Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/62

Click to flip

62 Cards in this Set

  • Front
  • Back
Entity to which access is requested
Object
Entity requiring access to an object
Subject
FRR
False Reject Rate
FAR
False Acceptance Rate
DAC
Discretionary Access Control
MAC
Mandatory Access Control
RBAC
Role Based Access Control
Almost no integrity checking exists in TACACS+. This makes TACACS+ susceptible to what type of attack?
Replay attack
Phony requests sent to consume resources
Denial of Service
_______ attack use the fact that TCP will fragment data that is too long to fit in one payload into additional packets and set a fragment offset. Modifying the fragment offset can crash a device not properly protected.
Teardrop
______ involves changing the source IP address to a one that is different then the real address.
Spoofing
Which aspect of an asset determines whether is should be protected and to what extent that protection should extend?
Value
Formula used to derive annualized loss expectancy?
Asset Value x Exposure Factor x Annualized Rate of Occurrence
Malicious code that waits for a specific event to execute is known as a ______?
Logic Bomb
A two-factor authentication for remote access clients
TACACS+
Common Government or military MAC hierarchies
Unclassified
Sensitive but unclassified
Confidential
Secret
Top secret
Common Private sector or corporate business environment MAC hierarchies
Public
Sensitive
Private
Confidential
____ is based on classification rules. Objects are assigned sensitivity labels. Subjects are assigned clearance labels.
MAC
____ is based on user identity. Users are granted access through ACLs on objects, based on the discretion of the object’s owner or creator.
DAC
____ is based on job description. Users are granted access based on their assigned work tasks.
RBAC
Mechanism by which a person proves their identity to a system?
Authentication
An example of something you know for authentication
Password
An example of something you have for authentication
Smartcard
An example of something you are for authentication
Fingerprint
CHAP utilizes the ____ hash algorithm
MD5
PKI
Public Key Infrastructure
DRDoS
Distributed Reflective Denial of Service
This form of DRDoS uses Internet Control Message Protocol (ICMP) echo reply packets (ping packets).
Smurf attack
This form of DRDoS uses User Datagram Protocol (UDP) packets directed to port 7 (echo port) or 19
Fraggle
This type of attack is an exploitation of a TCP three-way handshake.
SYN flood
What is a screened-host firewall also known as?
A first-generation firewall
Which of the following is a key difference between MAC and DAC?
MAC does not allow copying a file
Kerberos uses ______________ encryption and creates __________ session key(s)
symmetric, two
SYN packets are sent to the victim with source and destination addresses spoofed as the victim’s address
Land attack
A ____ attack uses IP spoofing and broadcasting to send a ping to a group of hosts in a network.
smurf
Proves the identity of communication partners
Authentication
Prevents unauthorized disclosure of secured data
Confidentiality
Prevents unwanted changes of data while in transit
Data integrity
RADIUS
Remote Authentication Dial-In User Service
AAA
Authentication, Authorization (or Access control), and Auditing
TACACS
Terminal Access Controller Access Control System
TACACS Port?
49
Echo Port?
7
Chargen Port?
19
FTP-Data Port?
20
FTP Port?
21
SSH Port?
22
Telnet Port?
23
SMTP Port?
25
DNS Port?
53
HTTP Port?
80
POP3 Port?
110
SNMP Port?
161
HTTPS Port?
443
RADIUS Port?
1812
IPSec Port(s)?
50, 51
ESP
Encapsulating Security Payload
AH
Authentication Header
Process of sending TCP/IP commands to a system to watch the specific response
O/S fingerprinting
There are two approaches to shutting down non-essential services and protocols. The _____ approach says open a port when it has been specifically justified as required.
pessimistic
There are two approaches to shutting down non-essential services and protocols. The _____ approach says address a problem when it rears its ugly head.
optimistic
Circuit switching is (connectionless / connection oriented)
connection oriented