication dial-in user service

Provides central authentication for remote access clients RADIUS encrypts the password packets and uses UDP. In contrast, TACACS+ encrypts the entire authentication process and uses TCP

NIC Network interface card

Provides connectivity to a network

Assessment of risk probability and its impact based on subjective judgment falls into the category of: Environmental controls Quantitative risk assessment Forensic procedures Qualitative risk assessment

Qualitative

RIPEMED

RACE Integrity Primitives Evaluation Message Digest

Which of the following solutions does not offer fault tolerance? RAID 5 Disk duplexing RAID 0 Disk mirroring RAID 1

RAID 0

RFID radio frequency identification

RFID methods are often used for inventory control

What does RAM stand for?

Random Access memory

Application-Level Proxy

Reads the individual commands of the protocols being served; advanced

Failover

Reconstruct a system or switch to another system when a failure is detected

RPO

Recovery Point Objective

RTO

Recovery Time Objective

TCP

Reliable, 1-to-1, connection-oriented

Virtual Private Networks (VPN)

Remote Access VPN Site to Site VPN

What is EAL 4?

Requires positive security engineering based on good commercial development practices.

ARP

Resolves IPs to MACs

What is the most reliable method for recovering a secure user account?

Restore from backup

RC

Ron's Cipher; family of encryption produced by RSA; currently RC4, RC5, and RC6; RC5 is strong, using a key up to 2048-bits

RIP

Routing Information Protocol

Which of the following solutions provides a single sign-on capability for Web services? MOU OVAL SCADA SAML

SAML (Security Assertion Markup Language)

Which of the answers listed below refers to a control system providing the capability for real-time monitoring and gathering information related to industrial equipment? OVAL SCADA TACACS SCAP

SCADA (Supervisory Control And Data Acquisition)

PORT TCP 25

SMTP

Familiarity/Liking - Social Engineering

Same interests, activities, positive attention

Sandboxing

Sandboxing is the process of isolating a system before installing new applications or patches on it so as to restrict the software from being able to cause harm to production systems.

Input Validation

Send invalid data to the application to try to crash it

Bluejacking

Sending unsolicited messages via Bluetooth

SLA

Service Level Agreement

SLE

Single Loss Expectancy

What does SaaS stand for?

Software as a Service

Pay Portal

Software as a service

NOOP network operation system

Software that runs on a server and enables the server to manage resources on a network

What does SSD stand for?

Solid State Hard Drive

Web Application Firewall

Specifically designed to block threats over HTTP such as: -XSS -SQL Injection -DDoS

ISA Interconnection security agreement

Specifies technical and security requirements for connections between two or more entities. An ISA includes details on planning, establishing maintaining as disconnecting a secure connection between two or more entities

IP Spoofing and TCP/IP Hijacking

Spoofing IP Addresses TCP Hijacking (3-way hijacking, non-blind spoofing, blind spoofing) ICMP Redirect

Buffer Overflow

Stack Overflow Heap Overflow Array Index Overflow

The process of hiding a "secret" message inside an ordinary message or file is known as what?

Steganography

Preventative - Control Type

Stop something from happening

Memorandum of Understanding

Summary of which company is responsible for which portions of work

Flash Cookie

Super cookie

SCADA

Supervisory Control and Data Acquisition

What does SCADA stand for?

Supervisory Control and Data Acquistion

What is a RC4?

Symmetric algorithm that is a stream cipher that mostly supports 64-bit and 128-bit encryption. Common uses for wireless WEP and WPA encryption. Works with key sizes between 40 and 2,048

PORT TCP 49

TACACS+

UDP 69

TFTP

Key Stretching

Take a weak key and make it stronger by lengthening it

Assets

Tangible, Intangible, People, Market Value, Practical Value

What is a UDP attack?

Target a UDP service or maintenance protocol to overload services and perform denial of service attacks. Work by flooding random ports on a target computer with UDP packets.

PORT TCP 23

Telenet

Port number 23 is used by

Telnet

TKIP

Temporal Key Integrity Protocol

What does TKIP stand for?

Temporal Key Integrity Protocol

DHE Data-handling electronics

Term used at NASA indicating electronic systems in that handle data

TACACS

Terminal Access Controller Access-Control System

Telnet

Terminal emulation software to support a remote connection to another computer

What should you do after researching and documenting your disaster recovery plan?

Test

What should you do with patches before putting on the prod?

Test the patches on a test environment first and then put it on production

Fuzzing

Testing an application's input validation routines work well

BIA Business impact analysis

The BIA indetifies critical business or mission requirements and includes elements such as recovery time objectives (RTOs) and recovery point objectives (RPOs) but it doesn't identify solutions

MTU Maximum Transmission Unit

The MTU identifies the size of data that can be transferred.

OSI open systems interconnection

The OSI reference model conceptually divides different networking requirements into seven separate layers

What is MTTF?

The average time a device is expected to last before it fails.

What is MTTR?

The average time it will take to restore a system from failure.

What is WPA2?

The best encryption method, improved on WPA by using CCMP for data, privacy, integrity, and authentication.

SYN synchronize

The first packet in a TCP handshake. In a SYN flood attackers send this packet, but don't complete the handshake after receiving the SYN/ACK packet. A flood guard is a logical control that protects against SYN flood attacks

What is being called by net view \\test11406?

The net view command is being used to display resources that are being shared by a specific computer.

Mean Time Between Failure

The number of hours the manufacturer expects that a component will run before experiencing some sort of hardware problem

What is Risk acceptance?

The risk is recognized but no action is taken.

What does White Box penetration testing mean?

The tester has complete knowledge of the infrastructure.

What do Signature-based IDSs do?

They use specifically known patterns of unauthorized behavior called attack signatures to predict and detect subsequent similar attempts, then stores these signatures in the repository.

Key Escrow

Third party possesses a copy of cryptographic keys

What is the purpose of the Patriot Act?

This Act authorizes the interception of electronic communications if terrorism is suspected.

What is Implicit Deny?

This ensures that users may not access shared resources unless they have been explicitly allowed.

CCTV Closed-circuit television

This is a detective control that provides video surveillance. Video surveillance provides reliable proof of a person's location activity. It can be used by an organization to verify if any equipment or data is being removed.

TOTP

Time-Based One-Time Password

What is the advantage and disadvantage of using a differential backup?

To restore, you only need the most recent full back up and differential backup, however these types of backups take more time and require more storage media

What would be a real-world application of LDAP?

To set up a single sign on authentication system for a large enterprise network

Cloud Computing Risks

Transfer of risk Identify Responsibilities Legal/Regulatory Responsibility Insider Threats

Data In Transit

Transmitted over the network TLS IPsec PGP

TLS

Transport Layer Security

A replay attack occurs when an attacker intercepts user credentials and tries to use this information later for gaining unauthorized access to resources on a network. True False

True

FTPS is an extension to the FTP that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols. (True or False?)

True

True or false? Diffie-Hellman relies on public and private keys for encryption and decryption.

True

TPM

Trusted Platform Module

UTM

Unified Threat Management

You plan to use Windows BitLocker to Go to automatically encrypt a USB flash drive. You want to be able to retrieve the encrypted data from any laptop computer. What should you do?

Use A Password To Unlock This Drive

DNS Domain Name System

Used to resolve host names to IP addresses. DNS is the primary name resolution service used on the Internet and is also used to internal network

In which type of PKI model do trusted parties issue certificate to each other?

Web of trust

What is Transferring in terms of risk?

When you allow someone else to deal with the threat.

WPA2

Wi-Fi Protected Access 2; AES encryption with CCMP

Which of the following terms relates closely to the concept of residual risk? Firewall rules Virtualization Risk acceptance Quantitative risk assessment

acceptance

What is the best way to mitigate attacks through elevating a standard user account?

auditing failed and successful account management events

The MOST common exploits of Internet-exposed network services are due to...

buffer overflows

ISP Internet service provider

company that provides internet access to customers

What does an implicit deny on an ACL do?

denies any traffic not specifically allowed

What is the risk of using Halon fire suppression?

harm or kill employees

UDP 88

kerberos

LDAP lightweight directory access protocol

language used to communicate with directories such as microsoft's active directory. It provides a central location to manager user accounts and other directory objects. LDAP uses port 389 when unencrypted and port 636 when encrypted

When should a company perform a qualitative risk assessment?

limited time or budget

What does PAP stand for?

password Authentication Protocol

For what purpose would you install voice encryption on a mobile computer?

support secure VoIP

IGMP internet group management protocol

used for multicasting. Computers belonging to a multicasting group have a multicasting IP address in addition to a standard unicast IP address

HTTP hypertext transfer protocol

used for web traffic on the internet and in intranets HTTP uses port 80

WTLS Wireless transport layer security

used to a encrypt traffic for smaller wireless devices

Digital Certificates

-Based on X.509/PKIX/PKCS -File formats -Fields: Version Serial Number CA Signature Validity Subject's Public Key Extensions

Denial of Server (DOS)

-Cause a service to fail or become unavailable -DDoS attacks leverage bandwitch from compromised hosts/networks TCP/ICMP/UDP/Application Exploits Easy to use DoS tools Smurf

DES and 3DES

-Data Encryption Standard -DES is a block cipher using 64 bit blocks and 56 bit key -3DES is encrypted 3 separate times using different keys

Anti-Virus Software

-Database of virus signatures -Heuristic Scanning -Malware Removal/Quarantine -A-V Resistance

Wi-Fi Security Settings

-Disable SSID Broadcast -Keep firmware and drivers up to date -Change the default password -Enable MAC Address filtering -Disable DHCP

Symmetric Stream Cipher

-Encrypted 1 bit or byte at a time -Plaintext combined with a random keystream and Initialization Vector (IV) -RSA & RC4 are used today

Malicious Insider

-Has or has had authorized access -Employees, contractors, partners -Sabotage, financial gain, business advantage

Adware

-It's basically just pop ups. Not too bad. -Records some user activity but to lesser extent than spyware -Uses Cooking to deliver targeted advertisements -Legitimate adware should make privacy policy obvious

Types of Threat Agent

-Malicious Insider (Worst type of threat) -Accidental -Environmental (second worst) -Legal/Commercial

Anti-Spyware/Spam/Pop-Ups

-Most AV software protects against a range of malware and other threats -Tools may be used against specific web threats (Anti-Spyware, Anti-spam, Pop Up Blockers)

Ransomware

-Nuisance ("lock out" user by replacing shell) -Serious (encrypt data files or drives)

Cryptographic Hash Functions

-One way operational -Confidentiality -Authentication -Non-Repudiation -Integrity

Footprinting

-Overall holistic view of the network -Discover Network/Host Configuration -Network Mapping

Public Key Cryptography

-Prove that the owners of public keys are who they say they are -Anyone issuing public keys should have a digital certificate -Key is issues as a certificate by a Certificate Authority

Asymmetric Encryption

-Public Key Cryptography -One key encrypts or decrypts but not both -One key cannot be derived from the other -Private key must be kept secret -Public key is easy to distribute -Message size limits so not suitable for large amounts of data -Used for key exchange

Rootkits

-Replace key system files and utilities -Most powerful operate with system or kernel level privileges -It's what the rootkits are hiding that are dangerous

Certificate Revocation List

-Revoked or suspended certs go here -Has to have a constant connection with the CA

RSA

-SSL/TLS -Basis of many digital certificates and signature schemes -Maximum Message Size: Key Size - 11 bytes -Used for authentication, integrity, non-repudiation, key exchange

Symmetric Encryption

-Same secret key is used for encryption and decryption -Problem storing and distributing key securly

Cryptography

-Secret Writing -Plaintext is converted to ciphertext -Cipher is the means of change -Crytanalysis is the art of breaking or "Cracking" cryptographic systems

Fingerprinting

-Specific Information about a system -Identify Host Configuration -Scan TCP and UDP ports -Internet assigned numbers authority (IANA) numbering -Configure a Non-Default Port -Source versus destination port

Symmetric Block Cipher

-Split plaintext into equal size blocks -Subject to rounds of transpositions and substitutions

RC4

-Stream Cipher -Rivest Ciphers -Variable Length Key

Steganography

-Technique for obscuring the presence of a message -Covert Channels -Least significant bit

Replay Attack

-Trickery of the biometrics -Can also be used on wireless -Spoofing/Masquarade as a general attack (can take place at many levels) -Identity Theft/Social Engineering -Network Spoofing Atacks -Replay (Obtain some authentication data and use it to regain access) -Man in the Middle

Digital Signatures

-Used to prove identity of the sender of a message and to show that a message has not been tampered with -Integrity, Authentication, Non-Repudiation -Uses your private key. Other people use the public key to **verify**. -We only verify digital signatures

Different Type of Phishing

-Using Spoofed electronic communication to trick a user into providing confidential info -Spoof Emails or faked/hacked websites -Vishing (VoIP or IM) -Spear Phishing/Whaling (Targeting Senior Management) -Pharming (DNS Redirection) - Taking a legit website and making you go to a fraudulant website -Watering Hole - List of known website that people like to go to. Infecting one of them with malware. You can use pharming inside a watering hole.

One of the answers below lists some of the past and current authentication protocols used in Microsoft networks arranged from oldest / obsolete up to the current recommendation. Which of the answers lists the protocols in the correct order? 1 LANMAN › NTLM › NTLMv2 › Kerberos 2 NTLM › NTLMv2 › Kerberos › LANMAN 3 NTLM › NTLMv2 › LANMAN › Kerberos 4 Kerberos › NTLM › NTLMv2 › LANMAN

1

In the OSI model, DOCSIS, DSL, Ethernet physical layer, ISDN, RS-232 resides at the ______ layer

1 Physical

Five types of dealing with risk

1) Avoidance 2) Transference 3) Mitigation 4) Deterrence 5) Acceptance

Virtualization Concerns

1) Breaking out of the virtual machine 2) Network and security controls can intermingle

Technical Controls

1) Identification and Authentication 2) Access Controls 3) Audit and Accountability 4) System and Communication Protection

Incident Response Steps

1) Identify 2) Investigate 3) Repair 4) Document and Report 5) Adjust Procedures

Operational Controls

1) Personnel Security 2) Physical and Environmental Protection 3) Contingency Planning 4) Configuration Management 5) Maintenance 6) System and Information Integrity 7) Media Protection 8) Incident Response 9) Awareness Training

Management Controls

1) Risk Assessment 2) Planning 3) System and Services Acquisition 4) Certification, Accreditation, and Security Assessment

Which of the answers listed below refer(s) to the Advanced Encryption Standard (AES): (Select all that apply) 1 Symmetric-key algorithm 2 128-, 192-, and 256-bit keys 3 Asymmetric-key algorithm 4 Block cipher algorithm 5 Stream cipher algorithm

1, 2, 4

Which of the following are symmetric-key algorithms? (Select 3 answers) 1 AES 2 DES 3 RSA 4 Diffie-Hellman 5 3DES

1, 2, 5

A fraudulent email requesting its recipient to reveal sensitive information (e.g. user name and password) used later by an attacker for the purpose of identity theft is an example of: (Select 2 answers) 1 Phishing 2 Watering hole attack 3 Social engineering 4 Bluejacking 5 Vishing

1, 3

What are the features of Elliptic Curve Cryptography (ECC)? (Select 2 answers) 1 Asymmetric encryption 2 Shared key 3 Suitable for small wireless devices 4 High processing power requirements 5 Symmetric encryption

1, 3

Penetration testing: (Select all that apply) 1 Bypasses security controls 2 Only identifies lack of security controls 3 Actively tests security controls 4 Exploits vulnerabilities 5 Passively tests security controls

1, 3, 4

Which of the following fall(s) into the category of social engineering attacks? (Select all that apply) 1 Whaling 2 MITM attack 3 Shoulder surfing 4 Bluejacking 5 Dumpster diving 6 Bluesnarfing 7 Tailgating 8 Vishing

1, 3, 5, 7, 8

Which of the following answers apply to smurf attack? (Select 3 answers) 1 IP spoofing 2 Privilege escalation 3 DDoS 4 Polymorphic malware 5 MITM attack 6 Large amount of ICMP echo replies

1, 3, 6

Which of the following security controls provide(s) confidentiality? (Select all that apply) 1 Encryption 2 Certificates 3 Digital signatures 4 Steganography 5 Hashing

1, 4

Hardware-based RAID Level 1: (Select 3 answers) 1 Requires at least 2 drives to implement 2 Is also known as disk striping 3 Offers improved performance in comparison to RAID 0 4 Offers improved reliability by creating identical data sets on each drive (failure of one drive does not destroy the array as each drive contains identical copy of the data) 5 Is also referred to as disk mirroring

1, 4, 5

Which of the following security controls provide(s) integrity? (Select all that apply) 1 Hashing 2 Steganography 3 Fault tolerance 4 Digital signatures 5 Non-repudiation 6 Encryption

1, 4, 5

What are 2 security issues or threats associated with data being stored on social media networking accounts?

1. Data can be modified by any individual 2. Data can be obtained by any individual

Single Loss Expectancy (SLE) = Asset Value (AV) x Exposure Factor (EF). The Exposure Factor (EF) used in the formula above refers to the impact of the risk over the asset, or percentage of asset lost when a specific threat is realized. Which of the following answers lists the EF value for an asset that is entirely lost? 0 100 1.0 0.1

1.0

Private IP Ranges

10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255

Which of the ports listed below are used by client applications designed to retrieve email messages from mail servers? (Select 2 answers) 110 443 3389 143 25

110, 143

Which ports enable retrieving email messages from a remote server?

110, 143

RPC Port

111

SFTP Port

115

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol

128-bit AES encryption and 48-bit IV for Wi-Fi

IPv6

128-bit addresses

What bit sizes can be used with AES?

128-bit, 192-bit, or 256-bit

NetBIOS Ports

135 137 Name Service 138 Datagram Service 139 Session Service

Which of the following ports are used by NetBIOS? (Select all that apply) 136 137 161 138 162 139

137, 138, 139

Which of the port numbers listed below are used by NetBIOS?

137, 138, 139

IMAP Port

143

IMAP runs on TCP port

143

Which 2 ports are typically used by email clients?

143, 110

SNMP Ports

161 Agent 162 Manager

An SNMP management station receives SNMP notifications on UDP port: 161 137 162 138

162

L2TP Port

1701

PPTP Port

1723

What is WEP?

1st encryption method available for wireless networks.

What is the function of Windows Defender software? 1 Allowing and blocking applications through Windows Firewall 2 Protection against spyware and other potentially unwanted software 3 Reviewing computer's status and resolving issues 4 Management of User Account Control (UAC) settings

2

In the OSI model, IEEE 802.2, L2TP, LLDP, MAC, PPP, ATM, MPLS resides at the ______ layer

2 Data Link

Hardware-based RAID Level 5: (Select 2 answers) 1 Continues to operate in case of failure of more than 1 drive 2 Requires at least 3 drives to implement 3 Offers increased performance and fault tolerance (single drive failure does not destroy the array and lost data can be re-created from the remaining drives) 4 Requires at least 5 drives to implement 5 Is also referred to as disk duplexing

2, 3

Which of the following solutions add(s) redundancy in areas identified as single points of failure? (Select all that apply) 1 Virtualization 2 RAID 3 Hot site 4 UPS 5 Backup generator 6 PSU

2, 3, 4, 5

Which of the security control types listed below fall(s) into the category of preventative controls? (Select all that apply) 1 IDSs 2 Fencing 3 Hardware locks 4 Motion sensors 5 Warning signs 6 Mantraps

2, 3, 6

Which of the following answers refer to the applications / features of quantum cryptography? (Select 2 answers) 1 High availability 2 Protection against eavesdropping 3 Loop protection 4 Secure key exchange 5 Host-based intrusion detection

2, 4

FTP Ports

20 Data 21 Control

FTP runs by default on ports

20, 21

File Transfer Protocol (FTP) runs by default on port(s): (Select all that apply) 25 23 20 21 22

20, 21

You are configuring a host firewall. You need to prevent files from being updated or downloaded in clear text. Which ports should you block?

20, 21, 69

International Data Encryption Algorithm

218-bit key encryption used by PGP

A network administrator wants to replace service running on port 23 with a more reliable solution. Which of the following ports would be in use after implementing this change? 20 21 22 25

22

SSH and SCP Port

22

What port does SSH use?

22

A hacker has captured network traffic with cleartext commands sent from the client to the server console. Which of the following ports is being used by the network admin for the client-server communication? 49 23 68 22

23

Telnet Port

23

SMTP Port

25

Which of the following TCP port numbers is used by the Simple Mail Transfer Protocol (SMTP)? 110 25 22 143

25

Which of the following default port numbers is not used by a remote administration tool? 23 22 3389 25

25

Which of the following answers lists a /27 subnet mask? 255.255.255.0 255.255.255.128 255.255.255.192 255.255.255.224

255.255.255.224

What is the purpose of non-repudiation? 1 Hiding one piece of data in another piece of data 2 Ensuring that received data hasn't changed in transit 3 Preventing someone from denying that they have taken specific action 4 Transforming plaintext into ciphertext

3

IPSec works at which of the following layers of the TCP/IP model?

3 Network

In the OSI model, AppleTalk, ICMP, IPsec, IPv4, IPv6 resides at the ______ layer

3 Network

Address Resolution Protocol (ARP) translates: (Select all that apply) 1 Link layer addresses into IP addresses 2 Domain names into IP addresses 3 IP addresses into MAC addresses 4 Network layer addresses into link layer addresses

3, 4

Which of the following answers list(s) the characteristic features of pharming? (Select all that apply) 1 Port scanning 2 Dictionary attack 3 DNS poisoning 4 Rainbow table 5 Domain spoofing

3, 5

TCP/IP Protocol Suite

3-1-1-2

IPv4

32-bit addresses

MS WBT Server Port

3389

RDP Port

3389

default port number for a Microsoft-proprietary remote connection protocol?

3389

LDAP Port

389

Lightweight Directory Access Protocol (LDAP) runs on port: 49 389 3389 636

389

In the OSI model, NBF, TCP, UDP resides at the ______ layer

4 Transport

In the OSI model, TCP resides at the ______ layer

4 Transport

TCP/IP Layers

4) Application 3) Transport/Host-to-Host 2) Internet 1) Network Access/Network Interface/Link

Restoring data from an incremental backup requires: (Select 2 answers) 1 Copy of the last incremental backup 2 All copies of differential backups made since the last full backup 3 Copy of the last differential backup 4 All copies of incremental backups made since the last full backup 5 Copy of the last full backup

4, 5

A network administrator has been asked to set up a VPN link on a connecting host with no dedicated VPN client application installed. Which of the following ports should be in use to enable this type of connection? 119 443 23 139 143

443

HTTPS Port

443

SSL Port

443

Which TCP port is used by HTTPS?

443

TACACS Port

49

TACACS+ runs on TCP port: 389 49 636 88

49

In the OSI model, RPC, SCP, PAP, TLS, FTP, HTTP, HTTPS, SMTP, SSH, Telnet, resides at the ______ layer

5 Session

What # protocol is used by Encapsulating Security Payload (ESP) in IPSec?

50

What protocols would be allowed through the firewall AH and Encapsulating Security Protocol (ESP) for a VPN?

