Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
271 Cards in this Set
- Front
- Back
|
You are checking your network to insure users are conforming to a new password security policy. You plan on using a password cracking program. Which program would you use.
A. John the Ripper B. SATAN C. L0phtCrack D. Saint |
Both A and C are correct. B and D are incorrect because both SATAN and SAINT are vunerability-testing tools.
|
|
|
Back Orfice is considered an ______.
A. Virus B. Illicite server C. Worm D. Trojan Horse |
B. Illicite Server. Back Orfice, NetBus and Sub7 have two essential parts: a server and client. These programs are known a illicite servers.
|
|
|
Your network is under attack. Traffice patterns indicate that an unaughorized service is relaying information to a source outside the network. What type of attack is being executed against you?
A. Spoofing B. Man-in-th-middle C. Replay D. Denial of service |
B. Man in the middle attack is commonly used to gather information in transit between two hosts.
|
|
|
Your new server is preinstalled with a suite of manufacturer tools and the following components: Web Server,. FTP server, Telnet server, TCP/IP, NetBEUI,
IPX/SPX, NNTP server. This machine is to be configured as a Novell application server. What is the best way to be sure the server is as secure as possible? |
C. Reformat the machine and start from scratch.
|
|
|
Between which layers of the OSI model does the SSL protocol function?
|
Transport and Application.
|
|
|
Which of the following encryption protocols are used in Secure Shell (SSH) connections?
|
1. IDEA - International Data Encryption Algorithm
2. Blowfish 3. DES (Digital Encryption Standard. |
|
|
Which encryption methods are available when using Pretty Good Privacy? (PGP)
|
1. Diffie-Hellman
2. RSA - Rivest-Shamir-Adleman Both are Asymetric. |
|
|
Which of the Secure Shell (SSH) utilities is used to establish a secure command-line connection to a remote server.
A. rlogin B. slogin C. rsh D. ssh E. rcp F. scp |
B. slogin - slogin is the SSH utility provided to secure command-line connections to a a remote server.
|
|
|
When RADIUS is used to authenticate a dial-in user, which of the following is the is the RADIUS client?
|
RAS Server
The RAS server functions as the RADIUS client, authenticating dial-in user attempts agains the RADIUS server. |
|
|
Which of the following is true of TACACS?
|
It is an older protocol used to pass authentication requests sent by dial-up clients.
|
|
|
What are some client-side Web technologies?
|
ActiveX
JavaScript Cookies Java applets |
|
|
What method of accesss control is best suited for environments with hight rate of employee turnover?
A. MAC B. DAC C. RBAC D. ACL |
C. RBAC - RBAC is best suited for enviroments with a high rate of turnover because access is defined against static job descriptions rather hatn transitive user accounts or clearences.
|
|
|
Which of the following is the strongest form of authentication?
A. Biometric B. Two-factor C. Something you have D. Username and password |
B. Two-factor is always more secure than any single factor authentication.
|
|
|
Which of the following is the single most secure form of authentication method available?
A. Multi-factor B. Biometric C. Certificates D. Username and password |
B. Biometric - Biometric is the SINGLE most secure method of authentication because it is something you are.
|
|
|
Kerberos is used to perform what security service?
A. Authentication protection B. File encryption C. Secure communications D. Protected data transfer. |
A. Authentication Protection
Kerberos is a third party authentication service, thus it provides authentication protection. Kerberos can't be used to encrypt files, secure nonauthentication communication or protect data transfer. |
|
|
What is an Incident Response Policy?
|
An incident response policy covers how to deal with a security breach or disaster after it has already transpired. An effective incident response methodology contributes to the practice of due care.
|
|
|
Who should should be notified when an incident arises?
|
The CIO, affected personnel, the Public Affairs department, the incident response team, government agencies, and the Legal department.
|
|
|
What is the purpose of "privilege management"?
|
Privilege Management is to grand each user access to the specific resources needed to accomplish his or her job, and no more.
|
|
|
What is meant by the term "effective permissions"?
|
Effective permissions are the privileges assigned to each group of which the user is a member.
|
|
|
What is the purpose of auditing?
|
Auditing assess the efficacy of security policies and procedures. It ensures that employees are conforming to company standards, and it establishes accountabillity.
|
|
|
___________ describes the privleges assigned to a particular user. By default the file owner receives full control of any files or directories that he or she creates.
A. User management B. Group management C. Role management D. MAC |
A. User management.
|
|
|
How far away from your organizations's current location should an alternate site be minimally located?
|
50 km
|
|
|
When a situation arises, the first thing the disaster recovery team should do is to determine and evaluate the potential sources of the outage. True or False?
|
True.
|
|
|
What form of authentication periodically reauthenticates the client during a logon session?
A. Kerberos B. Certificates C. Multi-factor D. CHAP |
D. CHAP
|
|
|
What is the strongest form of password?
A. More than 8 characters B. One-time use C. Static D. Uses different types of keyboard characters. |
B. One-time use
|
|
|
Which of the following is commonly found to be a non-essential service on a web server?
A. Server service B. DNS service C. FTP service D. Print spooler service |
D. Print spooler service is a non-essential services but the other services are often used.
|
|
|
Which of the following is a DoS attack that uses network packets that have been spoofed so that the source and destination address are that of the victim?
A. Land B. Teardrop C. Smurf D. Fraggle |
A. Land - a Land Dos attack uses network packets that have been spoofed so that the source and destination address are that of the victim. A deardrop attack uses fragmented IP packets. Smurf and fraggle attacks use spoofed ICMP and UDP packets, respectively, against an amplification network.
|
|
|
What is a LAND attack?
|
A LAND attack involves IP packets where the source and destination address are set to the same device. The spoofed TCP SYN packet for connection initiation works because it causes the machine to reply to itself continuously.
|
|
|
What is a Teardrop Attack?
|
A Teardrop attack involves sending mangled IP fragments with overlapping, over-sized, payloads to the target machine.
|
|
|
What is the primary goal of auditing?
A. Detect virus infections B. Look for rogue services C. Scan open ports D. Check compliance with security policy. |
D. Check compliance with security policy.
|
|
|
What is WAP?
|
WAP is the Wireless Application Protocol and employes the Wireless Transport Layer Security (WTLS) for security. WAP environments function using a WAP gateway between mobile client and information server. WTLS is the security layer for WAP. It provides security services of privacy, integrity, and authentication for WAP supporting networks. Provides encrypted traffic between a mobile devie and a WAP gateway.
|
|
|
Which of the following threats is eliminated when only signed applets are allowed to download through a web browser?
A. CGI B. ActiveX C. Cookies D. Instant Messaging |
B. Active X
|
|
|
Which of of the following actions in OS hardening should come earliest in the process?
A. Enable secure remote administration B. Remove unneeded services and protocols. C. Enable logging and auditing. D. Connect to the internet/network. |
B. Remove unneeded services and protocols.
|
|
|
Illegal or unauthorized zone transfers are a significant and direct threat to what type of network server?
A. Web B. DHCP C. DNS D. Database |
C. DNS
|
|
|
What are two commonly used protocols for managing the security of a message acrosss the internet?
A. TCP, IP B. SCP, TFTP C. SSL, TLS D. X.25, X.400 |
C. SSL and TLS are bothe used for managing secure message communications across the internet. SSL is the defacto standard, while TLS is the latest version of SSL.
|
|
|
What does SSL and TLS use to enable encryption of data between two parties?
|
Ciphers. SSL and TLS use both symmetric and asymmetric.
Most Web servers require at lease 128-bit encryption ciphers to establish a connection. |
|
|
What does SSL and TLS used to provide authentication to the end points for end-to-end secure communication?
|
Digital Certificates - enable authentication of the parties involved in a secure transaction. A typical certificate has the following components:
1. The certificate issue's name 2. The entity for which the cert is being issued. (the subject) 3. The public key of the subject 4. A time stamp |
|
|
What are two distinct types of certificate authorities?
|
1. Public cert authorities - such as VeriSign, which are trusted by most browsers and servers. Usually means no other relation exists between two parties.
2. Private cert authorities - are established in-house by enterprises that need to create their own closed, private cert infrastructure. |
|
|
What encryption algorithms are recommended for S/MIME (Secure Multipurpose Internet Mail Extensions)
A. Lucifer B. RC4, RC5 C. DES,3DES, RC2 D. AES, TTPT |
C. DES, 3DES, and RC-2
|
|
|
What encryption algorithms are used by PGP?
|
CAST (128-bit by Nortel)
IDEA (128-bit, 64-block), 3DES (56, 112, 168 bit realized) Twofish (128, 192, 256) |
|
|
What are considered "Hybrid Cryptosystems? (choose two)
A. VPN B. S/MIME C. WAP D. PGP |
B and D. Both S/MIME and PGP are considered "hybrid cryptosystems" because they solve the "conventional" symmetrical cryptograpy problems - those of:
Symmetrical - Key Distribution Problem and Asymetrical - Slow Processing Problem |
|
|
What are some differences between S/MIME and PGP?
|
A. S/MIME uses the X.509 standard for certificate formats.
B. S/MIME hides the ID of the Senders digital certificate C. PGP uses it's own standard for the format of certificates. D. A PGP certificate can be signed by more than one entity. |
|
|
What does tunneling do?
|
Tunneling enables a foreign protocol to travel across a network by encapsulating (wrapping) it inside the packets of the host network. The security protocols supply an additional level of security by encrpytiong the data before transmission.
|
|
|
What are 2 commonly used tunneling protocols?
A. PPP and VPN B. PPTP and L2TP C. SSL and IPSec D. TLS and AES |
B. PPTP and L2TP
|
|
|
Describe PPTP.
|
Point-to-Point Tunneling Protocol is built upon the well-established Internet protocols of PPP and TCP/IP. The PPP provides authentication, encryption, and compression of data sent over analog telephone lines, while TCP/IP provides a transport mechanism for conveying digital data over the internet infrastructure. In the case of data sent over phone lines, the original data packets are encapsulated within a PPP packet using GRE v2 (Generic Routing Encapsulation Protocol version 2). PPTP then encrypts and encapsulates the PPP packets within the IP datagram's for transmission through the internet. This is more than just for delivering messages. It actually establishes a virtual node on the corporate LAN using Microsoft point-to-point encryption (MPPE) to eencrypt the data packets and PAP or CHAP to authenticate users for access to the corporate network.
|
|
|
What are some network protocols that send passwords in clear text?
|
FTP
Telnet HTTP NNTP IMAP POP SNMP |
|
|
What is Network Monitor?
|
Network Monitor is provided with Windows Server 2003 and offers basic network sniffing features, such as data collection, logging, fault analysis, and performange analysis.
|
|
|
What is BackOfficer Friendly?
|
BackOfficer Friendly lures out intruders by emulating a Back Orifice server, and a variety of other services such as FTP, HTTP, and SMTP.
|
|
|
Why do businesses typically deploy a Honeypot, perhaps a hardware Honeypot like SmokeDetector?
A. To prosecute hackers B. To research harcker techniques C. To divert hackers attention from bigger targets D. To obtain early warning that a hacker has access to the network |
D. When businesses deploy honeypots, the goal is usually to obtain early warning that a malicious hacker has access to the network.
|
|
|
Honeypots are useful as a law enforcement tool and the evidence they collect is used in court? True or False?
|
False. A honeypot is not a law inforcement tool and it is doubtful that they could be used as evidence in court.
|
|
|
What two documents should be included with every IDS deployment?
|
1. An IDS monitoring policy and proceedure.
2. An Incident Response plan. |
|
|
What should an IDS Incident Response policy include?
|
1. A classification system to categorize alarms.
2. Actions to follow for each alarm. (ei - contact SIRT (Security Incident Reponse Team) |
|
|
When an IDS correctly identifies undesirable traffic?
