• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/374

Click to flip

374 Cards in this Set

  • Front
  • Back
  • 3rd side (hint)
What is a key difference in security between MAC and DAC?
In MAC a user who can access a file cannot necessarily copy it.
None
What DoD classification does MAC map to?
Level-B classification
What DoD classification does DAC map to?
Level-C classification
What does CHAP use for authentication?
hashing
What is AES?
Also known as Rijndael, is a block cipher adopted as an encryption standard by the U.S. government.
None
What type of encryption is AES?
symmetric
What kind of algorithm is 3DES?
symmetric
What algorithm does AES use?
Rijndael
What two encryption standards is AES designed to replace?
DES and 3DES
What is the most effective way of enforcing security in a dialup network?
require callback
What port do DNS zone transfers use?
TCP port 53
What port do DNS lookups use?
UDP port 53
Why do routers help limit the damage done by sniffing and MITM attacks?
They send data to a specific subnet only
What are the two types of symmetric algorithms?
block and stream
What are the two advantages of block ciphers over stream ciphers?
They are faster and more secure.
None
What is the main difference between S/MIME and PGP?
S/MIME relies upon a CA for public key distribution
What is the maximum throughput of 802.11a?
54 Mbps
What frequency does 802.11b operate at?
2.4 GHz
What is the maximum throughput of 802.11b?
11 Mbps
What frequency does 802.11g operate at?
2.4 GHz
What is the maximum throughput of 802.11g?
54 Mbps
Is 802.11g backwards-compatible with 802.11a and 802.11b?
backwards-compatible with 802.11b only at 11 Mbps
What type of media access control does 802.11 use?
collision avoidance
What sort of attack does TACACS+'s lack of integrity checking make it vulnerable to?
replay attacks
What two bit strengths is SSL available in?
40-bit and 128-bit
What two bit strengths is SSL available in?
40-bit and 128-bit
What is the maximum capacity of QIC?
20 GB
What is the maximum capacity of 4mm DAT?
40 Gb
What is the maximum capacity of 8mm tapes?
50 Gb
What is the maximum capacity of Travan?
40 Gb
What is the maximum capacity of DLT?
220 Gb
With biometric scanning what is rejecting a valid user called?
Type I Error
None
With biometric scanning what is accepting a user who should be rejected called?
Type II error
None
In biometric scanning what is the crossover accuracy?
When type I error equals Type II error.
None
What mathematical fact does a birthday attack rely on?
it is much easier to find two datasets that share a hash than to find a dataset that shares a hash with a given dataset
What is CRL?
Certificate Revocation List

A list of certificates (more accurately: their serial numbers) which have been revoked, are no longer valid, and should not be relied on by any system user.
None
What is OCSP?
Online Certificate Status Protocol

The replacement for CRL
None
What disadvantage does CRL have that OCSP addresses?
updates must be downloaded frequently to be accurate
Does TLS use the same ports for encrypted and unencrypted data?
No.
None
What is the difference between S-HTTP and SSL?
S-HTTP is designed to send individual messages securely, SSL sets up a secure connection between two computers
What is the primary limitation of symmetric cryptography?
key distribution
What protocol is being pushed as an open standard for IM?
SIMPLE
In relation to AAA what is CIA?
Confidentiality, Integrity, Availability
None
What are the three components of AAA?
Authentication, Authorization(Access Control), Accounting(Auditing)
None
What is an open relay?
an SMTP relay that does not restrict access to authenticated users
Describe the Diffie-Hellman key exchange.
A cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher.
None
What encryption scheme does WEP use?
RC4
Who created RC2 and RC4?
Rivest
What are the two main types of firewalls?
application-level and network-level
How does an application level firewall handle different protocols?
With a proxy program for each protocol
None
What happens if an application-level protocol doesn't have a proxy program for a given protocol?
the protocol can't pass through the firewall
What limitation do application-level firewalls create for proprietary software?
"proprietary software often uses proprietary protocols, which often can't pass the firewall"
Which is faster, application-level or network-level firewalls?
network-level firewalls
None
What are the two types of network-level firewalls?
packet filters and stateful packet inspection
What might be indicated by packets from an internal machine with an external source address in the header?
machine is being used in a DoS/DDoS attack
What is the DSS?
Digital Signature Standard

