Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
32 Cards in this Set
- Front
- Back
What does MS-CHAP v2 offer? |
Mutual authentication |
|
What is Radius? |
RADIUS is a centralized method of authentication for multiple remote servers |
|
RADIUS encrypts passwords but not... |
the whole authentication process |
|
What type of connection does RADIUS use, TCP or UDP? |
UDP |
|
Why does Diameter have the name it has? |
Because it is supposedly twice as good as RADIUS. In other words, a pun. |
|
What does Diameter use for a guaranteed connection? |
TCP |
|
XTACACS is an outdated proprietary of what brand? |
CISCO |
|
What is a CISCO proprietary alternative to RADIUS that is interoperable with Kerberos? |
TACACS+ |
|
What authentication service offers full authentication and uses TCP for guaranteed connections? |
TACACS+ |
|
What is the definition of AAA protocol? |
A protocol that offers Authentication, Authorization and Accounting |
|
RADIUS, TACACS+, and Kerberos are conisdered AAA protocols except that... |
Kerberos does not offer Accounting |
|
Technical controls utilizes... |
technology |
|
MGMT controls use... |
administrative or MGMT methods |
|
Operational controls are are implemented... |
by people in day-to-day operations |
|
An administrator installs technology that automatically provides protection and reduces vulnerabilities. What is this called? |
Technical Controls |
|
Name some examples of technical controls? |
Encryption, AV software, IDSs, firewalls, and Least Privilege |
|
What are examples of technical controls which help provide additional physical protection and safety? |
Motion detectors, fire suppression systems |
|
What type of controls use planning and assessment to reduce risk and are also known as administrative controls? |
Management controls |
|
What type of risk assessment uses cost and asset values to determine how much it'll cost to protect x-value of assets? |
Quantitative assessment |
|
Qualitative Assessment categorizes... |
risks based on probability and impact |
|
What type of management control is used to discover current vulnerabilities and weaknesses to help prioritize the implementation of additional controls? |
Vulnerability assessment |
|
Actual attempts to exploit vulnerabilities to determine just how easy it is to do and what the side effects are is known as what? |
Penetration testing |
|
When people-implemented practices are in compliance with an overall security plan, this is known as... |
Operational controls |
|
Awareness and training prevents what bad things? |
Social engineering, Sticky-note PW, tailgating, spam, etc |
|
What type of operation control ensures that changes do not invalidate security features and that each system starts in a baseline of security? |
Configuration and change management |
|
By having prepared responses, you reduce overall impact if something goes wrong. What type of operational control is this? |
Contingency planning |
|
What are three examples of physical and environmental protection? |
Cameras, door locks, and HVAC |
|
The Information Technology LAB (ITL) is hosted by what organization? |
National Institute of Standards and Technology (NIST) |
|
SP800 are documents with security standards referenced directly by IT professionals, and certifications. Who publishes said documents? |
National Institute of Standards and Technology |
|
What are some examples of preventative controls? |
Hardening, Security and Awareness training, Security guards, change management, account disablement policy |
|
Log monitoring, trend analysis, security audit, video surveillance, and motion detectors are all examples of what type of Control goal? |
Detective controls |
|
What type of audit can tell if users are following password policies or if they have more rights than they should have? |
Security audit |