Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
87 Cards in this Set
- Front
- Back
|
PGP |
Most widely used commercial asymetric crypto system for files and email on windows
|
|
|
RSA |
Algorithm used by PGP for protecting digital signatures |
|
|
SSH |
Slogin, ssh, and scp - secure versions of the unsecure UNIX counterpart utilities. |
|
|
Which term describes the science of transforming information into a secure form so that unauthorized persons cannot access it?
|
Cryptography
|
|
|
Which term describes the art of hiding the existence of data?
|
Steganography
|
|
|
Which term defines data that is to be encrypted and is the result of decryption as well?
|
Plaintext
|
|
|
What is the process of proving that a user has performed an action, such as sending an email message?
|
Non-repudiation
|
|
|
Whereas a stream cipher works on one character at a time, a _______________ manipulates an entire group of plaintext at one time.
|
block cipher
|
|
|
Which type of cipher is fast when the amount of text is short, but can consume much more processing power if the text is lengthy?
|
Stream cipher
|
|
|
Which cryptographic algorithm creates a unique “digital fingerprint” of a set of data?
|
Hash |
|
|
Which cryptographic algorithm creates a value in which it is impossible to determine the original set of data from that value?
|
Hashing
|
|
|
Which type of cryptographic algorithm uses the same single key to encrypt and decrypt a document?
|
Symmetric
|
|
|
Symmetric encryption is also called
|
private key cryptography.
|
|
|
Which encryption technique uses two keys instead of only one to avoid distributing and maintaining a secure single key?
|
asymmetric cryptographic algorithms
|
|
|
Which type of cryptography uses smaller key sizes and is therefore better suited for mobile devices?
|
Elliptic curve cryptography
|
|
|
Which type of cryptography attempts to use the unusual and unique behavior of microscopic objects to enable users to securely develop and share keys as well as to detect eavesdropping?
|
Quantum cryptography
|
|
|
Which term describes exchanging cryptographic keys outside of the normal communication channels?
|
Out-of-band key exchange
|
|
|
Bayesion Filtering |
Spam filtering software analyzes every word in an email and determines how frequently a word occures |
|
|
What is the size of the digest created by Whirlpool?
|
Whirlpool is a relatively recent cryptographic hash function. Named after the first galaxy recognized to have a spiral structure, it creates a digest of 512 bits.
|
|
|
What characteristic distinguishes HMAC from MAC?
|
An HMAC is a hash-based message authentication code in which a hash function is applied to both the key and the message. HMAC is widely used by Internet security protocols to verify the integrity of transmitted data during secure communications.
|
|
|
Which family of hashing algorithms comprises SHA-224, SHA-256, SHA-384, and SHA-512?
|
SHA-2
|
|
|
Which hashing algorithm features two different and independent parallel chains of computation, the results of which are then combined at the end of the process?
|
RIPEMD
|
|
|
What is the key size for DES
|
The predecessor of DES was a product originally called Lucifer, which was designed in the early 1970s by IBM and had a key length of 128 bits. The key was later shortened to 56 bits and renamed DES.
|
|
|
DES is a _______________ cipher that divides plaintext into 64-bit blocks and then executes the algorithm 16 times.
|
DES is a block cipher. It divides plaintext into 64-bit blocks and then executes the algorithm 16 times.
|
|
|
Which encryption algorithm was designed to replace DES and uses three rounds of encryption instead of one?
|
Triple Data Encryption Standard (3DES) is designed to replace DES. As its name implies, 3DES uses three rounds of encryption instead of just one.
|
|
|
What is currently the official standard for symmetric encryption by the U.S. government?
|
AES |
|
|
What is the maximum key size for RC4?
|
RC4 is a stream cipher that accepts keys up to 128 bits in length
|
|
|
Which block cipher processes 64 bits with a 128-bit key with eight rounds?
|
The International Data Encryption Algorithm (IDEA) is a block cipher that processes 64 bits with a 128-bit key with 8 rounds. It is generally considered to be secure.
|
|
|
Which block cipher algorithm, designed to run efficiently on 32-bit computers, operates on 64-bit blocks and can have a key length from 32 to 448 bits?
|
Blow Fish |
|
|
Which algorithm is a derivation of Blowfish?