Provides for non-repudiation of messages. Proposed by NIST.
None
Does DSS use symmetric or asymmetric keys?
asymmetric
What is PEM?
Privacy Enhanced Mail

public-key encryption similar to S/MIME
None
What does PGP use in place of a CA?
A "web of trust".
None
What type of encryption is Kerberos?
symmetric
What is X.509 used for?
digital certificates
What are tokens also known as?
One-time passwords
What type of network is extremely vulnerable to Man in the Middle attacks?
wireless
What is smurfing?
"broadcasting echo requests with a falsified source address, overwhelming the owner of the address"
What port does the chargen exploit use?
TCP 19
What port does echo use?
port 7
What ports does FTP use?
ports 20 and 21
What port does FTP use for data?
port 20
What port does SSH use?
port 22
What port does Telnet use?
port 23
What port does SMTP use?
port 25
What port does TACACS use?
port 49
What ports does DNS use?
TCP and UDP 53
What port does POP3 use?
port 110
What port does SNMP use?
port 161
What port does HTTPS use?
TCP 443
What port does RADIUS use?
port 1812
What does 802.1x do?
Provides an authentication framework for wired and wireless networks.
None
What is TACACS?
Terminal Access Controller Access Control System
What advantage does TACACS+ have over TACACS?
multi-factor authentication
What protocol is replacing PPTP?
L2TP
What two protocols were combined to form L2TP?
Microsoft's PPTP and Cisco's L2F
What are the two main components of L2TP?
L2TP Access Controller (LAC) and L2TP Network Server (LNS)
What three utilities comprise SSH?
SSH, Slogon, SCP
None
What type of encryption does SSH use?
RSA publickey
None
What two services are provided by IPSec?
Authentication Header (AH)

Encapsulating Security Payload (ESP)
None
What encryption does S/MIME use?
RSA
Who developed PGP?
Phillip R. Zimmerman
What is PGP primarily used for?
email encryption
None
What type of encryption does PGP use?
public key - asymetric
None
What two algorithm options exist for PGP?
RSA and Diffie-Hellman
Are SSL sessions stateful or stateless?
stateful
What two strengths does SSL come in?
40-bit and 128-bit
What is TLS?
Transport-Layer Security- a successor to SSL
What type of encryption does SSL use?
RSA - PKI - public-key
None
What two layers does TLS consist of?
TLS Record Protocol

TLS Handshake Protocol
None
Are SSL and TLS compatible?
No.
None
What is HTTPS?
HTTP over SSL
What kind of encryption does HTTPS use?
40-bit RC4
What is Authenticode?
A method of signing ActiveX controls.
None
What language is normally used to write CGI scripts?
Perl
What is DEN?
Directory Enabled Networking

A specification for how to store network information in a central location.
None
What model is DEN based on?
Common Information Model (CIM)
What security problem does FTP have?
Authentication is sent in clear text.
None
What does S/FTP use for encryption?
SSL
What are the four WAP layers?
Wireless Application Environment (WAE)

Wireless Session Layer (WSL)

Wireless Transport Layer Security (WTLS)

Wireless Transport Layer (WTL)
None
What is WML?
Wireless Markup Language

Used to create pages for WAP
None
What OS do most PBX's use?
UNIX
What is hashing?
It is a reproducible method of turning some kind of data into a (relatively) small number that may serve as a digital "fingerprint" of the data.
None
What four trust models do PKI's fall into?
Heirarchical Trust
Bridge Trust
Mesh Trust
Hybrid Trust
None
What is unique about the Mesh Trust model of PKI?
multiple parties must be present before access to the token is granted
None
Does PPTP require IP connectivity?
Yes.
None
Does L2TP require IP connectivity?
No.
None
What does IPSec use for authentication and key exchange?
Diffie-Hellman
What does IPSec use for encryption?
40-bit DES algorithm
What three methods are used to determine VLAN membership on the local switch?
port-based, MAC-based, protocol-based
What two methods are used to determine VLAN membership on a remote switch?
implicit, based on MAC address

