Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

374 Cards in this Set

  • Front
  • Back
  • 3rd side (hint)
What is a key difference in security between MAC and DAC?
In MAC a user who can access a file cannot necessarily copy it.
What DoD classification does MAC map to?
Level-B classification
What DoD classification does DAC map to?
Level-C classification
What does CHAP use for authentication?
What is AES?
Also known as Rijndael, is a block cipher adopted as an encryption standard by the U.S. government.
What type of encryption is AES?
What kind of algorithm is 3DES?
What algorithm does AES use?
What two encryption standards is AES designed to replace?
DES and 3DES
What is the most effective way of enforcing security in a dialup network?
require callback
What port do DNS zone transfers use?
TCP port 53
What port do DNS lookups use?
UDP port 53
Why do routers help limit the damage done by sniffing and MITM attacks?
They send data to a specific subnet only
What are the two types of symmetric algorithms?
block and stream
What are the two advantages of block ciphers over stream ciphers?
They are faster and more secure.
What is the main difference between S/MIME and PGP?
S/MIME relies upon a CA for public key distribution
What is the maximum throughput of 802.11a?
54 Mbps
What frequency does 802.11b operate at?
2.4 GHz
What is the maximum throughput of 802.11b?
11 Mbps
What frequency does 802.11g operate at?
2.4 GHz
What is the maximum throughput of 802.11g?
54 Mbps
Is 802.11g backwards-compatible with 802.11a and 802.11b?
backwards-compatible with 802.11b only at 11 Mbps
What type of media access control does 802.11 use?
collision avoidance
What sort of attack does TACACS+'s lack of integrity checking make it vulnerable to?
replay attacks
What two bit strengths is SSL available in?
40-bit and 128-bit
What two bit strengths is SSL available in?
40-bit and 128-bit
What is the maximum capacity of QIC?
20 GB
What is the maximum capacity of 4mm DAT?
40 Gb
What is the maximum capacity of 8mm tapes?
50 Gb
What is the maximum capacity of Travan?
40 Gb
What is the maximum capacity of DLT?
220 Gb
With biometric scanning what is rejecting a valid user called?
Type I Error
With biometric scanning what is accepting a user who should be rejected called?
Type II error
In biometric scanning what is the crossover accuracy?
When type I error equals Type II error.
What mathematical fact does a birthday attack rely on?
it is much easier to find two datasets that share a hash than to find a dataset that shares a hash with a given dataset
What is CRL?
Certificate Revocation List

A list of certificates (more accurately: their serial numbers) which have been revoked, are no longer valid, and should not be relied on by any system user.
What is OCSP?
Online Certificate Status Protocol

The replacement for CRL
What disadvantage does CRL have that OCSP addresses?
updates must be downloaded frequently to be accurate
Does TLS use the same ports for encrypted and unencrypted data?
What is the difference between S-HTTP and SSL?
S-HTTP is designed to send individual messages securely, SSL sets up a secure connection between two computers
What is the primary limitation of symmetric cryptography?
key distribution
What protocol is being pushed as an open standard for IM?
In relation to AAA what is CIA?
Confidentiality, Integrity, Availability
What are the three components of AAA?
Authentication, Authorization(Access Control), Accounting(Auditing)
What is an open relay?
an SMTP relay that does not restrict access to authenticated users
Describe the Diffie-Hellman key exchange.
A cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher.
What encryption scheme does WEP use?
Who created RC2 and RC4?
What are the two main types of firewalls?
application-level and network-level
How does an application level firewall handle different protocols?
With a proxy program for each protocol
What happens if an application-level protocol doesn't have a proxy program for a given protocol?
the protocol can't pass through the firewall
What limitation do application-level firewalls create for proprietary software?
"proprietary software often uses proprietary protocols, which often can't pass the firewall"
Which is faster, application-level or network-level firewalls?
network-level firewalls
What are the two types of network-level firewalls?
packet filters and stateful packet inspection
What might be indicated by packets from an internal machine with an external source address in the header?
machine is being used in a DoS/DDoS attack
What is the DSS?
Digital Signature Standard