A. True Positive B. True Negative C. False Positive D. False Negative |
A. True Positive.
|
|
|
When an IDS correctly identifies normal traffic?
A. True Positive B. True Negative C. False Positive D. False Negative |
B. True Negative
|
|
|
When an IDS incorrectly identifies normal traffic as an attack?
A. True Positive B. True Negative C. False Positive D. False Negative |
C. False Positive
|
|
|
When an IDS incorrectly identifies an attack as normal traffic?
A. True Positive B. True Negative C. False Positive D. False Negative |
D. False Negative
|
|
|
What are three typical locations for IDS sensors?
|
A. Just inside the firewall
B. On the DMZ C. On any subnets containing mission-critical servers |
|
|
What is a typical reaction for a network IDS?
A. Send alert to administrator. (Choose Two.) B. Shutdown the border gateway router. C. TCP resets, IP session logging D. IP shunning or blocking B. |
C. and D.
TCP Resets IP Session Logging IP Shunning* IP Blocking |
|
|
What are the two main types of host-based IDS?
|
A. Host wrappers - personal firewall that tend to be inexpensive and deployable on all machines in the enterprise, but which do not have the indepth, active monitoring measures as..
B. Agent-based software - more suited for single purpose servers effective for detecting attacks from trusted-insider attacks and somewhat from ouside attacks. |
|
|
Which firewall port must be opened in order for LDAP over SSL traffic to enter a corporate network?
A. 119 B. 53 C. 636 D. 389 |
C. When using Lightweight Directory Access Protocol over SSL, it is necessary to have port 636 open in order for the traffic to enter the network. LDAP is one of the most common directory access protocols used today. LDAP is a subset of X.500 that uses a tree type of directory structure.
Port 389 is used by LDAP, but not when working over SSL. |
|
|
Which of the following file systems would you prefer for use with your operating system.
|
NTFS and JFS (JFS is the Journaling File System used in UNIX/Linus file systems which has great stability and reliability.
|
|
|
Which version of SSL supports symmetric encryption algorithms, public key algorithms, and non-encrypting hashing algorithms?
A. V1 B. V2 C. V3 D. V4 |
C. V3
SSL V3 is the current best version to support these things. V1 was the initial version designed by Netscape, V2 was made available in all Netscape browsers but supported a weak version of DES encryption. |
|
|
What makes a rootkit a dangerous threat?
|
It cannot be detected by a virus scan.
|
|
|
You have designed a new LDAP directory for your organization, but the default attributes associated with user objects don't support the information you'd like to include. In particular, you want to show the hire date of each person, the last date their position in the company changed, and the minimum retirement date of the person. To add these attributes to user objects, which of the following would you modify?
A. Directory Information Tree B. Common name C. Schema D. Object class |
C: Schema. The schema defines the object classes and attribute types, and allows administrators to create new attributes and object classes specific to the needs of their network or company. Each of the attributes associated with an object are defined in the schema.
|
|
|
You are working on configuring the security for some network devices located on your corporate network. As part of this configuration, you will be setting up access control lists (ACLs) for the devices. Which process would this fall under?
A. MAC B. DAC C. RBAC D. All of the above |
C: The Security+ exam uses two definitions for RBAC; "Role-based access control" and "Rule-based access control." Rule-based access control deals with the configuration of access control lists for network devices.
|
|
|
You have been asked to choose a replacement firewall to help protect your corporate network. The firewall is to be placed between the Internet and your DMZ. Within the DMZ are several Web, FTP, and Start of Authority (SOA) Web service servers. What type of firewall would provide the best protection in this environment?
A. Packet-filtering B. Application-layer gateway C. Stateful inspection D. None of these |
C: Stateful inspection would support all applications in the environment and provide the best protection for this type of configuration.
|
|
|
What are some kinds of Fixed System Fire Suppression systems?
|
1. Wet Pipe Systems - spray water immediately
2. Dry Pipe Systems - hold water back allowing time to shut down systems 3. Pre-action systems - sounds alarm before sprinkling water (common in computer rooms) 4. Gas discharge - use Halon (or replacement) or CO2 to suppress the fire without damage to electronic devices. |
|
|
What do you used to put out a common combustible fire such as for wood or paper?
|
Pressurized water or soda acid. This is a class A fire.
|
|
|
What do you use to put out a fire buring with flammable liquids such as petroleum products or coolants?
|
Halon (or replacement) gas, carbon dioxide, or soda acid. This is a class B fire.
|
|
|
What do you use to to put out an electrical fire from electrical equipment?
|
Non-conductive chemicals: Halon (or replacement) gas or carbon dioxide. This is a class C fire.
|
|
|
What type of UPS system uses AC voltage to charge batteries and convert the DC output from the batteries to regulate voltage?
A. Monitoring systems B. Wireless system C. Standby system D. Online system |
D. Online system
|
|
|
What is the primary difference between ESP and AH?
|
In addition to IKE, which establishes the IPSec tunnel, IPSec relies on either the Authentication Header (AH) protocol (51) or the Encapsulating Security Payload (ESP) protocol (50). Both AH and ESP offer origin authentication and integrity services, which ensure that IPsec peers are who they say they claim to be and that the data was not modified in transit.
However, the main distinction between AH and ESP is encryption support. ESP encrypts the original packet, whereas AH does not offer any encryption. As a result ESP is far more popular on today's networks. In fact, AH is no longer supported in some Cisco implementations. Both AH and ESP can operate in one of two modes - transport mode or tunnel mode. |
|
|
What protocol number are ESP and AH packets?
A. 27 and 28 B. 115 and 116 C. 1670 and 1671 D. 50 and 51 |
D. 50 (ESP - encapsulating security payload) and 51 (authentication header)
|
|
|
In an IPSec tunnel, what is the purpose of IKE?
|
IKE performs mutual authentication between two parties and establishes an IKE security association (SA) that includes share secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) [RFC4303] and/or Authentication Header (AH) [RFC4302] and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry.
|
|
|
At what OSI layer do ESP and AH communicate?
|
ESP and AH operate at the Transport Layer.
|
|
|
At what OSI layer do IKE, ISAKMP communicate?
|
IKE and ISAKMP (as well as GDOI) operate at the Application Layer.
|
|
|
At what OSI layer does GRE operate?
|
GRE (Generic Routing Encapsulation) IP protocol 47 operates at the Trasport layer used in PPTP.
|
|
|
What layer does FTP operate and what TCP ports does it use?
|
FTP operates at the Application Layer and uses 20 for data and 21 for control.
|
|
|
What OSI layer does Telnet operate and what TCP port does it use?
|
Telnet works at the Application Layer and uses port 23.
|
|
|
What layer does PPP operate at?
|
Data-Link Layer.
|
|
|
At what OSI layer does RADIUS operate?
|
RADIUS operates at the Application layer on ports 1812 and 1813.
|
|
|
At what layer does ICMP operate?
|
ICMP works at the Transport layer an is protocol 1.
ICMP messages are sent in several situations: for example, when a datagram cannot reach its destination, when the gateway does not have the buffering capacity to forward a datagram, and when the gateway can direct the host to send traffic on a shorter route. The Internet Protocol is not designed to be absolutely reliable. The purpose of these control messages is to provide feedback about problems in the communication environment, not to make IP reliable. There are still no guarantees that a datagram will be delivered or a control message will be returned. Some datagrams may still be undelivered without any report of their loss. The higher level protocols that use IP must implement their own reliability procedures if reliable communication is required. The ICMP messages typically report errors in the processing of datagrams. To avoid the infinite regress of messages about messages etc., no ICMP messages are sent about ICMP messages. |
|
|
What OSI layer does Netbios operate at?
|
Netbios works at the Session Layer.
|
|
|
At what layer does SSL (and TLS) operate?
|
SSL and TLS operate at the Transport Layer. (Although this is not agreed upon in all sources. Some have put this in the Session up to Application layers.)
|
|
|
How fare can wireless devices transmit signals?
A. 20 meters B. 80 meters C. Up to the nearest concrete wall D. 500 meters |
D. 500 meters - wireless devices (typically using the 2.4GHZ frequency) can transmit signals as far as 500 meters, enabling anyone outside the building to eavesdrop. Cell phone technology extends the range even further.
|
|
|
What is the difference between standby and online UPS's?
|
In UPS systems Standby units stay inactive until a critical power event occurs. Online systems use AC line voltage to charge a bank of batteries. When in use, the online UPS changes the DC output from the batteries and regulates the voltage as it powers devices.
|
|
|
Power failures can be protected against with the use of either a _______ or ________?
A. Generator or Solar Panels B. Hydrogen Power or Nuclear Power C. UPS's or backup power sources D. AC or DC currents. |
C. UPS's (both online or standby) or backup power sources (like a generator).
|
|
|
What is IMAP and what is it used for?
|
IMAP (Internet Message Access Protocol) is one of the two most prevalent Internet standard protocols for e-mail retrieval, the other being POP3. Virtually all modern e-mail clients and servers support both protocols as a means of transferring e-mail messages from a server, such as those used by Gmail, to a client, such as Mozilla Thunderbird and Microsoft Outlook.
Many implementations of webmail use IMAP to retrieve e-mail messages from a server and display them within a web browser, making the use of this protocol transparent to the user. It is an application layer protocol operating on port 143. The current version, is version 4 revision 1 (IMAP4rev1.) |
|
|
What is MIME and what does it do?
|
MIME (Multipurpose Internet Mail Extension) is an Internet standard that extends the format of e-mail to support:
text in character sets other than ASCII; non-text attachments; message bodies with multiple parts header information in non-ASCII character sets. MIME's use, however, has grown beyond describing the content of e-mail to describing content type in general. The content types defined by MIME standards are also of importance outside of e-mail, such as in communication protocols like HTTP for the World Wide Web. HTTP requires that data be transmitted in the context of e-mail-like messages, even though the data may not actually be e-mail. |
|
|
You are concerned that hackers may be able to listen to information transmitted over LDAP from the Internet. Which of the following ports would you block from the Internet to prevent this?
A. Port 20 and port 21 B. Port 80 and port 443 C. Port 21 and port 22 D. Port 389 and port 636 |
D: Port 389 and port 636. LDAP uses TCP/UDP port 389 and LDAPS uses port 636. By blocking these ports form the Internet, it will prevent anyone outside of the network from listening or making connections to these ports.
|
|
|
What set of protocols did LDAP evolve out of?
|
LDAP came out of the telecommunications industries comprehensive X.500 directory specification which traditionally used the Directory Access Protocol.
|
|
|
What does SSH used for establishing authentication and an encrypted and secure connection.
A. 2.4GHz wideband radio frequency B. GWatt C. A public key D. L2TP and PPTP |
C. SSH uses a public key authentication method to establish en encrypted and secure connection from the user's machine to the remote machine.
|
|
|
Your company has multiple locations and has decided to connect those locations together by using the Internet. As such you have been asked to configure a VPN. Once you decide how to configure the tunnel you will need to choose the type of encryption to use. Which of the following would be the best choice?
A. IPSec B. PPTP C. L2TP D. L2T |
A: IPSec is a protocol that is used to encrypt data communications.
