Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
377 Cards in this Set
- Front
- Back
|
|
|
|
|
|
|
|
|
|
|
|
|
What is a key difference in security between MAC and DAC?
|
In MAC a user who can access a file cannot necessarily copy it.
|
|
|
What DoD classification does MAC map to?
|
Level-B classification
|
|
|
What DoD classification does DAC map to?
|
Level-C classification
|
|
|
What does CHAP use for authentication?
|
hashing
|
|
|
What is AES?
|
Also known as Rijndael, is a block cipher adopted as an encryption standard by the U.S. government.
|
|
|
What type of encryption is AES?
|
symmetric
|
|
|
What kind of algorithm is 3DES?
|
symmetric
|
|
|
What algorithm does AES use?
|
Rijndael
|
|
|
What two encryption standards is AES designed to replace?
|
DES and 3DES
|
|
|
What is the most effective way of enforcing security in a dialup network?
|
require callback
|
|
|
What port do DNS zone transfers use?
|
TCP port 53
|
|
|
What port do DNS lookups use?
|
UDP port 53
|
|
|
Why do routers help limit the damage done by sniffing and MITM attacks?
|
They send data to a specific subnet only
|
|
|
What are the two types of symmetric algorithms?
|
block and stream
|
|
|
What are the two advantages of block ciphers over stream ciphers?
|
They are faster and more secure.
|
|
|
What is the main difference between S/MIME and PGP?
|
S/MIME relies upon a CA for public key distribution
|
|
|
What is the maximum throughput of 802.11a?
|
54 Mbps
|
|
|
What frequency does 802.11b operate at?
|
2.4 GHz
|
|
|
What is the maximum throughput of 802.11b?
|
11 Mbps
|
|
|
What frequency does 802.11g operate at?
|
2.4 GHz
|
|
|
What is the maximum throughput of 802.11g?
|
54 Mbps
|
|
|
Is 802.11g backwards-compatible with 802.11a and 802.11b?
|
backwards-compatible with 802.11b only at 11 Mbps
|
|
|
What type of media access control does 802.11 use?
|
collision avoidance
|
|
|
What sort of attack does TACACS+'s lack of integrity checking make it vulnerable to?
|
replay attacks
|
|
|
What two bit strengths is SSL available in?
|
40-bit and 128-bit
|
|
|
What two bit strengths is SSL available in?
|
40-bit and 128-bit
|
|
|
What is the maximum capacity of QIC?
|
20 GB
|
|
|
What is the maximum capacity of 4mm DAT?
|
40 Gb
|
|
|
What is the maximum capacity of 8mm tapes?
|
50 Gb
|
|
|
What is the maximum capacity of Travan?
|
40 Gb
|
|
|
What is the maximum capacity of DLT?
|
220 Gb
|
|
|
With biometric scanning what is rejecting a valid user called?
|
Type I Error
|
|
|
With biometric scanning what is accepting a user who should be rejected called?
|
Type II error
|
|
|
In biometric scanning what is the crossover accuracy?
|
When type I error equals Type II error.
|
|
|
What mathematical fact does a birthday attack rely on?
|
it is much easier to find two datasets that share a hash than to find a dataset that shares a hash with a given dataset
|
|
|
What is CRL?
|
Certificate Revocation ListA list of certificates (more accurately: their serial numbers) which have been revoked, are no longer valid, and should not be relied on by any system user.
|
|
|
What is OCSP?
|
Online Certificate Status ProtocolThe replacement for CRL
|
|
|
What disadvantage does CRL have that OCSP addresses?
|
updates must be downloaded frequently to be accurate
|
|
|
Does TLS use the same ports for encrypted and unencrypted data?
|
No.
|
|
|
What is the difference between S-HTTP and SSL?
|
S-HTTP is designed to send individual messages securely, SSL sets up a secure connection between two computers
|
|
|
What is the primary limitation of symmetric cryptography?
|
key distribution
|
|
|
What protocol is being pushed as an open standard for IM?
|
SIMPLE
|
|
|
In relation to AAA what is CIA?
|
Confidentiality, Integrity, Availability
|
|
|
What are the three components of AAA?
|
Authentication, Authorization(Access Control), Accounting(Auditing)
|
|
|
What is an open relay?
|
an SMTP relay that does not restrict access to authenticated users
|
|
|
Describe the Diffie-Hellman key exchange.
|
A cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher.
|
|
|
What encryption scheme does WEP use?
|
RC4
|
|
|
Who created RC2 and RC4?
|
Rivest
|
|
|
What are the two main types of firewalls?
|
application-level and network-level
|
|
|
How does an application level firewall handle different protocols?
|
With a proxy program for each protocol
|
|
|
What happens if an application-level protocol doesn't have a proxy program for a given protocol?
|
the protocol can't pass through the firewall
|
|
|
What limitation do application-level firewalls create for proprietary software?
|
"proprietary software often uses proprietary protocols, which often can't pass the firewall"
|
|
|
Which is faster, application-level or network-level firewalls?
|
network-level firewalls
|
|
|
What are the two types of network-level firewalls?
|
packet filters and stateful packet inspection
|
|
|
What might be indicated by packets from an internal machine with an external source address in the header?