Provides for non-repudiation of messages. Proposed by NIST.
Does DSS use symmetric or asymmetric keys?
What is PEM?
Privacy Enhanced Mail

public-key encryption similar to S/MIME
What does PGP use in place of a CA?
A "web of trust".
What type of encryption is Kerberos?
What is X.509 used for?
digital certificates
What are tokens also known as?
One-time passwords
What type of network is extremely vulnerable to Man in the Middle attacks?
What is smurfing?
"broadcasting echo requests with a falsified source address, overwhelming the owner of the address"
What port does the chargen exploit use?
TCP 19
What port does echo use?
port 7
What ports does FTP use?
ports 20 and 21
What port does FTP use for data?
port 20
What port does SSH use?
port 22
What port does Telnet use?
port 23
What port does SMTP use?
port 25
What port does TACACS use?
port 49
What ports does DNS use?
TCP and UDP 53
What port does POP3 use?
port 110
What port does SNMP use?
port 161
What port does HTTPS use?
TCP 443
What port does RADIUS use?
port 1812
What does 802.1x do?
Provides an authentication framework for wired and wireless networks.
What is TACACS?
Terminal Access Controller Access Control System
What advantage does TACACS+ have over TACACS?
multi-factor authentication
What protocol is replacing PPTP?
What two protocols were combined to form L2TP?
Microsoft's PPTP and Cisco's L2F
What are the two main components of L2TP?
L2TP Access Controller (LAC) and L2TP Network Server (LNS)
What three utilities comprise SSH?
SSH, Slogon, SCP
What type of encryption does SSH use?
RSA publickey
What two services are provided by IPSec?
Authentication Header (AH)

Encapsulating Security Payload (ESP)
What encryption does S/MIME use?
Who developed PGP?
Phillip R. Zimmerman
What is PGP primarily used for?
email encryption
What type of encryption does PGP use?
public key - asymetric
What two algorithm options exist for PGP?
RSA and Diffie-Hellman
Are SSL sessions stateful or stateless?
What two strengths does SSL come in?
40-bit and 128-bit
What is TLS?
Transport-Layer Security- a successor to SSL
What type of encryption does SSL use?
RSA - PKI - public-key
What two layers does TLS consist of?
TLS Record Protocol

TLS Handshake Protocol
Are SSL and TLS compatible?
What is HTTPS?
What kind of encryption does HTTPS use?
40-bit RC4
What is Authenticode?
A method of signing ActiveX controls.
What language is normally used to write CGI scripts?
What is DEN?
Directory Enabled Networking

A specification for how to store network information in a central location.
What model is DEN based on?
Common Information Model (CIM)
What security problem does FTP have?
Authentication is sent in clear text.
What does S/FTP use for encryption?
What are the four WAP layers?
Wireless Application Environment (WAE)

Wireless Session Layer (WSL)

Wireless Transport Layer Security (WTLS)

Wireless Transport Layer (WTL)
What is WML?
Wireless Markup Language

Used to create pages for WAP
What OS do most PBX's use?
What is hashing?
It is a reproducible method of turning some kind of data into a (relatively) small number that may serve as a digital "fingerprint" of the data.
What four trust models do PKI's fall into?
Heirarchical Trust
Bridge Trust
Mesh Trust
Hybrid Trust
What is unique about the Mesh Trust model of PKI?
multiple parties must be present before access to the token is granted
Does PPTP require IP connectivity?
Does L2TP require IP connectivity?
What does IPSec use for authentication and key exchange?
What does IPSec use for encryption?
40-bit DES algorithm
What three methods are used to determine VLAN membership on the local switch?
port-based, MAC-based, protocol-based
What two methods are used to determine VLAN membership on a remote switch?
implicit, based on MAC address

explicit, where the first switch adds a tag
Why is detecting statistical anomolies a good approach to intrusion detection?
don't have to understand the root cause of the anomolies
What is the top priority in computer forensics?
document each step taken
What type of access control do most commercial OS's use?
How does CHAP work?
CHAP challenges a system to verify identity. CHAP doesn’t use a user ID/password mechanism. Instead, the initiator sends a logon request from the client to the server. The server sends a challenge back to the client. The challenge is encrypted and then sent back to the server. The server compares the value from the client and, if the information matches, grants authorization. If the response fails, the session fails, and the request phase starts over.
Is PPTP usually implemented through hardware or software?
Is L2TP usually implemented through hardware or software?
What is compulsory tunneling?
situation where VPN server chooses the endpoint of a communication
What advantage does compulsory tunneling provide?
allows VPN connections to be concentrated over fewer high-capacity lines
What port does L2TP use?
UDP 1701
What are the two encryption modes for IPSec?
Transport, where only the data is encrypted.