50, 51

DNS Port

53

DNS runs on port

53

Which of the following ports is used by DNS? 53 67 23 68 52

53

802.11g

54 Mbps / 2.4 GHz

802.11a

54 Mbps / 5 GHz

In the OSI model, CSS, GIF, HTML, XML, JSON, S/MIME, resides at the ______ layer

6 Presentation

A network administrator wants to secure the existing access to a directory service with SSL/TLS encryption. Which of the following ports would be in use after implementing this change? 636 139 389 443

636

LDAPS Port

636

The non-standard, enhanced version of the LDAP protocol providing the capability for encrypted transmission runs on port: 49 3389 636 389

636

DHCP Ports

67 Server 68 Client

TFTP Port

69

Which of the answers listed below refers to a port number for a lightweight protocol typically used for transferring boot files and configuration files between hosts in a secure Intranet environment? 20 69 21 22

69

Which of the port numbers listed below is used by the Trivial File Transfer Protocol (TFTP)? 88 139 22 69

69

In the OSI model, NFS, SMB, AFP, FTAM, NCP resides at the ______ layer

7 Application

OSI Layers

7) Application 6) Presentation 5) Session 4) Transport 3) Network 2) Data-link 1) Physical

An HTTP traffic can be enabled by opening port

80

HTTP Port

80

Wireless tech

802.1x vs WPA2

iSCI Ports

860 3260

Which of the following is the default port number used by the Kerberos authentication system? 80 3389 88 443

88

Which of the following port numbers is used by Kerberos? 23 80 22 88

88

FTPS Ports

989 Data 990 Control

Client computers on a network use POP3 over SSL to received e-mail. The e-mail service uses standard port assignment. What port on the Internet face of the firewall should allow inbound packets?

995

Which of the following answers lists the IPv6 loopback address? ::/128 FF00::/8 ::1 127.0.0.1

::1

Which of the following correctly identifies some of the contents of an end user's X.509 certificate? A User's public key, object identifiers, and the location of the user's electronic identity B User's public key, the serial number of the CA certificate, and the Certificate Revocation List (CRL) entry point C User's public key, the Certificate Authority (CA) distinguished name, and the type of symmetric algorithm used for encryption D User's public key, the certificate's serial number, and the certificate's validity dates

A (User's public key, the certificate's serial number, and the certificate's validity dates)

What is a Nmap?

A 3rd party GUI and command line utility.

What is Key escrow?

A 3rd party that maintains encryption keys to access encrypted data.

MAC Media access control

A 48-bit address used to uniquely identify network interface cards. It also called a hardware address or a physical address and is commonly displayed as six pairs of hexadecimal characters. Port security on a switch can limit access using MAC filtering. Wireless access points can use MAC filtering to restrict access to only certain clients, though an attacker can easily beat this.

What is RSA?

A Asymmetric Algorithm cryptosystem that can be used for encryption and digital signatures, that functions on the difficulty of factoring two prime numbers.

COOP Continuity of Operations Plan

A COOP site provides an alternate location for operations after a critical outage. A hot site includes personnel, equipment, software, and communications capabilities of the primary site with all the data up to date. A hot site can take over for a failed primary with a hour. A cold site will have power and connectivity needed for COOP activation, but little else. A warm site she is a comprise between a hot site and a cold site.

DBA Database admin

A DBA admin databases on database servers

What is a STP?

A Layer 2 protocol that is used to help prevent network loops.

MITM man in the middle

A MITM attack is a form of active interception an attacker to intercept traffic and insert malicious code sent to other clients. Kerberos provides mutual authentication and helps prevent MITM attacks

IIS internet information services

A Microsoft windows web server. IIS comes free with Microsoft windows server products

Control

A System or procedure put in place to mitigate risk

What is a SQL Injection?

A Type of attack where SQL code is used to gain access to a database.

VLAN virtual local area network

A VLAN can logically group several different computers together or logically separate computers, without regard to their physical location. It is possible to create multiple VLANs with a single switch.

MPLS Multi-Protocol later switch

A WAN topology provided by some telecommunications companies. Direct data to nodes using labels rather than IP addresses

What is an AppLocker?

A Windows feature that allows control of applications that users are allowed to access, by enabling administrators to effectively manage security at the user level by limiting the applications that can be launched on systems.

UPS uninterruptible power supply

A battery backup system that provides fault tolerance for power and can protect against power fluctuations. UPS provide short-term power giving the system enough time to shut down smoothly, or to transfer to generate power

IaaS Infrastructure as a Service

A cloud computing technology useful for heavily utilized systems and networks organizations can limit their hardware footprint and personnel costs by renting access to hardware such as servers compare to PaaS and Saas

What is a Honeynet?

A collection of honeypots specifically designed to deceive or trap attackers. They decoy as a vulnerable system offering legitimate data and resources.

What is XSS?

A common type of security vulnerability with web pages and applications. An attacker is able to use a script to bypass access controls.

What is half duplex?

A communication mode that permits two-way communications but in only one direction at a time.

DLL Dynamic Link Library

A compiled set of code that can be called from other programs

What is a SQL injection?

A computer attack where malicious users insert SQL code statements in entry fields.

BIOS Basic Input/output System

A computer's firmware used to manipulate different settings such as the date and time boot drive, and access passwords

IDS Intrusion detection system

A detective control used to detect attacks after they occur. A signature-based IDS (also called definitions-based) uses a database of predefined traffic patterns. An anomaly-based IDS (also called behavior-based) starts with a performance baseline of normal behavior and compares network traffic against this baseline. An IDS can be either host-based (HIDS) or network-based (NIDS) In contrast, a firewall is a preventative control that attempts to prevent the attacks before they occur. An IPS is a preventative control that will stop an attach in progress

What is an IDS?

A device that monitors a host or network for traffic patterns or known attacks, and alerts an administrator of the ongoing issue.

CVE Common Vulnerabilities and Exposures (CVE)

A dictionary of publicly known security vulnerabilities and exposures

DSA digital signature algorithm

A digital signature is an encrypted hash of a message. The sender's private key encrypts the hash of the message to create the digital signature. The recipient decrypts the hash with the sender's public key, and if successful, it provides authentication, non-repudiation and integrity. Authentication identifies the sender. Integrity verifies the message has not been modified. Non-repudiation is used with online transactions and prevents the sender from later denying they sent the e-mail

HDD Hard disk drive

A disk drive that has one or more platters and spindle. In contrast, USB flash drives use flash memory

DRP Disaster recovery plan

A document designed to help a company respond to disasters, such as hurricanes, floods and fires. It includes a hierarchical list of critical systems and often prioritizes services to restore after an outage. Testing validates the plan. Recovered systems are tested before returning them to operating and this can include a comparison to baselines. The final phase of disaster recovery includes a review to identify any lessons learned and may include an update of the plan

TCO Total cost of ownership

A factor considered when purchasing new products and services. TCO attempts to identify the cost of a product or service over its lifetime

What is Windows To Go?

A feature in Windows 8.1 Enterprise that allows users to boot and run Windows 8.1 Enterprise from a removable storage device.

EFS encryption file system

A feature within NFTS on Windows systems that supports encrypting individual files or folders for confidentiality

PCAP packet capture

A file that contains packets captured from a protocol analyzer or sniffer

WAF Web application firewall

A firewall designed to protect a web application, such as a web server. A WAF inspects the contents of traffic to a web server, can detect malicious content and block it.

DNAT destination network address translation

A form a NAT that changes the destination IP address for incoming traffic. It is used for port forwarding

DNAT dynamic network address

A form of NAT that uses multiple public IP addresses. In contrast, PAT uses a single public IP addresses. It hides addresses on an internal network

What is a combination attack?

A form of dictionary attack that uses two dictionaries, matching each word from one dictionary to every word in the other dictionary.

What is a Combination Attack?

A form of dictionary attacks that uses two dictionaries, matching each word in one dictionary to every word in the other dictionary.

What is a SSD?

A form of permanent storage. Area where the operating system or files are stored.

What is spear phishing?

A form of social engineering that uses targeted emails to try to obtain personal information from a specific entity.

SPIM spam over internet messaging

A form of spam using instant messaging that targets instant messaging users

CIRT Computer Incident Response Team

A group of experts that respond to security incidents. Also known as CERT, SIRT, or IRT

CERT Computer Emergency Response Team

A group of experts that respond to security incidents. Also known as CIRT, SIRT or IRT.

VTC Video teleconferencing

A group of interactive telecommunications technologies that allow people in two or more locations to interact with two-way video and audio transmissions

VoIP Voice over IP

A group of technologies used to transmit voice over a public network such as the Internet. VPN sometimes uses VoIP

RIPEMD Race integrity primitives evaluation message digest

A hash function used for integrity. It creates fixed length hashes of 128, 160 256 or 320 bits

MD5 Message digest 5

A hashing function used to provide integrity. MD5 uses 128 bits. A hashes are compared to each other to verify that integrity has been maintained

SHA Secure Hash Algorithm

A hashing function used to provide integrity. SHAI uses 160 bits and SHA-256 uses 256 bits. Hashing algorithms always provide a fixed-size bit-string regardless of the size of the hashed data. By comparing the hashes at two different times, you can verify integrity of the data.

What is a backdoor?

A hidden way to gain access to a file, system, or building. Usually associated with malicious behavior.

Describe mandatory access control (MAC).

A hierarchical access model managed by administrators

ISSO Information systems security officer

A job role within an organization focused on information security

Key Pair Usage

A key used to sign a document should not be used to encrypt a document

PAM pluggable authentication modules

A library of API's used for authentication-related services

CSU Channel Service Unit

A line bridging device used with T1 and similar lines. It typically connects with a DSU as a CSU/DSU

CRL Certification Revocation List

A list of certificates that have been revoked. Certificates are commonly revoked if they are compromised. The Certificate authority (CA) that issued the certificate publishes a CRL, and a CRL is public

ACL Access Control list

A list of rules used to grant access to a resource. In NTFS a list of ACEs makes up the ACL for a resource. In a firewall, an ACL identifies traffic that is allowed or blocked based on IP address, networks, ports and some protocols (using the protocol ID)

What is a VLAN?

A logical subnetwork of computers in a local area network, whose computers can be on any cable segment on the LAN and still reside on the same subnet.

FCoE Fiber Channel over Ethernet

A lower-cost alternative to traditional SANs. It supports sending Fiber Channel commands over an IP network

iSCSI internet small computer systems interface

A lower-cost alternative to traditional SANs. It supports sending traditional SCIS commands over an IP network

What is a VTP?

A messaging protocol used on VLANs developed by Cisco, to advertise the switching information and configuration changes on a VLAN to all the switches on a network.

What is MAC?

A method involving providing a clearance level user and classification labels to resources.

CSR Certificate signing request

A method of requesting a certificate from a CA. It starts by creating an RSA-based private/public key pair and then including the public key in the CSR

What is Steganography?

A method used to conceal the existence of data by hiding it within another piece of data.

What is a Asymmetric encryption?

A method used to prevent unauthorized users from seeing data, using a key pair, a public key and private key, for the encryption and decryption process.

SCAP Security Content Automation Protocol

A method with automated vulnerability management, measurement and policy compliance evaluation tools

What is a TPM?

A microchip contained on a computers motherboard that secures and protects information by storing the cryptographic keys used to encrypt and decrypt data.

SONET synchronous optical network technologies

A multiplexing protocol used to transfer data over optical fiber

Active Directory Naming Strategy

A naming strategy allows better administrative control over network resources Naming computer and user objects

What is a switch?

A network device that acts as a common connecting point for various nodes, they are responsible for forwarding data from the source to only nodes to which they are addressed.

DLP Data loss protection

A network-based DLP system can examine and analyze network traffic. It can detect if confidential company data or any PII data is included in e-mail and reduce the risk of internal users e-mailing sensitive data outside the organization

What is Shoulder Surfing?

A person trying to view confidential information by looking over someone's shoulder.

BCP Business continuity plan

A plan that helps an organization predict and plan for potential outages of critical services or functions. It includes disaster recovery elements that provide the steps used to return critical functions to operation after an outage. A BIA is part of a BCP and the BIA drives decisions to create redundancies such as failover clusters or alternate sites

BYOD Bring your own device

A policy allowing employees to connect personally owned devices such as tablets and smartphones, to a company network. Data security is often a concern with BYOD policies and organizations often use VLANs to isolate mobile devices

IPS intrusion prevention system

A prevention control that will stop an attack in progress. It is similar to an active IDS except that it's placed in line with traffic. An IPS can actively monitor data streams, detect malicious content, and stop attacks in progress.

What is a VPN?

A private network that is configured by tunneling through a public network, such as the internet.

What is a FTP?

A protocol that is used to send files between hosts on a network, such as transferring a spreadsheet from a local server.

What does SSL do?

A protocol used to secure communications over the Internet using encryption, authentication, and digital certificates.

What is a Cold Site?

A redundant site location that provides only the most basic environment to carry on with business. Provides wiring, ventilation, plumbing, and possibly raised flooring for routing cables.

HSM hardware security module

A removable or external device that can generate, store, and manage RSA keys used to asymmetric encryption. High-volume ecommerce sites use HSMs to increase the performance of SSL sessions. High-availability clusters needing encryption services can use clustered HSMs.

CAR Corrective Action Report

A report used to document actions taken to correct an event, incident or outage

What is a sandbox?

A restricted environment used to segregate a program from other programs to prevent poorly written or malicious code from being spread to other areas on a computer.

Evil Twin

A rogue AP masquerading as a legitimate one

PSK preshared key

A secret shared among different systems wireless networks support personal mode, where each device uses the same PSK. In contrast, enterprise mode uses an 802.1x or RADIUS server for authentication

UTM unified threat management

A security appliance that combined multiple security controls into a single solution. UTM appliances can inspect data streams for malicious content and often include URL filtering malware inspection and content inspection components

DEP Data execution prevention

A security feature in some operating systems. It helps prevent an application or service from executing code from a nonexecutable memory region.

What is a Big Data Analysis?

A security procedure used to detect abnormal behavior, the audit is commonly used to identify abnormal spending patterns and possible credit card fraud.

USB Universal Serial Bus

A serial connection used to connect peripherals such as printers, flash drives and external hard disk drives. Data on USB drives can be protected against loss of confidentiality with encryption. They combine high volume and transfer speeds with ease of concealment and often result in data leakage

RAS remote access service

A server used to provide access to an internal network from an outside location. RAS is also known as Remote Access Server and sometimes referred to as Network Access Service (NAS)

NAT Network address translation

A service that translates pubic IP addresses to private and private IP addresses to public. it hides addresses on an internal network

DHCP Dynamic Host Configuration Protocol

A service used to dynamically assign TCP/IP configuration information to clients DHCP is often used to assign IP addresses, subnet masks, default gateways, DNS server addresses, and much more

What is a TFTP?

A simple file transfer protocol used for transferring boot or configuration information to network devices.

Baseline

A snapshot of the typical activity on your network or on any given host.

What is tailgating?

A social engineering attack that I performed when someone tries to access a secure area by following someone who has access to the secure area.

What is a BitLocker?

A software based FDE solution included in Windows operating systems, used to encrypt and protect the entire operating system volume.

SDLC Software Development life cycle

A software development process. Many different models are available

PIV personal identity verification card

A specialized type of smart card used by United States federal agencies. It is similar to a CAC

CAC Comman Access Card

A specialized type of smart card used by the United States department of defense. It includes photo identification and provides confidentiality, integrity, authentication and non-repudiation for the users. It is similar to a PIV.

CAN Controller Area Network

A standard that allows microcontrollers and devices to communicate with each other without a host computer

RTP real-time transport protocol

A standard used for delivering audio and video over an IP network

What is a DMZ?

A subnet on a network which contains corporate network devices that are exposed to an untrusted network. commonly the internet.

DNSSEC Domain name system security extensions

A suite of specifications used to protect the integrity of DNS records and prevent DNS poisoning attacks

What is AES?

A symmetric algorithm block cipher designed by Rijndael to replace DES and has a standardized block size of 128bits.

What is a CAST encryption?

A symmetric algorithm that uses a 64-bit block to support 64-bit and 128-bit keys, and a 128-bit block to support 256-bit keys.

AES Advanced Encryption Standard

A symmetric algorithm used to encrypt data and provide confidentiality. AES is a quick, highly secure, and used in a wide assortment of cryptography schemes. It includes key sizes of 128 bits, 192 bits or 256 bits

3DES Triple Digital Encryption Standard

A symmetric algorithm used to encrypt data and provide confidentially. It was originally designed as a replacement for DES. It uses multiple keys and multiple passes and is not as efficient as AES, but is still used in some applications, such as when hardware doesn't support AES

What is Non-intrusive Scanning?

A system can be scanned for specific information such as specific registry values, missing security updates, and services that are listening on a specific port.

What is a Network Mapper?

A tool used to determine the devices that are connected within a specific network.

SELinux Security-Enhanced Linux

A trusted operating system platform that prevents malicious or suspicious code from executing on both Linux and UNIX systems. It is one of the few operating systems that use the MAC model

What is a NVRAM?

A type of computer memory that does not lose its contents when the device is powered off.

What is a Brute force attack?

A type of password-guessing attack in which every possible password is guessed until it finds the correct one.

What is a RAM?

A type of volatile memory.

ECDHE elliptic-curve diffie-Hellman

A version of diffie-Hellman that uses ECC to generate encryption keys. Ephemeral keys are re-created for each session

VM virtual machine

A virtual system hosted on a physical system. A physical server can host multiple VMs as servers. Virtualization can reduce the footprint of an organization's server room a datacenter and helps eliminate wasted resources. It also helps reduce the amount of physical equipment reducing overall physical security requirements. A VM escape is an attack that allows to access the host system from within the virtual system.

Vulnerability

A weakness that could be triggered accidentally or exploited intentionally because of a Security Breach

What is a PortQry?

A windows command that can be used to perform a port scan of a system. Must be downloaded from the Microsoft web site.

BPA Business partners agreement

A written agreement that details the relationship between business partners, including their obligations toward the partnerships

What is the goal of tabletop exercises? (Select all that apply) A Disaster recovery planning B Active test of security controls C Discussing a simulated emergency situation D Passive test of security controls

A, C

What access control method is most commonly used to control access to resources in a peer-to-peer network?

ACL

What is used to enforce rule-based access control?

ACLs

DAC

ACLs Ownership Flexible Decentralized

What access control method is most commonly used to control access to resources in a peer-to-peer network?

ACLs (Access control list)

What is ideally used to encrypt the contents of a USB flash drive?

AES

What type of encryption should you use to encrypt a USB flash drive?

AES

You need to encrypt the contents of a USB flashdrive. Which type of encryption should you use?

AES

AES256

AES using 256-bit keys; qualifies to handle Top Secret information

Describe the two components of IPSec

AH, ESP (Authentication Head: provides authentication and integrity; Encapsulating Security Payload: encrypts payload)

Which of the answers listed below refers to the correct formula for calculating probable financial loss due to a risk over a one-year period? SLE = AV x EF ALE = ARO x SLE SLE = ALE x AV ALE = AV x EF

ALE = ARO x SLE

Explain the formula for ALE (Annualized Loss Expectancy)

ALE = SLE x ARO (Revenue loss from a single occurrence x the number of times you expect a risk to occur during the year)

In quantitative risk assessment, this term is used for estimating the likelihood of occurrence of a future threat. ALE AV ARO SLE

ARO (annual rate of occurrence)

The basic formula for calculating ALE uses what two values?

ARO, SLE (The number of times you can expect a risk to occur during a year. Revenue loss from a single risk occurrence.)

The Type of Attack that You Have to Be Internally To Attack?

ARP Attack

Which of the following acronyms refers to a set of rules enforced in a network that restrict the use to which the network may be put? OEM AUP UAT ARO

AUP (Acceptable Use Policy)

Cloud Elasticity

Ability to scale to meet demand as needed

Rootkit

Able to hide things from the OS; best to catch at installation

AUP

Acceptable Use Policy

CAC and PIV

Access Cards

Directory Services

Access Control Lists (ACLs)

Remote Access

Access to a network does not require the user to be physically present Dial Up Leased Line DSL Cable Analog Internal or External Modems Baseline Privacy Interface (BPI) Data Over Cable System Interface Specification (DOCSIS)

ASP

Active Server Pages - Similar to CGI

WI-FI Topologies

Ad-Hoc - Wireless adaptor allows connections to and from other devices Infrastructure - Adapter is configured to connect through an access point to other wireless wired devices

System Hardening

Adding antivirus, firewalls, etc; removing unneeded services and software; updating and patching

Command Injection Attack

Adding commands to the end of URLs in order to execute arbitrary code on the server

Geotagging

Adding geographical data to photographs and messages

Physical Security Controls

Admin or Technical Goals/Functions: -Preventive (Visible Consequences) -Deterrent (Cable Locks) -Detective (Cameras) -Corrective (Relocating Cameras) -Compensating (Restoring System after Attack)

Asset Management Forms

Administrative

Security Policy

Administrative

AES

Advanced Encryption Standard

What does AES stand for?

Advanced Encryption Standard

Lockout

After several attempts

External Threats

Agents/Motivations Accidental/Malicious Structured/Unstructured

Blanket Purchase Order

Agreement between government agency and a private company for ongoing purchases

802.1X

Aka EAP (Extensible Authentication Protocol) Access Point passes authentication information to a RADIUS server on the wire network for validation.

Time-Based One-Time Password

Algorithm that uses a time-based factor to create unique passwords

Smart Card

All Authentication Types

What should be done with a Patch once it has been created to fix an issue?

All Patches should be tested in a lab environment before they are installed

Mandatory Access Control

All access is predefined; inflexible; most secure

Incremental Backup

All changes since last backup of any kind are archived

Differential Backup

All changes since last full backup are archived

Full Backup

All changes to data are archived

Unified Threat Management

All-in-one appliance; combines firewall with intrusion prevention, antivirus, filtering, etc.; also known as a Next Generation Firewall (NGFW)

How should you configure your ports to secure IMAP connections?

Allow 993, deny 143

An authoritative DNS server must transfer zone data to six secondary DNS servers. What configuration provides the best security?

Allow zone transfer to specific IPs

MaaS monitoring as a service or management as a service

Allows an organization to outsource the management and monitoring of IT resources

Lightweight Directory Access Protocol

Allows queries of directories (X.500-based); used by Active Directory

FACL File System Access Control

An ACL used for file systems. As an example, NTFS uses the DAC model to protect files and folders

AUP Acceptable use policy

An AUP defines proper system usage. It will often describe the purpose of computer systems and networks, how users can access them, and the responsibilities of users when accessing the system

What is ECC?

An Asymmetric algorithm that uses elliptic curves that work as a public key algorithm.

HMAC Hash-based message authentication Code

An HMAC is a fixed length string of bits similar to other hashing algorithms such as MD5 and SHA-1, but it also uses a secret key to add some randomness to the result

WIDS Wireless intrusion detection system

An IDS used for wireless networks

NIPS Network-based intrusion prevention system

An IPS that monitors the network. An IPS can actively monitor data streams, detect malicious content and stop attacks in progress

WIPS Wireless prevention system

An IPS used for wireless networks

What is a Trusted OS?

