• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/205

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

205 Cards in this Set

  • Front
  • Back
The user’s _____ key is combined with the resulting certificate after the certificate server constructs and populates a _____ certificate.
public / digital
A certificate _____ can be used to hold individuals’ certificates and public keys that participate in a particular PKI environment.
repository
The subject field within a digital certificate specifies its _____.
owner
The _____ number field contains a unique number that identifies the specific certificate issued by a particular CA.
serial
The _____ _____ field within a digital certificate indicates the certificate format and the fields that can be used in it.
version number
In the _____ process, the registration authority (RA) assumes that the individual has successfully completed one registration round.
renewal
The status of a certificate that has been temporarily put on hold is referred to as _____.
suspended
_____-_____ are used when independent CAs establish peer-to-peer trust relationships.
Cross-certificates
A trusted authority that certifies individuals’ identities and creates digital certificates is called a _____ authority.
certificate
The ______ certificate extension contains the key used to verify a digital signature.
DigitalSignature
The _____ certificate extension contains the key used to verify CA signatures on certificates.
KeyCertSign
The public key field in a digital certificate identifies the algorithm used to create the _____/_____ key pair.
private/public
One valid reason to revoke a certificate is when a user’s private key has been _____.
compromised
The _____ process takes place when the validity of a certificate needs to be terminated before the actual expiration date.
revocation
_____-_____ certificates are issued by a CA to a specific subject.
End-entity
Key _____ refers to a process of giving keys to a third party so that they can decrypt and read sensitive information when the need arises.
escrow
_____ occurs when a certificate has fulfilled its lifetime and its end validity date has been met.
Renewal
One CA is not subordinate to another CA in a _____-___-______ model.
peer-to-peer
The root CA creates a self-signed certificate for itself in the
_____ trust model.
hierarchical
_____ __ _____ refers to the act of verifying that an individual has the corresponding private key for a given public key.
Proof of possession
The _____ _____ is responsible for accepting digital certificate requests, and registering and authenticating the person making the request.
registration authority (RA)
Every CA should have a _____ _____ _____ that outlines how identities are verified and the steps the CA follows to generate, maintain, and transmit certificates.
certification practices statement (CPS)
Repositories are usually LDAP-compliant, which means they can be accessed and searched via the _____ _____ _____ _____ ( ____ ).
Lightweight Directory Access Protocol (LDAP)
_____-_____ certificates are issued by a CA to a specific subject.
End-entity
A key pair can be generated locally by an application and stored in a local key ______ on the user’s workstation.
store
A _____ CA is implemented in the hybrid trust model to issue cross-certificates for all connected CAs and trust domains.
bridge
A class ___ certificate may be used by a company to set up its own certificate authority.
3
The _____ _____ certificate may be used by a company to set up its own certificate authority.
serial number
A CA certificate may be self-signed, or it may be issued by a _____ CA within a hierarchical model.
superior
_____ certificate extensions allow companies to define different, specific uses for digital certificates to suit their business needs.
Private
The structure that provides the necessary components for users and entities to be able to communicate in a secure, predictable manner is called _____ _____ _____ ( ___ ).
Public Key Infrastructure
The electronic document issued by a CA that establishes an association between the individual’s identity and a public key is called a _____ _____.
digital certificate
Every CA should have a certification practices statement that outlines how identities are verified, and how certificates are _____ and _____.
generated and transmitted
The actual service that issues certificates based on the data provided during the initial registration process is the _____ _____.
certificate server
The component that accepts a request for a digital certificate, and registers and authenticates the person requesting it, is called the _____ _____.
registration authority
A local registration authority performs the same functions as the RA, but is closer to the end users. This component is usually implemented in companies that have their own internal _____ _____ _____ ( ___ ) and have distributed sites.
Public Key Infrastructure (PKI)
A centralized directory, which can be accessed by a subset of individuals, is called a _____.
repository
Digital certificates are created based on the _____ standard, which outlines the necessary fields of a certificate and the possible values that can be entered.
X.509
_____ certification is used when CAs establish a peer-to-peer trust relationship.
Cross
The act of verifying that an individual has the corresponding private key for a given public key is referred to as _____ __ _____.
proof of possession
A list that contains serial numbers of certificates that have been revoked is called a certificate _____ list
revocation
The actual frequency with which a CRL is updated depends upon the _____ _____ ( __ ) and its certification practices statement.
certification authority (CA)
The request and response protocol that obtains the serial number of the validated certificate and reviews revocation lists for the client is called the _____ _____ _____ Protocol.
Online Certificate Status
In a _____ infrastructure, software on individual computers generates and stores cryptographic keys local to the systems.
decentralized
Requiring two individuals to recover a lost key together is called _____ ______.
dual control
A company that specializes in verifying individuals’ identities, and creating and maintaining their certificates is called a _____ CA.