Tunneling, where the entire packet is encrypted.
What protocol does IPSec use to exchange keys?
Internet Key Exchange (IKE)
What is key escrow?
Administration of a private key by a trusted third party.
What advantage does TACACS+ have over RADIUS?
better security
What advantage does RADIUS have over TACACS+?
better vendor support and implementation
What makes non-repudiation a stronger version of authentication?
non-repudiation comes from a third party
Non-repudiation has been compared to what real-world version of authentication?
using a public notary
What is a teardrop attack?
The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine. A bug in the TCP/IP fragmentation re-assembly code caused the fragments to be improperly handled, crashing the operating system as a result
What is an AUP?
Acceptable Use Policy
From what does RSA derive its strength?
the difficulty of factoring large numbers
What three people were involved in the creation of RSA?
Is RSA a public or private key system?
What is the standard key length for DES?
56 bits
What is the standard key length for IDEA?
128 bits
What is the standard key length for 3DES?
168 bits
How are RSA and DES used together?
RSA is used to encrypt the key for transmission, DES is used for message encryption
What kind of encryption does AES use?
Symetric and uses the Rijndael algorithm
What is IDEA?
International Data Encryption Algorithm

A 128-bit private-key encryption system.
What are the two most popular hashing routines in use today?
MD5 and SHA-1
What size is an MD5 hash?
128 bits
What is MD5 designed for?
digital signatures
Observing the timer value in the TCP stack makes what possible?
OS Fingerprinting
What are the three A's in computer forensics?
What is the first step in risk analysis?
Identifying Assets
What type of network is CHAP primarily used on?
What are the seven stages in a certificate life cycle?
certificate enrollment, distribution, validation, revocation, renewal, destruction, auditing
What security advantage do managed hubs provide over other hubs?
they can detect physical configuration changes and report them
What is port mirroring?
On switches, the ability to map the input and output of one or more ports to a single port.
What does an attacker need to conduct ARP cache poisoning?
physical connectivity to a local segment
What security hole does RIPv1 pose?
RIPv1 does not allow router passwords
What are the five main services provided by firewalls?
packet filtering, application filtering, proxy server, circuit-level, stateful inspection
Which of the five router services do e-mail gateways provide?
application filtering
What OSI layer do stateful firewalls reside at?
network layer
What are the three types of NAT?
What security weakness does SPAP have?
does not protect against remote server impersonation
How do the RADIUS client and server avoid sending their shared secret across the network?
shared secret is hashed and hash is sent
In MAC, what is read-up?
The ability of users in lower security categories to read information in higher categories
In MAC, of read-up, read-down, write-up, and write-down which two are legal?

Which two are illegal?"
legal: read-down, write-up
illegal- read-up, write-down
Do hashing algorithms protect files from unauthorized viewing?
No, hashing only verifies that files have not been changed.
What is an SIV?
System Integrity Verifier