explicit, where the first switch adds a tag
None
Why is detecting statistical anomolies a good approach to intrusion detection?
don't have to understand the root cause of the anomolies
What is the top priority in computer forensics?
document each step taken
What type of access control do most commercial OS's use?
DAC
How does CHAP work?
CHAP challenges a system to verify identity. CHAP doesn’t use a user ID/password mechanism. Instead, the initiator sends a logon request from the client to the server. The server sends a challenge back to the client. The challenge is encrypted and then sent back to the server. The server compares the value from the client and, if the information matches, grants authorization. If the response fails, the session fails, and the request phase starts over.
None
Is PPTP usually implemented through hardware or software?
software
Is L2TP usually implemented through hardware or software?
Hardware
None
What is compulsory tunneling?
situation where VPN server chooses the endpoint of a communication
None
What advantage does compulsory tunneling provide?
allows VPN connections to be concentrated over fewer high-capacity lines
What port does L2TP use?
UDP 1701
What are the two encryption modes for IPSec?
Transport, where only the data is encrypted.

Tunneling, where the entire packet is encrypted.
None
What protocol does IPSec use to exchange keys?
Internet Key Exchange (IKE)
What is key escrow?
Administration of a private key by a trusted third party.
None
What advantage does TACACS+ have over RADIUS?
better security
What advantage does RADIUS have over TACACS+?
better vendor support and implementation
What makes non-repudiation a stronger version of authentication?
non-repudiation comes from a third party
Non-repudiation has been compared to what real-world version of authentication?
using a public notary
What is a teardrop attack?
The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine. A bug in the TCP/IP fragmentation re-assembly code caused the fragments to be improperly handled, crashing the operating system as a result
None
What is an AUP?
Acceptable Use Policy
From what does RSA derive its strength?
the difficulty of factoring large numbers
What three people were involved in the creation of RSA?
Rivest
Shamir
Adleman
None
Is RSA a public or private key system?
public-key
None
What is the standard key length for DES?
56 bits
What is the standard key length for IDEA?
128 bits
What is the standard key length for 3DES?
168 bits
How are RSA and DES used together?
RSA is used to encrypt the key for transmission, DES is used for message encryption
What kind of encryption does AES use?
Symetric and uses the Rijndael algorithm
None
What is IDEA?
International Data Encryption Algorithm

A 128-bit private-key encryption system.
None
What are the two most popular hashing routines in use today?
MD5 and SHA-1
What size is an MD5 hash?
128 bits
What is MD5 designed for?
digital signatures
Observing the timer value in the TCP stack makes what possible?
OS Fingerprinting
None
What are the three A's in computer forensics?
Acquire
Authenticate
Analyze
None
What is the first step in risk analysis?
Identifying Assets
None
What type of network is CHAP primarily used on?
PPP
What are the seven stages in a certificate life cycle?
certificate enrollment, distribution, validation, revocation, renewal, destruction, auditing
What security advantage do managed hubs provide over other hubs?
they can detect physical configuration changes and report them
What is port mirroring?
On switches, the ability to map the input and output of one or more ports to a single port.
None
What does an attacker need to conduct ARP cache poisoning?
physical connectivity to a local segment
What security hole does RIPv1 pose?
RIPv1 does not allow router passwords
What are the five main services provided by firewalls?
packet filtering, application filtering, proxy server, circuit-level, stateful inspection
Which of the five router services do e-mail gateways provide?
application filtering
What OSI layer do stateful firewalls reside at?
network layer
What are the three types of NAT?
static
dynamic
overloading
None
What security weakness does SPAP have?
does not protect against remote server impersonation
How do the RADIUS client and server avoid sending their shared secret across the network?
shared secret is hashed and hash is sent
In MAC, what is read-up?
The ability of users in lower security categories to read information in higher categories
None
In MAC, of read-up, read-down, write-up, and write-down which two are legal?