Public
A _____ policy allows a company to decide what certification classes are acceptable and how they will be used within the organization.
certificate
A _____ domain is a construct of systems, personnel, applications, protocols, and policies that work together to provide a certain level of protection.
trust
In a _____ trust model, a bridge CA is responsible for issuing cross-certificates for all connected CAs and trust domains.
hybrid
In a _____ trust model, since no other entity can certify and generate certificates for the root CA, it creates a self-signed certificate.
hierarchical
_____ authority is responsible for the management activities designated by the certificate authority.
Registration
A set of rules that help determine the applicability of a certificate to an end-entity is known as a _____.
policy
The method used by a CA to issue certificates is called the _____ _____ _____.
certification practices statement
The _____ Certificate is used to grant permissions using rule-based, role-based, and rank-based access controls.
Attribute
X.509 is the portion of the X.500 standard that addresses the _____ of certificates used for authentication.
structure
A certificate used to encapsulate the information needed to authenticate an entity.
?
The _____ _____ _____ ( ___ ) handshake protocol allows the server and the client to negotiate a session encryption algorithm and cryptographic keys before data is exchanged.
Transport Layer Security (TLS)
An example of the ISAKMP is the _____ _____ _____ ( ___ ) protocol.
Internet Key Exchange (IKE)
The relationship where two or more entities define how they will communicate securely is called a _____ association.
security
The ____ ____ ____ ____ ( ____ ) defines services to manage PKI operations within the XML environment.
XML Key Management Specification (XKMS)
Tier ___ of XKMS provides a means of retrieving key information by embedding references to the key within the XML signature.
0
Tier 2 is called the _____ service.
validate
The XKMS specification mentions tier ___ as the assertion service.
3
The _____ _____ _____ ( ___ ) defines a standard syntax for transmitting cryptographic information about contents of a protected message.
Cryptographic Message Syntax (CMS)
The _____ _____ _____ ( ___ ) for S/MIME is part of the current IETF S/MIME v3 set of specifications.
Enhanced Security Services (ESS)
Digital signatures that use the SignedData syntax of CMS provide _____.
nonrepudiation
PGP uses a _____ encryption algorithm to encrypt the message to be sent.
symmetric
HTTPS uses the standard port _____ for TCP/communications.
443
IPSec includes a protocol called _____ _____ that provides authentication of the sender.
Authentication Header (AH)
In the PKIX model, the _____ _____ ( __ ) is responsible for issuing, storing, and revoking certificates.
certificate authority (CA)
The _____ Certificates are used to implement a PMI.
Attribute
The _____ _____ _____ ( ___ ) Record Protocol provides connection security by using supported encryption methods, such as the Data Encryption Standard (DES).
Transport Layer Security (TLS)
The two parts of TLS are TLS _____ Protocol and TLS _____ Protocol.
Record / Handshake
_____ is a MIME extension that provides a way to send and receive signed and encrypted MIME data.
S/MIME
CMS describes the _____ syntax to provide confidentiality of the message's content through encryption.
EnvelopedData
_____ _____ _____ ( ___ ) uses the SignedData syntax to provide integrity, authentication, and nonrepudiation.
Cryptographic Message Syntax
(CMS)
_____ uses both asymmetric and symmetric methods of encryption.
Pretty Good Privacy
(PGP)
In public key encryption, the private key should be kept _____.
confidential
In _____, otherwise known as public key encryption, the user creates a pair of keys.
asymmetric
The method of encryption that uses only one key is known as _____ encryption.
symmetric
The XML signature contains an element called _____ that indicates ways to resolve the key.
RetrievalMethod
The two public key _____ that PGP uses are Rivest-Shamir-Adleman (RSA) and Diffie-Hellman.
algorithms
The RSA version of PGP uses the _____ _____ _____ _____ ( ____ ) algorithm to generate a short symmetric key to encrypt the message.
International Data Encryption Algorithm
(IDEA)
The Diffie-Hellman version of PGP uses the _____ _____ ___ _____ _____ ( ____ ) algorithm to encrypt a message.
Carlisle Adams and Stafford Tavares
(CAST)
The faster method of encryption is _____ encryption.
symmetric
_____ ______ ______ _____ ( _____ ) uses the open standard SSL to encrypt data at the application layer.
Hypertext Transfer Protocol Secure
(HTTPS)
_____ _____ _____ ( _____ ) provides payload compression before encryption using IPcomp.
Internet Protocol Security
(IPsec)
IPSec provides authentication and confidentiality for both the data and the header using _____ mode.
tunnel
Class 2 of _____ is called server authentication
WLTS
Before the advent of _____, a boot floppy was used to load the operating system.