IDS that monitors critical system files for modification
Why are VLAN's considered broadcast domains?
all hosts on the VLAN can broadcast to all other hosts on the VLAN
What language are most new smart card applications written in?
What is a bastion host?
A bastion host is a computer on a network that provides a single entrance and exit point to the Internet from the internal network and vice versa.
What type of IDS will likely detect a potential attack first and why?
Network-based IDS because it runs in real-time.
What drawback do heuristic-based IDS's have?
higher rate of false positives
What are the six steps to incident response?
Preparation, Identification, Containment, Eradication, Recovery, Follow-Up
What are most fire extinguishers loaded with?
What is FE-13 used for?
It is the preferred alternative to Halon 1301.
What is the maximum length of a valid IP datagram?
What is the RFC-recommended size of an IP datagram?
576 bytes
What is IGMP used for?
It is a communications protocol used to manage the membership of Internet Protocol multicast groups or simply mulicasting.
What is bytestream?
data from Application layer is segmented into datagrams that source and destination computers will support
What two pieces of information comprise a socket?
source IP address and source port
"At the Network Interface layer, what is the packet of information placed on the wire known as?"
a frame
What TCP/IP layer do man-in-the-middle attacks take place at?
internet layer
What IP layers do DoS attacks occur at?
any layer
What IP layer do SYN floods occur at?
transport layer
Which hashing algorithm is more secure, MD5 or SHA-1?
What is the key length for Blowfish?
variable length
How are digital signatures implemented?
a hash is created and encrypted with the creator's private key
How are asymmetric algorithms used for authentication?
Authenticator sends a random number (nonce) to receiver, who encrypts it with their private key
"In a bridge CA architecture, what is the CA that connects to a bridge CA called?"
a principal CA
Who defines a certificate's life cycle?
The issuing CA.
At what OSI layer (and above) must networked computers share a common protocol?
data link and above
What security hole does SPAP have?
remote server can be impersonated
What protocol does RADIUS use?
What protocol does TACACS+ use?
What sort of devices normally use TACACS?
network infrastructure devices
What limitation does IPSec have?
only supports unicast transmissions
What does IPSec require to be scaleable?
What are the three major components of SSH?
Transport Layer protocol SSH-TRANS)
User authentication protocol (SSH-USERAUTH)
connection protocol (SSH-CONN)
What do BSS and ESS stand for?
Basic Service Set and Extended Service Set
What does ESS offer that BSS does not?
the ability to roam between AP's
What are the two parts of a Key Distribution Center?
An authentication server (AS) and a ticket-granting server (TGS)
What are the three major classification levels with MAC?
Top Secret, Confidential, Unclassified
What does echo do?
responds to packets on UDP port 7
What does chargen do?
Responds to packets on UDP port 19 with random characters.
What is an FTP bounce?
Running scans against other computers through a vulnerable FTP server.
What version of BIND allows for mutual authentication?
What ports are commonly used for NetBIOS names and sessions?
"TCP/UDP 137, 138, 139"
What ports do DHCP and BOOTP/Bootstrap servers use?
TCP/UDP ports 67
What port does NNTP use?
What port does LDAP use?
TCP/UDP port 389
What port does LDAPS use?
TCP/UDP port 636
Why can hand geometry only be used for verification, rather than identification?
Hand geometry is not unique.
What advantages do hand geometry scans have over fingerprint scans?
They are faster, cleaner, and less invasive.
What are the advantages and disadvantages of retinal scanning?
most reliable but most invasive
What disadvantage does speech recognition have?
Easier to spoof than other biometric techniques.
What are QIC tapes primarily used for?
Backing up standalone computers.
What are DAT drives primarily used for?
basic network backups
What three tape types offer high capacity and rapid data transfer?
"8mm, DLT, and LTO"
How does a host respond to a TCP connect scann if the scanned port is open? Closed?
open: SYN-ACK, closed: RST
What can be done to reduce the effects of half-open attacks?
reduce the time a port waits for a response
How does a host respond to a FIN packet if the scanned port is open, closed?
open: packet discarded
closed: RST
How does an XMAS scan work?
a variety of TCP packets are sent to elicit a response
What TCP sequence number does an XMAS scan use?
What are two characteristics of a null scan?
TCP sequence number set to 0 and no TCP flags set.
What is a TCP ACK scan used for?
determining if a port is filtered by a firewall
What is a window scan?
OS fingerprint by finding the hosts default TCP window size.
What are the two basic types of DoS attacks?
flaw exploitation attacks and flooding attacks
What three basic router/firewall measures will reduce the effects of a DoS attack?
egress filtering
ingress filtering
disabling IP-directed broadcasting
What is source routing?
Sender defines hops a packet must travel through
How is source routing used by attackers?
used to route packets around security devices
How can source routing be defended against?
routers can be configured to discard source-routed packets
What two methods do IDS's use to detect and analyze attacks?
Misuse detection and anomoly detection.
What advantage does LEAP have over EAP?
LEAP allows for mutual authentication
What protocol does 802.1x use for authentication?
How does an 802.1x authenticator handle authentication traffic?
Passes it to a RADIUS server for authentication
What is ECC?
Elliptical Curve Cryptography

A public-key cryptographic method which generates smaller, faster, and more secure keys. Used more with wireless cell devices.
What standard is LDAP based on?
Who developed SSL?
What three protocols are routinely layered over TLS?
What two types of certificates does S/MIME use?
PKCS #7 certificates for message content and X.509v3 for source authentication
What is the "hidden node" problem?
When a wireless client cannot see the network due to interference.
What does WEP stand for?
Wired Equivalent Privacy
In a 128-bit WEP key, how long is the actual secret key?
104 bits