Answers B, C, and D are incorrect as each describes a tunneling protocol. PPTP is point-to-point tunneling protocol, L2TP is layer 2 tunneling protocol and L2T is layer 2 tunneling. |
|
|
What is EAP and what is it for?
|
EAP - Extensible Authentication Protocol - This extends the capabilities of PPP to encompases a range of new authentication methods, including token cards, one time passwords, certificates, and biometric. It describes standards to ensure compatibility and interoperability between remote user, and access point or switch, and an authentication server such as RADIUS. It deals exclusively with the authentication process. IEEE 802.1X uses EAP to define how authentication takes place.
|
|
|
What are some forms of EAP offering different levels of security and support for wired and wireless LANs?
|
EAP forms for wired and wireless LANs include:
EAP over IP (EAPoIP) EAP over LAN (EAPOL) Message Digest Algorithm/CHAP (EAP-MD5-CHAP) Transport Layer Security (EAP-TLS) Tunnel Transport Layer Security (EAP-TTLS) RADIUS Light Extensible Authentication Protocol 9 (LEAP) Cisco |
|
|
What is Kerberos?
|
Kerberos (current free is version 5) provides a means to authenticate users and services over an open multi-platform network using a single login procedure. After the user has authenticated by the system, all subsequent commands and transactions can be carried out securely without any prompting for password.
|
|
|
Which component of the Kerberos system is a uniquely-named client or server to which Kerberos can assign tickets?
A. Authentication Server (AS) B. Ticket-Granting Server (TGS) C. Key Distribution Center (KDC) D. Principle |
D. A Principle is any uniquely-named client or server to which Kerberos can assign tickets.
|
|
|
Which component of the Kerberos system is a network service that authenticates users or services, then supplies ticket-granting tickets to the authorized user or service?
A. Authentication Server (AS) B. Ticket-Granting Server (TGS) C. Key Distribution Center (KDC) D. Principle |
A. The Authentication Server (AS) is a network service that authenticates users or services, then supplies ticket-granting tickets to the authorized user or service.
|
|
|
Which component of the Kerberos system is a network service that supplies temporary session keys and tickets to authorized users or services?
A. Authentication Server (AS) B. Ticket-Granting Server (TGS) C. Key Distribution Center (KDC) D. Principle |
B. The Ticket-Granting Server (TGS) is a network service that supplies temporary session keys and tickets to authorized users or services.
|
|
|
Which component of the Kerberos system is a server running both AS and TGS services: services both initial ticket and ticket-granting ticket requests.
A. Authentication Server (AS) B. Ticket-Granting Server (TGS) C. Key Distribution Center (KDC) D. Principle |
C. The Key Distribution Center (KDC) is a server running both AS and TGS services: services both initial ticket and ticket-granting ticket requests.
|
|
|
Which component of the Kerberos system is an organizational boundry that is formed to provide authentication boundaries. Each realm has an Authentication Server and a Ticket-Granting Server.
A. Authentication Server (AS) B. Ticket-Granting Server (TGS) C. Key Distribution Center (KDC) D. Realm |
D. A Realm is an organizational boundary that is formed to provide authentication boundaries. Each realm has an Authentication Server and a Ticket-Granting Server.
|
|
|
Which component of the Kerberos system is a remote realm's TGS?
A. Authentication Server (AS) B. Ticket-Granting Server (TGS) C. Key Distribution Center (KDC) D. Remote Ticket-Granting Server (RTGS) |
D. The Remote Ticket-Granting Server (RTGS) is a remote realm's TGS.
|
|
|
During Kerberos processing what type of data is a ticket for the resource server plus a temporary encrytion key (session key).
A. Credentials B. Session Key C. Authenticator D. Ticket E. Ticket-Granting Ticket |
A. The Credentials is a ticket for the resource server plus a temporary encryption key (session key).
|
|
|
During Kerberos processing what type of data is a temporary encryption key used between the client and resorce server, with a lifetime limited to the duration of a single login session.
A. Credentials B. Session Key C. Authenticator D. Ticket E. Ticket-Granting Ticket |
B. A Session Key is a temporary encryption key used between the client and resource server, with a lifetime limited to the duration of a single login session.
|
|
|
During Kerberos processing what type of data is a record containing information that can be shown to have been recently generated using the session key known only by the client and server. It is typically valid for five minutes and cannot be reused.
A. Credentials B. Session Key C. Authenticator D. Ticket E. Ticket-Granting Ticket |
C. The Authenticator is a record containing information that can be shown to have been recently generated using the session key known only by the client and server. It is typically valid for five minutes and cannot be reused.
|
|
|
In Kerbros, what is a ticket?
|
A Ticket is a record that helps a client authenticate itself to a server; it contains a client's identity, a session key, a timestamp, and checksum, all sealed using the resoruce server's secret key.
|
|
|
I Kerberos what is a Ticket-Granting Ticket (TGT)?
|
A Ticket-Granting Ticket (TGT) is a ticket that is granted as part of the Kerberos authentication process and used to obtain other tickets from the TGS.
|
|
|
What are some vunerabilities in Kerberos security?
|
A. Unsecured or weak passwords
B. Physically accessible workstations and servers C. Vunerable to DoS attacks D. Recycled SIDs |
|
|
If both Bob and Alice have published their public keys online, how does Bob know it's actually Alice who sent him the message, and not some other person who accessed his public key claiming to be Alice?
|
Alice's identity can be verified if she "notarizes" the message with a digital certificate issued by a certification authority.
|
|
|
What is the difference between active and passive security tokens?
|
Both possess a base key, but a passive token simply acts as a storage device for the base key, while the active token can provide variable outputs in various circumstances.
|
|
|
Which is and example of a passive security token?
A. A physcial key with notches tha match a lock. B. A magnetic strip that transmits a key when using a card reader C. An optical bar code read by a scanner. D. All of the Above |
D. All of the Above.
|
|
|
What is an example of an active security token?
A. A smart card B. PCMCIA C. USB token D. All of the Above |
D. All fo the above
|
|
|
An active token does not emit or otherwise share its base token. True or false?
|
True - An active token does not share it's base token. Instead it actively creats another form of the base key - such as a one-time password or encrypted form of the base key - that is not subject to attack each time the owner tries to authenticate.
|
|
|
What is the difference between a counter-based and clock-based token?
|
Counter-based tokens produce one-time passwords by combining the secret password with a counter that is synchronized with a counter in a server.
Clock based tokens produce one-time passwords by combining a secret password with an internal clock tha tis synchronized with the server's clock. |
|
|
BootP (Server) port?
|
67
|
|
|
BootP (Client) port?
|
68
|
|
|
TACACS port?
|
49
|
|
|
NTP port?
|
123
|
|
|
IMAP4 port?
|
143
|
|
|
IPX port?
|
213
|
|
|
NetBIOS ports?
|
137, 138, 139
|
|
|
LDAP port?
|
389
|
|
|
IKE (ISAKMP) port?
|
500
|
|
|
LDAP over SSL port?
|
636
|
|
|
ICMP protocol #?
|
1
|
|
|
IGMP protocol #?
|
2
|
|
|
TCP protocol #?
|
6
|
|
|
UDP protocol #?
|
17
|
|
|
L2TP protocol #?
|
115
|
|
|
ESP protocol #?
|
50
|
|
|
AH protocol #?
|
51
|
|
|
L2TP port?
|
UDP 1701
|
|
|
PPTP port?
|
TCP 1723
|
|
|
NFS port?
|
2049
|
|
|
IRC ports?
|
6667-7000
|
|
|
Syslog port?
|
514
|
|
|
SNMP port?
|
161
|
|
|
SNMP trap port?
|
162
|
|
|
NNTP port?
|
119
|
|
|
Access control models define the rules for user access to network system resources. Which model allows users to pass access permissions on to other users? Choose the best option from those listed below.
a) Mandatory Access Control b) Discretionary Access Control c) Nondiscretionary Access Control d) Role-Based Access Control |
b) Discretionary Access Control - The Discretionary Access Control (DAC) model allows the owner of a resource to define who is allowed to access it, and what type of access they have. Owners use their own discretion to grant or revoke access to objects under their control, without intervention from the system's security administrator.
|
|
|
You are the junior network administrator for your company. Tanya, a new employee at the company, is a member of the Management group, the Sales group, and the Accounting group. The Payroll folder is located on the ACC1 server that is located in the Accounting department. The Management group has the Read NTFS permission to the folder, so that they can verify salaries. The Accounting group has the Write NTFS permission to the folder, so that they can update and maintain all of the salaries. The Sales group has the deny Read NTFS permission to the folder, so that they are unable to access it. Tanya phones you to inform you that each time she tries to access the folder she receives the following error: Access is denied. What should you do to provide Tanya with access to the payroll folder while maintaining the current permission standards? Choose the best option from those listed below.
a) Grant the Everyone group the Write permission to the Payroll folder. b) Remove the Sales group from the name list. c) Remove Tanya from the Sales group. d) Add Tanya's user account directly to the security names list and grant her the write permission. |
b) Remove the Sales group from the name list.
Permissions are assigned to users and groups so that access to resources can be strictly controlled. When a user or group has multiple NTFS permissions assigned for the same object, the permissions will be cumulative; however, if any of the permissions are deny, then deny will always prevail. In this case, the most restrictive permission is the deny Read permission that has been assigned to the Sales group. Therefore, Tanya will not have access to the Payroll folder even though she has read and write permissions from the other groups. To grant Tanya permissions to this folder and maintain the current standards, you will have to remove the Sales group from the name list. By removing the Sales group, Tanya will have access to the folder because the deny permission will be gone, allowing the read and write permissions to prevail. In addition, all other requirements will still be met. |
|
|
To ensure that files and networks are secure, you should deploy an authentication system that will allow network access to approved users only. Which security solution supports the creation of public/private key pairs? Choose the best option from those listed below.
a) Smart cards b) Digital certificate c) Secure Sockets Layer d) Internet Protocol Security |
b) Digital certificate
A digital certificate binds an identity to a public key, assuring the identity of the person or entity who owns the public key and the associated private key. A digital certificate is issued only to the approved user by an authorized and central body, called a Certification Authority (CA). Digital certificates usually include a serial number, the name or entity of the certificate holder, the holder's public/private key pair, the CA's digital signature and credentials, and the certificate's expiration date. The private key is made available only to the subject of the digital certificate, whereas the public key is made available to other users as a part of the digital certificate. Therefore, any user can encrypt a message and send it to you by using your public key. However, you can access the message only by decrypting it with your private key. |
|
|
Kerberos is an authentication protocol used to validate users' identity before enabling them to engage in private communication over a public network. Which statements about Kerberos are correct? Choose the best options from those listed below.
a) Kerberos uses asymmetric encryption to authenticate a network user or service. b) Kerberos supports both DES and RC4 encryption. c) Kerberos does not offer protection against Denial of Service (DoS) attacks or password guessing. d) All of the options are correct. |
Kerberos authenticates network users and services using symmetric encryption. Symmetric encryption is a form of encryption where the same key is used for both encryption and decryption. The key must be kept secret, and is shared by the message sender and recipient. Kerberos does not send passwords across the network; instead, Kerberos allocates a unique key to each user on the network. This private key is used within messages to verify the sender's identity and to determine whether the client has access to the requested network service.