An Operating system that has been evaluated and proven that is meets government security requirements

RTO recovery time objective

An RTO identifies the maximum amount of time it can take to restore a system after an outage. It is related the RPO and the BIA often includes both RTOs and RPOs

RBAC Role-based access control

An access control model that uses roles to define access. Role-based access control is based on a set of approval instructions such as an access control list. Other access models are MAC and DAC.

RBAC Rule-Based access control

An access control model that uses rules to define access. Rule-based access control is based on a set approved instructions such as an access control list. Other access control models are MAC and DAC

DAC Discretionary Access Control

An access model where all objects have owners and owners can modify permission for the objects (files and folders). Microsoft's NTFS users the DAC model. Other access control models are MAC and RBAC

What is an IPS?

An active detection monitoring solution that can be implemented within a network to detect malicious activity and attempt to stop it.

What is a TOTP?

An algorithm that uses a clock based synchronous token device consisting of a clock combined with a base secret key. Used to generate a password for the user.

SHTTP secure hypertext transfer protocol

An alternative to HTTPS, infrequently used

NoSQL Not only Structured Query Language

An alternative to traditional SQL databases. NoSQL databases use unstructured query language queries instead of a traditional SQL queries

DHE Diffie-hellman ephemerL

An alternative to traditional diffie-Hellman. Instead of using static keys that stay the same over a long period, DHE uses ephemeral keys, which change for new session. sometimes listed as EDH

OSCP online certificate status protocol

An alternative to using a CRL. It allows entities to query a CA with the serial number of a certificate. The CA answers with good, revoked or unknown

BAC Business Availability Center

An application that shows availability and performance of applications used or provided by a business

What is a RSA?

An asymmetric cryptosystem that can be used for encryption as well as creating digital signatures. Key sizes for RSA vary between 1,024 and 4,096.

ECC Elliptic curve cryptography

An asymmetric encryption algorithm commonly used with smaller wireless devices. It uses smaller key sizes and requires less processing power than many other encryption methods

What is a Diffie-Hellman?

An asymmetric encryption algorithm that is used for encryption only. It enables the sharing of secret keys between two users.

DoS Denial-of-Service

An attack from a single source that attempts to disrupt the services provided by another system. Examples include SYN flood, smurf and some buffer overflow attacks. Compare to DDoS

DDoS Distributed denial-of-service

An attack on a system launched from multiple sources intended to make a computer's resources or service unavailable to users. DDoS attacks are often launched from zombies in botnets. DDoS attacks typically include sustained, abnormally high network traffic. A performance baseline helps administrators detect a DDoS. Compared to DDos

XSRF Cross-site request forgery

An attack that causes users to perform actions on websites without their knowledge. In some cases, attackers use header manipulation to steal cookies and harvest passwords

What is CSRF?

An attack that exploits the trust between a website and a client browser. ex. sending unauthorized commands to the site from a trusted user.

What is a DDoS attack?

An attack that is simultaneously performed by multiple systems and are used to prevent users from accessing targeted resources.

What is TCP/IP hijacking?

An attack that works when an attacker gains access to a network and disconnects a host from the network. The attacker then adds another computer in the network using the same IP address in an attempt to pass itself off as the original.

What is Cross-site scripting?

An attacker inserts a script within seemingly legitimate URL. Used to steal personal information, ex. Login Credentials.

What is Phishing?

An attacker sending an email to users to gain personal information.

EAP Extensible Authentication Protocol

An authentication framework that provides general guidance for authentication methods. Variations include LEAP and PEAP.

What is an identification authentication service?

An authentication method that requires a human to verify if someone is who they claim to be.

What is Kerberos?

An authentication service that is based on a time sensitive ticket granting system.

What is Biometrics?

An authentication that uses unique parts of the human body to authenticate.

BOTS Network Robots

An automated program or system used to perform one or more tasks. A malicious botnet is group of computers called zombies and controlled through a command-and-control server. Attackers use malware to join computers and to botnets. Zombies regularly check in with the command-and-control server and can launch DDoS attacks against other victims. Botnet activity often includes hundreds of outbound connections, and some botnets use Internet

What is a SSH?

An encryption network protocol uses to encrypt protocol data that does not have built in security. ex. FTP and Telnet

CCMP Counter Mode with Cipher Block Chaining Message Authentication Code Protocol

An encryption protocol based on AES used with WPA2 for wireless security. It is more secure then TKIP, used with the original release of WPA.

What is a Key Recovery agent?

An entity that can backup and restore keys, to access any encrypted data.

What is Banner Grabbing?

An enumeration based attack that is used to obtain information about the service running on a computer.

CRC Cyclical Redundancy Check

An error detection code used to detect accidental changes that can affect that integrity of data

EAP-TLS extensible authentication protocol transport later security

An extension of EAP sometimes used with 802.1x. It allows systems to use some older authentication methods such as PAP within a TLS tunnel. It requires a certificate on the 802.1x server but not on the clients

EAP-TLS extensible authentication protocol-transport layer security

An extension of EAP sometimes used with 802.1x. This is one of the most secure EAP standards and is widely implemented. The primary difference between PEAP and EAP-TLS is that EAP-TLS requires certificate on the 802.1x server and on each of the wireless clients

FTPS file transfer protocol secure

An extension of FTP that uses SSL or TLS encrypt FTP traffic. Some implementations of FTPS use ports 989 and 990

HIPS Host-based intrusion prevention system

An extension of a host based IDS. Designed a react to real time to catch an attach in action.

XTACACS Extended Terminal Access Controller access-control system

An improvement over TACACS developed by Cisco Systems and proprietary to Cisco systems. TACACS+ is more commonly used

DSU Data service Unit

An interface used to connect equipment to a T1 and similar lines. It typically connects with a CSU as a CSU/DSU

PAP password authentication protocol

An older authentication protocol where passwords are sent across the network in clear text. Rarely used today

TACACS Terminal access controller access-control system

An older remote authentication protocol that was commonly used in UNIX networks, TACAS+ is more commonly used

DES Digital Encryption Standard

An older symmetric encryption standard used to provide confidentiality. DES uses 56 bits and is considered cracked

HOTP HMAC-based one time passwords

An open standard used for creating one-time passwords, similar to those used in a tokens or key fobs. It combines a secret key and an incrementing counter, and then uses HMAC to create a hash of the result. HOTP passwords do not expire until they are used.

CA Certificate Authority

An organization that manages, issues, and signs certificates and is part of a PKI. Certificates are an important part of asymmetric encryption. Certificates include public keys along with details on the owner of the certificate and on the CA that issued the certificate. Certificate owners share their public key by sharing a copy of their certificate.

IV Initialization vector

An providers randomization of encryptions keys to help ensure that keys are not reused. WEP was susceptible to IV attacks because it used relatively small IVs. In an IV attack, the attacker uses packet injection, increasing the number of packets to analyze and discovers the encryption key

Honeypots and Honeynets

Analyze and identify attacks Act as decoys Low interaction - Software that simulates a host and typical services High interaction - Complete simulated systems

Architecture Review

Analyze the systems on which the web application depends

What is a Web security gateway?

Analyzes packets to mitigate downloading of malware

ALE

Annual Loss Expectancy. ALE = SLE x ARO

What does ARO stand for?

Annual Rate of Occurrence

ARO

Annualized Rate of Occurrence

An SMTP server is the source of email spam in an organization. Which of the following is MOST likely the cause?

Anonymous relays have not been disabled

**Exploit, Exploitable, Exploiting**

Answer: **Pen Test, Penetration Test**

Which anti-malware tool are you use against Junk Email?

Anti-Spam

Which anti-malware tool are you use against Tracking Software?

Anti-spyware

Mean Time Between Failures

Anticipated lifetime of a component (can be repaired)

Mean Time To Failure

Anticipated lifetime of a component (cannot be repaired)

Which anti-malware tool are you use against Infected Files?

Antivirus

Which one of these describes Steganography

Anything involving sound files

Web Servers

Apache IIS nginx

What is an UTM?

Appliances, or all in one security appliances, consolidate several security mechanisms into one.

SaaS Software as a Service

Applications provided over the internet. Webmail is an example of a cloud-based technology. Compare to IaaS and PaaS

Software as a Service

Applications remotely run over the web

Patch Management

Apply all latest **Only apply specific**

What is change management?

Approve hardware and software changes to not reduce network performance, security, or increase cost without reason

DMZ Demilitarized zone

Area between two firewalls separating the internet and an internal network. A DMZ provides a layer of protection for internet-facing servers. It allows access to a server or service for internet users while segmenting and protecting access to the internal network.

Least Privilege

Assign the minimum possible rights

Identification

Associates a Subject with an action performed on a network system -Identifier (Username) -Credentials (Pin code, or pictures of things) -Profile (Info stored about subject, giving a name to the pictures) Issuance Enrollment (Ends when credentials are met) Identity Management (Identity Proofing)

Companion Virus

Attaches itself to legitimate programs

ASR

Attack Surface Reduction

Directory Traversal Attack

Attack tries to gain access to the root directory of the target system, usually through command injection attacks

Bombing

Attacker generates a large number of HTTP requsts or SMTP mail messages designed to overwhelm the server

What is a Vishing attack?

Attackers calling people and trying to get them to provide personal information by pretending to be a trusted source (bank or credit company).

Retrovirus

Attacks or bypasses antivirus software

Multipartite Virus

Attacks the system in multiple ways

What is a Man in the Middle attack?

Attacks work by placing software that can intercept data between two unaware hosts, often performed between a server and a client and used to impersonate both parties.

Brute Force Attacks

Attempts every possible combination in the key space in order to derive a plaintext (password) from a ciphertext (hash)

SSO (Single Sign On)

Authenticate Once - Authorize Many Simplifies Account Management Problem - Compromising Account may compromise multiple applications Difficult to implement on public networks

Which of the following remote access processes is best described as matching user supplied credentials with those previously stored on a host server?

Authentication

Which part of the AAA framework deals with verification of the identity of a person or process? Authorization Non-repudiation Authentication Accounting

Authentication

What does AH stand for?

Authentication Header

AH

Authentication Header protocol performs a cryptographic hash on the packet plus a shared secret key

CHAP Challenge Handshake authentication Protocol

Authentication mechanism where a server challenges a client MS-CHAPv2 is an important over CHAP and uses mutual authentication.

SSO single sign-on

Authentication method where users can access multiple resources on a network using a single account. SSO can provide central authentication against a federal database for different operating systems

Extensible Authentication Protocol

Authentication protocol for wireless networks; implemented as LEAP and PEAP

NTLM new technology LANMAN

Authentication protocol intended to improve LANMAN. The LANMAN protocol stores passwords using a hash of the password by first dividing the password into 27 character blocks and then converting all lowercase letters to uppercase. This makes LANMAN easy to crack. NTLM stores passwords in LANMAN format for backward compatibility, unless the passwords are greater than 15 characters. NTLMv1 is older and has known vulnerabilities. NTLMv2 is newer and secure.

What is SSO?

Authentication that enables users to log to a system only once to access all resources within a network to which they have been assigned rights.

Social Engineering Principles

Authority Intimidation Consensus/Social Proof Scarcity Urgency Familiarity/Liking Trust

What Makes Social Engineering Attacks Effective

Authority Intimidation Consensus/Social Proof Scarcity Urgency Familiarity/Liking Trust

Which part of the AAA framework deals with granting or denying access to resources? Authentication Identification Accounting Authorization

Authorization

Which part of the AAA framework incorporates the time-of-day restrictions requirement? Authentication Non-repudiation Accounting Authorization

Authorization

Dynamic Routers

Automatically discover routes by communicating with each other Protocols used to goven dynamic router exchanges: OSPF - Open shortest path first RIP - Routing Information Protocol BGP - Border gateway protocol

nines

Availability

Risk Mitigation Options

Avoidance Transference Acceptance - with continuous monitoring

Stealth Virus

Avoids detection by masking itself

Which of the following answers refers to a key document governing the relationship between two business organisations? ISA ALE SLA BPA

BPA (business partners agreement)

Working Copy Backups

Backups on site for immediate recovery; also known as shadow copies

Black Hat

Bad Hackers for personal gain, not for money

RACE Integrity Primitives Evaluation Message Digest

Based on MD4; replaced by RIPEMED-160

SCP secure copy

Based on SSH, SCP allows users to copy encrypted files over a network. SCP uses port 22

A HIDS that recognizes possible attacks by monitoring attempts to make unauthorized changes to files is an example of what kind of monitoring methodology?

Behavior based

Twofish

Blowfish with 128-bit blocks

The practice of sending unsolicited messages over Bluetooth is known as: Phishing Bluejacking Vishing Bluesnarfing

Bluejacking

The practice of gaining unauthorized access to a Bluetooth device is referred to as: Pharming Bluesnarfing Vishing Bluejacking

Bluesnarfing

BGP

Border Gateway Protocol

Symmetric Algorithms

Both ends of an encrypted message have to use the same key and processing algorithms; faster than asymmetric

BYOD

Bring Your Own Device

BYOD

Bring your own device

What does BYOD stand for?

Bring your own device

Which of the following answers lists an example order of volatility for a typical computer system? A Memory dump, disk files, temporary files, archival media B Archival media, disk files, temporary files, memory dump C Memory dump, temporary files, disk files, archival media D Temporary files, memory dump, archival media, disk files

C

Which wireless protocol provides data confidentiality and integrity using AES?

CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol)

A United States federal government initiative aimed at enabling agencies to continue their essential functions across a broad spectrum of emergencies is known as: OVAL TACACS COOP OCSP

COOP (Continuity Of Operations)

Which of the solutions listed below allow(s) to check whether a digital certificate has been revoked? (Select all that apply) CIRT CRL OCSP CRC ICMP

CRL, OCSP

UTP unshielded twisted pair

Cable type used in networks that do not have any concerns over EMI. RFL or cross talk. If these are a concern, STP is used

STP shielded twisted pair

Cable type used to networks that includes shielding to prevent interference from EMI and RFI. It can also prevent data from emanating outside the cable.

Password Crackers

Cain and Abel John the Ripper THC Hydra Aircrack L0phtcrack

LDAP Injection

Can execute commands and alter data; filter input to prevent

Keys

Cannot keep the cipher itself secret Key ensures ciphertext remains protected even when the operation of the cipher is known Key size determines how difficult it is for a computer to guess the key

Which of the answers listed below refers to a solution allowing administrators to block Internet access for users until they perform required action? Mantrap Honeypot Captive portal Access Control List (ACL) Firewall

Captive portal

Sniffers

Captures Frames from Network. Hardware or Software.

CMP

Certificate Management Protocol

What does CPS stand for?

Certificate Practice Statement

What does CRL stand for?

Certificate Revocation List

CRL

Certificate Revocation List; latency in revoking certificates

What does CSR stand for?

Certificate Signing Request

In forensic procedures, a chronological record outlining persons in possession of an evidence is referred to as: Proxy list Order of volatility Access log Chain of custody

Chain of custody

You are investigating some malware that has infected a server in your company. You make a digital copy of the hard drive that you can analyze. You place the original drive in a secure cabinet. What aspect of incident response does this illustrate?

Chain of custody

CHAP

Challenge Handshake Authentication Protocol

What does CHAP stand for?

Challenge Handshake Authentication Protocol

CHAP

Challenge Handshake Authentication Protocol - 3 Way handshake Challenge Response Verification One way authentication only

What does CCB stand for?

Change Control Board

Header Manipulation

Change HTTP header values to falsify access

Which of the examples listed below falls into the category of operational security controls? Change management Encryption Antivirus software Mantrap

Change management

Your boss is concerned that an administrator might accidently introduce a security vulnerability when installing a new server. What can you use to mitigate the risk?

Change management

Polymorphic Virus

Changes form to avoid detection

What is TKIP?

Changes the encryption keys for ever packet sent.

Trusted Platform Module

Chip in a device to generate and store the private key

What does CCMP stand for?

Cipher Block Chaining Message Authentication Code Protocol

Alarm Systems

Circuit Motion Duress

A sticky note with a password kept on sight in user's cubicle would be a violation of which of the following policies? Data labeling policy Clean desk policy Acceptable Use Policy (AUP) User account policy

Clean desk policy

Infrastructure as a Service

Clients pay for virtualized resources

Community Cloud

Cloud that serves a group of similar users; requires joint interests and limited enrollment

What should be performed during software development and after software release?

Code Review

What type of action allows an attacker to exploit the XSS vulnerability? Code injection Banner grabbing PIN recovery Input validation

Code injection

ASSII American Standard Code for Information Interchange

Code used to display characters

What does a protocol analyzer do?

Collect traffic from the network and provide usage statistics

Federation

Collection of computer networks that agree on standards of operation

Active Fingerprinting

Collects data and server information such as role of server. Port Scanners. Christmas Attack.

Hybrid Attack

Combination of dictionary and brute force

Fixed Systems

Combines fire detectors and fire-suppression systems

What is a Hybrid attack?

Combines multiple types of password guessing attacks.

Security Policy

Commitment to Secure working practices, Risk Assessment, Tested, documented procedures and security controls, Compliance

CGI

Common Gateway Interface - Scripting mechanism allowing a web server to process data supplied by a client

CC

Common criteria is an ISO standard defining security frameworks.

PGP pretty good privacy

Commonly used to secure email communications between two private individuals but is also used in companies. It provides confidentiality, integrity, authentication and non-repudiation. It can digitally sign and encrypt email. It uses both asymmetric and symmetric encryption

What does CaaS stand for?

Communication as a Service

What is a rainbow table attack?

Compares the passwords hash to a large database of pre-computed hashes.

Virtualization Technologies

Computer - Platform that will host the virtual env Hypervisor - Manages the virtual machine env and facilities interaction with hardware and computer Guest OS - OS's installed on the virtual environment

CERT

Computer Emergency Response Team

CFAA

Computer Fraud and Abuse Act

CSIRT

Computer Security Incident Response Team

Honeypot

Computer designed to lure attackers (enticement, not entrapment)

IT Information technology

Computer systems and networks used within organizations

Uses of Cryptography

Confidentiality Authentication and Access Control Non-Repudiation Integrity

CIA

Confidentiality (Encryption), Integrity (Hashing), Availability, (Non-Repudiation)

What are the three components of CIA?

Confidentiality, Integrity, Availability

CIA

Confidentiality, Integrity, and Availability

Your network connects to the Internet through a single firewall. The internal network is configured as a single subnet. You need to deploy a public Web server to provide product information to your customers. What should you do?

Configure a DMZ and deploy the Web server on the DMZ

You are deploying a corporate telephony solution. The network includes several branch offices in remote geographical locations. You need to provide VoIP support among all office locations. You need to design a network infrustructure to support communications. You need to minimize the impact on network security. You need to minimize the cost related to deploying the solution. What should you do?

Configure a DMZ in each office

Packet Filtering Firewalls

Configured with Access Control Lists (ACLs)

Layered Security or Defense in Depth

Configuring security controls within the perimeter to cope with instances where firewalls are breached

What is the first thing you should do when responding to a security incident?

Contain the incident

How is a password policy described?

Containing restriction information such as length, complexity, and history requirements.

You are part of an incident response team. You change the passwords relating to all affected systems. You also back up the affected systems. These are exampes of which part of the incident handling procedure?

Containment

Ticket Granting Ticket

Contains information about the client plus a timestamp and validity period

Which of the following functionalities allows a DLP system to fulfil its role? Motion detection Environmental monitoring Content inspection Loop protection

Content inspection

Windows Management Tools

Control Panel Management Consoles Admin Tools

Urgency - Social Engineering

Convince someone that time is of the essence

Authority - Social Engineering

Convince someone you are in a position of authority

Which of the following can be used to explain the reasons a security review must be completed?

Corporate security policy

Restricted Information

Could seriously damage the organization of released (trade secrets, proprietary processes, etc.)

CCMP

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol

What should you do to ensure that messages between an SNMP management station and SNMP agents are encrypted?

Create IPSec filters for ports 161 and 162

Tunneling

Create a tunnel through the internet between the remote host and the private network. VPN. Going through an unsecured network to make it secure.

Your network is configured as a Windows Server 2008 Active Directory domain. The network includes two file servers FS0 and FS1. Folders from both file servers are shared to the network. You need to configure the same access permissions for 20 domain users to folders shared from FS0 to FS1. The users that need access to this set of folders may change over time. You need to minimize the effort needed to deploy and maintain this solution. What should you do?

Create one domain security group

What is rule-based access control?

Creating rules on a system to determine which actions are allowed or not allowed.

CBF

Critical Business Functions

What does XSS stand for?

Cross Site Scripting

XSS

Cross-Site Scripting

What does CSRF stand for?

Cross-site Request Forgery

Hardware Security Module

Cryptoprocessor usually associated with PKI systems; typically a PCI adapter

Advanced Encryption Standard

Current standard; developed by Daemen and Rijmen; 128-bit default key; supports 192- and 256-bit keys as well

CESA

Cyberspace Electronic Security Act

What is the function of archive bit? A Setting file attribute to read-only B Search indexing C Creating an additional copy of a file D Indicating whether a file has been modified since the last backup

D

An access control method based on the identity of subjects and/or groups to which they belong is called: HMAC DAC MAC RBAC

DAC

You are deploying a network for a small project group. Each group member should be responsible for securing access to his or her own computer's resource. What access control model should you use?

DAC

Access Control Models

DAC RBAC MAC

A workstation that is being used as a zombie set to attack a web server on a certain date is most likely part of a...

DDoS

Which of the following acronyms refers to software or hardware based security solutions designed to detect and prevent unauthorized use and transmission of confidential information outside of the corporate network? DEP RADIUS DLP PGP

DLP

Which of the following is employed to allow distrusted hosts to connect to services inside a network without allowing the hosts direct access to the internal networks?

DMZ

Web Server Hardening

DMZ Remove sample files disable directory browsing use throttling to manage connections

Most Secure Type of Biometrics

DNA

What name table is called on by nslookup test11406?

DNS (nslookup) - DNS server name

UDP 53

DNS name queries

Inserting invalid information into a name resolution server's database is known as what? (Choose two)

DNS poisoning, DNS spoofing

PORT TCP 53

DNS zone transfers

DES

Data Encryption Standard

DLP

Data Loss Prevention

What does DLP stand for?

Data Loss Prevention

What is the defining charateristic of a trusted operating system?

Data cannot be altered or moved, access rights are required to view data.

Contactless Smart Cards

Data is transferred using a tiny antenna in the card

Personally Identifiable Information

Data that can be used to uniquely identify an individual

RSA

De-facto public standard public-key encryption; uses large integers; works for both encryption and digital signatures

Standard

Deals with specific issues or aspects of a business; derived from policies

Protocol Analyzer

Decodes and presents frames for analysis Network monitoring Wireshark

What is the Private key used for?

Decrypts the message

3DES

Default VPN Mode

Implicit Deny

Default to refusing a request unless there is a rule following it. Everything will be denied unless I allow it. Explicit Allow.

Layered Security

Defense in Depth

How can you prevent access to servers on a subnet based on the IP address of the source and port being used while minimizing the changes necessary to the network?

Define an ACL on the router to the subnet

You need to prevent access to servers on subnet based on the IP address of the source and the port being used. Your network uses dedicated router devices throughout the network. You need to minimize the network changes necessary to configure the solution and also minimize the administrator effort necessary to maintain the solution. What should you do?