|
A later derivation of Blowfish known as Twofish is also considered to be a strong algorithm, although it has not been used as widely as Blowfish.
|
|
|
Which statement concerning virtualized environments is correct?
|
Existing security tools, such as antivirus, antispam, and IDS, are designed for single physical servers and do not always adapt well to multiple virtual machines.
|
|
|
One of the best practices for access control is _______________, which requires that if the fraudulent application of a process might potentially result in a breach of security, the process should be divided between two or more individuals.
|
Separation of duties
|
|
|
_______________ limits the amount of time that individuals have to manipulate security configurations.
|
Job rotation
|
|
|
What is a distinguishing feature of the DHE method of key exchange?
|
DHE uses ephemeral keys
|
|
|
What is the current version of SSL?
|
3.0 |
|
|
Which algorithm served as the basis for TLS v1.0?
|
SSL v3.0 served as the basis for TLS
|
|
|
Which term describes a named combination of the encryption, authentication, and message authentication code (MAC) algorithms that are used with SSL and TLS?
|
A cipher suite
|
|
|
In general, at least how many bits are required for a key to be considered good?
|
2048 |
|
|
What three utilities comprise SSH?
|
slogin, ssh, and scp
|
|
|
Securing the Hypertext Transport Protocol with TLS and SSL is commonly known as _______________.
|
HTTPS
|
|
|
Which algorithm encrypts and authenticates each IP packet of a session between hosts or networks?
|
IPsec
|
|
|
Which encryption mode supported by IPsec encrypts only the data portion (payload) of each packet yet leaves the header unencrypted?
|
transport
|
|
|
Which protocol is used by IPsec to achieve confidentiality?
|
Encapsulating Security Payload (ESP)
|
|
|
Which type of switch network monitoring is best suited for high-speed networks that have a large volume of traffic?
|
Network tapping
|
|
|
A load balancer is typically located _______________ in a network configuration.
|
between routers and servers
|
|
|
Load balancing that is used for distributing HTTP requests received is sometimes called _______________.
|
IP Spraying |
|
|
A(n) _______________ is a computer or an application program that intercepts user requests from the internal secure network and then processes that request on behalf of the user.
|
proxy server
|
|
|
A (blank) can block malicious content in real time as it appears (without first knowing the URL of a dangerous site).
|
web security gateway
|
|
|
VPN transmissions are achieved through communicating with _______________.
|
end points
|
|
|
Which statement concerning behavior-based monitoring is correct?
|
It can more quickly stop new attacks as compared to anomaly- and behavior-based monitoring.
|
|
|
Which statement concerning signature-based monitoring is correct?
|
Signature-based monitoring looks for well-known patterns.
|
|
|
Which statement concerning anomaly-based monitoring is correct?
|
Anomaly-based monitoring is designed for detecting statistical anomalies.
|
|
|
Which statement concerning heuristic monitoring is correct?
|
Heuristic monitoring is founded on experience-based techniques.
|
|
|
A(n) _______________ captures packets to decode and analyzes their contents.
|
protocol analyzer
|
|
|
Which option for installing a corporate spam filter is considered to be the most effective approach?
|
Install the spam filter with the Simple Mail Transfer Protocol (SMTP) server.
|
|
|
Which type of Internet content filtering restricts unapproved websites from being displayed by searching for and matching keywords?
|
Content inspection
|
|
|
Using _______________, filters can assess if a webpage contains any malicious elements or exhibits any malicious behavior, and then flag questionable pages with a warning message.
|
malware inspection and filtering
|
|
|
A _______________ is a special type of firewall that looks at the applications using HTTP.
|
web application firewall
|
|
|
A more “intelligent” firewall is a(n) _______________ firewall, sometimes called a next-generation firewall (NGFW).
|
application-aware
|
|
|
The _______________ is the maximum length of time that an organization can tolerate between backups.
|
recovery point objective
|
|
|
The _______________ approach to calculating risk uses an “educated guess” based on observation.
|
qualitative
|
|
|
Which type of firewall packet filtering looks at the incoming packet and permits or denies it based on the conditions that have been set by the administrator?
|
Stateless packet filtering
|
|
|
_______________ can be prevented with loop protection.
|
Broadcast storms
|
|
|
Loop protection uses the _______________ standard spanning-tree algorithm (STA).