Kerberos originally used Data Encryption Standard (DES). Now it supports 40-bit or 56-bit DES, but defaults to RC4, which is faster, more secure, and a standard in the Windows 2000 environment. Both DES and RC4 are types of cipher encryption. Kerberos ensures the confidentiality and integrity of data. However, Kerberos does have some security weaknesses. Kerberos does not offer protection against Denial of Service (DoS) attacks or password guessing. Passwords can be guessed and used to initiate Kerberos service requests. With a simple DOS attack, an attacker can prevent an application from participating in the authentication process. |
|
|
Point-to-Point Protocol (PPP) is an encapsulation protocol for transporting network layer protocols over serial point-to-point links. There are two methods of authentication that can be used with PPP links, either Password Authentication Protocol (PAP) or Challenge Authentication Protocol (CHAP). Which statements regarding these two authentication protocols are correct? Choose the best options from those listed below.
a) PAP is a challenge-response authentication protocol. b) PAP enables a remote client to establish their identity using a two-way handshake. c) CHAP is more secure than PAP in that the password is never sent over the link. d) CHAP uses a three-way handshake to authenticate the identity of the remote client. e) All of the options are correct. |
b) PAP enables a remote client to establish their identity using a two-way handshake.
c) CHAP is more secure than PAP in that the password is never sent over the link. d) CHAP uses a three-way handshake to authenticate the identity of the remote client. PAP is a simple, plaintext authentication scheme that enables a remote client to establish their identify using a two-way handshake. Authentication is performed only once and that is during the initial link establishment. PAP operates by establishing a connection and then checking the username and password information. If the username and password information matches, authentication is successful and the access server sends an acknowledgment to the remote client. Transporting data in plaintext form makes PAP particularly vulnerable to eavesdropping attacks. CHAP is more secure than PAP, because it uses a three-way handshake to authenticate the identity of the remote client. Passwords are not transmitted over the network; instead, authentication is confirmed using a one-way hash generated value. The three-way handshake takes place on the initial link, and it can be repeated at intervals. To check that the user accessing the network is authenticate, CHAP sends a message containing a challenge value at periodic intervals. Each challenge message contains a different value. By using a dynamic challenge value and repeated authentication, eavesdropping attacks cannot discover the user's password for use in playback attacks. |
|
|
Any program that is written for a malicious purpose is considered to be malicious code. What type of malicious code can propagate itself across a network without needing to attach to a host program? Choose the best option from those listed below.
a) Worm b) Logic bomb c) Virus d) Trojan horse |
a) Worm
A worm is malicious code, which can replicate itself and propagate across a network. Worms are similar in nature to viruses. Both can consume resources and replicate themselves. Unlike a Trojan horse or many viruses, a worm does not have to attach itself to other host programs. A worm is capable of distributing and launching itself on its own, with no assistance from users whose computers are being infected. |
|
|
In symmetric algorithms, what is the difference between stream algorithms and block algorithms?
|
Stream algorithms operate on th plaintext one bit at a time. Examples are RC4 used in WEP.
Block algorithms encrypt and decrypt the data in groups of bits. Typical block sizes used in everyday computing are 64 abd 128 bits. Some examples are DES, 3DES, AES, RC5, IDEA, Twofish, Blowfish, Lucifer, and Skipjack |
|
|
What are some asymmetric alogrithms?
|
Some asymetric algorithms are El Gamal, RSA, Diffie-Hellman, and Digital Signature.
|
|
|
What is a common use for the Diffie-Hellman algorithm.
|
The Diffie-Hellman (D-H) algorithm is a public key alogorithm commonly used in IPSec.
|
|
|
What is the key length of DES?
|
DES (based on Lucifer) used a 56-bit key length but was cracked by "DEEP CRACK" in 1998.
|
|
|
What is the key bit length of 3DES?
|
Triple DES uses 3 keys for an aggregate bit length of 168. It is therefor 3 time slower than DES much more secure.
|
|
|
Where is the IDEA algorithms commonly used?
|
IDEA, a symmetric block cipher uses 64 bit blocks and a 128-bit key and is commonly used in PGP.
|
|
|
What 2 encryption algorithms has no known attacks?
|
Blowfish and RC5. Blowfish is a free unpatented cipher which has a 64-bit block and uses variable key lengths. It is easy to implement, is fast and low in memory usage.
RC5 is suited for hardware or software function and is like blowfish in speed and easy of implemention. It uses variable key length and variable number of rounds making it flexible and adaptable. |
|
|
What encryption algorithm was developed by NSA and is also used in a fiction novel by Dan Brown?
|
Skipjack was developed by NSA and is also used in Dan Brown's "Digital Fortress". It has an 80-bit key length and 64-bit data blocks.
|
|
|
Most encryption algorithms in use today are based on a structure developed by Horst Feistel of IBM in 1973. True or False?
|
True.
|
|
|
SHA-1 (Secure Hash Algorithm 1) was developed by the NSA and has a 160-bit hash value, and is considered more secure than MD5. True or False?
|
True.
|
|
|
MD5 was developed by RSA and has a 128-bit hash value, and is considered less secure than SHA-1. True or False?
|
True.
|
|
|
A digital signature is created using a __________?
A. Asymetric Algorithm B. Symmetric Algorithm C. S/MIME Header D. Hash Function |
D. Hash Function. You perform a hash on the message to create a message digest; a shorter version of the message; then you encrypt the message digest by using your own private key. The digital signature is then appended to a plaintext or encrypted message. The recipient cannot open the digital signature unless the public key of the sender matches the private key used to encrypt the message digest..
|
|
|
What is the problem with sending information encrypted with the recipient's public key?
|
Malicious users might have POSTED a phony key with the name and id of the recipient so that if they intercept the message, then they alone can read it. Using digital certificates fixes this problem by providing a trusted authority which has verified the identity of the sender. If the recipient recieves a digital cert with the encrypted message, they can be certain of the sender's authenticity.
|
|
|
What does an X.509 certificate contain?
|
An X.509 certificate contains:
*Id info such as user's name, iid, unique serial, and validity dates for the life of the cert. *The public key of the cert holder. * The digital signature of the CA which validates the whole package. |
|
|
When you recieve a message signed by a digital signature, what is guaranteed?
|
Integrity and Non-Repudiation.
|
|
|
What are the two key roles in a Public Key Infrastructure? (PKI)
|
1. Certificate Authority - person or group responsible for issuing certs to authorized users. CA creates the cert and signs it by using it's own private key. Responsible also for storing and safeguarding the certs.
2. Registration Authority - used to offload work of CAs. Acts as middleman between CA and subscriber, accepting registrations for the CA, validating the subscriber's id, and distributing keys. THE RA DOES NOT ISSUE CERTS ON ITS OWN. |
|
|
What does a Certifiacte Policy contain?
|
A Certificate Policy contains:
* A set of rules indicating the "applicability of a cert to a particular community and/or class of application with common security requirements". The CIRCUMSTANCES the cert will be used. |
|
|
What does the Certificate Practice Statement contain?
|
The Certificate Practice Statement contains:
*A document that explains how the CA is structured *Which standards and protocols are used *How the certs are managed. |
|
|
What is one thing you want to do when hardening a DNS server?
|
Restrict zon transfers to authorized computers.
|
|
|
Which of the following are used as large Data Repositories?
A. SAN B. WAN C. NAS D. DEN |
A - Storage Area Network
C - Network Attached Storage D - Directory Enabled Networks |
|
|
What is the problem with the "sa" account on a SQL server?
|
The default password is blank.
|
|
|
What is IP address spoofing?
|
A attacker generats TCP/IP packets with the source address of a trusted host indended to decieve the filter on the firewall or router to gain access to network resources. A challenge of this attack is guessing the correct sequence number.
|
|
|
How would you prevent an IP spoofing attack?
|
To prevent IP spoofing, disable source routing on all internal routers. Also, filter out packets entering the local network from the Internet that have a source address of the local network.
|
|
|
What is ARP poisoning?
What does an attacker need for it to work? A. The IP address of the host. B. The DNS name of the host. C. An ARP Scanner. D. Must be on the local network of the host. |
ARP pisoning is a technique used to corrupt a host's ARP table allowing the hacker to redirect traffic to the attacking machine. KEY - CAN ONLY BE CARRIED OUT WHEN ATTACKER IS CONNECTED TO THE SAME LOCAL NETWORK AS THE HOST MACHINE.
|
|
|
Hacking into a computer system can sometimes be accomplished by simply guessing a password for a username. However, hackers usually have to do some investigative work to identify a target and discover any weaknesses it may have. Which computing device would be the most obvious target for a hacker attack? Choose the best on from those listed below.
a) Router b) Web server c) Mail server d) Database server |
a) Router
Routers, Web servers, and Mail servers are three common targets of attack because they usually reside on the outside of a network. However, the most obvious target of these three devices would be the router because it is the gateway to the rest of the network. A hacker would have to get through the router before he could attack any other network device. |
|
|
What is the best way to stop an ARP poisoning attack?
A. Remove host computer from the network. B. Enable the firewall of the host. C. Encrypt the MAC forwarding table. D. Use network switches with MAC binding features. |
D. To stop ARP poisoning, use network switches that have MAC binding features. Switchs with MAC binding store the first MAC address that appears on a port and do not allow the mapping to be changed without authentication.
|
|
|
PGP uses Asymetric Encryption for PKI? True or False?
|
True.
|
|
|
What is Web Spoofing?
|
A Web spoofing attack convinces its victims that they are visiting a real legitimate site, when they are in fact visiting a Web page that has either been created or modified by the attacker for duping the victim. There are two flavors:
Man-in-the-middle Denial of service |
|
|
How can one defend against Web spoofing attacks?
|
* Disable JavaScript, ActiveX, and Java in the browser. The attacker will be unable to hide the evidence of the attack.
* Display the browser's location line. * Instruct users to watch the URL line for any dubiious URL's * Instruct users to set their homepage to a known secure web site. |
|
|
What is DNS spoofing?
|
DNS spoofing manipulates the DNS server to redirect users to an attacker's server.
|
|
|
What can be done to prevent DNS spoofing?
|
* Ensure that your DNS software is the latest version, with the most recent security patches installed.
* Enable auditing on all DNS servers. * Secure the DNS cache against pollution. * Deploy anit-IP address spoofing measures. |
|
|
What is IKE?
|
Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE uses a Diffie-Hellman key exchange to set up a shared session secret, from which cryptographic keys are derived. Public key techniques or, alternatively, a pre-shared key, are used to mutually authenticate the communicating parties.
|
|
|
What is ISAKMP?
|
ISAKMP (Internet Security Association and Key Management Protocol) is a protocol for establishing Security Associations (SA) and cryptographic keys in an Internet environment.
|
|
|
What does ISAKMP define?
|
ISAKMP defines the procedures for authenticating a communicating peer, creation and management of Security Associations, key generation techniques, and threat mitigation (e.g. denial of service and replay attacks). ISAKMP typically utilizes IKE for key exchange, although other methods can be implemented. Preliminary SA is formed using this protocol; later a fresh keying is done.