Which two are illegal?"
legal: read-down, write-up
illegal- read-up, write-down
None
Do hashing algorithms protect files from unauthorized viewing?
No, hashing only verifies that files have not been changed.
None
What is an SIV?
System Integrity Verifier

IDS that monitors critical system files for modification
None
Why are VLAN's considered broadcast domains?
all hosts on the VLAN can broadcast to all other hosts on the VLAN
What language are most new smart card applications written in?
Java
What is a bastion host?
A bastion host is a computer on a network that provides a single entrance and exit point to the Internet from the internal network and vice versa.
None
What type of IDS will likely detect a potential attack first and why?
Network-based IDS because it runs in real-time.
None
What drawback do heuristic-based IDS's have?
higher rate of false positives
What are the six steps to incident response?
Preparation, Identification, Containment, Eradication, Recovery, Follow-Up
What are most fire extinguishers loaded with?
FE-36
What is FE-13 used for?
It is the preferred alternative to Halon 1301.
None
What is the maximum length of a valid IP datagram?
64K
What is the RFC-recommended size of an IP datagram?
576 bytes
What is IGMP used for?
It is a communications protocol used to manage the membership of Internet Protocol multicast groups or simply mulicasting.
None
What is bytestream?
data from Application layer is segmented into datagrams that source and destination computers will support
What two pieces of information comprise a socket?
source IP address and source port
"At the Network Interface layer, what is the packet of information placed on the wire known as?"
a frame
What TCP/IP layer do man-in-the-middle attacks take place at?
internet layer
None
What IP layers do DoS attacks occur at?
any layer
What IP layer do SYN floods occur at?
transport layer
Which hashing algorithm is more secure, MD5 or SHA-1?
SHA-1
None
What is the key length for Blowfish?
variable length
How are digital signatures implemented?
a hash is created and encrypted with the creator's private key
How are asymmetric algorithms used for authentication?
Authenticator sends a random number (nonce) to receiver, who encrypts it with their private key
None
"In a bridge CA architecture, what is the CA that connects to a bridge CA called?"
a principal CA
Who defines a certificate's life cycle?
The issuing CA.
None
At what OSI layer (and above) must networked computers share a common protocol?
data link and above
What security hole does SPAP have?
remote server can be impersonated
What protocol does RADIUS use?
UDP
What protocol does TACACS+ use?
TCP
What sort of devices normally use TACACS?
network infrastructure devices
What limitation does IPSec have?
only supports unicast transmissions
What does IPSec require to be scaleable?
a PKI
What are the three major components of SSH?
Transport Layer protocol SSH-TRANS)
User authentication protocol (SSH-USERAUTH)
connection protocol (SSH-CONN)
None
What do BSS and ESS stand for?
Basic Service Set and Extended Service Set
What does ESS offer that BSS does not?
the ability to roam between AP's
What are the two parts of a Key Distribution Center?
An authentication server (AS) and a ticket-granting server (TGS)
What are the three major classification levels with MAC?
Top Secret, Confidential, Unclassified
What does echo do?
responds to packets on UDP port 7
What does chargen do?
Responds to packets on UDP port 19 with random characters.
None
What is an FTP bounce?
Running scans against other computers through a vulnerable FTP server.
None
What version of BIND allows for mutual authentication?
BINDv9
What ports are commonly used for NetBIOS names and sessions?
"TCP/UDP 137, 138, 139"
What ports do DHCP and BOOTP/Bootstrap servers use?
TCP/UDP ports 67
None
What port does NNTP use?
TCP/UDP 119
What port does LDAP use?
TCP/UDP port 389
What port does LDAPS use?
TCP/UDP port 636
Why can hand geometry only be used for verification, rather than identification?
Hand geometry is not unique.
None
What advantages do hand geometry scans have over fingerprint scans?
They are faster, cleaner, and less invasive.
None
What are the advantages and disadvantages of retinal scanning?
most reliable but most invasive
What disadvantage does speech recognition have?
Easier to spoof than other biometric techniques.
None
What are QIC tapes primarily used for?
Backing up standalone computers.
None
What are DAT drives primarily used for?
basic network backups
What three tape types offer high capacity and rapid data transfer?
"8mm, DLT, and LTO"
How does a host respond to a TCP connect scann if the scanned port is open? Closed?
open: SYN-ACK, closed: RST
What can be done to reduce the effects of half-open attacks?
reduce the time a port waits for a response
How does a host respond to a FIN packet if the scanned port is open, closed?
open: packet discarded
closed: RST
None
How does an XMAS scan work?
a variety of TCP packets are sent to elicit a response
What TCP sequence number does an XMAS scan use?
0
What are two characteristics of a null scan?
TCP sequence number set to 0 and no TCP flags set.
None
What is a TCP ACK scan used for?
determining if a port is filtered by a firewall
What is a window scan?
OS fingerprint by finding the hosts default TCP window size.
None
What are the two basic types of DoS attacks?
flaw exploitation attacks and flooding attacks
What three basic router/firewall measures will reduce the effects of a DoS attack?
egress filtering
ingress filtering
disabling IP-directed broadcasting
None
What is source routing?
Sender defines hops a packet must travel through
How is source routing used by attackers?
used to route packets around security devices
How can source routing be defended against?
routers can be configured to discard source-routed packets
What two methods do IDS's use to detect and analyze attacks?
Misuse detection and anomoly detection.
None
What advantage does LEAP have over EAP?
LEAP allows for mutual authentication
What protocol does 802.1x use for authentication?
EAP
How does an 802.1x authenticator handle authentication traffic?
Passes it to a RADIUS server for authentication
What is ECC?
Elliptical Curve Cryptography