Define an ACL on the router to the subnet

X.509 Standard

Defines certificate formats and fields for public keys, as well as how to distribute them X.509 v2 for CRL X.509 v3 for Certificate MD2 RSA for Signature SHA1 for Digital Signature

MOU Memorandum of understanding

Defines responsibilities of each party, but it is not as strict as an SLA or an ISA. If the parties will be handling sensitive data, they should include an ISA to ensure strict guidelines are in place to protect the data while in transit.

What does DMZ stand for?

Demilitarized Zone

DMZ

Demilitarized Zones - Also referred to as a perimeter network. Traffic cannot pass through it.

You need to ensure that Active Directory domain user Alice does not have read access to the folder named Graphics. The Graphics folder is shared to the network from the server named FS0. The disk partition on which Graphics is located is formatted as NTFS. What should you do?

Deny read access to the folder through local access security

What is implicit deny?

Denying all traffic automatically

Topology

Description of how a computer network is physically or logically organized

Spanning Tree Protocol

Design to provide loop protection

Armored Virus

Designed to be difficult to detect or analyze

Edge or Border Router

Designed to connect a private network to the internet Repackage data from the private LAN frame to the WAN internet access frame

Wi-Fi Protected Access

Designed to replace WEP; uses RC4 encryption algorithm along with TKIP

Challenge Handshake Authentication Protocol

Designed to stop MiTM attacks; connecting machine generates random number/hash, server periodically challenges the client and asks for the random number to verify

DNAT

Destination Network or Port Forwarding The router takes requests from the internet for a particular application and sends them to a designated host and port on the LAN

Intrusion Detection System

Detects network intrusions; can be either host-based (H-IDS) or network-based (N-IDS); might be able to block traffic, but primarily a traffic-auditing device

Security Assessment Techniques

Determine a methodology and scope NIST SP 800-115 -Testing -Examining -Interviewing

Six Control Type Subcategories

Deterrent Preventative Detective Compensating Technical Administrative

Dictionary and Rainbow Attacks

Dictionary can be used where there is a good change of guessing the password Rainbow tables refine the dictionary approach. Precomputing Hash chains.

Certificate Policies

Different levels of authentication -SSL Web Server -Code Signing -Registered Domain -Personal Email

Which of the following answers refers to a solution for secure exchange of cryptographic keys? (Select best answer) Data Encryption Standard (DES) In-band key exchange Diffie-Hellman Out-of-band key exchange

Diffie-Hellman

Network traffic on port 389 indicates existence of an active: VPN connection Message transfer agent Directory service Web server

Directory service

An HTTP exploit which allows attackers to access restricted directories and execute commands outside of the web server's root directory is known as: Dictionary attack URL hijacking Watering hole attack Directory traversal attack

Directory traversal

You want to ensure that your network mail system is designed to minimize the risk that an outside attacker could use your mail system to send malicious e-mails. Your mail system includes several mail clients and an SMTP mail server. What should you do?

Disable open relays (at the SMTP server)

Port Security

Disabling ports MAC limiting and filtering 802.1X

What does DAC stand for?

Discretionary Access Control

DAC

Discretionary Access Control Decentralized work group: peer to peer The owner controls access to the resource by granting rights through the object's access control list

Formal Access Control Methods

Discretionary Access Control (DAC) Role Based Access Control (RBAC)* Mandatory Access Control (MAC) Rule Based Access Control (RBAC)* - FIREWALLS

Attacker Collecting Credit Card Details -> Phone Based Victim

Dishing

RAID 1

Disk mirroring; 100% redundancy; each drives has a complete copy of data; also known as disk duplexing

RAID 3 or 4

Disk striping (RAID 0) with parity disk; ensures data can be recovered from parity information if a drive fails

RAID 5

Disk striping with parity; most common form of RAID; parity information spread across all disks in the array; minimum of 3 disks, maximum of 32; cannot survive multiple disk failures

RAID 0

Disk striping; multiple drives mapped as a single drive; performance, not fault tolerance; one failure means total failure

JBOD just a bunch of disks

Disks installed on a computer but not as a RAID

What does DDoS stand for?

Distributed Denial of Service

What is the most difficult attack to reverse engineer

Distributed Denial of Service?

Linux Patch Management

Distributions and software repositories Source code vs precompiled Use MD5 to made a hash of the compiled package

Establishing a Methodology

Do everything or just a few things Identify Only or Identify and Exploit Attack Profile (Black Box (blind), White Box (Full disclosure), Grey Box(Somewhere in between)) Environment and Disclosure

Risk Avoidance

Do not engage in actions associated with risk

What 2 characteristics describe xmas attack? (2 answers)

DoS, IP Spoofing

Interconnection Security Agreement

Documents technical requirements of systems connected between two organizations

Circuit-Level Proxy

Doesn't deal with the contents of the packet

Windows Active Directory

Domain Controller Trees and Forrests

What does DNS stand for?

Domain Name System

DNS Security

Domain Name System Distributed hierarchical system for resolving names to IP addresses Works over port 53

The DNS service is used for translating: Link layer addresses into IP addresses IP addresses into MAC addresses Domain names into IP addresses Network layer addresses into link layer addresses

Domain names into IP addresses

Which of the following terms refers to a backup technique that allows for creating an exact copy of an entire drive and replicating the drive to a new computer or to another drive on the same computer in case of hard drive failure? (Select best answer) Disk striping Drive imaging Full backup Differential backup

Drive imaging

Firmware Updates

Driver Updates - Software that provides an interface between the OS and the device Firmware Updates - Software instructions stored on a ROM chip or flash memory

War Driving

Driving around with a wireless enabled laptop scanning for insecure WLANS

Screened Host

Dual-Homed Proxy Server Not as defensive as DMZ

Making sure that proper procedures are followed during an investigation during a security incident and that the rights of the suspect are respected is known as:

Due process

Social Engineering Tactics

Dumpster Diving for Info Should Surfing for password Lunchtime Attack Tailgating to gain entry

DHCP Security

Dynamic Host Configuration Protocol Automatic method for allocating IP addresses, subnet masks, and optional parameters, such as the default gateway Helps to avoid errors with manually configuring Prevent rogue DHCP servers Prevent DoS attacks by rogue clients DHCP Scope is Full could be an answer DHCP Server is Full is not an answer

Which of the answers listed below refers to a common target of cross-site scripting? Physical security Alternate sites Dynamic web pages Removable storage

Dynamic web pages

Which of the answers listed below refers to an authentication framework frequently used in wireless networks and point-to-point connections? DLP OCSP EAP LDAP

EAP

Which of the following protocols is used with 802.1X to authenticate to a client network?

EAP (Extensible Authentication Protocol)

Mobile Device Security

ECC

What type of encryption do we use for Mobile Devices

ECC (Elliptic Curve Cryptography)

Which of the protocols listed below uses elliptic curve cryptography for secure exchange of cryptographic keys? ECC LANMAN ECDHE OCSP

ECDHE (Elliptic curve Diffie-Hellman)

Key Exchange and Session Keys

ECDHE and 3DES

Encryption File System

EFS - File and folder encryption

What IPSec protocol provides confidentiallity?

ESP (Encapsulating Security Payload)

Which IPSec protocol provides confidentiality?

ESP (Encapsulating Security Payload, also provides integrity)

Family Educational Rights and Privacy Act

Educational institutions may not release information without authorization

When reviewing access to network file servers, which permissions should you check first?

Effective permissions

EMI

Electromagnetic Interference -Equipment or cabling in close proximity to noise source

ECC

Elliptic Curve Cryptography

What does ECC stand for?

Elliptic Curve Cryptography

ECC

Elliptic Curve Cyptography Trapdoor functions

Pretty Good Privacy

Email communication Standard

What does ESP stand for?

Encapsulating Security Payloads

ESP

Encapsulation Security Payload Provides confidentiality and authentication by encrypting the packet

What can be done to prevent cookie poisoning?

Encrypt cookies before transmission

What is the Public key used for?

Encrypt messages sent from a user.

Transport Encryption

Encrypting data as it is sent over a network

Secure Electronic Transaction

Encryption for credit card numbers

Ephemeral Key

Encryption key exists only for a single session

HTTPS hypertext transfer protocol secure

Encrypts HTTP traffic with SSL or TLS using port 443

Transport Mode

Encrypts just the payload

Tunnel Mode

Encrypts the original IP header and replaces it with another

Access Review

Ensure a user's access level is still appropriate

Spanning Tree Protocol

Ensures loop-free Ethernet LANs (Layer 2)

Design Review

Ensures that security is one of the requirements for the application

NDA non-disclosure agreement

Ensures that third parties understand their responsibilities. It is commonly embedded as a clause in a contract with the third party. Most NDAs prohibit sharing data unless you are the data owner

On-Boarding and Off-Boarding procedures

Ensuring devices are brought into and out of the organization securely

Trojan Horse

Enter a system or network under the guise of another program

What is a KRA?

Entities that have the ability to recover cryptographic keys, key components, and encrypted plain text.

What does DHE stand for?

Ephemeral Diffie-Hellman

Transport Layer Security

Essentially an updated version of SSL

Secure Sockets Layer

Establishes a TCP-based secure connection between two machines

Business Impact Analysis

Evaluate all the critical systems in an organization to define impact and recovery plans

Signature-Based-Detection IDS

Evaluates attacks based on attack signatures and audit trails

What does EAL stand for?

Evaluation Assurance Level

EAL

Evaluation Assurance Levels

Types of Monitoring System Logs

Event Log Audit Log Security Log Access Log

Application Log

Events logged by applications or programs; useful on database/SQL servers

dB to Power Rule

Every 3 dB doubles the power

Full Archival Method

Everything is stored forever

Which of the terms listed below refers to a rogue access point? Trojan horse Backdoor Computer worm Evil twin

Evil twin

Nmap has been run against a server and more open ports than expected have been discovered. Which of the following would be the FIRST step to take?

Examine the process using the ports

Cross-Site Scripting

Executes malicious code locally on the client machine; best way to prevent is to filter input

What is Session hijacking?

Exploiting a valid session in an attempt to gain unauthorized access. Classified as man in the middle attacks.

Macro Virus

Exploits macro functionality within applications

What does EF Stand for?

Exposure Facture

FTPS

Extends FTP to use TLS

EAP

Extensible Authentication Protocol

EAP

Extensible Authentication Protocol Defines framework for negotiating authentication mechanisms rather than the actual details of them Replaced CHAP 1) Supplicant - Client requesting authentication 2) Authenticator - Device that receives the authentication request 3) Authentication Server - Performs the authentication

XML

Extensible Markup Language - Means of describing information so that it can be transferred between different applications

Lightweight Extensible Authentication Protocol

Extension of EAP created by Cisco; being phased out for PEAP; requires mutual authentication; susceptible to dictionary attacks

Security Zones

External Perimeter Public Restricted Secure

Which of the following daemons is MOST likely to be the cause if an unauthorized user obtains a copy of a Linux system's /etc/passwd file?

FTP configured to allow anonymous user access.

Port TCP 21

FTP control port

Port TCP 20

FTP data port (active mode)

Large amount of processing power required to both encrypt and decrypt the content of the message causes that symmetric-key encryption algorithms are much slower when compared to algorithms used in asymmetric encryption. True or False

False

Log analysis should not take into account the difference between the reading of a system clock and standard time as this impedes the reconstruction of the sequence of events during an attack or security breach. True False

False

One of the advantages of the Remote Authentication Dial-In User Service (RADIUS) is that it provides encryption for the entire authentication process. True False

False

The two basic techniques for encrypting information include symmetric encryption (also called public-key encryption) and asymmetric encryption (also called secret-key encryption.) True or False?

False

True or false? Symmetric keys are the easiest to centrally manage.

False (they are the hardest)

What can be used to prevent external electrical fields from effecting sensitive equipment?

Faraday cage

Blowfish

Fast, symmetric 64-bit block cipher with keys from 32- to 448-bits

Computer Security Act

Federal agencies must identify and protect systems with sensitive information

Fibre Channel

Fibre Channel Hardware Initiator Target FC Switch

FAT

File Allocation Table; FAT-16 or FAT-32; on old Windows systems

What does FTP stand for?

File Transfer Protocol

What does FTPS stand for?

File Transfer Protocol over Secure Sockets Layer

Which types of servers should be placed on a private network?

File and print servers

Certificate Signing Request

File containing the information that the subject wants to use in the certificate

Watering Hole Attack

Find a site frequented by the intended victim and poison it, then use the site to attack the true target

Penetration Testing

Find ways to bypass security controls Find ways to remove or disable controls

Define Identification

Finding out who someone is

Something You Are

Fingerprint, Face, Signature

Three Legged Firewall

Firewall with 3 Network Ports: 1) External Interface 2) DMZ 3) Internal Interface

Rule BAC

Firewalls (Implicit Deny)

Perimeter Security

Firewalls that protect from the outside

Type B Fire Extinguisher

Flammable Liquids; uses fire-retardant chemicals

Type D Fire Extinguisher

Flammable metals; composition varies

Vulnerability

Flaws, holes, and weaknesses in a system

Network Intrusion Prevention System

Focuses on preventing attacks; detects the responds to attacks; subset of NIDS

An employee gets a call from a knowledgeable person who knows everything about the company, is listed in the directory, and claims there is an emergency? What should be done?

Follow established procedures and report any abnormal incidents.

DNS Server Vulnerabilities

Footprinting - Obtaining information about a private network DoS Poisoning - Redirection attack. Correct records on DNS server.

OS operating system

For example SELinux is a trusted OS that help prevent malicious code from executing

ID Identification

For example, a protocol based on a number. AH is identified with protocol ID number 51 and ESP is identified with protocol ID number 50

Appliances

Free-standing devices that operate largely self-contained

Backup Types

Full - All data Incremental - Only includes things that have changed since the last backup Differential - Includes information that has changed since the last full backup Copy

What does FDE stand for?

Full Disk Encryption

What data security system is most vulnerable to cold boot attacks?

Full disk encryption

What type of data loss prevention system is most susceptible to a cold boot attack?

Full disk encryption

WPA2

Fully compliant with 802.11i WLAN security standard but adds AES (Advanced Encryption Standard)

Collision in Hash Functions

Function produces the same has value for two different plaintexts Used for forging a digital signature

GPG

GNU Privacy Guard; alternative to PGP

GPS global positioning system

GPS tracking can help locate lost mobile devices. Remote wipe, or remote sanitize erases all data on lost devices. Full disk encryption protects the data on the device if it is lost

Trust - Social Engineering

Gaining trust, usually through reciprocation

Bluesnarfing

Gaining unauthorized access via Bluetooth

What is Non-credentialed Vulnerability Scanning?

Gathers basic details about the system.

Privilege Escalation

Get privileges from process to install malware

Birthday Attack

Given enough time, a value can be found that results in the same hash as the password

Cyber Security Enhancement Act

Gives federal agencies easy access to ISPs to monitor communications

Computer Fraud and Abuse Act

Gives federal authorities to prosecute hackers, spammers, and others

Cyberspace Electronic Security Act

Gives law enforcement right to access encryption keys and methods

Gray Hats

Go in between good and bad side of hacking. Should be feared. Exploit the system and then your wallet.

Authorization

Granting Users Rights to Resources Policy Enforcement Policy Definition (ACLs)

What is discretionary access control?

Granting permissions to users or groups to a resource, usually done by creator of the resource and the permissions are configured busing thee DACL.

Given Username and Password

Gray

GPO group policy object

Group Policy is used within Microsoft Windows to manage users and computers. It is implemented on a domain controller within a domain. Administrators use it to create password policies lock down the GUI configure host-based firewalls and much more.

LAN Local area network

Group of hosts connected within a network

Cluster

Group of servers. Provide fault tolerant servers. Configure nodes for failover.

Which type of IDS is more ambitious and informative than the other types?

HIDS

Engineering department computers are deployed on a screened subnet. You need to protect the computers against malware attacks. What should you do?

HIDS (Install a HIDS on each of the department's computers.)

What should be done to secure a web server that is reachable from the internet, is located in the core internal corp network, and cannot be redesigned or moved?

HIDS, Host based firewall

You are deploying an application server on your network that will require a higher level of defense against potential software threats than other servers on your network. You want the server to actively defend itself against active attacks and potential malware infections. You need to provide this protection without impacting other servers already deployed on your network. What should you use?

HIPS (host-based intrusion prevention system)

HOTP

HMAC-Based One-Time Protocol

What does HOTP stand for?

HMAC-based One Time Password

PORT TCP 80

HTTP

SSL is used to provide encryption for which communication protocol?

HTTP

PORT TCP 443

HTTPS

TCP port 443 is used by: Simple Mail Transfer Protocol (SMTP) File Transfer Protocol (FTP) Hypertext Transfer Protocol over TLS/SSL (HTTPS) Internet Message Access Protocol (IMAP)

HTTPS

HVAC Heating ventilation and air conditioning

HVAC systems increase availability by regulating airflow within datacenter and server rooms. They use hot and cold to regulate the cooling, thermostats to ensure a relatively constant temperature, and humidity controls to reduce the potential for the static discharges and damage from condensation. They are often integrated with fire alarm systems and either have dampers or the ability to be turned off in the even of a fire

White Hat, Black Hat, Gray Hat

Hackers

HSM

Hardware Security Module or Hierarchical Storage Management

What is an HSM?

Hardware Security Module (a hardware device that can manage and maintain cryptographic keys)

Virtualization Pros

Hardware Utilization Reduced Infrastructure Centralized Admin Controls

VPN Concentrator

Hardware device used to create remote access VPNs; Cisco models use Scalable Encryption Processing (SEP)

Trusted Platform Module

Hardware/chip that assists with hash key generation and storing cryptographic keys, passwords, and certificates

Which of the following answers refers to the contents of a rainbow table entry? Hash / Password IP address / Domain name Username / Password Hash / Account name

Hash / Password

HOTP

Hash Based One time password Algorithm

Types of Hash Functions

Hash Based Message "Authentication" Code (HMAC) Used for Password Storage and Checksums (Integrity) Secure Hash Algorithm (SHA) - Most Secure Message Digest Algorithm (MDA/MD5) RACE RIPEMD

SHA, MD5, and RIPEMD are examples of: Trust models Encryption algorithms Hash functions Virus signatures

Hash functions

What does HMAC stand for?

Hash-based Message Authentication Code

You created a mirror image of the data needed for forensic investigation. You need to be able to quickly determine if your investigative procedures cause the data to change. What should you use to determine this?

Hashes

What is a MD5?

Hashing algorithm that creates a 128-bit message digest.

What is a SHA-1?

Hashing algorithm that creates a 160-bit message digest.

Which type of attacks works by modifying the data contained in IP packets?

Header Manipulation

HIPAA

Health Insurance Portability and Accountability Act

What does HVAC stand for?

Heating, Ventilation, and Air Conditioning

HFS/HFS Plus

Hierarchical Filesystem; Mac filesystem

HA

High Availability

Attacker posts link to Fake AV Software -> Broad Set of Victims

Hoax

HSPD-12

Homeland Security Presidential Directive 12 Access to federal property must be controlled by a secure ID and authentication mechanism

HIDS

Host Based IDS Captures Information from a specific host

Desktop Virtual Platforms

Host based hypervisors Virtual labs Support legacy applications Software test environment Security Control testing Training

What does HIPS stand for?

Host based intrusion prevention system

HIDS

Host-Based IDS

Application Virtualization

Hosting or Streaming individual software applications on a server

Which of the following backup site types allows for fastest disaster recovery? Cold site Hot site Warm site Cross-site

Hot

Acceptable Use Policy

How employees can use company systems and resources, software and hardware

Mean Time To Restore

How long it takes to repair a component

What is ARO?

How many times per year a threat is expected to occur.

What is a hybrid cloud?

Hybrid clouds combine features of public and private clouds but can expose host computers to users outside your organization.

L2TP

Hybrid of PPTP (Microsoft) and L2F (Cisco); no data security, no encryption

Which of the protocols listed below is used by the PING utility? IPsec SNMP FCoE ICMP

ICMP (Internet Control Message Protocol)

Ping of Death

ICMP message larger than the system can handle causing crash

Which ports do you need to allow on an Internet-facing firewall that uses NAT-T to support an L2TP/IPSec VPN connection?

ID 50, UDP 500, UDP 4500

Which of the following examples falls into the category of technical security controls? Change management Acceptable Use Policy (AUP) Intrusion Detection System (IDS) Incident response procedure

IDS (Intrusion Detection System)

NIDS Network-based intrusion detection system

IDS to monitor a network. It can detect network-based attacks, such as smurf attacks. A NIDS cannot monitor encrypted traffic and cannot monitor traffic on individual hosts

A company has implemented a VPN and over time associates are created each being more secure than the last. What would be implemented to automate the selection of the BEST security association for each user?

IKE (Internet Key Exchange)

TCP port 143 is used by: Hypertext Transfer Protocol (HTTP) Simple Mail Transfer Protocol (SMTP) Internet Message Access Protocol (IMAP) Remote Desktop Protocol (RDP)

IMAP

Port TCP 993

IMAP SSL/TLS

PORT TCP 143

IMAP4

Default Gateway

IP Spoofing

In order to be internal to a network to do this attack

IP Spoofing

L2TP tunneling relies on what for security?

IPSec

What is used to provide secure communication over a L2TP VPN connection?

IPSec

What kind of encryption method can be implemented at the Network layer (3) of the OSI model?

IPSec

Which of the following VPN implementations consists of taking IPv6 security features and porting them to IPv4?

IPSec

UDP 500

IPSec (for VPN with IKE)

Which protocols operate(s) at layer 3 (the network layer) of the OSI model?

IPSec, IPV6, IPv4, ICMP

Which of the following authentication protocols offer(s) countermeasures against replay attacks? (Select all that apply) PAP IPsec OCSP Kerberos CHAP

IPSec, Kerberos, CHAP

AH authentication Header

IPsec includes both AH and ESP. AH provides authentication and integrity, and ESP provides confidentiality, integrity, and authentication. AH is identified with protocol ID number 51

ESP Encapsulation Security Protocl

IPsec includes both AH and ESP. AH provides authentication and integrity, and ESP provides confidentiality, integrity, and authentication. ESP is identified with protocol ID number 50

Which of the following authentication protocols offer(s) countermeasures against replay attacks? (Select all that apply) IPsec MPLS PAP Kerberos CHAP

IPsec, Kerberos, CHAP

Which of the answers listed below refers to an agreement established between the organizations that own and operate connected IT systems to document the technical requirements of the interconnection? ISA ALE MOU BPA

ISA (Interconnection Security Agreement)

What does IPSec use to determine when to create a new set of keys?

ISAKMP (Internet Security Association and Key Management Protocol)

Why is Data Important?

IT/Admin, Prod Dev, Sales/Marketing, Financial. Legal/Reg/Contractual.

Change and Configuration Management

ITIL Service Asset Configuration Item Baseline Configuration Management System

Which of the answers listed below refers to an attack aimed at exploiting the vulnerability of WEP? MITM attack Smurf attack IV attack Xmas attack

IV (initialization vector)

A solution vendor bills customers for access to a three-tier application based on usage. The application is deployed in the vendor's data center as sets of clustered virtual machines. Which type of network design element is exemplified?