ISAKMP defines procedures and packet formats to establish, negotiate, modify and delete Security Associations. SAs contain all the information required for execution of various network security services, such as the IP layer services (such as header authentication and payload encapsulation), transport or application layer services, or self-protection of negotiation traffic. ISAKMP defines payloads for exchanging key generation and authentication data. These formats provide a consistent framework for transferring key and authentication data which is independent of the key generation technique, encryption algorithm and authentication mechanism. ISAKMP is distinct from key exchange protocols in order to cleanly separate the details of security association management (and key management) from the details of key exchange. There may be many different key exchange protocols, each with different security properties. However, a common framework is required for agreeing to the format of SA attributes, and for negotiating, modifying, and deleting SAs. ISAKMP serves as this common framework. ISAKMP can be implemented over any transport protocol. All implementations must include send and receive capability for ISAKMP using UDP on port 500. Additionally, UDP port 4500 must also be allowed at the destination if the source interface IP address undergoes network address translation from natural (assigned) IP address to a public IP address for connection to the internet. |
|
|
What port does ISAKMP need to send and recieve on?
|
ISAKMP can be implemented over any transport protocol. All implementations must include send and receive capability for ISAKMP using UDP on port 500. Additionally, UDP port 4500 must also be allowed at the destination if the source interface IP address undergoes network address translation from natural (assigned) IP address to a public IP address for connection to the internet.
|
|
|
Where did AES come from?
|
In cryptography, the Advanced Encryption Standard (AES), also known as Rijndael, is a block cipher adopted as an encryption standard by the U.S. government. It has been analyzed extensively and is now used worldwide, as was the case with its predecessor,[3] the Data Encryption Standard (DES). AES was announced by National Institute of Standards and Technology (NIST) as U.S. FIPS PUB 197 (FIPS 197) on November 26, 2001 after a 5-year standardization process in which fifteen competing designs were presented and evaluated before Rijndael was selected as the most suitable (see Advanced Encryption Standard process for more details). It became effective as a standard May 26, 2002. As of 2006[update], AES is one of the most popular algorithms used in symmetric key cryptography. It is available by choice in many different encryption packages. AES is the first publicly accessible and open cipher approved by the NSA for top secret information.
|
|
|
What is the block size and key size of AES?
|
AES has a fixed block size of 128 bits and a key size of 128, 192, or 256 bits.
|
|
|
Which AAA protocol was created and maintained by the IETF?
A. TACAC+ B. RADIUS C. WHIRL D. COPYCAT |
B. RADIUS was created and maitained by the IETF. TACAC+ is a proprietary Cisco technology.
|
|
|
(k)HMAC?
|
In cryptography, a keyed-Hash Message Authentication Code (HMAC or KHMAC), is a type of message authentication code (MAC) calculated using a specific algorithm involving a cryptographic hash function in combination with a secret key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authenticity of a message. Any iterative cryptographic hash function, such as MD5 or SHA-1, may be used in the calculation of an HMAC; the resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA-1 accordingly. The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function, on the size and quality of the key and the size of the hash output length in bits.
An iterative hash function breaks up a message into blocks of a fixed size and iterates over them with a compression function. For example, MD5 and SHA-1 operate on 512-bit blocks. The size of the output of HMAC is the same as that of the underlying hash function (128 or 160 bits in the case of MD5 or SHA-1, respectively), although it can be truncated if desired. Truncating the hash image reduces the security of the MAC which is upper bound by the birthday attack. The construction and analysis of HMACs was first published in 1996 by Mihir Bellare, Ran Canetti, and Hugo Krawczyk, who also wrote RFC 2104. FIPS PUB 198 generalizes and standardizes the use of HMACs. HMAC-SHA-1 and HMAC-MD5 are used within the IPsec and TLS protocols. |
|
|
What is HAVAL?
|
HAVAL is a cryptographic hash function. Unlike MD5, but like most modern cryptographic hash functions, HAVAL can produce hashes of different lengths. HAVAL can produce hashes in lengths of 128 bits, 160 bits, 192 bits, 224 bits, and 256 bits. HAVAL also allows users to specify the number of rounds (3, 4, or 5) to be used to generate the hash.
|
|
|
What is a OTP? (One Time Pad)
|
In cryptography, the one-time pad (OTP) is an encryption algorithm where the plaintext is combined with a random key or "pad" that is as long as the plaintext and used only once. A modular addition is used to combine the plaintext with the pad. (For binary data, the operation XOR amounts to the same thing.) If the key is truly random, never reused, and kept secret, the one-time pad provides perfect secrecy
|
|
|
What port is used by TFTP?
|
UDP port 69.
|
|
|
LDAP uses which port?
LDAPS (LDAP over TLS/SSL uses which port? |
LDAP - TCP/UDP 389
LDAPS - TCP/UDP 636 |
|
|
Dial Pad port?
|
TCP 51220 and UDP 51200,51201
|
|
|
ICQ port?
|
TCP 4000
|
|
|
IPSec port?
|
TCP 500
|
|
|
What is a common authentication method used in Wireless communication.
A. SSL B. PPTP C. EAP D. Token |
C. EAP - Extensible Authentication Protocol, or EAP, is a universal authentication framework frequently used in wireless networks and Point-to-Point connections. Although the EAP protocol is not limited to wireless LANs and can be used for wired LAN authentication, it is most often used in wireless LANs. The WPA and WPA2 standard has officially adopted five EAP types as its official authentication mechanisms.
|
|
|
What is used to negotiate an IPSec session?
|
An IPSec session is negotiated using ISAKMP (Internet Security Association Key Management Protocol.
|
|
|
What is used to set up a secure communication path between IPSec peers?
|
IKE (Internet Key Exchange can use three modes of operation to set up a secure communication path between IPSec peers (initiator and responder). Main mode, Aggressive mode, and Quick mode.
|
|
|
What kind of validation is used by CHAP to validate the identity of remote clients?
|
In CHAP verification is based on a shared secret. The password and hostname are passed in a hash value.
|
|
|
You are acting as a security consultant for a company wanting to decrease their
security risks. As part of your role, they have asked that you develop a security policy that they can publish to their employees.This security policy is intended to explain the new security rules and define what is and is not acceptable from a security standpoint as well as defining the method by which users can gain access to IT resources.What element of AAA is this policy a part of? A. Authentication B. Authorization C. Access Control D. Auditing |
C.Access control is defined as a policy, software component, or hardware component
that is used to grant or deny access to a resource. Since this policy is defining how to access resources, it is considered part of access control. |
|
|
One of the goals of AAA is to provide CIA. A valid user has entered their ID and password
and has been authenticated to access network resources.When they attempt to access a resource on the network, the attempt returns a message stating,“The server you are attempting to access has reached its maximum number of connections.”Which part of CIA is being violated in this situation? A. Confidentiality B. Integrity C. Availability D. Authentication |
C.Availability under CIA has not been assured because the resource is not available to the user after they have authenticated.
|
|
|
A user from your company is being investigated for attempting to sell proprietary information
to a competitor.You are the IT security administrator responsible for assisting with the investigation. The user has claimed that he did not try to access any restricted files and is consequently not guilty of any wrongdoing.You have completed your investigation and have a log record showing that the user did attempt to access restricted files. How does AAA help you to prove that the user is guilty regardless of what he says? A. Access Control B. Auditing C. Authorization D. Non-repudiation |
D. Non-repudiation is part of authentication under AAA, and serves to ensure that the presenter
of the authentication request cannot later deny they were the originator of the request through the use of time stamps, particular protocols, or authentication methods |
|
|
You have been brought in as a security consultant for a programming team working on a new
operating system designed strictly for use in secure government environments. Part of your role is to help define the security requirements for the operating system and to instruct the programmers in the best security methods to use for specific functions of the operating system.What method of access control is most appropriate for implementation as it relates to the security of the operating system itself? A. MAC B. DAC C. RBAC D. All of the above |
A.Mandatory access control is generally built into and implemented within the operating system being used and is hard-coded to protect specific objects.
|
|
|
You are designing the access control methodology for a company implementing an entirely
new IT infrastructure.This company has several hundred employees, each with a specific job function.The company wants their access control methodology to be as secure as possible due to recent compromises within their previous infrastructure.Which access control methodology would you use and why? A. RBAC because it is job-based and more flexible than MAC B. RBAC because it is user-based and easier to administer C. Groups because they are job-based and very precise D. Groups because they are highly configurable and more flexible than MAC |
A. Role-based access control is appropriate for this situation because it is job-based, highly configurable,
more flexible than MAC, and more precise than groups. |
|
|
You are reading a security article regarding penetration testing of various authentication
methods.One of the methods being described uses a time-stamped ticket as part of its methodology.Which authentication method would match this description? A. Certificates B. CHAP C. Kerberos D. Tokens |
C. Kerberos is the only access control method listed which uses time-stamped tickets.
Answer A is incorrect because certificates do not use tickets although they are time-stamped. Answer B is incorrect because CHAP does not use time-stamped tickets as part of its methodology. Answer D is incorrect because tokens |
|
|
Oracle RDBMS port?
|
Oracle RDBMS port is 1521.
|
|
|
The company’s HelpDesk begins to receive numerous calls because customers can’t access the
Web site’s e-commerce section. Customers report receiving a message about an unavailable database system after entering their credentials.Which type of attack could not be taking place? A. A DDoS against the company’s Web site B. A Web site spoofing of the company’s Web site C. A DoS against the database system D. A virus affecting the Web site and/or the database system. |
D. A virus
infecting either the Web site or the database could cause instability and the resulting message. A. If a DDoS attack was being performed on the Web site, customers would not be able to access the Web site.The fact that the Web site shows a database error means the Web site is still operating. Incorrect B. If the Web site is being spoofed, customers could be entering the password in an attacker’s database. C. A DoS attack to the database could cause the database to be unavailable. |
|
|
Your Company’s CEO is afraid of a DDoS attack against the company Web site, and has asked
you to increase the connection to the Internet to the fastest speed available.Why won’t this protect from a DDoS attack? A. A DDoS attack refers to the connection to the Internet, not to Web sites. B. A DDoS attack can marshall the bandwidth of hundreds or thousands of computers, which can saturate any Internet pipeline the company can get. C. A DDoS attack can also be initiated from the internal network; therefore, increasing the Internet pipeline won’t protect against those attacks. D. Increasing the Internet connection speed has no influence on the effectiveness of a DDoS attack. |
B. Even with a very fast Internet connection, if thousands of machines attack the same site, it
will eventually be overrun. Incorrect A. A DDoS attack refers to any DoS that comes from many sources. B A DDoS requires machines in distributed networks, so an attack from the local network does not qualify as a DDoS. D. Increasing the bandwidth slows down the impact of a DDoS. |
|
|
You want to protect your Linux network from password-cracking programs. Where should you store your Linux password file? Choose the best option from those listed below.
a) /etc/shadow b) /etc/passwd c) /etc/security/passwd d) /etc/shadow/security |
a) /etc/shadow
Traditional UNIX-based operating systems keep user account information, including one-way encrypted passwords, in a text file called /etc/passwd. As this file is used by many tools, the file needs to be world-readable. Consequently, this can be somewhat of a security risk. To prevent ordinary users from reading the encrypted passwords, you should use the shadow password system. Under a shadow password system, the /etc/passwd file does not contain encrypted passwords in the password field. Instead, the encrypted passwords are held in a shadow file that is not readable by everyone. The name of the shadow password file varies between the different UNIX-based operating systems. The filename and path for the shadow file on Linux and Sun Solaris systems is /etc/shadow. This file is encrypted and only the root user has read privileges. |
|
|
Virtual Private Networks (VPN) use a public network such as the Internet to connect remote computers together, rather than rely on private leased lines. Although the Internet is essentially an open network, the VPN can use a number of protocols to ensure that only authorized users access the VPN and prevent data interception. Which protocols can be used to create a secure VPN? Choose the best options from those listed below.