A public-key cryptographic method which generates smaller, faster, and more secure keys. Used more with wireless cell devices.
None
What standard is LDAP based on?
X500
Who developed SSL?
Netscape
What three protocols are routinely layered over TLS?
IMAP, POP3, and SMTP
None
What two types of certificates does S/MIME use?
PKCS #7 certificates for message content and X.509v3 for source authentication
What is the "hidden node" problem?
When a wireless client cannot see the network due to interference.
None
What does WEP stand for?
Wired Equivalent Privacy
None
In a 128-bit WEP key, how long is the actual secret key?
104 bits

The first 24 bits are used for the Initialization Vector (IV)
None
FTP data port
TCP 20
FTP control port
TCP 21
SSH port?
TCP 22
None
Telnet
TCP 23
SMTP port?
TCP 25
None
DNS lookup port?
UDP 53
None
DNS zone transfer port?
TCP 53
None
Bootstrap protocol server, DHCP server
UDP 67
What port does Bootstrap/bootp and DHCP clients use?
UDP 68
None
TFTP port?
UDP 69
None
HTTP port?
TCP 80
None
Kerberos port?
TCP 88
None
POPv2
TCP 109
POPv3 port?
TCP 110
None
Sun RPC port?
111
None
What Port is Network Time Protocol (NTP)?
TCP/UDP 123
None
PKCS #3
Diffie-Hellman Key Agreement Standard
None
NetBIOS name service
TCP/UDP 137
NetBIOS datagram service
UDP 138
NetBIOS session service
TCP 139
IMAP port?
TCP 143
None
SNMP port?
UDP 161
None
SNMP Trap
UDP 162
What port does LDAP use?
TCP 389
None
TLS/SSL port?
TCP 443
None
Microsoft DS (NetBIOS service) port?
TCP/UDP 445
None
IKE
Internet Security Association and Key Management Protocol
UNIX Syslog port?
UDP 514
None
L2TP port?
UDP 1701
None
PPTP port?
TCP 1723
None
Sun NFS port?
TCP 2049
None
Microsoft Terminal Services port?
TCP 3389
None
PCAnywhere data port?
TCP 5631
None
PCAnywhere status port?
UDP 5632
None
ICMP protocol #
1
TCP protocol #
6
UDP protocol #
17
Generic Routing Encapsulation (GRE) protocol #
47
What is Generic Routing Encapsulation (GRE) used in?
PPTP connections
Authentication Header (AH) protocol #
51
Encapsulating Security Payload (ESP) protocol #
50
At what OSI layers do gateways function at?
Transport layer and above.
None
What layer provides network access for applications?
the Application layer
What layer provides flow control?
Application layer
None
What OSI layer establishes the availability of other computers on the network?
Application layer
None
What OSI layer determines if sufficient resources exist for communication to occur between two computers?
Application layer
None
What layer does SMTP function at?
the Application layer
What OSI layer does FTP function at?
Application layer
None
What OSI layer does SNMP function at?
Application layer
None
What layer does Telnet function at?
Application layer
None
What layer does Appletalk function at?
Application layer
None
What layer performs protocol conversion?
Presentation layer
None
What layer performs encryption?
Presentation layer
None
What OSI layer performs compression?
Presentation layer
None
What layer synchronizes computers involved in a communication?
Session layer
None
What OSI layer handles connection establishment, data transfer, and connection release?
Session layer
None
What layer does NetBIOS function at?
Session layer
None
What layer repackages messages into smaller formats?
Transport layer
None
What layer provides error-free delivery and error handling functions?