IaaS (Infrastructure as a service)

What is the function of a Common access card?

IdenAcceSignEncrPhys (To provide personal identification, computer and network access, email digital signing and encryption, and to control physical access through one specialized smart card)

ACE Access control Entry

Identifies a user or a group that is granted permission to a resource. ACEs are contained within a DACL in NTFS

IPv4 Internet protocol version 4

Identifies host using a 32-bit IP address. IPv4 is expressed in dotted decimal format with decimal numbers separated by dots or periods like this 192.168.1.1

IPv6 Internet protocol version6

Identifies hosts using a 128-bit address. IPv6 is expressed as eight groups of four hexadecimal characters (numbers and letters), such as this FE80: 0000:0000:0000: 20D4:3FF7:003F:DE62

MTTR mean time to recover

Identifies the average time it takes to restore a failed system. Organization that have maintenance contracts often specify the MTTR as part of the contract

dBi Dicibels-istropic

Identifies the gain of an antenna and is commonly used with omnidirectional antennas. It references an istropic antenna that can theoretically transmit the signal equally in all directions. Higher numbers indicate the antenna can transmit and receive over greater distances

dBd Decibels-dipole

Identifies the gain of an antenna compared with a type of dipole antenna. Higher dBd numbers indicate the antenna can transmit and receive over greater distances

SSID Service set identifier

Identifies the name of wireless network. Disabling SSID broadcast can hide the network from casual users but an attacker can easily discover it with a wireless sniffer. It's recommended to change the SSID from the default name

dBm decibles-milliwatt

Identifies the power level of the WAP and refers to the power ratio in decibles referenced to one milliwatt. Higher numbers indicate the WAP transmits the signal over a greater distance

Rogue Machine Detection

Identifying and removing machines on the network that are not supposed to be there

What is the purpose of the Cyber Security Enhancement Act?

If a computer crime over the internet is suspected, this act provides federal agencies access to ISPs and the right to monitor data communications.

Forward Secrecy

If one cryptographic key is compromised, subsequent keys are still safe

Hotfix

Immediate, urgent patch; usually not optional

Social Engineering

Impersonation - Dominate or charm targets. Exploit Weak Authentication. Reasons for Effectiveness: -Familiarity/Liking -Consensus/Social Proof -Authority and Intimidation -Scarcity and Urgency

You are designing a solution to protect your network from Internet-based attacks. You need to provide: * Pre-admission security checks * Automated remediation The solution should integrate existing network infrastructure devices. What should you do?

Implement NAC

Host Based Firewall

Implemented on a Software Application running on a single host

Technical - Control Type

Implemented through technology

What is due care?

Implementing the right security controls to protect company assets

Guidelines

Implements by providing information on how to accomplish policies and maintain standards

DSL Digital subscriber line

Improvement over traditional dial-up to access the Internet.

Code Review

In depth examination of the way the application is written

Key Exchange

In-Band: within the same medium Out-of-band: within separate medium

Vulnerability Assessment

In-depth Analysis of Security Systems and policies Identify weaknesses that MAY exist Generally passive techniques Discover vulnerabilities without exploiting them Identify lack of security controls/misconfigurations

IRT

Incident Response Team

How is Acceptable Use policy described?

Includes information on appropriate use of company asset.

How is a Physical Security policy described?

Includes information on controls that should be implemented such as door locks and fencing

How is Privacy policy described?

Includes process information on why and how customer information is used

How is Change Management policy described?

Includes process information when alterations are made to the network

Malware malicious software

Includes viruses, Trojans, adware, spyware, rootkits, backwoods, logic bombs and ransomware

Discretionary Access Control

Incorporates some flexibility; users share information dynamically

Alarm

Indication of current, ongoing problem

PII personally identifiable information

Information about individuals that can be used to trace a person's identity, such as a full name, birthdate, biometric data and identifying numbers such a social security number (SSN). Organization have an obligation to protect PII and often identify procedures for handling and retaining PII in data policies

Internal Information

Information needed to run the business (personnel records, customer lists, ledgers, etc.)

Full Distribution Information

Information released to the public

* As a Service

Infrastructure Network Software Platform

IaaS

Infrastructure as a Service

What does IaaS stand for?

Infrastructure as a Service

Business Impact Analysis

Initial Risk Investigation or analysis: 1) Identify the critical functions or processes of the business or organization 2) Identify the assets and resources on which the organization depends 3) Identify Threats to the organization's functions and assets 4) Assess the risk to each function or asset, given the threats

OATH

Initiative for Open Authentication Big PKI Providers

NAC network access control

Inspects clients for health and can restrict network access to unhealthy clients to a remediation network. Clients run agents and these agents report status to a NAC server. NAC is used for VPN and internal clients. MAC filtering is a form of NAC.

Application Aware Devices

Inspects the contents of packets at the application layer

Your business uses instant messaging to enable technical support personnel to communicate easily with customers. What should you do to secure technical support computers against potential instant messaging security risks?

Install antivirus

Which of the answers listed below exemplifies an implementation of risk transference methodology? Insurance policy Security guard Antivirus software User education

Insurance policy

In forensic analysis, taking hashes ensures that the collected evidence retains: Confidentiality Integrity Order of volatility Availability

Integrity

Which (3) security services are provided by digital signatures?

Integrity, authentication, non-repudiation

What is EAL 5?

Intended for high levels of security assurance, and it requires special design considerations to be able to achieve this level.

Private Information

Intended for only internal use; also known as working documents or work product

ISA

Interconnection Security Agreement

Trunks

Interconnections between switches VLAN Trunking Protocol (VTP) VTP Server or VTP Client

Attack Service

Interfaces Services Application Service Ports

EMI electromagnetic interference

Interference caused by motor, power lines, and fluorescent lights. Cables can be shielded to protect signals from EMI. Additionally, EMI shielding prevents signal emanation, so it can prevent someone from capturing network traffic

RFI Radio frequency interference

Interference from RF sources such as AM or FM transmitters. RFI can be filtered to prevent data interference and cables can be shielded to protect signals from RFI

What is a Proxy Server?

Intermediary between a host and a computer hosting another service.

Proxy Firewall

Intermediary between your network and another network; process requests; examines data and forwards or refuses

IDEA

International Data Encryption Algorithm

IEEE Institute of electrical and electronic engineers

International organization with a focus on electrical electronics and information technology topics. IEEE standards are well respected and followed by vendors around the world

OVAL open vulnerability assessment language

International standard proposed for vulnerability assessment scanners to follow

IANA

Internet Assigned Numbers Authority

What does IKE stand for?

Internet Key Exchange

IKE

Internet Key Exchange protocol aka ISAKMP (Internet Security Association and Key Management Protocol) Part of the IPsec protocol suite that handles authentication and key exchange

IMAP

Internet Message Access Protocol Allows a client to manage the mailbox on the server. Connect over Port 143 Supports permanent connections to a server and connecting multiple clients to the same mailbox simultaneously.

IPSec

Internet Protocol Security; LAN-to-LAN connections; provides authentication and encryption of data and headers; either tunneling or transport mode

What does ISAKMP stand for?

Internet Security Association and Key Management Protocol

iSCI

Internet Small Computer Systems Interface; allows data storage and transfers; used for creating storage area networks

IDS

Intrusion Detection System

What does IDS stand for?

Intrusion Detection System

IDS

Intrusion Detection Systems Real-time analysis of either network traffic or system and application logs

NIPS

Intrusion Detection and Prevention System

What does IPS stand for?

Intrusion Prevention System

Virtualization Cons

Investment costs Performance and Security

What is Log analysis?

Involves a regular inspection of the recorded log files.

What is Port security?

Involves enabling a port and then associating a computers MAC address to the enabled port.

What is Mitigation in terms of risk?

Involves implementing a control that will reduce the risk

Limited Distribution Information

Is not secret but is not private

What does a SAN do?

It Provides a dedicated network connection for block level data storage.

What does DAC do?

It Provides users with access to company resources based on their identity and the groups to which they belong.

What does Iaas do?

It Provides users with the uses of a fully functioning physical infrastructure, which is owned and maintained by a 3rd party provider.

What does a Web Proxy do?

It allows frequently accessed content to be cached, and control what sites or content users are able to access.

What is a Web Proxy?

It allows frequently accessed content to be cached, as well as control what sites or content users are able to access.

What does PaaS do?

It allows users to create and operate custom web application easily.

What does a VLAN do?

It can be used logically to segment networks within existing networks.

What is does the PKI Hierarchical Trust Model do?

It contains a single root CA that is used to provide information. Often referred to as the Tree Model.

What is does the PKI Mesh Trust Model do?

It contains multiple root CAs in which multiple paths are provided to each root CA. Also Known As the web model.

What is does the PKI Bridge Trust Model do?

It contains two root CAs in which a peer to peer relationship is established

What is accountability security?

It dictates who is responsible for a particular item, such as making sure that data is accurate.

What does NaaS do?

It enables users to buy network services without actually purchasing physical network hardware to support the infrastructure.

What does SaaS do?

It enables users to lease software and applications from a provider rather than buying them.

What does a Protocol Analyzer do?

It enables you to view a captured frame's contents in a readable format by decoding the frame. Capture and decode network traffic to help identify erroneous packets.

What is availability security?

It helps ensure that data and security controls are all functioning whenever users need access to the information system.

What is integrity security?

It helps ensure that the data users are working on is accurate.

What is order of volatility?

It identifies that evidence should be collected from the most volatile system components to the least volatile.

What does a Hardware-based FDE do?

It implements the encryption and decryption process inside of the hard disk drives, isolating these processes and associated keys from the operating system to protect from security risks, such as root kits.

What is the reciprocation influence tactic?

It involves helping someone in the hope that they will return the favor.

What is Risk Transference?

It involves moving the risk to an organization that is better equipped to handle it.

What is Deterring in terms of risk?

It involves threatening to take legal punishment towards the person who are attacking the asset.

What is AppLocker?

It is a Windows feature that allows for control of the applications that users are allows to access, by enabling administrators to effectively manage security by limiting the application launched on a system.

What does HMAC do?

It is a hashing algorithm that uses a secret key along with the hashing algorithm to calculate the message authentication code.

What does SHA-2 do?

It is a hashing algorithm with 2 different versions; SHA-256 and SHA-512.

What is an Application blacklist?

It is a list of application that should not be allowed to run on the computer.

What is a CRL?

It is a list of computer certificates that can no longer be trusted.

What does CHAP do?

It is a method of authentication that encrypts passwords through the Message Digest 5 (MD5) hashing scheme.

What is a PCI DSS?

It is a standardization of how to handle electronic payments.

What does HVAC do?

It is a system used to provide a well maintained and environmentally controlled area.

What does NAT do?

It is a technology that conceals internal addressing schemes from external networks.

What is log analysis?

It is defined if object access auditing is enabled.

What is a Firewall?

It is either a hardware or software security tool that permits or denies network traffic based on a set of created rules.

When should a users password account be reset?

It is not appropriate for a network technician to change a users account without their knowledge or consent.

What is a CA used for?

It is part of a PKI to issue, revoke, and distribute certificates.

What is a CPS?

It is used by a CA for issuing certificates and implementing policies.

What is CSR?

It is used by a user within a PKI to request certificate from a CA.

What is a Rainbow Table Attack?

It is used to attempt to reverse a password's has value, by comparing the password's hash to a large database of pre-computed hashes.

What is a risk assessment?

It is used to determine the probability of a threat occurring, including the potential loss if the threat occurs.

What is a open proxy server?

It is used to direct request to and from any location on the internet.

What is a Forward proxy server?

It is used to direct requests from an internal network to web servers on the internet.

What is Non-repudiation?

It is used to ensure that a person or party cannot deny something.

What is MDM Software?

It is used to help manage, monitor, and support BYOD devices in a company.

What is the scarcity influence tactic?

It is used to make people feel as though they need to take advantage of the current situation.

What is an application whitelist?

It is used to prevent unauthorized applications from running.

What is continuous auditing?

It is used to provide an automatic method of completing risk and control assessment audit tasks on a scheduled basis.

What is a Hot Spare?

It is used to recover from a failed device and will then assume the workload.

What is Continuous monitoring?

It is used to replace point in time audits by providing a constant network state view as well as state of risk snapshots regarding security, network, and data.

What is a disk quota?

It is used to specify how much data a user can consume.

What is a Key Escrow?

It is used to store copies of private or secret keys in a secure central location.

What is a hoax?

It is usually carried out via email or by phone, and it involves giving false story that requires an action.

What is IKEv2?

It is version 2 of IKE that is one way that actual authentication keys can be distributed.

What does a load balancer do?

It lets you distribute network traffic evenly across two or more network links or computers, to prevent downtime or bandwidth issues during periods of peak traffic.

What is a Smurf attack?

It make use of IP spoofing and broadcast to ping groups of network host from a spoofed IP address that belongs to a target system.

What is the obligation influence tactic?

It makes the person feel as if they are obligated to perform a task, based on social, legal, or contract requirements.

What does HIPS do?

It monitors network traffic and can stop or block malicious traffic.

What does a UPS do?

It protects computers and peripheral devices from data loss or data corruption caused by power failures or fluctuations in the AC current.

What does an ISAKMP do?

It provides a framework for authentication and key exchange within IPsec.

What does a DNS Server do?

It provides name resolution service for a network It associates a devices host name with the devices IP address.

What is a DNS Server?

It provides name resolution services for a network, associating a devices host name with the device IP address.

What is does the PKI Hybrid Trust Model do?

It provides the most flexibility of any trust model.

What does RBAC do?

It provides users with access to company resources based on a job role or assigned tasks.

What is a Content filtering proxy server?

It restricts user access to certain web sites based on content such as URL, domain name, words or words combinations, and blocks content that an administrator has deemed undesirable.

XSS Cross-site scripting

It scripting allows an attacker to redirect users to malicious websites and steal cookies. E-mail can include an embedded HTML image object or a JavaScript image tag as part of malicious cross-site scripting attack. Websites prevent cross-site scripting attacks with input validation to detect and block input that include HTML and JavaScript tags. Many sites prevent the use of < and > characters to block cross-site scripting

What does a Software-based FDE do?

It uses a computers CPU to perform encryption and decryption, resulting in degraded system performance.

What is the authority influence tactic?

It uses the power of a person with authority to get information from other people

What is a Symmetric encryption?

It uses the same key for decrypting and encrypting information.

What is WPA?

It was designed as a replacement for WEP to overcome the security flaws of WEP. It uses TKIP.

What is an OTP?

Its a dynamic password to be used only once after which they become invalid.

Port 88

KDC runs on port 88 using TCP or UDP

What is the 4th step in the Kerberos process?

KDS verifies the authentication of the TGT and issues a client to server ticket to the user.

High Availability

Keep services and systems operational during an outage

Grandfather, Father, Son Method

Keeping multiple rolling backups at various fixed times (e.g., one every week, another every month, and another each year)

Stateful Packet Inspection

Keeps a state table and tracks every communications channel

Assigning a unique key, called a ticket, to each user that logs on to the network is a characteristic feature of: SAML Secure LDAP RADIUS Kerberos

Kerberos

What computer network authentication protocol is designed to ensure mutual authentication?

Kerberos

What does KDC stand for?

Key Distribution Center

What entity within a PKI is able to provide digital keys to an authorized third party?

Key Escrow

Key Lifecycle

Key Generation Certificate Generation Distribution Storage Revocation Expiration

What does KRA stand for?

Key Recovery Agent

Diffie Helman

Key agreement protocol Secure Key Exchange Generates Ephemeral Keys

What is the name of a storage solution used to retain copies of private encryption keys? Trusted OS Key escrow Proxy server Recovery agent

Key escrow

Diffie-Hellman

Key exchange; used to send keys across public networks

Five Nines Availability

Key services should be available 99.999% of the time

PORT TCP 636

LDAP/TLS

Which wireless authentication protocol is vulnerable to password cracking?

LEAP (Lightweight Extensible Authentication Protocol)

Which of the following acronyms refers to flash cookies? RPO BCP LSO CRP

LSO (Local Shared Object)

MAC

Labels and Clearance Inflexible

L2TP

Layer 2 Tunneling Protocol No Authentication or Confidentiality

IPsec

Layer 3 security protocol Provides flexibility and confidentiality and integrity/anti-replay Processor intensive Two protocols used: Authentication Header & Encapsulation Security Payload

Configuring a Firewall

Least Access Implicit Deny

Risk Deterrence

Let the enemy know the consequences of an attack

Which of the following examples falls into the category of deterrent security control types? Lighting Access lists Motion detection Alarms

Lighting

LDAP

Lightweight Directory Access Protocol

LEAP

Lightweight EAP Developed to resolve weakness in Wired Equivalent Privacy (WEP)

LEAP

Lightweight Extensible Authentication Protocol

Risk

Likelihood and impact (or consequence) of an actor exercising a vulnerability

Risk

Likelihood of an attack being successful

Threat

Likely dangers associated with a risk

What is most effective in preventing brute-force password hacking?

Limited log on attempts

Rule-Based Access Controls

Limits user with preconfigured policies; uses allow and deny lists; implemented with access control lists (ACLs)

LNC

Link Control Protocol

DACL Discretionary Access Control List

List of Access Control Entries (ACEs) in Microsoft's NTFS. Each ACE includes a security identifier (SID) and a permission

Consensus/Social Proof - Social Engineering

Listening, validating, or charming

What does LSO stand for?

Local Shared Objects

LSO

Locally Shared Object; also known as a Flash cookie

Ransomware

Locks a system until a third party is paid

Accounting

Logging (Account for actions, detect intrusions, choosing what to log) Surveillance Incident Report (What, When Who)

LUN

Logical Unit Number

Smart card access control relies on what kind of access control method?

Logical token

Security Log

Logs successful and unsuccessful logon events; in Windows, the Access Log

Trend

Long-term shifts in activity

Network Boundaries or Perimeters

Look at diagram

Anomaly-Detection IDS

Looks for activity out of the ordinary

Which of the answers listed below refers to the most common access control model used in Trusted OS implementations? HMAC MAC RBAC DAC

MAC

What is the strictest access control model?

MAC (Mandatory Access Control)

Access control based on security labels associated with each data item and each user are known as...

MAC (Mandatory Access control)

Which of the following access control models uses subject and object labels?

MAC (Mandatory Access control)

Which of the following access control models would be MOST compatible with the concept of least privilege?

MAC (Mandatory Access control)

Switch Vulnerabilities

MAC Flooding - Overloading the switch's MAC cache ARP Poisoning - Poisons the switch's ARP table with a false MAC-IP address mapping VLAN Hopping - Exploits the native VLAN feature of 802.1Q VLAN Trunking Protocol (VTP) Attacks - VTP propogates the VLAN

A company wants a VLAN, and thinks it will be secure because it's using MAC addressing and that DTP will facilitate network efficiency. What issues should be discussed?

MAC addresses can be spoofed, rogue devices can configure ports

A network access control method whereby the 48-bit address assigned to each network card is used to determine access to the network is known as: Hardware lock Post-admission NAC Rule-Based Access Control (RBAC) MAC filter

MAC filter

What hash algorithm is used for passwords over 14 characters long?

MD5

Message Digest

MD5 most recent; 128-bit hash value; weak collision resistance; SHA1 or SHA2 recommended instead

Which of the following is an example of active eavesdropping? Phishing DDoS Xmas attack MITM

MITM (Man in the middle)

A document established between two or more parties to define their respective responsibilities in accomplishing a particular goal or mission is known as: BPA MOU SLE ISA

MOU (Memorandum of understanding)

Which of the following terms is used to describe the average time required to repair a failed component or device? MTBF MTU MTTR MPLS

MTTR

What is a Alarmed Carrier?

Made up of optical fibers deployed within the conduit. The carrier can be hidden above fan or below floors and it detects acoustic vibrations.

X.500

Main directory standard Are hierarchical

What is Loop protection?

Maintaining a loop free network.

Stateful Firewalls

Maintains stateful information about firewalls Information is stored in a dynamically updated state table

Stateless Firewall

Makes decisions on the data that comes in; simple decisions

MAC Flooding

Makes port into a HUB

What is a Sniffer Attack?

Makes use of protocol analyzers to inspect data as it is transmitted over a network, allowing all clear text data, including passwords to be captured and read by an attacker.

Malware

Malicious Software Computer Viruses Worms Logic Bombs/Fork Bombs Hoaxes Spam/Spit

Remote Access Security Problems

Malware protection is difficult because it is remote Security Info - Auth info is stored on the server Data Transfer Local Privileges Weak Authentication BEST SOLUTION TO RDP SECURITY PROBLEMS: Education Least priviledge

The U.S. National Institute of Standard and Technology (NIST) specifies three types of security controls. These controls are important in the federal information systems certification and accreditation process?

Management, operational, technical

What does MAC stand for?

Mandatory Access Control

MAC

Mandatory Access Control Resource access is restricted by system policies

Which of the following security controls is used to prevent tailgating? Hardware locks Mantraps Video surveillance EMI shielding

Mantraps

War Chaulking

Marking little symbols to advertise the presence of an ipen and exploitable access point

What is a Hashing Algorithm?

Mathematical functions that perform one-way encryption. MD5 and SHA-1

Recovery Time Objective

Maximum downtime considered acceptable

Backdoors

May be opened by malicious software or could derive from configuration oversight

MTBF

Mean Time Between Failures

MTTF

Mean Time To Failure

What does MTTF stand for?

Mean Time To Failure

MTTR

Mean Time To Restore

What does MTTR stand for?

Mean Time To Restore

What do you find on an SLA

Mean Time to Failure Mean Time Between Failure Key Performance Indicators

Define Authentication

Mechanism of verifying an identification

Interoperability Agreements

Memorandum of Understanding - Prelim or exploratory agreement Service Level Agreement - Legal protection for agreed service levels Business Partners Agreement Interconnection Security Agreement

MD

Message Digest

One Time Pad

Message and key are same size Impossible to crack (if key is sufficiently random)

Certificate Management Protocol

Messaging protocol between PKI entities

FDE full disk encryption

Method to encrypt an entire disk. TrueCrypt is an example

PAC proxy auto configuration

Method used to automatically configure systems to use a proxy server

MAC message authentication code

Method used to provide integrity for messages. A MAC uses a secret key to encrypt the hash. Some versions called HMAC

PORT TCP 1433

Microsoft SQL server

MS-CHAP Microsoft challenge handshake authentication protocol

Microsofts implementation of CHAP. MS-CHAPv2 provides mutual authentication.

What is the most common method to deal with threats?

Mitigation

What does MDM software stand for?

Mobile Device Management

Data Loss Prevention

Monitor systems' content to ensure it is not deleted or removed; also monitors who is using and transmitting the data

RAID redundant array for inexpensive or independent

Mulitple disks added together to increase performance or provide protection against faults

Multihomed

Multiple NICs on same device connecting it to several different networks

Contact Based Smart Cards

Must be physically inserted

Which of the following could cause communication errors with an IPSec VPN tunnel because of changes made to the IP header?