a) L2TP b) PPP c) PPTP d) SLIP e) IPSec f) SSH |
a) L2TP
c) PPTP e) IPSec f) SSH A Virtual Private Network (VPN) is based upon the concept of tunneling. Tunneling is a form of encapsulating that allows a network transport protocol to carry information for other protocols within its own packets. Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), Secure Shell (SSH), and IPSecurity (IPSec) protocol can all be used to create VPNs. IPSec is generally regarded as the most popular protocol for VPNs. It combines security technologies, such as IP Security Protocol and Internet Key Exchange (IKE), into an entire system that provides integrity, confidentiality, and authenticity of IP datagrams. Both PPTP and L2TP implement tunneling by embedding their own secure network protocol within the TCP/IP packets carried by the Internet. PPTP and L2TP follow close behind in popularity and are generally used in Windows-based environments. SSH is mainly used in UNIX-based networks to create VPNs. |
|
|
Remote Authentication Dial-In User Service (RADIUS) is a standard communications protocol. Which statements about RADIUS are correct? Choose the best options from those listed below.
a) RADIUS is a client/server protocol. b) RADIUS provides decentralized access control. c) RADIUS communicates using TCP packets. d) RADIUS provides authentication, authorization, and accounting services. |
a) RADIUS is a client/server protocol.
d) RADIUS provides authentication, authorization, and accounting services RADIUS is a standard communications protocol that uses the client/server model. RADIUS provides centralized control over remote dial-in connections through three key services: authentication, authorization, and accounting. Dial-up clients connect to network-access servers (NAS), which use a RADIUS server to access user-account information and check remote-access authentication credentials. If the user's credentials are valid and the connection attempt is authorized, the RADIUS server authorizes the user's access. The RADIUS server passes the authentication information back to the NAS, which acts on the authentication parameters and permits the specified services. RADIUS messages are sent as User Datagram Protocol (UDP) messages. Authentication and authorization processes are combined and the messages are transmitted on UDP port 1812. The accounting operations are conducted on a separate RADIUS accounting server using UDP port 1813. |
|
|
TACACS+ and RADIUS are both remote security server protocols for AAA implementations. They use a stored database of security information and user access configurations to control network access. Which statements correctly identify the differences between TACACS+ and RADIUS? Choose the best options from those listed below.
a) RADIUS and TACACS+ use different transport protocols. b) TACACS+ assigns separate databases for each AAA process. c) RADIUS provides more multiprotocol support for telecommuters than TACACS+. d) TACACS+ secures data integrity more efficiently, by encrypting the whole packet. e) All of the options are correct. |
a) RADIUS and TACACS+ use different transport protocols.
b) TACACS+ assigns separate databases for each AAA process. d) TACACS+ secures data integrity more efficiently, by encrypting the whole packet. RADIUS and TACACS+ use different transport protocols to transmit packets between the RADIUS client and the RADIUS security server. TACACS+ uses TCP to guarantee data transmission between the network access server (NAS) and the security server. RADIUS uses UDP, an unreliable protocol, to simplify client/server interaction when transmitting data. RADIUS and TACACS+ differ in terms of their AAA implementations. TACACS+ separates each of the AAA processes; whereas, RADIUS combines the authentication and authorization processes, and deals with the accounting process separately. TACACS+ secures data integrity more efficiently, by encrypting the whole packet (not including the header). RADIUS encrypts the user's password only; the remainder of the packet is transmitted in plain text. This means that other information, such as username, authorized services, and accounting, could be captured using the RADIUS protocol. TACACS+ provides more support for network telecommuters than RADIUS because of its multiprotocol support. RADIUS does not support AppleTalk Remote Access (ARA) protocol, NetBIOS Frame Protocol Control protocol, Novell Asynchronous Services Interface (NASI), or X.25 connections. |
|
|
You are the network administrator for a large wireless LAN (WLAN). You are contemplating MAC address filtering as a security solution for your wireless network. Which consideration does not apply in your situation? Choose the best option from those listed below.
a) Programming MAC addresses into every AP is impractical. b) Maintaining an up-to-date list of MAC addresses can be problematic. c) A stolen network card circumvents MAC address filtering unless the list is updated. d) Hard-coding the MAC address into every network card is difficult. |
d) Hard-coding the MAC address into every network card is difficult.
Hard-coding the MAC address into every network card is the only task that does not pose a problem. It is relatively easy to change the MAC address of a wireless device through software. In Windows, this is accomplished with a simple edit of the registry; in UNIX, it is accomplished through a root shell command. You can configure MAC address filtering to allow only clients with valid MAC addresses access to the access points (APs). However, MAC address filtering is best suited to small WLANs that have APs. Programming every wireless client's MAC address into every AP and router across a large enterprise network is impractical in a large WLAN. The administrative overhead of maintaining this list of allowable MAC addresses would be an ongoing problem. If a network card is stolen, then all the access lists on every AP must be reset to deny access to that specific MAC address. |
|
|
What are the 3 types of firewalls?
|
The 3 types of firewalls are:
* Packet filtering * Application layer gateways * Stateful inspection |
|
|
At what layer does a packet filtering firewall work?
A. Application Layer B. Transport Layer C. Network Layer D. Physical Layer |
C. Network Layer
A www.syngress.com 360 Chapter 6 • Infrastructure Security: Devices and Media packet-filtering firewall works at the network layer of the Open Systems Interconnect (OSI) model and is designed to operate rapidly by either allowing or denying packets. |
|
|
What kind of firewall analyzes each packet and verifies that it contains the correct type of
data for the specific application it is attempting to communicate with. |
An application layer gateway operates at the application layer of the
OSI model, analyzing each packet and verifying that it contains the correct type of data for the specific application it is attempting to communicate with. |
|
|
What kind of firewall operates at the network layer,
but is aware of the transport, session, presentation, and application layer? |
A stateful
inspection firewall checks each packet to verify that it is an expected response to a current communications session.This type of firewall operates at the network layer, but is aware of the transport, session, presentation, and application layers and derives its state table based on these layers of the OSI model. Another term for this type of firewall is a “deep packet inspection” firewall, indicating its use of all layers within the packet including examination of the data itself. |
|
|
What are the 4 protocols to support encrypted communication for VPN's?
|
VPNs use a variety of protocols to support this encrypted communication,
including Secure Internet Protocol (IPSec), Layer 2 Tunneling Protocol (L2TP), Point-to-Point Tunneling Protocol (PPTP), and SSH. IPSec is the most popular protocol used for dedicated VPN devices followed by L2TP and PPTP. SSH is available for VPNs running under the Windows platform, but it is typically used more frequently in UNIX-based VPNs. |
|
|
WPA?
|
WiFi Protected Access replaced WEP in 2003 as the defacto standard wireless security protocol to be used - the 802.11i standard.
WPA was meant to be a replacement for WEP such that any network could move to the standard without the extra expense of additional or replacement hardware. Herein lay the only real weakness in the new standard, which was understood from the start: the algorithm used in WPA (Michael) was made as strong as possible while maintaining a level of usability on legacy adapters. As such, the design of WPA fell short of what was already an achievable level of security in 2003 when it was released. Still, it was a solid source of security, boasting cryptographic support from the Temporal Key Integrity Protocol (TKIP) based on the RC4 cipher, which www.syngress.com Communication Security: Remote Access and Messaging • Chapter 3 109 dynamically changes keys as the system is used. In addition,WPA included support for Extensible Authentication Protocol (EAP), Extensible Authentication Protocol- Transport Layer Security (EAP-TLS), Extensible Authentication Protocol-Tunneled Transport Layer Security (EAP-TTLS), or Protected Extensible Authentication Protocol (PEAP). |
|
|
TKIP?
|
TKIP (pronounced "tee-kip") was designed by the IEEE 802.11i task group and the Wi-Fi Alliance as a solution to replace WEP without requiring the replacement of legacy hardware. This was necessary because the breaking of WEP had left WiFi networks without viable link-layer security, and a solution was required for already deployed hardware.
On October 31, 2002, the Wi-Fi Alliance endorsed TKIP under the name Wi-Fi Protected Access (WPA).[1] The IEEE endorsed the final version of TKIP, along with more robust solutions such as 802.1X and the AES based CCMP, when they published IEEE 802.11i-2004 on 23 July 2004.[2] The Wi-Fi Alliance soon afterwards adopted the full specification under the marketing name WPA2.[3] |
|
|
What Authentication protocol is supported in WPA Wireless security?
A. RC4 B. Blowfish C. LEAF D. EAP and it's variants |
D. EAP WPA included support
for Extensible Authentication Protocol (EAP), Extensible Authentication Protocol- Transport Layer Security (EAP-TLS), Extensible Authentication Protocol-Tunneled Transport Layer Security (EAP-TTLS), or Protected Extensible Authentication Protocol (PEAP). EAP, defined by RFC 3748, is an authentication framework providing a functionality for a variety of authentication mechanisms. It does not provide encryption itself, but rather the ability to utilize several encryption methods within an authentication construct. EAP-TLS is considered a very secure form of authentication as it employs the security of TLS, which is the successor to SSL, and makes use of both server-side and client-side certificates. Although considered very secure (especially when client-side certificates are stored on devices like Smart Cards), the overhead of this form of authentication keeps it from being a more frequently implemented solution. EAP-TTLS also provides very good security utilizing Public Key Infrastructure (PKI) certificates on the authentication server only to create a tunnel between the client and the server. PEAP is the result of a joint development effort from Microsoft, Cisco Systems, and RSA Security. Like EAP-TTLS, it provides security via serverside PKI certificates. |
|
|
Describe the Authentication Process of a wireless user (supplicant) to the centralized authority. (authenticator)
|
When a wireless user (or supplicant) wants to access a wireless network, 802.1x
forces them to authenticate to a centralized authority called an authenticator. 802.1x uses the EAP for passing messages between the supplicant and the authenticator. When communication begins, the authenticator places the user into an unauthorized state.While in this unauthorized state, the only messages that can be transmitted are EAP start messages. At this point, the authenticator sends a request to the user asking for their identity.The client then returns their identity to the authenticator, which in turn forwards it to the authentication server, which is running an authentication service such as RADIUS. The authentication server authenticates the user and either accepts or rejects the user based on the credentials provided. If the user provides the correct credentials, the authenticator changes the user’s state to “authorized” thus allowing the user to move freely within the WLAN. |
|
|
What layer of the OSI model does EAP operate at?