Transport layer
None
What layers does NetBEUI function at?
the Transport and Network layers
What layer does TCP function at?
Transport layer
None
What OSI layer does SPX function at?
Transport layer
None
What layers does NWLink function at?
the Transport and Network layers
What layer handles logical addressing?
the Network layer
What layer handles routing?
Network layer
None
What layer handles traffic management?
Network layer
None
What OSI layer does IP function at?
Network layer
None
What layer does IPX function at?
the Network layer
What devices function at the Network layer?
routers
None
What layer packages raw bits into frames?
Data Link layer
None
What is the purpose of packaging raw bits into frames?
they are transmittable across a network
What OS layer includes a Cyclical Redundancy Check (CRC)?
Data Link layer
None
What are the two sublayers of the Data Link layer?
the Logical Link Control (LLC) and the MAC sublayers
What does the LLC sublayer use to create links for the MAC sublayer?
Destination Service Access Points and Source Service Access Points
What devices function at the Data Link layer?
switches, bridges, and brouters
None
What devices function at the Physical layer?
multiplexers and repeaters
How many bits are in a MAC address?
48 bits
What protocol is used to map MAC addresses to IP addresses?
ARP
Kerberos is a _________ authentication and _________ sign-on solution.
Third Party, Single
What is a realm?
A realm is the network protected under a single Kerberos implementation.
How many steps are there to kerberos authentication?
9
CHAP was developed as a secure alternative to what?
PAP

(Password Authentication Protocol)
How many steps are there to CHAP Authentication?
7
Smurf and Fraggle attacks are conisdered what types of attacks?
DRDoS

Distributed Reflective Denial of Service
What type of packets does a smurf attack use?
ICMP echo reply
What type of packets does a Fraggle attack use?
UDP packets directed to port 7 (echo port) or 19 (chargen port)
What is a Land attack?
Numerous SYN packets are sent to the victim with source and destination addresses spoofed as the victim’s address. The victim is confused because it’s unable to respond to a packet it sent to itself that it has no record of sending. This often results in a freeze or crash.
What is a Ping Flood?
The attacker sends numerous ping echo requests to a victim. The victim responds with the echo. If enough inbound and outbound packets are transmitted, no legitimate traffic will be able to use the communication link.
What is the Ping of Death attack?
The attacker sends oversized ping packets to the victim; the victim doesn’t know how to handle invalid packets, and it freezes or crashes.
What is the Bonk Attack?
The attacker sends a corrupt UDP packet to DNS port 53. This type of attack may cause Windows systems to crash.
What is the Boink attack?
The same as Bonk, but the corrupt UDP packets are sent to numerous ports. The result may cause a Windows system to crash.
What method of access control is best suited for environments with a high rate of employee turnover?
RBAC
What is the strongest form of authentication?
Multi-Factor
What is the strongest form of password?
One-Time use
Name three VPN protocols.
PPTP, L2TP, IPSec
Name three types of remote access that RADIUS can be used with.
dial-up, VPN, terminal services