NAT

NIST National institute of standards and technology

NIST is part of the US department of Commerce, and it includes an Information technology laboratory (ITL). The ITL publishes special publications related to security that are freely available for download

NETBIOS network basic input/output system

Name resolution service for NetBIOS names on internal networks. NetBIOS also includes session services for both TCP and UDP communication. NetBIOS uses UDP port 137 and 138 and TCP port 139. It can use TCP pot 137 but rarely does.

NIST

National Institute of Standards and Technology

N+1

Needed components plus one to replace as needed

What open-source tool scans for general network security issues?

Nessus

TCP/UDP 137

NetBios (TCP rarely used)

NETBIOS

Network API Runs over TCP/IP on Ports 135, 137, 138, 139, and 445

NAC

Network Access Control; set of standards for clients trying to access network

NAPT

Network Address Port Translation Multiple private IP addresses to be mapped onto a single public address Also known as PAT

What does NAT stand for?

Network Address Translation

NAT

Network Address Translation Service translating between a private addressing scheme used by hosts on the LAN and a public addressing scheme used by an internet facing device Static Dynamic Overloaded Destination

NAS

Network Attached Storage File level access

NCP

Network Control Protocol

NIDS

Network Intrusion Detection Systems Packet Sniffer placed inside a firewall Has an analysis engine to identify malicious traffic and a console to allow configuration of the system

What does NIDS stand for?

Network Intrusion Detection system

NIPS

Network Intrusion Prevention System

What name table is called on by netsh test11406?

Network Shell (Netsh)

NAC

Network access control - Minimum security config that devices must meet to be granted network access. Endpoint Security Defense in Depth Manage portable devices in additional to servers and desktops Manage wireless and remove connections NAC says port is active

What does NaaS stand for?

Network as a Service

WLAN Wireless local area network

Network connected wirelessly

Protected Distribution System

Network is secure enough that classified information can be transmitted unencrypted

NIDS

Network-Based IDS

NetBIOS

Networl Basic Input Output System

NTFS

New Technology Filesystem; Windows filesystem since Windows NT

NTLM

New Technology LAN Manager Less vulnerable to cracking

WPA2 Wi-Fi Protected Access version 2

Newer security protocol used to protect wireless transmissions. It supports CCMP for encryption which is based on AES and stronger than TKIP which was originally released with WPA. In enterprise mode, it can use RADIUS to support 802.1x authentication. In personal mode it uses a preshared key (PSK)

NGFW

Next Generation Firewall

What does NVRAM stand for?

Non-Volatile Random Access Memory

Authentication Implementations

None - Anonymous access is granted Simple - Client must supply Domain Name and Password Simple and Security Layer (SASL) - Client and server negotiate the use of a supported security mechanism. Kerberos or TLS LDAPS

Federation

Notion that a network needs to be accessible to more than just a well-defined group Using your google credentials to log into other sites

ESN Electronic serial number

Numbers used to uniquely identify mobile devices

Which of the following provides the fastest way for validating a digital certificate? ICMP CRL Key escrow OCSP

OCSP (Online Certificate Status Protocol)

Storage Virtualization

OS passes control of physically locating data on disks to a virtualized layer

Which of the answers listed below refers to a security measure providing protection against various password-based attacks, specifically password sniffing and replay attacks? OTP LSO OCSP CRL

OTP (one time password)

What is an Account expiration time?

Often used with temporary employees, it is a date set automatically to deactivate the account based on the account expiration date and time set.

LANMAN local are network manager

Older authentication protocol used to provide a backward compatibility to Windows 9x clients. LANMAN passwords are easily cracked due to how they are stored

Which of the following antenna types would provide the best coverage for workstations connecting to a WAP placed in a central point of a typical office? (Select all that apply) Omnidirectional Unidirectional Bidirectional Non-directional

Omnidirectional, non directional

A set of switches is used to implement a VLAN. Where should you enable loop protection?

On all ports

Data At Rest

On persistent storage memory Encrypt It Apply ACLs (Access Control Lists)

Transitioning

On-boarding or off-boarding

What does OTP stand for?

One Time password

UAT User Acceptance Testing

One of the last phases of testing an application before its release

What is an ESP?

One of the two primary protocols that make up an IPsec. It Provides encryption for data and very limited authentication (data confidentiality).

What does AH do?

One of the two primary protocols that make up an IPsec. It provides integrity and protection against anti-replay attacks (data authentication).

1+1

One spare component for every one in use

What is Secure Hash Algorithm used for?

One way encryption

Transitive Trust

One way trust - child trusts parent but parent does not trust child Two way trust - Domains are peers and both trust one another equally Non-Transitive Trust - Trust relationship remains only between those domains Transitive Trust - Trust extends to other trust domains

What does OCSP stand for?

Online Certificate Status Protocol

OCSP

Online Certificate Status Protocol **Can verify certs when it's offline **Something that can be used instead of a CRL

OCSP

Online Certificate Status Protocol; real-time replacement for CRLs

Passive Fingerprinting

Only Collects Data. You must decide what the role of the server is. Key is *YOU*.

One-Time Pad

Only completely secure cryptographic implementation

Single-Factor Authentication

Only one type of authentication checked

OpenAuth

Open Authorization Protocol designed to facilitate the sort of transfer of information or resource between sites

OSPF

Open Shortest Path First

OWASP

Open Web Application Security Project

Which of the following would be the MOST common method for attackers to spoof email?

Open relays

Security Assertion Markup Language

Open standard based on XML for authentication and authorization data

Fault tolerant design that includes data backups and duplicate hardware is an example of:

Operational continuity planning

DAD

Opposite of CIA: Disclosure Alteration Destruction

In forensic procedures, a sequence of steps in which different types of evidence should be collected is known as: Order of volatility Layered security Chain of custody Transitive access

Order of volatility

OOV

Order of volatility

Implementing PKI

Organization - Policies, Standards, Admins Servers - Store, Distribute, Authenticate Certs Clients - Applications that allow users to read/trust/reject certs

WEP Wired Equivalent Privacy

Original wireless security protocol. Had significant security flaws and was replaced with WPA, and ultimately WPA2. WEP used RC4 incorrectly making it susceptible to IV attacks

VLANS

Originally designed to decrease broadcast traffic but is also beneficial in reducing the likelihood of having information compromised by sniffers

Succession Planning

Outlines who can step into positions as vacated or unavailable

Roles and Responsibilities

Overall Responsibility, Managerial (Building Control, ICT Accounting, Documentation), Technical, Non-Technical, Legal/Regulatory, Security Professional role

Private Cloud

Owned by organization, and they act as provider and consumer

P2P peer to peer

P2P application allow users to share files such as music, video and data over the internet. Data leakage occurs when users install P2P software and unintentionally share files. Organizations often block P2P software at the firewall and detect running software with port scans

Which of the following protocols transmits passwords over the network in an unecrypted form and is therefore considered unsecure? RADIUS PAP TACACS+ CHAP

PAP (Password Authentication Protocol)

Examples of key stretching algorithms include: (Select 2 answers) PBKDF2 RC4 NTLMv2 Bcrypt FCoE

PBKDF2, Bcrypt

Which of the protocols listed below encapsulates EAP within an encrypted and authenticated TLS tunnel? LDAP PAP Telnet PEAP

PEAP (Protected Extensible Authentication Protocol)

PEAP protected extensible authentication protocol

PEAP provides an extra layer of protection for EAP, PEAP-TLS uses TLS to encrypt the authentication process by encapsulating and encryption the EAP conversation in a transport layer security (TLS) tunnel. Since TLS requires a certification authority (CA) to issue certificates

A computer program (and related protocols) that uses cryptography to provide data security for electronic mail and other applications on the Internet is known as: SMTP PGP OCSP OVAL

PGP

GNU Privacy Guard (GPG) provides similar functionality and an alternative to: PAP IMAP4 PGP Windows Firewall

PGP

Which of the following acronyms refers to any type of information pertaining to an individual that can be used to uniquely identify that person? PIN ID PII PKI

PII

Cryptographic Standards

PKCS - Public Key Cryptographic Standards CMP - Certificate Management Protocol FIPS - Federal Information Processing Standards Suite B - Standards from NSA

What are the minimum requirements for implementing TLS on a Web site?

PKI certificate must be installed on the server

What is the Web of Trust model?

PKI model where trusted parties issue certificates to each other

PORT TCP 995

POP SSL/TLS

PORT TCP 110

POP3

What is port 995 used for?

POP3 over SSL

PORT TCP 1723

PPTP

Which WPA standard requires a passphrase before being granted access to the wireless network?

PSK (Pre shared key)

ITCP IT contingency plan

Part of risk management. Plan to ensure that IT resources remain available after a security incident outrage or disaster

KDC Key distribution center

Part of the Kerberos protocol used for network authentication. The KDC issues time-stamped tickets that expire

SQL/XML Injection

Pass application SQL or XML commands via user input or URI

PAP

Password Authentication Protocol

PAP

Password Authentication Protocol Authentication method developed as part of TCP/IP PPP (point to point protocol)

Which of the following examples meets the requirement of multi-factor authentication? Password and biometric scan Username and PIN Smart card and identification badge Iris and fingerprint scan

Password and biometric scan

One Time Password Tokens

Passwords generated automatically SecurID token from RSA

Firmware Version Control

Patch Management for static and embedded environments

You suspect an attempted attack against a data server running Microsoft Windows. You need to monitor real-time performance to compare it to the baseline data you collected when the server was deployed. What should you use?

Performance monitor

NDP Neighbor Discovery Protocol

Performs several functions on IPV6. For example, it performs functins similar to ARP which is used on IPv4. It also performs autoconfiguation of device IPv6 addresses and discovers other devices on the network such as the IPv6 address of the default gateway

Recovery Time Objective

Period following a disaster that a system may remain offline

What must be performed on a regular basis to ensure the validity and integrity of your backup system?

Periodic testing

Role BAC

Permissions based upon job description ACLs Non-Discretionary Centralized (Admin Control)

Certificate Authorities

Person or body responsible for issuing and guaranteeing certificates

PII

Personally Identifiable Information

PII

Personally Identifiable Information Data that can identify, contact, or locate an individual Explicit PII - Unique identifiers such as Full name and CC number Contextual PII - Shared attributes - Age, Race, Gender, Residence

Vishing

Phishing over VoIP

Doc Cabinets

Physical

Bio-metric Authentication

Physical - Fingerprint, Iris, Facial Behavioral - Signature, Voice, Typing High cost and error rates Something you Are

Employees in an organization that have a problem with changing things and they are also installing software that they should not be installing

Place these users in appropriate security groups Do application whitelisting

What is role-based access control?

Placing users into groups and then applying the privileges to the group.

CP Contingency planning

Plans for contingencies in the event of a disaster to keep an organization operational BCPs include contingency planning

PaaS

Platform as a Service

What does PaaS stand for?

Platform as a Service

OSI Model

Please Do Not Throw Sausage Pizza Away 1 - Physical 2 - Data Link (Point to Point Protocol) 3 - Network (IP, ICMP or Ping) 4 - Transport (TCP, UDP) 5 - Session (Synchronization and Send To Ports, SQL) 6 - Presentation 7 - Application (SMTP, Email)

PPP

Point to Point Protocol An encapsulation protocol Most widely used internet access and remote dial in protocol

PPTP

Point to Point Tunneling Protocol Runs on top of PPP and operates on Layer 2 No Authentication or Confidentiality

PPP

Point-to-Point Protocol

PPTP

Point-to-Point Tunneling Protocol; encapsulates and encrypts PPP packets for a single point-to-point connection; negotiation done in the clear

Data Loss Prevention (DLP)

Policy Server Endpoint Agents Network Agents

What Makes Social Engineering Attacks Ineffective

Policy and Standard Procedures Education and Training (Best way to mitigate) Accounting (Auditing and Surveillance)

Which anti-malware tool are you use against Adware?

Pop-up Blocker

UDP

Port 53

PAT

Port Address Translation or NAT overloading

PAT

Port Address Translation; uses single IP and assigns unique port to each session

PNAC

Port based Network Access Control Is opposite of NAC. Performing some sort of authentication of the attacked device before activating the port.

802.1X

Port-based security for wireless network access control; known as EAPOL

Pod Slurping

Portable devices (e.g., USB drives) plugged directly into systems to copy data

POP3

Post Office Protocol Mail retrieval protocol only Port 110 Works on hosts that are not available right away Designed to allow mail to be downloaded to the recipients email client at his or her convenience

A security stance whereby a host is being granted / denied permissions based on its actions after it has been provided with the access to the network is known as: Network separation Pre-admission NAC Quarantine Post-admission NAC

Post-admission NAC

Which of the following WAP configuration settings allows for adjusting the boundary range of the wireless signal? Fair access policy Power level controls Quality of Service (QoS) Wi-Fi Protected Setup (WPS) Bandwidth cap

Power level controls

PSK

Pre-shared Key is the key that is used to encrypt communications. Referred to as group authentication.

Which of the following sequence of steps would be contained in a computer response policy?

PreDeAnConErRePo (Preparation, detection and analysis, containment, eradication and recovery, post-incident activity)

Incidence Response Procedures

Preparation Detection and Analysis Containment, Eradication, and Recovery Post-Incident Activity

Data In Use

Present in volatile memory

Web of Trust

Pretty Good Privacy Peer-to-peer alternative to PKI Users Form their own trust relationships

What does a flood guard do?

Prevent DoS (A feature available on some firewalls that helps mitigate DoS attacks by preventing floods of login requests.)

What is the purpose of the Gramm-Leach-Billey Act?

Prevents Financial Institutions from sharing customer information for marketing purposes. Requires financial institutions to disclose their information-sharing policies with every customer.

Data Encryption Standard

Primary standard until replaced by AES; 56-bit key

What is EAL 1?

Primary used when the user wants assurance that the system will operate correctly but threats to security aren't viewed as serious.

A policy outlining ways of collecting and managing personal data is known as: Acceptable Use Policy (AUP) Audit policy Privacy policy Data Loss Prevention (DLP)

Privacy policy

Virtual Private Network

Private connection through a public network

Banner Grabbing

Probe Server to analyze responses Identify Application/Version/Posible Configuration Configure Servers and Applications not to leak information

IRP incident response procedure

Procedures documented in a incident response policy

What is separation of duties?

Process of breaking down tasks into separate processes which are performed by different employees, usually used to prevent fraudulent activity within a company.

Execution Control

Process of determining what additional software may be installed on a client or server beyond its baseline

What is rotation of duties?

Process of having a group of users rotate through different job roles, allowing a person to be able to perform multiple job roles.

IR incident response

Process of responding to a secu

Logic Bomb

Programs or code that executes when certain predefined events occur

Worms

Propagate in Memory/Over Network Links Consume Bandwidth May be able to compromise application or OS to deliver payload

What does SFTP do?

Protect the transfer of a spreadsheet from a remote server using SSH.

PDS

Protected Distribution System

What does PDS stand for?

Protected Distribution System

PEAP

Protected Extensible Authentication Protocol

PEAP

Protected Extensible Authentication Protocol Similar to EAP-TLS Supported by Microsoft

What does FTPS do?

Protects the transfer of a spreadsheet from a remote server using TLS

You suspect an attacker is sending damaged packets into your network as a way to compromise your firewall. You need to collect as much information about network traffic as possible. What should you use?

Protocol analyzer

NTP Network Time protocol.

Protocol used to synchronize computer times

Organizational Units

Provide a way of dividing a domain up into different administrative realms Do not create too many root containers

What is the function of DHE?

Provides a temporary session key for every key exchange, perfect forward secrecy, which means that a key cannot be compromised in the future.

VTC Video teleconferencing

Provides access to a private network over a public network such as the internet. VPN concentrators provide VPN access to large groups of users

ASP Application Service Provider

Provides an application as a service over a network

TACACS+ Terminal access controller access-control system+

Provides central authentication for remote access clients and used as an alternative to RADIUS. TACACS+ uses TCP port 49, compared with TACACS, which uses UDP port 49, It encrypts the entire authentication process, compared with RADIUS, which only encrypts the password. It uses multiple challenges and responses

PaaS Platform as a Service

Provides cloud customers with an easy-to-configure system and on-demand computing capabilities. Compare to IaaS and SaaS

Proxy Servers

Provides for protocol-specific outbound traffic

TCP transmission control protocol

Provides guaranteed delivery of IP traffic using a three-way handshake

MTBF mean time between failures

Provides measure of a system's reliability and is usually represented in hrs. The MTBF identifies the average time between failures. Higher MTBF numbers indicate higher reliability of a product or system

Policy

Provides the people in an organization with guidance about their expected behavior

You are looking for a method to manage access to a secure area. You want to allow entry through a locked gate automatically and track individuals going into and out of the area. Which method should you use?

Proximity reader

Web Security Gateway

Proxy server with web protection built in; virus scanner for incoming packets; monitors outgoing traffic; blocks inappropriate content, file-sharing sites, IM, etc.

What does PKI stand for?

Public Key Infrastructure

PKI

Public Key Infrastructure; framework, not a specific technology

PASS Method

Pull Aim Squeeze Sweep

A calculation of the Single Loss Expectancy (SLE) is an example of: Quantitative risk assessment Risk deterrence Qualitative risk assessment Incident management

Quantitative

What is the difference between quantitative and qualitative risk assessment?

Quantitative is strictly a dollar value assessment of loss, qualitative calculates intangible costs

What entity within PKI verifies user requests for digital certificates?

RA (Registration Authority)

Which component of PKI is necessary for a CA to know whether to accept or reject certificates from another CA? (Pick two)

RA, CRL

What is required to implement WPA-Enterprise wireless security?

RADIUS server

Drive Arrays

RAID 0 RAID 1 RAID 5 Nested RAIDS

RAID-0 disk striping

RAID-0 improves performance but does not provides fault tolerance

RAID-1 disk mirroring

RAID-1 uses two disks and provides fault tolerance

RAID-5 disk striping with parity

RAID-5 uses 3 or more disks and provides fault tolerance

Raid 6 disk striping with parity

RAID-6 uses four or more disks and provides fault tolerance. It can survive the failure of two drives

A task-based control model is an example of what?

RBAC (Role Based Access Control)

3389 is the default port number for: Lightweight Directory Access Protocol over TLS/SSL (LDAPS) Remote Desktop Protocol (RDP) Lightweight Directory Access Protocol (LDAP) Simple Network Management Protocol (SNMP)

RDP (Remote Desktop Protocol)

What algorithm can be used to authenticate a plain-text message?

RIPEMD (RACE Integrity Primitives Evaluation Message Digest)

What type of data security allows for control of data whether it is accessed inside or outside of the network?

RMS (Rights Management Service)

You are responsible for implementing a Data Loss Prevention (DLP) solution for your organization. You need to control access to secure data files and prevent unauthorized users from viewing file content. Data should be protected whether it is directly accessed or distributed outside the network. What should you use?

RMS (rights management service)

Which of the following acronyms refers to a maximum tolerable period of time required for restoring business functions after a failure or disaster? RAS RTO ROI RPO

RTO (Recovery time objective)

RFID

Radio Frequency ID attached to a device can be used to find locations

RFI

Radio Frequency Interference - Can cause data errors in wireless communications

Web Application Firewall

Real-time appliance that applies rules to block traffic to and from web servers to prevent attacks

IM instant messaging

Real-time direct text based communication between two or more people, often referred to as a chat.

What key encrypts data in an asymmetric encryption system?

Receipient's public key

What is an RTO

Recovery Time Objective (the length of time within normal business operations can be restored following a disturbance)

Pharming

Redirects traffic intended for one host to another

Separation of Duties

Reduce risk of fraud and organizational losses by requiring more than one person to accomplish key processes

RAID

Redundant Array of Independent Disks

What is chain of custody?

Refers to a security procedure used for the collection and storage of evidence.

What is a Bollard?

Refers to a series of strong posts designed to prevent or control access to areas by vehicles.

What is Directory Transversal?

Refers to a user exploiting security validation within an application by providing user input to traverse or cross the parent directory.

What is DLP?

Refers to software or hardware based systems that use dictionary databases and algorithms to scan data for confidential information.

Typo Squatting / URL Hijacking

Registering domains similar to legitimate ones to get traffic from typos

SQL

Relational Database Management System (RDBMS)

ESD Electrostatic discharge

Release of static electricity. ESD can damage equipment and low humidity causes a higher incidence of electrostatic discharge (ESD). High humidity can cause condensation on the equipment, which causes water damage

Computer Viruses

Rely on some sort of host file Vector (Executable, Script, Macro, Boot Sector) Payload

RAS

Remote Access Servers

RAS

Remote Access Service; Server service that offers ability to connect to remote systems; now known as RRAS

RADIUS

Remote Authentication Dial-In User Service

TCP/UDP 3389

Remote Desktop (RDP)

RDP

Remote Desktop Protocol

RDP

Remote Desktop Protocol MSFTs protocol for operation remote connections to a Windows machine

RPC

Remote Procedure Call

Which is a set of rules that defines which connections to a network are accepted or rejected?

Remote access policy

What is a secure router configuration?

Remotely connecting to a server or computer, SSH can be used to provide highly encrypted and secure connections.

Your network has servers that are configured as member servers in a Windows Active Directory domain. You need to minimize the risk of unauthorized persons logging on locally to the servers. The solution should have minimal impact on local management and administration and should not limit administrator access. What should you do? (Choose two.)

Rename default accounts, require strong passwords

Shiva Password Authentication Protocol

Replaced PAP; encrypts username and password when transmitted to authentication server

WPA Wi-Fi Protected Access

Replaced WEP as a wireless security protocol without replacing hardware. Superseded by WPA2

Protected Extensible Authentication Protocol

Replaces LEAP; has native Windows support; establishes encrypted channel between server and client

TCP/IP Transmission control protocol/internet protocol

Represents the full suite of protocols

Users occasionally need to take files with them to remote locations. You need to minimize the risk that the data might be comprised. Employees are required to provide their own devices. You want to keep the cost incurred by the employess to a minimum. What should you do?

Require data encryption

Multi-Factor Authentication

Requires 2 or 3 Types Something You Know and Something You Have Something You Know and Something You Are NOT Something You Know and Something Else You Know

Wi-Fi Protected Access 2

Requires CCMP with 128-bit AES encryption and a 48-bit IV

Static Routers

Requires an admin to manually configure routers between each network

What is EAL 3?

Requires conscientious development efforts to provide moderate levels of security.

Gramm-Leach-Bliley Act

Requires financial institutions to notify customers that they are entitled to privacy

What is EAL 2?

Requires good design practice from product developers.

Mandatory Vacation Policy

Requires users to take time away from work; reduces fraud, improves productivity and morale

ARP Address Resolution Protocol

Resolves IP address to MAC addresses. ARP poisoning attacks can redirect traffic through an attacker's system by sending false MAC address updates. VLAN segregation helps prevent the scope of ARP poisoning attacks within a network

Application-Aware Device

Responds to and prioritizes traffic based on its content

Remote Access Server Security

Restrict Access to particular users or groups Restrict Access at certain times Enforce Strong Authentication Restrict privileges on the local network Log and audit logons and attempted logons Using callback for dial up access

What is the most accurate form of biometric authentication in common use?