|
IEEE 802.1d
|
|
|
A security _______________ log can provide details regarding requests for specific files on a system.
|
access |
|
|
The goal of _______________ is to prevent computers with suboptimal security from potentially infecting other computers through the network.
|
NAC |
|
|
Which cloud computing service model allows the consumer to install and run their own specialized applications on the cloud computing network without requiring the consumer to manage or configure any of the underlying cloud infrastructure?
|
Platform as a Service (PaaS)
|
|
|
In the Software as a Service (SaaS) model, the cloud computing vendor provides access to the vendor’s software applications running on a cloud infrastructure. These applications, which can be accessed through a web browser, do not require any installation, configuration, upgrading, or management from the user.
|
Software as a Service (SaaS)
|
|
|
In the Infrastructure as a Service (IaaS) model, the customer has the highest level of control. The cloud computing vendor allows customers to deploy and run their own software, including operating systems and applications. Consumers have some control over the operating systems, storage, and their installed applications, but do not manage or control the underlying cloud infrastructure.
|
Infrastructure as a Service (IaaS)
|
|
|
Another name for layered security is _______________.
|
defense in depth
|
|
|
_______________ is a protocol suite for securing Internet Protocol (IP) communications.
|
IPsec |
|
|
What two encryption modes are supported by Internet Protocol Security (IPsec)?
|
IPsec supports two encryption modes: transport and tunnel.
|
|
|
Which protocol is used to manage network equipment and is supported by most network equipment manufacturers?
|
The Simple Network Management Protocol (SNMP) is a popular protocol used to manage network equipment and is supported by most network equipment manufacturers.
|
|
|
A newer secure version of DNS known as _______________ allows DNS information to be digitally signed so that an attacker cannot forge DNS information.
|
Domain Name System Security Extensions (DNSSEC)
|
|
|
_______________ is a cryptographic transport algorithm.
|
Transport Layer Security (TLS) is a cryptographic transport algorithm.
|
|
|
Which common cryptographic transport algorithm was developed by Netscape in 1994 in response to the growing concern over Internet security?
|
One of the most common cryptographic transport algorithms is Secure Sockets Layer (SSL). This protocol was developed by Netscape in 1994 in response to the growing concern over Internet security.
|
|
|
TCP/IP uses its own four-layer architecture that includes _______________ layers.
|
TCP/IP uses its own four-layer architecture that includes Network Interface, Internet, Transport, and Application layers.
|
|
|
Which statement accurately describes a characteristic of FTP Secure (FTPS)?
|
FTPS is a combination of two technologies (FTP and SSL or TLS).
|
|
|
A weakness of FTPS is that although the control port commands are encrypted, the data port (_______________) may or may not be encrypted.
|
A weakness of FTPS is that although the control port commands are encrypted, the data port (port 20) may or may not be encrypted.
|
|
|
Which protocol uses TLS and SSL to secure Hypertext Transport Protocol (HTTP) communications between a browser and a web server?
|
Hypertext Transport Protocol Secure (HTTPS)
|
|
|
Which protocol is used for file transfers?
|
Secure Copy Protocol (SCP) is used for file transfers. SCP is an enhanced version of Remote Copy Protocol (RCP). SCP encrypts files and commands.
|
|
|
Which statement describes a limitation of Secure Copy Protocol (SCP)?
|
a file transfer cannot be interrupted and then resumed in the same session; the session must be completely terminated and then restarted.
|
|
|
Communications between different IP devices on a network is handled by one of the core protocols of TCP/IP, namely, _______________.
|
Internet Control Message Protocol (ICMP)
|
|
|
In a(n) _______________ attack, an Internet Control Message Protocol (ICMP) redirect packet is sent to the victim that asks the host to send its packets to another “router,” which is actually a malicious device.
|
ICMP redirect
|
|
|
In a(n) _______________ attack, a malformed ICMP ping that exceeds the size of an IP packet is sent to the victim’s computer potentially causing the host to crash.
|
ping of death
|
|
|
An Internet Protocol version 4 (IPv4) address is _______________ in length.
|
32 bits |
|
|
An Internet Protocol version 6 (IPv6) address is _______________ in length.
|
IPv6 expands the length of source and destination IP addresses from IPv4’s 32 bits to 128 bits.
|