A. Presentation Layer B. Network Layer C. Datalink Layer D. Physical Layer |
C. Data Link Layer
EAP is an authentication protocol designed to support several different authentication mechanisms. It runs directly over the data link layer and does not require the use of Internet Protocol (IP). |
|
|
What 3 protocols do you need to create a VPN tunnel?
|
■ Carrier Protocol The protocol used by the network (IP on the
Internet) that the information is traveling over ■ Encapsulating Protocol This term includes both the tunneling protocol (PPTP, L2TP) and the encrypting protocol (IPSec, Secure Shell [SSH]) that is wrapped around the original data ■ Passenger Protocol The original data being carried For the Security+ exam you need to remember the three protocols used in a VPN tunnel. Think of a letter being sent through the mail: the letter is the passenger, which is encapsulated in an envelope, and addressed in a way that the carrier (the post office) can understand. |
|
|
What is the first step in creating site-to-site VPN connection?
|
The first step in creating a site-to-site VPN is selecting the tunneling protocol
to be use. PPTP and L2TP are two common tunneling protocols in use. Once a tunnel is established, encryption protocols are used to secure data passing through the tunnel. Common protocol choices for securing data during transmission are IPSec and SSL. |
|
|
S/MIME uses a/an _______ for key exchange as well as digital signatures.
|
S/MIME uses a PUBLIC KEY ALGORITHM for key exchange as well as digital signatures.
|
|
|
PGP can fall victem to a _______ attack which occurs when a hacker creates a message and sends it to a targeted userid with the expectation that this user will then send the message out to other users. When a targeted user distributes a message to others in an encrypted form, a hacker can listen to the transmitted messages and figure out the key from the newly created ciphertext.
|
This is a Ciphertext attack.
|
|
|
One of the biggest differences between TACACS and TACACS+ is that TACACS uses
_________ as its transport protocol and TACACS+ uses _________ as its transport protocol. A. TCP; UDP B. UDP;TCP C. IP;TCP D. IP; UDP |
B.TACACS uses UDP (a connectionless-oriented protocol) for its transport protocol whereas
TACACS+ uses TCP (a connection-oriented protocol) for transporting data because TCP is a reliable transport protocol. |
|
|
You have created a wireless network segment for your corporate network and are using WEP
for security.Which of the following terms best describes the APs and the clients who want to connect to this wireless network? A. Key Sharer and Key Requester B. Applicants and Supplicants C. Servers and Clients D. Authenticators and Supplicants E. All of the above |
D. When using the 802.1x authentication standard Wired Equivalent Privacy (WEP) the APs
are called the authenticators and the clients who want to connect to them are called the supplicants.. |
|
|
What can be implemented in a wireless network to provide authentication, data and privacy
protection? A. WTLS B. WEP C. WAP D. WSET |
Answer A is correct. In a wireless network WTLS (Wireless Transport Layer Security) can be
used to specifically provide authentication, data and privacy protection. |
|
|
You are tasked with creating a new wireless network for corporate users. However, your CEO
is very concerned about security and the integrity of the rest of the company’s network.You assure your CEO that the new wireless network will be secure by suggesting you will place the wireless network APs in a special area.Where will you place the wireless APs? A. Your office B. The CEO’s office C. A DMZ D. A secured server room E. A fresnel zone |
C. The solution is to place wireless APs on their own separate subnets, in effect creating a kind
of Demilitarized Zone (DMZ) for the wireless network.The wireless subnet could be separated from the wired corporate network by either a router or a full-featured firewall. Answers A, B and D are incorrect because your office, the CEO’s office and a secured server room do not properly meet the security requirements for the AP’s.Answer E is incorrect because the area over which the radio waves propagate from an electromagnetic source is known as the fresnel zone. |
|
|
What is a fresnel zone?
|
A fresnel zone is the area
over which the radio waves propagate from an electromagnetic source. In optics and radio communications, a Fresnel zone, named for physicist Augustin-Jean Fresnel, is one of a (theoretically infinite) number of concentric ellipsoids of revolution which define volumes in the radiation pattern of a (usually) circular aperture. Fresnel zones result from diffraction by the circular aperture. |
|
|
The biggest weakness in WEP stems from which vulnerability?
A. The reuse of IV values. B. The ability to crack WEP by statistically determining the WEP key through the Fluhrer- Mantin-Shamir attack. C. The ability to spoof MAC addresses thereby bypassing MAC address filters. D. All of the above. |
Answer B is correct. By far the most devastating attack against WEP is the Fluhrer-Mantin-
Shamir attack of statistically determining the WEP key.This allows an attacker to crack a WEP key within hours and thereby gain full access to the wireless network or to the traffic on it. Answer A is incorrect.While the reuse of IV values does provide a significant problem (and in fact leads to the success, in some cases, of the Fluhrer-Mantin-Shamir attack) it is not as great a threat as FMS. Answer C is incorrect.The capability to spoof MAC addresses is not a problem with WEP, but rather with 802.11 as a whole. Answer D is incorrect. |
|
|
The tool NetStumbler detects wireless networks based on what feature?
A. SSID B. WEP key C. MAC address D. CRC-32 checksum |
Answer A is correct. NetStumbler detects wireless networks by looking for SSIDs. Answer B is
incorrect. NetStumbler does identify networks with WEP enabled, but does not use that fact in identifying the network.Answer C is incorrect. NetStumbler does detect clients and APs based on their MAC but does not use this information for identifying wireless networks. Answer D is incorrect because CRC-32 checksums are of no concern to NetStumbler. |
|
|
The 802.1x standard requires the use of an authentication server to allow access to the wireless
LAN.You are deploying a wireless network and will use EAP-TLS as your authentication method.What is the most likely vulnerability in your network? A. Unauthorized users accessing the network by spoofing EAP-TLS messages B. DoS attacks occurring because 802.11 management frames are not authenticated C. Attackers cracking the encrypted traffic D. None of the above |
Answer B is correct. One of the biggest problems identified in a paper discussing 802.1x security
is the lack of authentication in the 802.11 management frames and that 802.1x does not address this problem. Answer A is incorrect because spoofing EAP-TLS is impossible.The attacker needs the user’s certificate and passphrase. Answer C is incorrect because cracking encrypted traffic is possible but unlikely since EAP-TLS allows for WEP key rotation. Answer D is incorrect. |
|
|
Your company uses WEP (Wired Equivalent Privacy) for its wireless security.Who may
authenticate to the company’s access point? A. Anyone in the company can authenticate B. Only the administrator can authenticate C. Only users with the valid WEP key D. None of the above |
Answer C is correct. If your company is using WEP (Wired Equivalent Privacy) for its wireless
security, only those users with the correct or valid WEP key can authenticate at the access point.Answers A, B and D are incorrect. |
|
|
You determine that someone has been using Web spoofing attacks to get your users to give out
their passwords to an attacker.The users tell you that the site at which they have been entering the passwords shows the same address that normally shows in the address bar of the browser. What is the most likely reason that the users cannot see the URL that they are actually using? A. The attacker is using a digital certificate created by a third-party CA. B. The attacker is using HTTP/S to prevent the browser from seeing the real URL. C. The attacker is using ActiveX to prevent the Web server from sending its URL. D. The attacker is using JavaScript to prevent the browser from displaying the real URL. |
D. The attacker is using JavaScript to prevent the browser from displaying the real URL. By
using JavaScript, the attacker can cause the browser to change the URL in the address bar to show whatever the attacker wants to, including the URL of a different site than the one the user is actually using. |
|
|
You are setting up a new Web server for your company. In setting directory properties and permissions
through the Web server, you want to ensure that hackers are not able to navigate through the directory structure of the site, or execute any compiled programs that are on the hard disk.At the same time, you want visitors to the site to be able to enjoy the code you’ve included in HTML documents, and in scripts stored in a directory of the Web site.Which of the following will be part of the properties and permissions that you set? A. Disable script source access B. Set execute permissions in the directory to “None” C. Disable directory browsing D. Enable log visits |
C. Disable directory browsing. Of the various tasks you would need to perform on the Web
server, the only choice offered that would apply to this scenario is disabling directory browsing to prevent visitors from navigating through the directory structure of the Web site. |
|
|
When reviewing security on an intranet, an administrator finds that the Web server is using
port 22.The administrator wants transmission of data on the intranet to be secure.Which of the following is true about the data being transmitted using this port? A. TFTP is being used, so transmission of data is secure. B. TFTP is being used, so transmission of data is insecure. C. FTP is being used, so transmission of data is secure. D. S/FTP is being used, so transmission of data is secure. |
D. S/FTP is being used, so transmission of data is secure. S/FTP is Secure FTP, and uses port
22. S/FTP establishes a tunnel between the FTP client and the server, and transmits data between them using encryption and authentication is based on digital certificates. |
|
|
A number of scans are being performed on computers on the network.When determining
which computer is running the scans on these machines, you find that the source of the scans are the FTP server.What type of attack is occurring? A. Bounce attack B. Phishing C. DoS D. Web site spoofing |
A. Bounce attack. A bounce attack occurs when scans are run against other computers through
the FTP server, so that it appears the FTP server is actually running the scans.The scans can be performed due to a mechanism in FTP called proxy FTP, which allows FTP clients to have the server transfer the files to a third computer. |
|
|
How many session keys are created in Kerberos's symmetric encryption?
A. 1 B. 2 C. 3 D. 0 |
B. One key goes to the user's connection which holds the expiration stamp. The AS holds the other key.
|
|
|
What are 3 vulnerability scanners?
|
Nessus
SATAN SAINT |
|
|
The most difficult part of the Diffie-Hellman key exchange is to understand
that there are two separate and independent encryption cycles happening. As far as Diffie-Hellman is concerned, only a small message is being transferred between the sender and the recipient. It just so happens that this small message is the secret key needed to unlock the larger message. |
Secure Internet Protocol (IPSec) uses the Diffie-Hellman algorithm in
conjunction with the Rivest, Shamir, & Adleman (RSA) authentication to exchange a session key used for encrypting all traffic that crosses the IPsec tunnel. |
|
|
What are some characteristics of the AES (Advanced Encryption Standard) (Rijndael) encryption algorithm?
|
■ Private key symmetric block cipher (similar to DES)
■ Stronger and faster than 3DES ■ Life expectancy of at least 20 to 30 years ■ Supports key sizes of 128 bits, 192 bits, and 256 bits ■ Freely available to all; royalty free, non-proprietary, and not patented ■ Small footprint. AES can be used effectively in memory and in central processing unit (CPU) limited environments such as Smart Cards |
|
|
Which Encryption Algorithm was developed as the European counterpart to DES and is widely used in PGP?
A. AES B. Rijndael C. RSA D. IDEA |
D. IDEA Of note:
Is patented in US and Europe Is used in PGP Counterpart to DES (but faster) |
|
|
What does IPSec use to make a securure IPsec tunnel?
|
Secure Internet Protocol (IPSec) uses the Diffie-Hellman algorithm in
conjunction with the Rivest, Shamir, & Adleman (RSA) authentication to exchange a session key used for encrypting all traffic that crosses the IPsec tunnel. |
|
|
What is the difference between PKDS and PKE?
|
RSA being significantly faster than Diffie-Hellman, lead to a split in the asymmetric cryptography field that refers to Diffie-Hellman and similar algorithms as Public
Key Distribution Systems (PKDS), and RSA and similar algorithms as Public Key Encryption (PKE). PKDS systems are used as session-key exchange mechanisms, while PKE systems are considered fast enough to encrypt small messages. However, PKE systems like RSA are not considered fast enough to encrypt large amounts of data such as entire file systems or high-speed communications lines. |
|
|
What are the key sizes generally for assymetric algorithms?
|
RSA, Diffie-Hellman, and other asymmetric algorithms use larger keys
than their symmetric counterparts. Common key sizes include 1024 bits and 2048 bits. |
|
|
What information is included in an X.509 certificate?
|
■ Serial Number A unique identifier.
■ Subject The name of the person or company that is being identified. (Sometimes listed as “Issued To”) ■ Signature Algorithm The algorithm used to create the signature. ■ Issuer The trusted authority that verified the information and generated the certificate. (Sometimes listed as “Issued By”) ■ Valid From The date the certificate was activated. ■ Valid to The last day the certificate can be used. ■ Public Key The public key that corresponds to the private key. ■ Thumbprint Algorithm The algorithm used to create the unique value of a certificate. ■ Thumbprint The unique value of every certificate, which positively identifies the certificate. If there is ever a question about the authenticity of a certificate, check this value with the issuer. |
|
|
What is a certificate policy?
|
■ Serial Number A unique identifier.