Retinal scan

Temporal Key Integrity Protocol

Retrofit for WEP; places a 128-bit wrapper around WEP; has been broken

Assessment Types

Risk Threat Vulnerability

Disaster Recovery Plans

Risk and Cost

RBAC

Role Based Access Control Centrally controlled: client server Resource access and usage is defined by admins

Employees in HR need access to personel info, ops employees need access to production data, which of the following access control models would be MOST appropriate?

Role Based Access Control (RBAC)

What does RBAC stand for?

Role-based access control

RRAS

Routing and Remote Access Services; replaced RAS

ASP.NET

Runs on IIS

Host-Based IDS

Runs the IDS on a host computer system; can read memory, unlike NIDS

What protocol is used to encrypt e-mail messages for transmission and delivery?

S/MIME (Secure/Multipurpose Internet Mail Extensions)

PORT TCP 22

SCP

A network protocol for secure file transfer over Secure Shell (SSH) is called

SFTP

PORT TCP 22

SFTP

What is the encrypted version of FTP?

SFTP

What is designed to perform one-way encryption?

SHA

Which of the following is designed to perform one-way encryption? SHA AES RSA DES

SHA

Secure Hash Algorithm

SHA-2 most popular; 160-bit hash value; no issues

An agreement between a service provider and the user(s) defining the nature, availability, quality, and scope of the service to be provided is known as: SLE BPA SLA DLP

SLA

Port 25

SMTP (Email Server)

PORT TCP 465

SMTP SSL/TLS

UDP 161

SNMP

Which of the protocols listed below is used in network management systems for monitoring network-attached devices? RTP SNMP IMAP RTCP

SNMP (Simple Network Management Protocol)

A group that consists of SNMP devices and one or more SNMP managers is known as: SNMP trap Network Management System (NMS) SNMP community Management Information Base (MIB) Intranet

SNMP community

IDP 162

SNMP trap

Proximity/Location

SOMEWHERE You Are

PORT TCP 22

SSH

What protocol allows you to securely manage remote Linux computers?

SSH

Which of the following answers refers to a cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers? Telnet SSH Bcrypt TFTP

SSH

Which of the following protocols was designed as a secure replacement for Telnet?

SSH

SFTP

SSH File Transport Protocol

SSH secure shell

SSH encrypts a wide variety of traffic such as a secure fire transfer protocol (SFTP), Telenet and secure copy (SCP. SSH uses port 22

Which of the protocols run(s) on port number 22?

SSH, SCP, SFTP

Unblocking port number 22 enables what type of traffic? (Select all that apply) SSH SFTP FTP SCP FTPS

SSH, SFTP, SCP

A wireless network name is also referred to as:

SSID

Which of the following protocols are used for securing HTTP connections? (Select 2 answers) SCP Telnet SSL TTL SNMP TLS

SSL, TLS

Kerberos

SSO Key Distribution Center (KDC) - Authentication Service is responsible for authenticating user logon requests. Client sends the AS request to the Ticket Granting Service Kerberos is used internally as for an access directory SAML is used externally

A cloud computing infrastructure type where applications are hosted over a network (typically Internet) eliminating the need to install and run the software on the customer's own computers is called: Thick client SaaS Virtualization IaaS

SaaS

RADIUS and TACACS

Scalable authentication protocols Authentication, Authorization, and Accounting are performed by a separate server (AAA server) TACACS is more flexible and reliable

What is Credentialed Vulnerability Scanning?

Scanning tool being used to allow you to provide login credentials to authenticate to the system.

SET

Secure Electronic Transaction

What does SFTP stand for?

Secure File Transfer Protocol

SHA

Secure Hash Algorithm

LDAPS

Secure LDAP; encrypted with SSH/TLS

S/MIME

Secure Multipurpose Internet Mail Extensions; secure version of MIME

What does SSH stand for?

Secure Shell

SSH

Secure Shell Remote Administration Secure File Transfer Secure File Copy Support Port Forwarding - Authentication and Encryption

SSL

Secure Sockets Layer

What does SSL stand for?

Secure Sockets Layer

SSL/TLS

Secure Sockets Layer Transport Layer Security Client Requests connection and supplies information about itself Server selects best available cipher strength and responds with certificate Client checks the certificate then performs session key exchange Client and server establish encrypted communications

SSL VPN

Secure Sockets Layer, or more technically going forward TLS (Transport Layer Security), provides transmission encryption and authentication for application level TCP/IP services such as HTTP. Does not need any special software installed and configuration is simpler Do not extend network to the remote user or entire internet

The SCP protocol is used for

Secure file transfer

EAP-MD5

Secure hash of a user password CANNOT provide mutual authentication Vulnerable to Man In The Middle, Session Hijacking, and Password Cracking Attacks

Criteria For Comparing Encryption Technologies

Security - Bit Strength and Quality Performance - Processing power Cost - Some are free some are not

SAML

Security Assertion Markup Language

SAML

Security Association Markup Language Currently on 2.0 Used on Federated Networks Written in XML Communications are established using HTTP/HTTPS and Simple Object Access Protocol (SOAP)

CC Security Framework For a Security Target (ST) Has the Following components

Security Environment Security Objectives Target of Evaluation (TOE) TOE Security Reqs TOE Sec Specs TOE Implementation

SIEM

Security Information and Event Management Security logging and alerting

Kerckhoffs' Principle

Security of an algorithm should depend on the security of the key, not the security of the algorithm itself (i.e., how it works)

What is a 802.1x secure network?

Security standard used to provide authentication by passing EAP traffic over a wired or wireless network.

What is Bluejacking?

Sending unsolicited messages from a Bluetooth device to other Bluetooth devices.

Password Authentication Protocol

Sends username and password to the authentication server in plain text; no longer used

SCSI Small Computer System Interface

Set of standards used to connect peripherals to computers. Commonly used for SCSI hard disks and/or tape drives

Risk Transference

Share the burden of the risk with a third party (e.g., insurance)

What environmental control is part of TEMPEST compliance?

Shielding

SPAP

Shiva Password Authentication Protocol

AP Access point

Short for wireless access point (WAP). AP;s provide access to a wired network to wireless clients. Many AP's support isolation mode to segment wireless uses from other wireless users

IDS Analysis Engines

Signature Based Behavior Based Anomaly Based

Standard antivirus programs use what kind of monitoring methodology?

Signature based

What type of IDS reports possible attacks when it detects conditions that match the conditions contained in a database of attacks?

Signature based

Terminal Access Controller Access-Control System

Similar to RADIUS; accepts multiple methods for credentials, including Kerberos

SMTP

Simple Mail Transfer Protocol Specifies how mail is delivered from one system to another. Registered on the DNS using a Mail Exchanger (MX) Port 25 Only works on hosts that are permanently available

SNMP Security

Simple Network Management Protocol Framework for managing and monitoring Part of TCP/IP protocol suite

Risk Acceptance

Simply accept risk; risk is known, but cost of other options is greater than damage

PKI Trust Models

Single CA Hierarchical Mesh Bridge Mutual Authentication

Annual Loss Expectancy

Single Loss Expectancy * Annual Rate of Occurance

SPOF

Single Point Of Failure

Password Manager

Single Sign On for applications that do not support other applications

What does SSO stand for?

Single Sign-on

User ID and password is an example of what type of authentication?

Single factor

Which of the terms listed below refers to one of the hardware-related disadvantages of the virtualization technology? Single point of failure Server clustering Privilege escalation Power and cooling costs

Single point of failure

SFA

Single-Factor Authentication

Alert

Slightly below alarm; need to pay attention but not critical

What are Flash cookies?

Small pieces of data stored on a computer by web sites.

Something You Have

Smart Card, FOB

Snapshots

Snapshots are backups that can be used to quickly recover from poor updates, and errors arising from newly installed applications Point in time copy of the data

Vulnerability Scanners

Software Configured with list of known exploits/vulnerabilities Active or Passive Detection Host/OS or Web Application Standards Based Reporting Intrusive vs non-intrusive scanning Credentialed vs non-credentialed scanning Identifying lack of controls and misconfigurations Interpreting Scan Results (OVAL, CVE, SANS Top 20, Bugtraq)

SaaS

Software as a Service

Hybrid Cloud

Some combination of Public, Private, or Community clouds

What is Dumpster Diving?

Someone searching through garbage to try to find any information they could to plan an attack.

Finger Print Scan

Something You Are

Hand Geometry/Retina Scan

Something You Are

Retina Scan

Something You Are

Hardware Token

Something You Have

Password

Something You Know

Pattern/Birthdate

Something You Know

Pin Number

Something You Know

Certificate Server or Key Escrow

Something held independently

Password combined with PIN used as an authentication requirement is an example of: Multi-factor authentication Single Sign-On (SSO) Two-factor authentication Something that the user knows

Something that the user knows

WAP Wireless access point

Sometimes just called an access point (AP). Increasing the power level of a WAP increases the wireless coverage of the WAP. Decreasing the power levels, decreases the coverage. Coverage can also be manipulated by moving or positioning the wireless antenna.

GOST

Soviet symmetric cipher; 256-bit output

Attacker mass mails product info to parties that have already opted out of receiving ads -> Broad Set of Recipients

Spam

SPIM

Spam Over Instant Messaging

SPIT

Spam Over Internet Telephony

SPIM

Spam over instant messaging

STP

Spanning Tree Protocol

What does STP stand for?

Spanning Tree Protocol

AES256 Advanced Encryption Standard

Standard 256 bit. AES sometimes includes the number of bits used in the encryption keys and AES256 uses 256-bit encryption keys.

OpenID

Standard underpinning many of the sign on with features of modern websites

What allows you to configure NAT tables that allow computers on the Internet to initiate connections to hosts on an internal network with private IP address?

Static NAT

SAN

Storage Area Network

What does SAN stand for?

Storage Area Network

Code Escrow

Storage and release of source code by third party in the event of vendor's bankruptcy

SQL

Structured Query Language

Access Controls (ACLs)

Subjects (Users or Software) Objects (Resources such as servers, data) ACLs (Privileges subjects have on Users. White and Black lists) Select the Appropriate Control (Identification vs Authentication vs Authorization AND Accounting)

RC Ron's code or Riverst's Cipher

Symmetric encryption algorithm that includes versions RCS2, RC4, RC5 and RC6. RC4 is a secure stream cipher and RC5 and RC6 are block ciphers

Replication

Synchronous or Asynchronous

An exact copy of the entire state of a computer system is called: System image Restore point Hard copy Digital signature

System image

Which of the following answers refers to a Cisco-proprietary alternative to RADIUS? LDAP Kerberos SAML TACACS+

TACACS+

Port 49

TACACS+ reliability is improved by using TCP over port 49

What portS does DNS use?

TCP 53, UDP 53

Which of the ports listed below is used by TACACS+? UDP port 161 TCP port 49 UDP port 1701 TCP port 110 UDP port 49

TCP port 49

What is a suite of protocols used for connecting hosts on the Internet?

TCP/IP

An attacker exploits a valid session to gain access to a secure network computer. This is an example of what type of attack?

TCP/IP hijacking

Which of the protocols listed below does not provide authentication? FTP TFTP SCP SFTP

TFTP

What is the 3rd step in the Kerberos process?

TGT is presented along with a request for service to the KDS.

Which of the following protocols was introduced to strengthen existing WEP implementations without requiring the replacement of legacy hardware? PEAP TKIP CCMP WPA2

TKIP (Temporal Key Integrity Protocol)

What does LDAP use to provide security?

TLS (Transport Layer Security)

What type of encryption protocols are used by Secure LDAP (LDAPS)? (Select all that apply) TLS UDP SSL IP TCP

TLS, SSL

An algorithm used for computing one-time password from a shared secret key and the current time is known as: HOTP PAP TOTP CHAP

TOTP (Time-based One-time Password)

Risk Mitigation

Take steps to reduce risk

Proxy

Takes the request and checks if it is valid and re-transmit to destination.

What is a Whaling attack?

Targeting single individuals with an upper management position to try to gain personal information. Phishing but targeting people of power

Full Disk Encryption

Technical

Port Security

Technical

Which of the following would be considered a detrimental effect of a virus hoax? (two)

Technical support resources are consumed by increased user calls, and users are tricked into changing the system configuration

Data De-Duplication

Technique to consolidate multiple copies of the same file in a single location

CAPTCHA Completely Automated Public Turing Test to Tell Computers and Humans Apart

Technique used to prevent automated tools from interacting with a web site. Users must type in text, often from a slightly distorted image

What is Intrusive Scanning?

The Scanner attempts to detect a vulnerability by exploiting it.

What is the Purpose of the Computer Fraud and Abuse Act?

The act allows spammers, hackers, and terrorists to be prosecuted.

What is Risk avoidance?

The act of eliminating the cause of the risk altogether.

What is Risk Mitigation?

The act of reducing the factors that cause the risk.

Recovery Point Objective

The amount of data loss that a system can sustain, measured in time

What is the 6th step in the Kerberos process?

The client to server ticket verified (valid), service is granted to the user.

Which of the following problems will MOST likely occur if an HTML-based email has a mislabeled MIME type .exe attachment?

The executable can automatically execute

EAP-TLS

The latest and greatest. Mutual Authentication. An encrypted Transport Layer Security tunnel. Supplicant and Server are configured with certificates.

MTTF Mean time to failure

The length can expect a device to remain in operation before it fails. It is similar to MTBF, but the primary difference is that the MTBF metric indicates you can repair the device after it fails. The MTTF metric indicates that you will not be able to repair and device after it fails

What is Exposure Facture?

The percentage of the assets value that is expected to be lost if a threat occurs.

Recovery Point Objective

The point in time to which the system needs to be restored

SDLM software development life cycle methodology

The practice of using a SDLC when developing applications

What is a OCSP?

The process is used to revoke a certificate before it expires.

What is Bluesnarfing?

The process of accessing a Bluetooth-enabled device without permission.

What is Access Control?

The process of granting or denying user request for accessing specific resources or performing certain activities.

What is least privilege?

The process of only providing enough permission for the user to perform their duties.

What is authentication?

The process of verifying and validating user credentials.

What does Black Box penetration testing mean?

The tester has no prior knowledge of the infrastructure.

What does Grey Box penetration testing mean?

The tester has some knowledge of the internal structure.

Threat Vector

The way in which an attacker poses a threat

Network Attacks

There are no known attacks that go directly to your network

CIA Confidentiality, Integrity and availability

These 3 form the security triad. Confidentiality helps prevent the unauthorized disclosure of data. Integrity provides assurances that data has not been modified, tampered with or corrupted. Availability indicates that data and services are available when needed.

What is an Armored virus type

They are designed to be difficult to analyze

What are Hot and Cold Aisles?

They are environmental control that is used in a server room. Cold Air is produced in front of the devices (Cold) to keep the equipment from overheating (Hot)

What is a Digital signature?

They are used with to verify that a message was sent from a particular person and that it was not altered while it was being delivered.

What is a Companion virus type

They attach themselves to a legitimate program.

What is a Multipartite virus type?

They attack a system using multiple methods

What is a Polymorphic virus type?

They change themselves to avoid detection

What do Anomaly-based IDSs do?

They establish a baseline of daily usage traffic patters, then flag anything that deviates from the regular patterns as an intrusion.

What is a Reverse Proxy Server?

They manage specific types of inbound traffic and protect vulnerable servers in a network by listening for requests directed at them from the internet.

What is a Stealth virus type?

They mask themselves to avoid detection

What is a Phage virus type?

They modify other programs

What do Behavior-based IDSs do?

They observe and report the specific network behavior of users, then takes action if it detects any suspicious user activity patterns.

What do Heuristic-based IDSs do?

They observe traffic that enters the network and examines it to determine how it operates using artificial intelligence algorithms. Similar to antivirus software.

What does CCB do?

They oversee change management within an organization to help to ensure that any facility change is required and does not change the scope of the project.

TPM Trusted platform module

This is a hardware chip on the motherboard included on many newer laptops. A TPM includes a unique RSA asymmetric key and it can generate and store other keys used for encryption, decryption and authentication. TPM provides full disk encryption

A path or tool allowing an attacker to gain unauthorized access to a system or network is known as: Backdoor Threat vector Discretionary access Rootkit

Threat vector

Intimidation - Social Engineering

Threats, shouting, or guilt

What does TGT stand for?

Ticket Granting Ticket

TOTP

Time based One time password algorithm

What does TOTP stand for?

Time based One Time Password

Which IPsec mode provides encryption only for the payload (the data part of the packet): Protected Tunnel Transport Safe

Transport

What does TLS stand for?

Transport Layer Security

Mathematical

Trapdoor Function Simple to Perform when all values are known Difficult to reverse when not all values are known

Which type of report is most useful in predicting the possibility of an event occurring for security planning purposes?

Trend report

What does TFTP stand for?

Trivial File Transfer Protocol

What type of malware is often used to facilitate using unsuspecting users' computers to launch DDoS attacks?

Trojan

Backdoor

Troubleshooting/developer hook into system; or, insertion of a program or utility that creates an entrance for an attacker

A digital signature is a hash of a message that uniquely identifies the sender of the message and provides a proof that the message hasn't changed in transit. True or False?

True

In cryptography, the term "key stretching" refers to a mechanism for extending the length of the cryptographic key in order to make it more secure against brute force attacks. True or False?

True

True or false? Penetration testing is a simulated attack on a network.

True

Unlike stream ciphers which process data by encrypting individual bits, block ciphers divide data into separate fragments and encrypt each fragment separately. True or False?

True

VLAN membership can be set through: (Select all that apply) IP address Trunk port Physical Group permissions MAC

Trunk port, physical, MAC

What does TPM stand for?

Trusted Platform Module

Which IPsec mode provides encryption for the entire packet? Tunnel Host-to-host Payload Transport

Tunnel

PPTP point-to-point tunneling protocol

Tunneling protocol used with VPNs PPTP uses TCP port 1723

L2TP layer 2 tunneling protocol

Tunneling protocol used with VPNs. L2TP is commonly used with IPsec (L2TP/IPsec) L2TP uses port 1701

Dual-Homed

Two NICs on same device connecting it to two different networks

Mutual Authentication

Two or more parties authenticate each other

SCADA Supervisory control and data acquisition

Typically industrial control systems within large facilities such as power plants or water treatment facilities. SCADA systems are often contained within isolated networks that do not have access to the internet, but are still protected with redundant and diverse security controls. SCADA systems can be protected with NIPS systems and VLANs

URL hijacking is also referred to as: Banner grabbing Session hijacking Typo squatting DNS poisoning

Typo squatting

Rogue Machine

Unauthorized machine plugged into network

Detective - Control Type

Uncover a violation

What does UTM stand for?

Unified threat management

UPS

Uninterruptible Power Supply

What does UPS stand for?

Uninterruptible Power Supply

SID security identifier

Unique set of numbers and lets used to identify each user and each group in Microsoft environments

UDP

Unreliable, connectionless, best-effort

Spam/SPIT

Unsolicited Emails Can be vector for malware Spit delivered over IM/VOiP

NoSQL

Unstructured Data - Usually surround documents

802.11n

Up to 600 Mbps / 5 and 2.4 GHz

Windows Server Update Services

Update server that works as a proxy. It scans the network to identify clients and determines what updates they require.

Windows Updates

Updates - Widely released fixed for bugs Hotfixes - Patches supplied in response to customer requests Feature Packs - Add new functionality Service Packs - tested collections of updates and hotfixes

Triple-DES

Upgrade to DES that triples the length of the key to 168-bits

Removing Malware

Use AV Software - Automatically Clean - Quarantine (Prevent User Access) - Delete Host File and Restore From Backup Use Vendor Knowledge Base Persistent Rootkits May Require Drive Format and OS Reinstall

Quantum Cryptography

Use Quantum properties as the bases of a cryptosystem

TGS Session Key

Use in communications between the client and Ticket Granting Service

Asymmetric Algorithms

Use separate keys for encryption and decryption: public key and private key

Perfect Forward Security

Used Diffie Hellman key agreement to create session keys without using the server's private key

SQL structured query language

Used by SQL-based databases, such as Microsoft's SQL Server. Websites integrated with a SQL, database are subject to SQL, injection attacks. Input validation with forms and stored procedures help prevent SQL injection attacks. Microsoft's SQL server uses port 1433 by default

XML Extensible markup language

Used by many databases for inputting or exporting data. XML uses formatting rules to describe the data

IP internal protocol

Used for addressing

LAN Manager

Used for local workstation/workgroup logon Username Password Account ID - Challenge then Response - Uses password as key - Weakness is that it is not salted

Acceptable Use Policies

Used for mobile devices between corporations and employees

Point-to-Point Protocol

Used for remote access over a variety of other protocols; uses CHAP for authentication; no data security; implements NCP and LCP

What is a NIDS?

Used to audit, scan, and monitor a network infrastructure for signs of attacks.

PPP point-to-point protocol

Used to create remote access connections

What is an Account Lockout Policy?

Used to determine how many attempts a user has to provide the correct password before his account is locked out.

ICMP internet control message protocol

Used to diagnostics such as a ping. Many DoS attacks use ICMP. It is common to block ICMP at firewalls and routers. If ping fails, but other connectivity to a server succeeds, it indicates that ICMP is blocked.

IPsec internet protocol security

Used to encrypt traffic on the wire and can operate in both tunnel mode and transport mode. It uses tunnel mode for VPN traffic. IPsec is built into IPv6 but can also work with IPv4 and in includes both AH and ESP. AH provides authentication and integrity, and ESP provides confidentiality integrity and authentication. IPsec uses port 500 for IKE with VPN connections.

What is confidentiality security?

Used to ensure that information is not disclosed to unauthorized parties.

URI uniform resource identifier

Used to identify the name of a resource and always includes the protocol such as http://getcertifiedahead.com

What is Accounting?

Used to log network resource consumption based on user activity.

SNMP simple network management protocol

Used to manage network devices such as a routers or switches. SNMP agents report information via notifications known as SNMP traps or SNMP device traps

ARO Annualized rate of occurrence

Used to measure risk with annualized loss expectancy (ALE) and single loss expectancy (SLE). The ARO identifies how many times a loss is expected to occur in a year. The calculation is SLE X ARO=ALE

ALE Annualized loss expectancy

Used to measure risk with annualized rate of occurrence (ARO) and single loss expectancy (SLE). The ALE identifies the total amount of loss expected for a given risk. The calculation is SLE x ARO = ALE

S/MIME Secure/multipurpose internet mail extensions

Used to secure. S/MIME provides confidentiality integrity, authentication and non-repudiation. It can digitally sign and encrypt email including the encryption of email at rest (stored on a drive) and in transit (data sent over the network). It uses RSA

IMPA4 Interne t Message access protocol v4

Used to store email on servers and allow clients to manage their email on the server. IMAP4 uses port 143

TFTP trivial file transfer protocol

Used to transfer small amounts of data with UDP port 69 . In contrast, FTP is used to transfer larger files using TCP ports 20 and 21

FTP file transfer protocol

Used to upload and download files to an FTP server. FTP uses ports 20 and 21. Secure FTP (SFTP) uses SSH for encryption on port 22 FTP secure (FTPS) uses SSL or TLS for encryption.

IKE internet key exchange

Used with IPsec to create a secure channel over port 500 in a VPN tunnel

Infrastructure as a Service

User can provision, deploy, and run, but does not manage or control the underlying cloud infrastructure

Describe discretionary access control (DAC).