In fact any type of remote access can be used with RADIUS.
RADIUS is known as a _________ server.
AAA

Authentication, authorization(or access control), auditing
What type of cryptogrophy does IPSec use?
symmetric
What technology can be used to add an additional layer of protection between a directory services-based network and remote clients?
RADIUS
What technology uses a six-step handshake process to establish a secured session between a web serer and a web client?
SSL
A circuit level firewall filters traffic by monitoring what?
By monitoring within a session between an internal trusted host and an external untrusted host. This monitoring occurs at the Session layer (layer 5) of the OSI model. This type of firewall ensures that the packets involved in establishing and maintaining the circuit (a virtual circuit or session) are valid and used in the proper manner.
What are the three basic divisions of cryptography?
hashing, symmetric cryptography, and asymmetric cryptography
What bit value is SHA-1?
160-bit value
What bit values does MD2-5 use?
128-bit values
What is the block size of AES?
Variable
What is the key size for AES?
128, 192, and 256
Name the common symmetric cryptography solutions.
AES, 3DES, DES, IDEA, Blowfish, Twofish, Rivest Cipher (RC5), Carlisle Adams/Stafford Tavares (CAST-128)
Name the common asymmetric solutions.
Rivest Shamir Adleman (RSA), Diffie-Hellman, Error Correcting Code (ECC), and El Gamal
From a private corporate perspective what is the most secure key management solution?
Centralized
Exposure Factor (EF)
This is the percentage of asset value loss that would occur if a risk was realized (for example, if an attack took place).
Single Loss Expectancy (SLE)
This is the potential dollar-value loss from a single risk realization incident. It’s calculated by multiplying the EF by the asset value.
Annualized Rate of Occurrence (ARO)
This number is the statistical probability that a specific risk may be realized a certain number of times in a year. It’s obtained from a risk assessment company or an insurance company.
Annual Loss Expectancy (ALE)
This is the potential dollar value loss per year per risk. It’s calculation by multiplying the SLE by the ARO
PKCS#11
An API, designed to be platform independent, defining a generic interface to cryptographic tokens, such as Hardware Security Modules and smart cards.
Encryption is applicable to all of the OSI model layers except?
Physical
Which method of authentication must be used in IPSec if the communications mode is gateway-gateway, host-gateway?
ESP
What type of firewall can be used to track connectionless protocols such as UDP and RPC?
Stateful Inspection
Asymmetric cryptography is based on the work of who?
Diffie-Hellman
What is a class A fire extinguisher used for?
Ordinary combustibles
What is a class B fire extinguisher used for?
Flammable liquids
What is a class C fire extinguisher used for?
Energized electrical equipment
What is a class D fire extinguisher used for?
Combustible metals
What is a class K fire extinguisher used for?
Cooking oils
Symmetric (private) key cryptography when compared to public (asymmetric) cryptography is how many times faster?
1,000 to 10,000 times faster.
Within the key management lifecycle, what occurs when the CA creates a certificate signed by its own digital certificate?
Certification
What is another term for Thinnet?
10Base2
A network hub functions on which layer of the OSI model?
Physical
The bell-lapadula model is primarily concerned with protecting?
Confidentiality
What is the basis of DAC?
Access Control Lists

ACLs
What are the three access methods used by RBAC?
task-based, lattice-based & role-based
Is mutual authentication mandatory or optional in Kerberos?
optional
OSPF
Open Shortest Path First