|
machine is being used in a DoS/DDoS attack
|
|
|
What is the DSS?
|
Digital Signature StandardProvides for non-repudiation of messages. Proposed by NIST.
|
|
|
Does DSS use symmetric or asymmetric keys?
|
asymmetric
|
|
|
What is PEM?
|
Privacy Enhanced Mailpublic-key encryption similar to S/MIME
|
|
|
What does PGP use in place of a CA?
|
A "web of trust".
|
|
|
What type of encryption is Kerberos?
|
symmetric
|
|
|
What is X.509 used for?
|
digital certificates
|
|
|
What are tokens also known as?
|
One-time passwords
|
|
|
What type of network is extremely vulnerable to Man in the Middle attacks?
|
wireless
|
|
|
What is smurfing?
|
"broadcasting echo requests with a falsified source address, overwhelming the owner of the address"
|
|
|
What port does the chargen exploit use?
|
TCP 19
|
|
|
What port does echo use?
|
port 7
|
|
|
What ports does FTP use?
|
ports 20 and 21
|
|
|
What port does FTP use for data?
|
port 20
|
|
|
What port does SSH use?
|
port 22
|
|
|
What port does Telnet use?
|
port 23
|
|
|
What port does SMTP use?
|
port 25
|
|
|
What port does TACACS use?
|
port 49
|
|
|
What ports does DNS use?
|
TCP and UDP 53
|
|
|
What port does POP3 use?
|
port 110
|
|
|
What port does SNMP use?
|
port 161
|
|
|
What port does HTTPS use?
|
TCP 443
|
|
|
What port does RADIUS use?
|
port 1812
|
|
|
What does 802.1x do?
|
Provides an authentication framework for wired and wireless networks.
|
|
|
What is TACACS?
|
Terminal Access Controller Access Control System
|
|
|
What advantage does TACACS+ have over TACACS?
|
multi-factor authentication
|
|
|
What protocol is replacing PPTP?
|
L2TP
|
|
|
What two protocols were combined to form L2TP?
|
Microsoft's PPTP and Cisco's L2F
|
|
|
What are the two main components of L2TP?
|
L2TP Access Controller (LAC) and L2TP Network Server (LNS)
|
|
|
What three utilities comprise SSH?
|
SSH, Slogon, SCP
|
|
|
What type of encryption does SSH use?
|
RSA publickey
|
|
|
What two services are provided by IPSec?
|
Authentication Header (AH)Encapsulating Security Payload (ESP)
|
|
|
What encryption does S/MIME use?
|
RSA
|
|
|
Who developed PGP?
|
Phillip R. Zimmerman
|
|
|
What is PGP primarily used for?
|
email encryption
|
|
|
What type of encryption does PGP use?
|
public key - asymetric
|
|
|
What two algorithm options exist for PGP?
|
RSA and Diffie-Hellman
|
|
|
Are SSL sessions stateful or stateless?
|
stateful
|
|
|
What two strengths does SSL come in?
|
40-bit and 128-bit
|
|
|
What is TLS?
|
Transport-Layer Security- a successor to SSL
|
|
|
What type of encryption does SSL use?
|
RSA - PKI - public-key
|
|
|
What two layers does TLS consist of?
|
TLS Record Protocol TLS Handshake Protocol
|
|
|
Are SSL and TLS compatible?
|
No.
|
|
|
What is HTTPS?
|
HTTP over SSL
|
|
|
What kind of encryption does HTTPS use?
|
40-bit RC4
|
|
|
What is Authenticode?
|
A method of signing ActiveX controls.
|
|
|
What language is normally used to write CGI scripts?
|
Perl
|
|
|
What is DEN?
|
Directory Enabled NetworkingA specification for how to store network information in a central location.
|
|
|
What model is DEN based on?
|
Common Information Model (CIM)
|
|
|
What security problem does FTP have?
|
Authentication is sent in clear text.
|
|
|
What does S/FTP use for encryption?
|
SSL
|
|
|
What are the four WAP layers?
|
Wireless Application Environment (WAE)Wireless Session Layer (WSL)Wireless Transport Layer Security (WTLS)Wireless Transport Layer (WTL)
|
|
|
What is WML?
|
Wireless Markup LanguageUsed to create pages for WAP
|
|
|
What OS do most PBX's use?
|
UNIX
|
|
|
What is hashing?
|
It is a reproducible method of turning some kind of data into a (relatively) small number that may serve as a digital "fingerprint" of the data.
|
|
|
What four trust models do PKI's fall into?
|
Heirarchical TrustBridge TrustMesh TrustHybrid Trust
|
|
|
What is unique about the Mesh Trust model of PKI?
|
multiple parties must be present before access to the token is granted
|
|
|
Does PPTP require IP connectivity?
|
Yes.
|
|
|
Does L2TP require IP connectivity?
|
No.
|
|
|
What does IPSec use for authentication and key exchange?
|
Diffie-Hellman
|
|
|
What does IPSec use for encryption?
|
40-bit DES algorithm
|
|
|
What three methods are used to determine VLAN membership on the local switch?