User have control over access to data and hardware

What is the 1st step in the Kerberos process?

User provides his credentials and then request a ticket from the KDS.

What is the 5th step in the Kerberos process?

User sends a request to the server service along with the ticket to get access to the service.

Federated Identity

User's identity linked with privileges across business boundaries

Role-Based Access Control

User's role dictates access capabilities; less flexible than Discretionary Access Control, more flexible than Mandatory Access Control

GUI graphical user interface

Users interact with the graphical elements instead of typing in commands from a text interface. Windows is an example of GUI

What vulnerability is created by establishing a network bridge between DSL connection to the Internet and an Ethernet connection to the LAN?

Users on the Internet can access files on the LAN

HMAC-Based One-Time Protocol

Uses Hash Message Authentication Code algorithm

Kerberos

Uses a key distribution center (KDC) to authenticate the principal then issue a ticket granting ticket (TGT) (similar to a token); whenever accessing a service, principal presents KDC with its TGT, TGT then sends principal a service ticket for access to service

Heuristic IDS

Uses algorithms to analyze traffic

What is a Symmetric algorithm?

Uses one key to both encrypt and decrypt a message in the encryption process. RC4 and AES.

What is a Sniffer attack?

Uses protocol analyzers to inspect data as it is transmitted over a network.

What is a Asymmetric Algorithm?

Uses two keys in the encryption process. ECC and RSA.

Digital Envelopes

Using Public Key (Symmetric) and Public Key together

What is an Evil twin attack?

Using a laptop as a wireless access point, it involves an attacker installing a rogue access point on a laptop to have others connect to the fake access point.

Which of the following terms refers to a logical grouping of computers that allow computer hosts to act as if they were attached to the same broadcast domain, regardless of their physical location? Honeynet Virtual Private Network (VPN) Demilitarized Zone (DMZ) Virtual Local Area Network (VLAN) SNMP community

VLAN

What does VTP stand for?

VLAN Trunking Protocol

Single Loss Expectancy

Value of Asset * Exposure Factor

Platform as a Service

Vendor allows apps to be created and run on their infrastructure; user can deploy, but they do not manage or control the underlying infrastructure

What is a registration authority (RA)?

Verifies user requests (for digital certificates in a PKI system)

CAST

Very fast and efficient algorithm that uses 40- to 128-bit keys; used in some Microsoft and IBM products

What is the best environment for testing software for malware in terms of risk and effort to recover the system?

Virtual

What does VDI stand for?

Virtual Desktop Infrastructure

What does VLAN stand for?

Virtual Local Area Network

VLAN

Virtual Local Area Network; allows you to segment groups of users and systems on the network; reduces size of broadcast domains; can segment network into different levels of data sensitivity

VPN

Virtual Private Network

What does VPN stand for?

Virtual Private Network

VPN

Virtual Private Network A type of tunneling. Going through an unsecured network to make it secure.

VDI virtualization desktop infrastructures

Virtualization software designed to reproduce a desktop operating system as a virtual machine on a remote server

What does VoIP stand for?

Voice over IP

RAM random access memory

Volatile memory within a computer that holds active processes, data and applications. Data in RAM is lost when the computer is turned off. Inspection of RAM can discover hooked processes from rootkins. Memory forensics analyzes data in RAM

Open Web Application Security Project

Voluntary group that forms secure coding practices for web-based, mobile, and back-end applications

Which of the following answers lists an example method for passive test of security controls? Tabletop exercises Pentest Vulnerability scan War chalking

Vulnerability scan

You are preparing to perform vulnerability analysis on a network. Which tools require a computer with a network adapter that can be placed in promiscuous mode? (Pick two)

Vulnerability scanner, Port scanner

Zero Day Attack

Vulnerability that has not been reported or fixed

Unencrypted Protocols

Vulnerable to -Eavesdropping -Replay -Session Hijacking

Which of the wireless security protocols listed below has been deprecated in favor of newer standards due to known vulnerabilities? PEAP CCMP WPA2 WEP

WEP

Which wireless protocol uses the pre-shared key (PSK) to encrypt data?

WEP

Wireless Packet Sniffing

WLANS are subject to data emanation or signal leakage

Which of the following wireless encryption schemes offers the highest level of protection? WEP WPA2 WAP WPA

WPA2

Which of the following solutions simplifies configuration of new wireless networks by providing non-technical users with a capability to easily configure network security settings and add new devices to an existing network? WPA WPS WEP WAP

WPS (Wi-Fi Protected Setup)

Which of the following wireless security features are not recommended and should not be used due to their known vulnerabilities? (Select 2 answers) WPS WAP WPA2 WAF WEP

WPS, WEP

What can you prevent when you deploy wireless devices inside a TEMPEST-certified building?

War driving

Which of the answers listed below refers to wireless site survey? Bluejacking Spear phishing War driving Shoulder surfing

War driving

Deterrent - Control Type

Warn a would-be attacker about consequences

Which (2) of the answers listed below refers to a Wi-Fi Protected Setup (WPS) exploit? Smurf attack Watering hole attack PIN recovery Birthday attack URL hijacking

Watering hole attack, pin recovery

WAF

Web Application Firewall

Web Proxies

Web Security Gateways Prevent viruses or Trojans infecting computers from the internet, block spam, and restrict web use to authorized sites

You have a server that hosts several different XML Web services. You need to install a device that can mitigate the risk of the Web server being attacked through data sent in a request. What should you use?

Web application firewall

-Internet assigned numbers authority (IANA) numbering

Well-Known (0-1024) Registered (49,151) Ephemeral

What is a Buffer Overflow Attack?

When an applications buffer is overloaded allowing access to other memory.

What is a buffer overflow attack

When an applications buffer is overloaded to allow access to other memory, not designated for the application, or crash the application altogether.

What is a replay attack?

When an attacker is repeating code in order to gain credits.

What is privilege escalation?

When attackers exploit a design flaw resulting in users being able to obtain a higher privilege level than intended.

What is Acceptance in terms of risk?

When no solution is implemented to protect an asset from the threat.

When should a users account be removed?

When the User will be permanently gone from the company, such as termination.

What is a time of day restriction?

When you configure settings on a user account that will allow them to only log on to the network during a specific time period.

What reason should a users lockout threshold be set to zero?

When you do not wish for the account to be locked in the event of failed password attempts.

When should a users account be disabled?

Whenever a user leaves a company for an extended period of time, such as maternity leave.

Given Username and Password with Job Title

White Box

What type of testing should you use to determine ways your network might be attacked by a malicious insider with detailed knowledge of your infrastructure?

White box

WPA

Wi-Fi Protected Access More secure than WEP. Adds ability to authenticate to a network using the 802.1X security model. Uses RC4 but also uses TKIP (Temporal Key Integrity Protocol)

WPA

Wi-Fi Protected Access; uses RC4 encryption with TKIP

WPS

Wi-Fi Protected Setup

WPS

Wi-Fi Protected Setup Vulnerable to brute force attack

What does WPA Stand for?

WiFi protected Access

Group Policy

Will be an answer on the test Means of applying security settings across a range of computers Security Templates provide basis for Group Policies

Attacker Gains Confidential Company Information -> Targeting CEO and Board Members

Willing

NTLM

Windows authentication protocol; uses MD4 and MD5

What does WEP stand for?

Wired Equivalent Privacy

WEP

Wired Equivalent Privacy RC4 Cipher Subject to attacks: -Brute force -Not Encrypted

WEP

Wired Equivalent Protocol

What does WPA stand for?

Wireless Access Point

What does WAP stand for?

Wireless Access Points

WIDS or WIPS

Wireless Intrusion Detection System Wireless Intrusion Prevention System

TKIP temporal key integrity protocol

Wireless security protocol introduced to address the problems with WEP, TKIP was used with WPA but many implementation of WPA now support CCMP

The term "Trusted OS" refers to an operating system: Admitted to a network through NAC Implementing patch management That has been authenticated on the network With enhanced security features

With enhanced security features

Type A Fire Extinguisher

Wood or paper fires; uses water or chemical

What is an ARP spoofing attack?

Work by using a fake MAC address to make it appear that the data was sent by another host.

What is a Hybrid Attack?

Works by combining multiple types of password guessing attacks, generally working by using dictionaries of commonly used passwords along with mutation rules.

Buffer Overflow

Writes more data into a memory location or buffer than can be held

LDAP

X.500 Lightweight Directory Access Protocol Provides no security and all transmissions are in plaintext

You discover attempts to comprise your Web site. The attacks are based on commands sent from authenticated users' Web browser to the Web site. The commands execute at the user's permission level. Users who have been contacted had no idea that the commands were being sent from their computers. What kind of attack does this represent?

XSRF (Cross-site request forgery or CSRF)

What type of attack can input filters prevent?

XSS (cross-site scripting)

What does the Zero Day mean?

Zero day refers to a new vulnerability or exploit that has not be discovered.

MAN Metropolitan area network

a computer network that spans a metropolitan area such as a city or a large campus

RA recovery agent

a designated individual who can recover or restore cryptographic keys. In the context of PKI a recovery agent can recover private keys to access encrypted data

SSD solid state drive

a drive used in place of a traditional hard drive. An SSD has no moving parts, but instead stores the contents as nonvolatile memory. SSDs are much quicker than traditional drives.

NTFS New technology file system

a file system used in Microsoft operating systems that proves security. NTFS uses the DAC model

IRC Internet relay chat

a form of real-time internet text messaging often used with chat sessions. Some botnets have used IRC channels to control zombie computers through a command and control server.

IRT internet Response Team

a group of experts that respond to security incidents. Also known as CERT, CIRT or SIRT

SIRT security incident response team

a group of experts that respond to security incidents. Also known as a CERT, CERT or IRT

NFC Near field communication

a group of standards used on mobile devices that allow them to communicate with other nearby mobile devices. Many credit card readers support payments using NFC technologies with a smartphone

APT advanced persistent threat

a group that has both the capability and targeted attacks

PBKDF2 password-based key derivation function 2

a key stretching technique that adds additional bits to a password as a salt. This method helps prevent brute force and rainbow table attacks Bcrypt is similar key stretching technique

VSAN virtual storage area network

a lower-cost alternative traditional SANs

TSIG transaction signature

a method of securely providing updates to DNS with the user of authentication

UEFI unified extensible firmware interface

a method used to boot some systems and intended to replace basic input/output system (BIOS) firmware

LEAP lightweight extensible authentication protocol

a modified version of the challenge handshake authentication protocol (CHAP) created by Cisco

PAN personal area network

a network of devices close to a single person

Personal Identification number

a number known by a user and entered for authentication. PINs are often combined with smart cards to provide two-factor authentication

ROI Return of investment or return on investment

a performance measure used to identify when an investment provides a positive benefit to the investor. It is sometimes considered when evaluating the purchase of new security controls

RC4 rivest cipher 4

a popular stream cipher. RC4 was implemented incorrectly in WEP causing vulnerabilities. A rare spelling for RC4 is RSA variable Key size encryption algorithm

802.1x

a port-based authentications protocol. Wireless can use 802.1X. For example, WPA2-Enterprise mode uses an 802.1x server (implemented as a radius server) to add authentication

RPO Recovery Point Objective

a recovery point objective identifies a point in time where data loss is acceptable. it is related to the RTO and the BIA often includes both RTO's and RPO's

SIEM security information and even management

a security system that attempts to look at security events throughout the organization

SIM subscriber identify module

a small smart card that contains programming and information for small devices such as cell phones

API Application programming interface

a software module or component that identifies inputs and outputs for an application

PBX Private branch exchange

a telephone switch used to telephone calls

GRE generic routing encapsulation

a tunneling protocol developed by Cisco Systems

SSTP secure socket tunneling protocol

a tunneling protocol that encrypts VPN traffic using SSL over port 443

What is the MOST significant flaw in pretty good privacy (PGP) authentication?

a user must trust the public key that is received.

What is a VoIP?

a voice over data implementation in which voice signals are transmitted in real or near-real time over IP networks.

MAC mandatory access control

access control model that uses sensitivity labels assigned to objects (files and folders) and subjects (users). SELunix (deployed in both Linux and UNIX platforms) is a trusted operating systems platform using the MAC model. Other access control models are DAC and RBAC

URL universal resource locator

address used to access web resources, such as http://getcertificatdgetahead.com. Pop up blockers can include URLs of sites where pop-ups are allowed

WPS Wi-Fi protected setup

allowed users to easly configure a wireless network, often by using only a pin. WPS brute force attacks can discover the PIN

HIDS Host-based intrusion detection system

an IDS used to monitor an individual server or workstation. It protects local resources on the host such as the operating system files

SPOF single point of failure

an SPOF is any component whose failure results in the failures of an entire system. Elements such as RAID failover clustering, UPS, and generators remove many single points of failure

SAML security assertions markup language

an XML-based standard used to exchange authentication and authorization information between different parties. SAML provides SSO for web-based applications

SLA Service level agreement

an agreement between company and a vendor that stipulates performance expectations such as minimum uptime and maximum downtime levels

What is a HOTP?

an algorithm that uses a counter based synchronous token device consisting of a base secret key and an internal counter inserted by a system administrator.

MBR master boot record

an area on a hard disk in its first sector. When the BIOS boots a system, it looks at the MBR for instructions and information on how to boot the disk and load the operating system. Some malware tries to hide here.

RSA

an asymmetric algorithm used to encrypt data and digitally sign transmissions. it is named after it creators rivest shamir and adleman and RSA is also the name of the company they founded together. RSA relies on the mathematical properties of prime numbers when creating public and private keys

SFTP secure FTP

an extension of secure shell (SSH) using SSH to transmit the files in an encrypted format. SFTP transmits data using port 22

RSTP Rapid spanning tree protocol

an improvement over stp. STP and RSTP protocols are enabled on most switches and protect against switching loops, such as those caused when two ports of a switch are connected together

When should you perform a penetration test on your network?

assess detection and alert effectiveness

PKI is based on which of the following types of encryption?

asymmetric

Disabling certain system functions or shutting down the system when risks are identified is an example of: Risk acceptance Risk avoidance Risk transference Risk deterrence

avoidance

What is TFTP commonly used for?

boot loader (TFTP is commonly used as a boot loader to boot devices over a network, ie to allow a machine to bring down an image remotely)

To preserve evidence for later user in court, which of the following needs to be documented?

chain of custody

Describe an SSL and TLS connection?

client and server negotiate the algorithms that will be used

RAT remote access tool

commonly used by APTs and other attackers. A RAT gives an attacker full control over a user's system from a remote location over the internet

What is a trusted OS?

data cannot be altered or moved, access rights are required to view data

What does an inline all-in-one security device do?

deep packet inspection and malware scanning of incoming email (can also be a single point of failure to a network)

A computer configured as a router protects your network from the Internet. You discover that the router has been reconfigured. How might an attacker have gained access to the router? (Pick two)

default account, rootkit

What is the security risk inherent in dedicated routers?

default user accounts

What type of risk management strategy is in place when accessing the network involves a login banner warning designed to inform potential attacker of the likelihood of getting caught? Risk avoidance Risk acceptance Risk deterrence Risk transference

deterrence

In a key escrow scheme, what key is sent to the third party for storage?

encryption key (to decrypt a private key file)

What is Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)?

encryption that uses AES on WPA2 (networks to provide confidentiality and message integrity)

You want to be able to identify changes in activity in critical Windows servers that might identify attempts to compromise the server or its data. You have installed antivirus software on the server and have locked down server configurations. What should you do next?

establish a performance baseline for each server

What can you use to reveal both known and unknown attacks without affecting normal operations?

firewall log analysis

GPG GNU privacy guard (GPG)

free software that is based on the OpenPGP standard. It is similar to PGP but avoids any conflict with existing licensing by using open standards

PK1 public key infrastructure

group of technologies used to request create manage store distribute and revoke digital certificates. Certificates are an important part of asymmetric encryption. Certificates include public keys along with details on the owner of the certificate and on the CA that issued the certificate. Certificate owners share their public key by sharing a copy of certificate

You are deploying an application server on your network. You need to control the types of traffic into and out of the server. You want to keep the effort and network changes necessary to implement and manage this to a minimum. What should you do?

host based firewall

HIPS

host intrusion prevention system (HIPS), for example, looks for anomalies, such as deviations in bandwidth, protocols and ports

A networking standard for linking data storage devices over an IP network is known as

iSCSI

Which of the protocols listed below facilitate(s) communication between SAN devices? (Select all that apply) SCSI MTBF iSCSI MTTF FCoE

iSCSI, FCoE

When is it appropriate to use vulnerability scanning to identify potential holes in a security design?

identify known security risks and actions

You are developing a Web application that will be accessible to the public. Users will be entering data that will be visible to other users. You want to design the application to minimize the possibility of cross-site scripting (XSS). What should you do?

implement user input filters

What is a Proxy server?

intermediary between a host and a computer hosting another service.

You need to restrict the Web sites that network users can visit. Users connect to the Internet through a perimeter network. What should you do?

internet content filter

You are determining environmental control requirements for a data center that will contain several computers? What is the role of an HVAC system in this environment? (Choose two.)

isolation in case of a fire, humidity levels

The Diffie-Hellman encryption algorithm relies on what being exchanged?

keys

HTML hypertext markup language

language used to create web pages served on the internet. HTML documents are displayed by web browsers and delivered over the internet using HTTP or HTTPS. It uses less than and greater than characters (< and >) to create tags. Many sites use input validation to block these tags and prevent cross-site scripting attacks

What can you use to determine if a newly developed software has any security issues relating to the operating system, network services or development code?

malware scan

The process of predicting threats and vulnerabilities to asses is known as threat...

modeling

SEH structured exception handler

module within an application that handles errors or exceptions. It prevents applications from crashing or responding to events that can be exploited by attackers

M-of-N Control

n Number of admins permitted to access the system, m must be present for access to be granted. m must be greater than 1 and n must be greater than m.

Which of the following types of IDS should be implemented to monitor traffic on a switch?

network based passive and network based active

What freeware forensic tools are used to capture packet traffic from a network?

nmap

Which of the following would be achieved by using encryption? (three)

non-repudiation, confidentiality, and integrity

Why should you require the sender to digitally sign sensitive e-mail message? (Pick two)

non-repudiation, validation

What is a limitation of using a CRL to determine whether or not a certificate is valid?

not real time

How many security associations are there in an IPSec encrypted session for each direction?

one

How many keys are required for a symmetric cryptosystem?

one to encrypt and decrypt

When is vulnerability scanning used?

passively scan for issues without testing ability to identify or respond

What is the best way to determine if users are selecting strong passwords?

password cracker

How should you test a network's ability to detect and respond to a DoS attack against applications running on web servers?

penetration testing

STP Spanning tree protocol

protocol enabled on most switches that protects against switching loops. A switching loop can be caused if two ports of a switch care connected together, such as those caused when two ports of a switch are connected together.

In what situation is a key escrow arrangment used?

provide decryption keys to a third party as needed

Which key is used to encrypt data in an asymmetric encryption system?

recipient's public key

What is ARP poisining?

redirect an IP to another MAC (An attack where someone with access to a network redirects an IP address to the MAC address of a computer that is not the intended recipient)

Jamming

reducing signal quality until it becomes unusable or disconnects occur

PTZ pan tilt zoom

refers to cameras that can pan (move left and right) tilt (move up and down) and zoom to get a closer or a wide view

How can you reduce shell injection privelage escalation attacks on a server application?

run the application with minimum permissions

What does it mean if a computer is listening on port 80?

running server software.

What is a practical application of a content filter?

scan outgoing email for credit card numbers or SSNs to block or quarantine

What is the best way to prevent cross-site request forgery (XSRF) attacks?

secure user specific tokens for form submissions

You are configuring antispam software for network computers. What should you have antispam software do when it identifies an e-mail as spam?

send to a seperate folder

Which of the following access decisions are based on a Mandatory Access Control (MAC) environment?

sensitivity labels

In Kerberos, what does the client computer present as authentication to the server that contains a resource?

session ticket

Describe how M of N works to recover a private key.

set number of key operators, certain required to recover

Which of the following types of IDS uses known patterns to detect malicious activity?

signature based

TOTP Time-based one-time password

similar to HOTP, but it uses a timestamp instead of a counter. One-time passwords created with TOTP expire after 30 seconds

PED personal electronic device

small devices such as cell telephones, radios CD players, DVD players, video cameras and MP3 players

virtualization

software to emulate hardware

All of the following types of attacks can be detected by an IDS EXCEPT:

spoofed email

What are the dangers of virus hoaxes? (Pick two)

spread, malicious instructions (Users spread them by forwarding them and overburden e-mail systems. Also, the message includes instructions to do something damaging)

What is fuzzing?

test vulnerabilities using random user input (in applications and noting the crashes and failures)

Data Handling

the process of managing information over its lifecycle

Which of the following is often misused by spyware to collect and report a user's activities?

tracking cookie

Contracting out a specialized technical component when the company's employees lack the necessary skills is an example of: Risk deterrence Risk avoidance Risk acceptance Risk transference

transference

UDP user datagram protocol

used instead of TCP when guaranteed delivery of each packet is not necessary. UDP uses a best-effort delivery mechanism

RDP remote desktop protocol

used to connect to remote systems. Microsoft uses RDP in different services such as a remote desktop services and remote assistance RDP uses either port TCP 3389 or UDP 3389

SSL secure sockets layer

used to encrypt traffic on the wire. SSL is used with HTTPS too encrypt HTTP traffic on the internet using both symmetric and asymmetric encryption algorithms. SSL uses port 443 when encryption HTTPS traffic

TLS transport layer security

used to encrypt traffic on the wire. TLS is the replacement for SSL and like SSL, it uses certificates issued by CA's PEAP-TLS uses TLS to encrypt the authentication process and PEAP-TLS requires a CA to issue certificates

SLE single loss expectancy

used to measure risk with annualized loss expectancy (ALE) and annualized rate of occurrence (ARO). The SLE identifies the expected dollar amount for a single event resulting in a loss. The calculation is SEL x ARO=ALE

What is a KDC?

used to store, maintain, and distribute session keys.

SMTP Simple mail transfer protocol

used to transfer email between clients and servers and between email servers and other email servers. SMPT uses port 25

POP3 post office protocol v3

used to transfer email from mail servers to clients (POP3) uses port 110

TGT ticket granting ticket

used with Kerberos a KDC (or TGT server) issues time stamped tickets that explore after certain time period.

How do you prevent attacks from buffer overflows?

user input validation (to prevent script injection.)

Your Web site has been the repeated target of cross-site request forgery (XSRF) attacks. You want to try to prevent these from occurring. What should you do?

user specific token for form submissions

What security does digitally signing email addresses provide? (2)

validation, non-repudiation (informs if a document has been changed after signing)

Which statement best describes hashing?

variable length input to fixed length string

MITRE and CERT are...

virus and malware cataloging organizations

POTS plain old telephone service.

voice grade telephone service available

An optimal WAP antenna placement provides a countermeasure against: (Select 2 answers) War chalking Tailgating War driving Shoulder surfing Site survey

war driving, site survey

What web security device could a company install to prevent users from downloading inappropriate content?

web security gateway