Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
62 Cards in this Set
- Front
- Back
Entity to which access is requested
|
Object
|
|
Entity requiring access to an object
|
Subject
|
|
FRR
|
False Reject Rate
|
|
FAR
|
False Acceptance Rate
|
|
DAC
|
Discretionary Access Control
|
|
MAC
|
Mandatory Access Control
|
|
RBAC
|
Role Based Access Control
|
|
Almost no integrity checking exists in TACACS+. This makes TACACS+ susceptible to what type of attack?
|
Replay attack
|
|
Phony requests sent to consume resources
|
Denial of Service
|
|
_______ attack use the fact that TCP will fragment data that is too long to fit in one payload into additional packets and set a fragment offset. Modifying the fragment offset can crash a device not properly protected.
|
Teardrop
|
|
______ involves changing the source IP address to a one that is different then the real address.
|
Spoofing
|
|
Which aspect of an asset determines whether is should be protected and to what extent that protection should extend?
|
Value
|
|
Formula used to derive annualized loss expectancy?
|
Asset Value x Exposure Factor x Annualized Rate of Occurrence
|
|
Malicious code that waits for a specific event to execute is known as a ______?
|
Logic Bomb
|
|
A two-factor authentication for remote access clients
|
TACACS+
|
|
Common Government or military MAC hierarchies
|
Unclassified
Sensitive but unclassified Confidential Secret Top secret |
|
Common Private sector or corporate business environment MAC hierarchies
|
Public
Sensitive Private Confidential |
|
____ is based on classification rules. Objects are assigned sensitivity labels. Subjects are assigned clearance labels.
|
MAC
|
|
____ is based on user identity. Users are granted access through ACLs on objects, based on the discretion of the object’s owner or creator.
|
DAC
|
|
____ is based on job description. Users are granted access based on their assigned work tasks.
|
RBAC
|
|
Mechanism by which a person proves their identity to a system?
|
Authentication
|
|
An example of something you know for authentication
|
Password
|
|
An example of something you have for authentication
|
Smartcard
|
|
An example of something you are for authentication
|
Fingerprint
|
|
CHAP utilizes the ____ hash algorithm
|
MD5
|
|
PKI
|
Public Key Infrastructure
|
|
DRDoS
|
Distributed Reflective Denial of Service
|
|
This form of DRDoS uses Internet Control Message Protocol (ICMP) echo reply packets (ping packets).
|
Smurf attack
|
|
This form of DRDoS uses User Datagram Protocol (UDP) packets directed to port 7 (echo port) or 19
|
Fraggle
|
|
This type of attack is an exploitation of a TCP three-way handshake.
|
SYN flood
|
|
What is a screened-host firewall also known as?
|
A first-generation firewall
|
|
Which of the following is a key difference between MAC and DAC?
|
MAC does not allow copying a file
|
|
Kerberos uses ______________ encryption and creates __________ session key(s)
|
symmetric, two
|
|
SYN packets are sent to the victim with source and destination addresses spoofed as the victim’s address
|
Land attack
|
|
A ____ attack uses IP spoofing and broadcasting to send a ping to a group of hosts in a network.
|
smurf
|
|
Proves the identity of communication partners
|
Authentication
|
|
Prevents unauthorized disclosure of secured data
|
Confidentiality
|
|
Prevents unwanted changes of data while in transit
|
Data integrity
|
|
RADIUS
|
Remote Authentication Dial-In User Service
|
|
AAA
|
Authentication, Authorization (or Access control), and Auditing
|
|
TACACS
|
Terminal Access Controller Access Control System
|
|
TACACS Port?
|
49
|
|
Echo Port?
|
7
|
|
Chargen Port?
|
19
|
|
FTP-Data Port?
|
20
|
|
FTP Port?
|
21
|
|
SSH Port?
|
22
|
|
Telnet Port?
|
23
|
|
SMTP Port?
|
25
|
|
DNS Port?
|
53
|
|
HTTP Port?
|
80
|
|
POP3 Port?
|
110
|
|
SNMP Port?
|
161
|
|
HTTPS Port?
|
443
|
|
RADIUS Port?
|
1812
|
|
IPSec Port(s)?
|
50, 51
|
|
ESP
|
Encapsulating Security Payload
|
|
AH
|
Authentication Header
|
|
Process of sending TCP/IP commands to a system to watch the specific response
|
O/S fingerprinting
|
|
There are two approaches to shutting down non-essential services and protocols. The _____ approach says open a port when it has been specifically justified as required.
|
pessimistic
|
|
There are two approaches to shutting down non-essential services and protocols. The _____ approach says address a problem when it rears its ugly head.
|
optimistic
|
|
Circuit switching is (connectionless / connection oriented)
|
connection oriented
|