The first 24 bits are used for the Initialization Vector (IV)
FTP data port
TCP 20
FTP control port
TCP 21
SSH port?
TCP 22
TCP 23
SMTP port?
TCP 25
DNS lookup port?
UDP 53
DNS zone transfer port?
TCP 53
Bootstrap protocol server, DHCP server
UDP 67
What port does Bootstrap/bootp and DHCP clients use?
UDP 68
TFTP port?
UDP 69
HTTP port?
TCP 80
Kerberos port?
TCP 88
TCP 109
POPv3 port?
TCP 110
Sun RPC port?
What Port is Network Time Protocol (NTP)?
Diffie-Hellman Key Agreement Standard
NetBIOS name service
NetBIOS datagram service
UDP 138
NetBIOS session service
TCP 139
IMAP port?
TCP 143
SNMP port?
UDP 161
UDP 162
What port does LDAP use?
TCP 389
TLS/SSL port?
TCP 443
Microsoft DS (NetBIOS service) port?
Internet Security Association and Key Management Protocol
UNIX Syslog port?
UDP 514
L2TP port?
UDP 1701
PPTP port?
TCP 1723
Sun NFS port?
TCP 2049
Microsoft Terminal Services port?
TCP 3389
PCAnywhere data port?
TCP 5631
PCAnywhere status port?
UDP 5632
ICMP protocol #
TCP protocol #
UDP protocol #
Generic Routing Encapsulation (GRE) protocol #
What is Generic Routing Encapsulation (GRE) used in?
PPTP connections
Authentication Header (AH) protocol #
Encapsulating Security Payload (ESP) protocol #
At what OSI layers do gateways function at?
Transport layer and above.
What layer provides network access for applications?
the Application layer
What layer provides flow control?
Application layer
What OSI layer establishes the availability of other computers on the network?
Application layer
What OSI layer determines if sufficient resources exist for communication to occur between two computers?
Application layer
What layer does SMTP function at?
the Application layer
What OSI layer does FTP function at?
Application layer
What OSI layer does SNMP function at?
Application layer
What layer does Telnet function at?
Application layer
What layer does Appletalk function at?
Application layer
What layer performs protocol conversion?
Presentation layer
What layer performs encryption?
Presentation layer
What OSI layer performs compression?
Presentation layer
What layer synchronizes computers involved in a communication?
Session layer
What OSI layer handles connection establishment, data transfer, and connection release?
Session layer
What layer does NetBIOS function at?
Session layer
What layer repackages messages into smaller formats?
Transport layer
What layer provides error-free delivery and error handling functions?
Transport layer
What layers does NetBEUI function at?
the Transport and Network layers
What layer does TCP function at?
Transport layer
What OSI layer does SPX function at?
Transport layer
What layers does NWLink function at?
the Transport and Network layers
What layer handles logical addressing?
the Network layer
What layer handles routing?
Network layer
What layer handles traffic management?
Network layer
What OSI layer does IP function at?
Network layer
What layer does IPX function at?
the Network layer
What devices function at the Network layer?
What layer packages raw bits into frames?
Data Link layer
What is the purpose of packaging raw bits into frames?
they are transmittable across a network
What OS layer includes a Cyclical Redundancy Check (CRC)?
Data Link layer
What are the two sublayers of the Data Link layer?
the Logical Link Control (LLC) and the MAC sublayers
What does the LLC sublayer use to create links for the MAC sublayer?
Destination Service Access Points and Source Service Access Points
What devices function at the Data Link layer?
switches, bridges, and brouters
What devices function at the Physical layer?
multiplexers and repeaters
How many bits are in a MAC address?
48 bits
What protocol is used to map MAC addresses to IP addresses?
Kerberos is a _________ authentication and _________ sign-on solution.
Third Party, Single
What is a realm?
A realm is the network protected under a single Kerberos implementation.
How many steps are there to kerberos authentication?
CHAP was developed as a secure alternative to what?

(Password Authentication Protocol)
How many steps are there to CHAP Authentication?
Smurf and Fraggle attacks are conisdered what types of attacks?