CD-ROMs
The process of making a complete copy of a hard drive on some other media is called _____ imaging.
drive
Penetration through a firewall is example of a _____ access attack.
logical
Unplugging computers is an example of a Denial-of-Service attack by _____ means.
physical
A CD-ROM is a _____ device.
boot
Flash memory with a USB interface in a device is known as a USB drive _____.
key
Storing critical information only on a server improves the _____ security of a computer.
physical
A user is the _____ link in a security chain.
weakest
The simplest, yet important security task, such as locking a workstation when unattended, is performed by a _____.
user
The multiple-factor is the _____ form of authentication.
best
False negatives and false positives should be minimized in a system that uses _____ authentication.
biometric
_____ controls refer to physical barriers.
Access
The process in which users prove their _____ is called authentication.
identity
Radio frequency card is a _____ access token.
physical
The method of authentication that uses physical characteristics of a person is known as _____.
biometrics
Face geometry is used in _____ systems.
biometric
A biometric system denying access to an authorized individual is an example of a _____ _____.
false negative
A biometric system granting access to an unauthorized individual is an example of a _____ _____.
false positive
The simplest solution to combat the threat of bootdisks is to _____/_____ floppy drives when not required.
remove/disable
A password is a category of ____.
authentication
All network security measures are negated if _____ security is breached.
physical
A removable media from which a computer can be booted into an operating system is called a _____.
bootdisk
Drive _____ enables the user to create a bit-by-bit copy of the hard drive.
imaging
Hackers can exploit the _____ feature of CD-ROMs.
autorun
Setting a password on the _____ delays an attacker from resetting the boot sequence to boot from a device other than the hard drive.
Basic Input/Output System
(BIOS)
In _____ security, the weakest link is the user.
physical
CCTV stands for _____ _____ _____.
Closed Circuit Television
The concept of making users pass through multiple levels of security to reach critical assets is called _____ access.
layered
A _____ network should be used for CCTVs that are IP based.
separate
The process of allowing or denying access to a physical space is called _____.
authentication
The traditional form of physical access authentication is an access _____.
token
A card that contains an integrated circuit is known as a _____ card.
smart
The risk of theft of the token can be offset by using _____ authentication.
multifactor
The most common biological factor in biometrics is the _____.
fingerprint
When biological factors are used for authentication, the computer takes the image of the factor and converts it into a _____ value.
numeric
The combination of two or more types of authentication is known as _____ authentication.
multifactor
An example of _____ _____ is a hand scanner denying access to an authorized individual with a ring on a finger.
false negative
Written guidelines for employees are known as _____ ___ _____.
policies and procedures
In the client/server model, the client computer is called a _____.
workstation
Disabling all application programs not in use does not increase workstation _____.
security
_____ host applications and data for other computers to share.
Servers
Removing the patches from the OS does not improve server _____.
security
In a star configuration, the center of the star is the _____.
hub
Switches have separate _____ domains for each port.
collision
Though earlier switches operated at the data-link layer of the OSI model, new switches operate at the _____ layer.
Network
Cisco defines a _____ _____ _____ _____ ( ____ ) as a “broadcast domain within a switched network.”
Virtual Local Area Network
(VLAN)
_____ is a protocol often used to administer a switch.
Simple Network Management Protocol
(SNMP)
_____ are a network traffic management device used to connect different network segments.
Routers
For security purposes, a _____ server is placed in the DMZ.
Remote Access Server
(RAS)
VPNs commonly use the _____ protocol to provide security.
Internet Protocol Security
(IPSec)
_____ cable is used to connect televisions to VCRs.
Coaxial
The method of connecting equipment uses the same technology as the phone industry for the movement of electrical signals is _____ _____ cable.
twisted pair
_____ beams are used to connect devices over a thin glass wire.
Laser
The _____ belongs to the radio frequency portion of the electromagnetic spectrum.
microwave
___-__ / _____uses a laser beam to read data stored on a physical device.
CD-R/DVD
An _____ is the extension of a selected portion of a company's intranet to external partners.
extranet
The two most common modes of _____ transfer are transfer of an infected file from one machine to another and email.
virus
A card with a connector port for a particular type of network connection is called a _____ _____ _____ ( ___ ).
Network Interface Card
(NIC)
A series of rules governing whether a packet is allowed or blocked from a connection is called an _____ _____ list.
access control
The point of entry from a wireless device to a wired network is performed at a device called a _____.
Wireless Access Point
(WAP)
_____ is short for modulator/demodulator.
Modem
Private branch exchanges are an _____ of the public telephone network into a business.
extension
Systems designed to detect, log, and respond to an unauthorized network or host use are called _____.
Intrusion Detection System
(IDS)
The host-based IDS works by collecting information from all the _____ on the network.
servers
The standard method for connecting twisted-pair cables is via an 8-pin connector called an _____ connector.