■ Subject The name of the person or company that is being identified. (Sometimes listed as “Issued To”) ■ Signature Algorithm The algorithm used to create the signature. ■ Issuer The trusted authority that verified the information and generated the certificate. (Sometimes listed as “Issued By”) ■ Valid From The date the certificate was activated. ■ Valid to The last day the certificate can be used. ■ Public Key The public key that corresponds to the private key. ■ Thumbprint Algorithm The algorithm used to create the unique value of a certificate. ■ Thumbprint The unique value of every certificate, which positively identifies the certificate. If there is ever a question about the authenticity of a certificate, check this value with the issuer. The certificate policy is a plaintext document that is assigned a unique object identifier (OID) so that anyone can reference it. |
|
|
What is a certificate practice statement (CPS)?
|
A CPS describes how
the CA plans to manage the certificates it issues. If a CA does not have a CPS available, or does not trust the practices described in the CPS as being secure enough, users should consider finding another CA, and not trusting certificates signed by that CA’s root certificate. |
|
|
Why would a CA revoke a certificate?
|
For anything that makes the certificate's information no longer reliable from that point forward. For example a new ISP, a new physical address, a company POC change, etc.
Of course, the most important reason a certificate should be revoked is if the private key has been compromised. |
|
|
What is OCSP?
A. Online Connection Status Protocol B. One Connection Service Point C. Open Communication State Port D. Online Certificate Status Protocol |
D. Online Certificate Status Protocol
The OCSP was defined to help PKI certificate revocation bypass the limitations of CRL schemes. OCSP returns information relating only to certain certificates that have been revoked.With OCSP, there is no need for the large files used in a CRL to be transmitted. A query is sent to a CA regarding a particular certificate over transport protocols such as Hypertext Transfer Protocol (HTTP). Once the query is received and processed by the CA, an OCSP responder replies to the originator with the status of the certificate, as well as information regarding the response.An OCSP response consists of: ■ The status of the certificate ( “good,”“revoked,” or “unknown”) ■ The last update on the status of the certificate ■ The next time the status will be updated ■ The time that the response was sent back to the requestor One of the most glaring weaknesses of OCSP is that it can only return information on a single certificate, and does not attempt to validate the certificate for the CA that issued it. |
|
|
What does PKCS Stand for?
|
The Public-Key Cryptography Standards (PKCS) are standard protocols used for
securing the exchange of information through PKI.The list of PKCS standards was created by RSA laboratories, the same group that developed the original RSA encryption standard, along with a consortium of corporations including Microsoft, Sun, and Apple. |
|
|
What is a Lunchtime attack?
|
Lunchtime attacks are one of the most common types of internal attacks
initiated by employees of an organization. But, they are also one of the easiest attacks to defend against. Most OSes (Windows, Linux, and so forth) offer the ability to automatically lock desktops through screensavers that activate after a brief period of inactivity. For those companies with “Phils” who constantly leave their computers unlocked, this is an easy way to reduce the amount of lunchtime attacks. (Other types of attacks are covered in detail in Chapter 2.) There are other appropriate technological protections against this type of attack, such as the use of locking screensavers and short timeouts; the physical access security on machines carrying sensitive certificates; even the use of radio identifiers so as to lock a workstation when its user is away from it for more than a few seconds. |
|
|
While software storage is not considered a reliable means of storing high-security private key's, if using HSM's what are some examples?
|
To overcome the issues of software storage, Hardware
Storage Modules (HSMs) were created. HSMs, such as Smart Cards, Personal Computer Memory Card International Association (PCMCIA) cards, and other hardware devices, store private keys and handle all encryption and decryption of messages so that the key does not have to be transmitted to the computer. (Using magnetic media is really the equivalent of software key storage with an offline file store, and should not be thought of as hardware storage of keys.) Keeping the keys off of the computer prevents information about the keys from being discovered in computer memory. |
|
|
What is one of the most flexible method of storing personal private keys using a HSM (Hardware Storage Module)?
A. Flash card B. PCMCIA C. Smart Card D. Briefcase |
C. Smart cards
Smart Cards are the most flexible method of storing personal private keys using the hardware storage method. Since Smart Cards are normally about the size of a credit card, they are easily stored and can resist a high level of physical stress. Smart Cards are also not very expensive. Unlike a credit card that has a magnetic strip, Smart Cards store information using microprocessors, memory, and contact pads for passing information |
|
|
Whate is Key Escrow?
|
When a company uses key escrow, they
keep copies of their private key in one or more secured locations where only authorized persons are allowed to access them. A simple key escrow scheme would involve handing a copy of your keys to an escrow company, who would only divulge the keys back to you (or your successor in the organization you represent), upon presentation of sufficient credentials. In a more advanced key escrow scheme, there may be two or more escrow agencies.The keys are split up and one half is sent to the two different escrow companies (see Figure 10.11). Using two different escrow companies is a separation of duties, preventing one single escrow company from being able to compromise encrypted messages by using a client’s key set. |
|
|
What is the history behind the SkipJack algorithm?
|
In 1993, the U.S. Congress was trying to pass the idea of implementing a special encryption chip, known as the
Clipper Chip, in all electronic devices made inside of the U.S. The Clipper Chip was controversial because the encryption algorithm used, SkipJack, was a classified algorithm and was never scrutinized by the public computing community. Once again, there was an uproar. Once again, the government pulled back. The general fear was that since the government was controlling the encryption format, they could track and decrypt every communication session established through the use of the Clipper Chip. There were also concerns about the strength of SkipJack. What little information there was about SkipJack included the fact that it used an 80-bit key, which is easily broken. |
|
|
When checking the status of a certificate, for example with the OCSP, what might a certificate that is suspended look like?
|
Certification Hold.
|
|
|
What is a Key Recovery Agent?
|
A key recovery agent is an employee who has the authority
to retrieve a user’s private key. Some key recovery servers require that two key recovery agents retrieve private user keys together for added security (separation of duties).This is similar to certain bank accounts, which require two signatures on a check for added security. Some key recovery servers also have the ability to function as a key escrow server, thereby adding the ability to split the keys onto two separate recovery servers, further increasing the security. CAs and recovery servers also require certain information before they allow a key to be recovered. This is known as Key Recovery Information (KRI). |
|
|
True or False. A key renewal is done whenever some information about the certificate changes?
|
False. The most important thing to remember about certificate renewal is that
it occurs at or near the end of the certificate’s life cycle, and is never due to a change of information. |
|
|
What should be done when a key pair is no longer needed?
|
The point is, when there is no longer a need for a key pair, all record of the key
pair should be destroyed. Before a server is sold, the media needs to be erased and overwritten so that there cannot be recovery of the keys. Paper copies of the keys also need to be properly disposed of. Not only should the keys be destroyed, the CA must be notified that Chocolate Crunchies has gone out of business, and the certificate should be deregistered. EXAM WARNING Deregistering a key pair is different from revoking a key pair. When you deregister a key pair, the association between the key pair, CA, and the key owner is broken. When a key is revoked, it is because the information is no longer valid or the private key was compromised, but the key owner still exists. |
|
|
In what scenario might multiple key pairs, (dual keys) be necessarry?
|
Remember that multiple key scenarios usually exist in cases where forged digital signatures are a concern. Multiple keys may also be used
when there are different purposes for the certificates. For example, a user may wish to identify himself to a number of different Web sites, with a certificate for each, or he may wish to sign e-mail using a different certificate from that which he uses to authenticate. |
|
|
What OSI layer does EAP run at?
|
EAP runs directly over the data link layer and does not require the use of Internet Protocol (IP).
When a wireless user (or supplicant) wants to access a wireless network, 802.1x forces them to authenticate to a centralized authority called an authenticator. 802.1x uses the EAP for passing messages between the supplicant and the authenticator. When communication begins, the authenticator places the user into an unauthorized state.While in this unauthorized state, ##the only messages that can be transmitted are EAP start messages.## At this point, the authenticator sends a request to the user asking for their identity.The client then returns their identity to the authenticator, which in turn forwards it to the authentication server, which is running an authentication service such as RADIUS. |
|
|
What 3 different protocols are needed for creating a VPN tunnel?
|
A tunnel is created by wrapping (or encapsulating) a data
packet inside another data packet and transmitting it over a public medium. Tunneling requires three different protocols: ■ Carrier Protocol The protocol used by the network (IP on the Internet) that the information is traveling over ■ Encapsulating Protocol This term includes both the tunneling protocol (PPTP, L2TP) and the encrypting protocol (IPSec, Secure Shell [SSH]) that is wrapped around the original data ■ Passenger Protocol The original data being carried |
|
|
Does TACACS offer the three staples of a good Remote Authentication Service, Authentication, Authorization, and Accounting?
|
TACACS
offers authentication and authorization, it does not offer any accounting tools. As mentioned earlier, a good RAS must fit all the criteria of the AAA model. |
|
|
What is the main difference between TACACS and TACACS+?
|
The most important thing to remember is that TACACS uses
UDP as its transport protocol while TACACS+ uses TCP. Also, TACACS+ is a proprietary version owned by Cisco. |
|
|
What are the major differences between PPTP (TCP 1723) and L2TP (UDP 1701)?
Hint: L2TP has many advantages over PPTP. |
The differences between PPTP and L2TP that you need to know for the Security+ exam are:
■ L2TP requires IPSec in order to offer encryption. ■ L2TP is often implemented as a hardware solution (though also available on Windows RAS servers), where PPTP is not. ■ L2TP can run on top of protocols such as IP, Internetwork Packet Exchange (IPX), and Systems Network Architecture (SNA), where PPTP can work only on IP networks. ■ Using L2TP with IPSec provides per-packet data origin authentication (proof that the data was sent by an authorized user), data integrity (proof that the data was not modified in transit), replay protection (prevention from resending a stream of captured packets), and data confidentiality (prevention from interpreting captured packets without an encryption key). ■ L2TP/IPSec connections require two levels of authentication: computer level authentication using certificates or pre-shared keys for IPSec sessions, and user-level authentication using PPP authentication protocol for the L2TP tunnel. Some advantages of the L2TP/IPSec combination over PPTP are: ■ IPSec provides per-packet data origin, data integrity, replay protection, and data confidentiality. In contrast, PPTP only provides per-packet data confidentiality. ■ L2TP/IPSec connections require two levels of authentication: computer level authentication and user-level authentication. ■ PPP frames exchanged during user-level authentication are never sent unencrypted, because the PPP connection process for L2TP/IPSec occurs after the IPSec security association (SA) is established. |
|
|
IPSec is implemented at what OSI layer?
|
Network.
|
|
|
What two protocols make up IPSec?
|
IPSec is made up of two separate security protocols.AH protocol is responsible for maintaining the authenticity and integrity of the payload. AH authenticates packets by signing them, which ensures the integrity of the data. Since the signature is specific to the packet being transmitted, the receiver is assured of the data source. Signing packets also provides integrity, since the unique signature prevents the data from being modified. Encapsulating security payload (ESP) protocol also handles the authenticity and integrity of payloads, but also adds the advantage of data confidentiality through encryption. AH and encapsulating security payload can be used together or separately. If used together, the entire packet is authenticated.
|
|
|
WAP stands for?
|
WAP - Wireless Application Protocol. It is a protocol used by PDAs, cell phones, and handheld computers to send and receive data.
|
|
|
What does the software require to encrypt a message with PGP?
|
A passphrase.
|
|
|
Explain ARO x SLE = ALE.
|
ARO - Annualized Rate of Occurance
SLE - Single Loss Expectancy ALE - Annual Loss Expectancy |
|
|
What are the significat ports used by Back Orifice and Back Orifice 2000?
|
Back Orifice
Server Component - UDP 31337 Client Component - UDP 1049 Client w/HTTP - TCP 1056 |