Distributed Reflective Denial of Service
What type of packets does a smurf attack use?
ICMP echo reply
What type of packets does a Fraggle attack use?
UDP packets directed to port 7 (echo port) or 19 (chargen port)
What is a Land attack?
Numerous SYN packets are sent to the victim with source and destination addresses spoofed as the victim’s address. The victim is confused because it’s unable to respond to a packet it sent to itself that it has no record of sending. This often results in a freeze or crash.
What is a Ping Flood?
The attacker sends numerous ping echo requests to a victim. The victim responds with the echo. If enough inbound and outbound packets are transmitted, no legitimate traffic will be able to use the communication link.
What is the Ping of Death attack?
The attacker sends oversized ping packets to the victim; the victim doesn’t know how to handle invalid packets, and it freezes or crashes.
What is the Bonk Attack?
The attacker sends a corrupt UDP packet to DNS port 53. This type of attack may cause Windows systems to crash.
What is the Boink attack?
The same as Bonk, but the corrupt UDP packets are sent to numerous ports. The result may cause a Windows system to crash.
What method of access control is best suited for environments with a high rate of employee turnover?
What is the strongest form of authentication?
What is the strongest form of password?
One-Time use
Name three VPN protocols.
Name three types of remote access that RADIUS can be used with.
dial-up, VPN, terminal services

In fact any type of remote access can be used with RADIUS.
RADIUS is known as a _________ server.

Authentication, authorization(or access control), auditing
What type of cryptogrophy does IPSec use?
What technology can be used to add an additional layer of protection between a directory services-based network and remote clients?
What technology uses a six-step handshake process to establish a secured session between a web serer and a web client?
A circuit level firewall filters traffic by monitoring what?
By monitoring within a session between an internal trusted host and an external untrusted host. This monitoring occurs at the Session layer (layer 5) of the OSI model. This type of firewall ensures that the packets involved in establishing and maintaining the circuit (a virtual circuit or session) are valid and used in the proper manner.
What are the three basic divisions of cryptography?
hashing, symmetric cryptography, and asymmetric cryptography
What bit value is SHA-1?
160-bit value
What bit values does MD2-5 use?
128-bit values
What is the block size of AES?
What is the key size for AES?
128, 192, and 256
Name the common symmetric cryptography solutions.
AES, 3DES, DES, IDEA, Blowfish, Twofish, Rivest Cipher (RC5), Carlisle Adams/Stafford Tavares (CAST-128)
Name the common asymmetric solutions.
Rivest Shamir Adleman (RSA), Diffie-Hellman, Error Correcting Code (ECC), and El Gamal
From a private corporate perspective what is the most secure key management solution?
Exposure Factor (EF)
This is the percentage of asset value loss that would occur if a risk was realized (for example, if an attack took place).
Single Loss Expectancy (SLE)
This is the potential dollar-value loss from a single risk realization incident. It’s calculated by multiplying the EF by the asset value.
Annualized Rate of Occurrence (ARO)
This number is the statistical probability that a specific risk may be realized a certain number of times in a year. It’s obtained from a risk assessment company or an insurance company.
Annual Loss Expectancy (ALE)
This is the potential dollar value loss per year per risk. It’s calculation by multiplying the SLE by the ARO
An API, designed to be platform independent, defining a generic interface to cryptographic tokens, such as Hardware Security Modules and smart cards.
Encryption is applicable to all of the OSI model layers except?
Which method of authentication must be used in IPSec if the communications mode is gateway-gateway, host-gateway?
What type of firewall can be used to track connectionless protocols such as UDP and RPC?
Stateful Inspection
Asymmetric cryptography is based on the work of who?
What is a class A fire extinguisher used for?
Ordinary combustibles
What is a class B fire extinguisher used for?
Flammable liquids
What is a class C fire extinguisher used for?
Energized electrical equipment
What is a class D fire extinguisher used for?
Combustible metals
What is a class K fire extinguisher used for?
Cooking oils
Symmetric (private) key cryptography when compared to public (asymmetric) cryptography is how many times faster?
1,000 to 10,000 times faster.
Within the key management lifecycle, what occurs when the CA creates a certificate signed by its own digital certificate?
What is another term for Thinnet?
A network hub functions on which layer of the OSI model?
The bell-lapadula model is primarily concerned with protecting?
What is the basis of DAC?
Access Control Lists

What are the three access methods used by RBAC?
task-based, lattice-based & role-based
Is mutual authentication mandatory or optional in Kerberos?
Open Shortest Path First