RJ-45
A device that can obtain network information is called a _____.
sniffer
A technique called _____-_____ involves a laptop and software to find wireless networks from outside the premises.
war-driving
A switch plays a similar role on the _____ that a router plays on the Internet.
intranet
Hard drives, floppy drives, and magnetic tapes are examples of magnetic _____ media.
storage
Iomega improved on the storage capacity of the standard floppy by introducing the _____ disk.
Zip
A buffer zone between the Internet and the inner, secure network, where an organization has security policies, is called _____.
Demilitarized Zone
(DMZ)
HTTP-based services available over the Internet are collectively called the _____.
World Wide Web
(WWW)
A network that is similar to the Internet but lies completely inside the trusted area of a network is called the _____.
intranet
The process of spanning a single VLAN across multiple switches is known as _____.
trunking
Addresses that are not routed across the Internet are called _____-_____.
non-routable
The method of packaging packets so that they can traverse a network in a secure, confidential manner is called _____.
tunneling
_____ is not a step in the establishment of proper privileges.
Identification
Matching user-supplied credentials to the ones previously stored on a host machine is known as _____.
authentication
_____ is the process of collecting billing and other detail records.
Accounting
_____ uses an account number and a password.
Authentication
The process of ascribing a computer ID to a specific user, computer, or network device is called ______.
identification
Biometrics is a form of _____.
authentication
_____ is the standard terminal-emulation protocol within the TCP/IP protocol series.
Telnet
The transport layer protocol in the _____ protocol does not provide accounting.
Secure Shell
(SSH)
_____ is the process of encapsulation of one packet within another.
Tunneling
_____-__-_____ _____ _____ ( ____ ) is a tunneling protocol.
Point-to-Point Tunneling Protocol
(PPTP)
Routers can be enabled to concentrate VPN traffic over higher bandwidth lines in the _____ _ _____ _____ ( ____ ) protocol.
Layer 2 Tunneling Protocol
(L2TP)
_____ protection refers to the protection of the data portion of a packet.
Content
_____ protection refers to the protection of the header information.
Context
_____ _____ _____ ( ___ ) is used by IPSec to provide traffic security.
Encapsulating Security Payload
(ESP)
The IEEE _____ standard is a protocol that supports communications between a user and an authorization device, such as an edge router.
802.1x
_____ _____ _____ __ _____ _____ ( ______ ) utilizes UDP as its transport protocol.
Remote Authentication Dial In User Service
(RADIUS)
_____ _____ _____ _____-_____ _____ _____ ( _______ ) uses TCP as its transport protocol.
Terminal Access Controller Access-Control System Plus
(TACACS+)
On receiving a _____ message, the TACACS+ server sends a reply message.
START
The TACACS+ record _____ indicates that a particular task is still being performed.
UPDATE
The algorithm _____ _____ _____ _____ ( ____ ) is used by IPSec for encrypting data.
International Data Encryption Algorithm
(IDEA)
Telnet connects using TCP port _____.
23
The SSH protocol is designed to eliminate all ______ associated with telnet, r- commands, and other means of remote access.
insecurities
In the SSH protocol, the connection protocol provides _____ of the encrypted tunnel into several logical channels.
multiplexing
Most PPTP implementations involve three _____: the PPTP client, the network access server and a PPTP server.
computers
Although PPTP allows the use of any PPP authentication scheme, _____ is used to provide an appropriate level of security.
Challenge-Handshake Authentication Protocol
(CHAP)
The IEEE 802.11 protocol series covers the use of _____ communications media in networks.
microwave
The IEEE _____ is the protocol series for a wireless MAN.
802.16
A _____ network consists of a wireless access point connected to a network, and a wireless network interface card on a client machine
wireless
The primary issue when _____ acts as an IPSec server is that of CPU usage.
Windows
In the IPSec tunnel mode, the tunnel end points are referred to as _____ even though they might be routers or appliances.
servers
The encapsulated method of passing EAP messages over 802 frames is called _____ _____ _____ _____ _____ _____ _____ ( _____ ).
Extensible Authentication Protocol over Local Area Network
(EAPOL)
The _____ _____ _____ __ _____ _____ ( ______ ) application layer handles connection type issues, such as timeouts.
Remote Authentication Dial In User Service
(RADIUS)
In the RADIUS protocol, the authentication and authorization steps are performed together in response to a single _____-_____ message.
Access-Request
The RADIUS _____ function is performed independently of RADIUS authentication and authorization.
accounting
In the TACACS+ authentication process, the _____ message describes the type of authentication being requested.
START
The client response to a REPLY message requesting additional data is a _____ message.
CONTINUE
In the TACACS+ authorization process, a default state of _____ user exists before a user is authenticated.
unknown
In TACACS+, accounting is defined as the process of _____ what a user or a process has done.
recording
SSH opens a secure transport between machines by using an SSH _____ on each end.
daemon
L2TP is established via User Datagram Protocol (UDP) port _____.
1701