|
port-based, MAC-based, protocol-based
|
|
|
What two methods are used to determine VLAN membership on a remote switch?
|
implicit, based on MAC address explicit, where the first switch adds a tag
|
|
|
Why is detecting statistical anomolies a good approach to intrusion detection?
|
don't have to understand the root cause of the anomolies
|
|
|
What is the top priority in computer forensics?
|
document each step taken
|
|
|
What type of access control do most commercial OS's use?
|
DAC
|
|
|
How does CHAP work?
|
CHAP challenges a system to verify identity. CHAP doesn’t use a user ID/password mechanism. Instead, the initiator sends a logon request from the client to the server. The server sends a challenge back to the client. The challenge is encrypted and then sent back to the server. The server compares the value from the client and, if the information matches, grants authorization. If the response fails, the session fails, and the request phase starts over.
|
|
|
Is PPTP usually implemented through hardware or software?
|
software
|
|
|
Is L2TP usually implemented through hardware or software?
|
Hardware
|
|
|
What is compulsory tunneling?
|
situation where VPN server chooses the endpoint of a communication
|
|
|
What advantage does compulsory tunneling provide?
|
allows VPN connections to be concentrated over fewer high-capacity lines
|
|
|
What port does L2TP use?
|
UDP 1701
|
|
|
What are the two encryption modes for IPSec?
|
Transport, where only the data is encrypted.Tunneling, where the entire packet is encrypted.
|
|
|
What protocol does IPSec use to exchange keys?
|
Internet Key Exchange (IKE)
|
|
|
What is key escrow?
|
Administration of a private key by a trusted third party.
|
|
|
What advantage does TACACS+ have over RADIUS?
|
better security
|
|
|
What advantage does RADIUS have over TACACS+?
|
better vendor support and implementation
|
|
|
What makes non-repudiation a stronger version of authentication?
|
non-repudiation comes from a third party
|
|
|
Non-repudiation has been compared to what real-world version of authentication?
|
using a public notary
|
|
|
What is a teardrop attack?
|
The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine. A bug in the TCP/IP fragmentation re-assembly code caused the fragments to be improperly handled, crashing the operating system as a result
|
|
|
What is an AUP?
|
Acceptable Use Policy
|
|
|
From what does RSA derive its strength?
|
the difficulty of factoring large numbers
|
|
|
What three people were involved in the creation of RSA?
|
RivestShamirAdleman
|
|
|
Is RSA a public or private key system?
|
public-key
|
|
|
What is the standard key length for DES?
|
56 bits
|
|
|
What is the standard key length for IDEA?
|
128 bits
|
|
|
What is the standard key length for 3DES?
|
168 bits
|
|
|
How are RSA and DES used together?
|
RSA is used to encrypt the key for transmission, DES is used for message encryption
|
|
|
What kind of encryption does AES use?
|
Symetric and uses the Rijndael algorithm
|
|
|
What is IDEA?
|
International Data Encryption AlgorithmA 128-bit private-key encryption system.
|
|
|
What are the two most popular hashing routines in use today?
|
MD5 and SHA-1
|
|
|
What size is an MD5 hash?
|
128 bits
|
|
|
What is MD5 designed for?
|
digital signatures
|
|
|
Observing the timer value in the TCP stack makes what possible?
|
OS Fingerprinting
|
|
|
What are the three A's in computer forensics?
|
AcquireAuthenticateAnalyze
|
|
|
What is the first step in risk analysis?
|
Identifying Assets
|
|
|
What type of network is CHAP primarily used on?
|
PPP
|
|
|
What are the seven stages in a certificate life cycle?
|
certificate enrollment, distribution, validation, revocation, renewal, destruction, auditing
|
|
|
What security advantage do managed hubs provide over other hubs?
|
they can detect physical configuration changes and report them
|
|
|
What is port mirroring?
|
On switches, the ability to map the input and output of one or more ports to a single port.
|
|
|
What does an attacker need to conduct ARP cache poisoning?
|
physical connectivity to a local segment
|
|
|
What security hole does RIPv1 pose?
|
RIPv1 does not allow router passwords
|
|
|
What are the five main services provided by firewalls?
|
packet filtering, application filtering, proxy server, circuit-level, stateful inspection
|
|
|
Which of the five router services do e-mail gateways provide?
|
application filtering
|
|
|
What OSI layer do stateful firewalls reside at?
|
network layer
|
|
|
What are the three types of NAT?
|
staticdynamicoverloading
|
|
|
What security weakness does SPAP have?
|
does not protect against remote server impersonation
|
|
|
How do the RADIUS client and server avoid sending their shared secret across the network?
|
shared secret is hashed and hash is sent
|
|
|
In MAC, what is read-up?
|
The ability of users in lower security categories to read information in higher categories
|
|
|
In MAC, of read-up, read-down, write-up, and write-down which two are legal?Which two are illegal?"
|
legal: read-down, write-up illegal- read-up, write-down
|
|
|
Do hashing algorithms protect files from unauthorized viewing?
|
No, hashing only verifies that files have not been changed.
|
|
|
What is an SIV?
|
System Integrity VerifierIDS that monitors critical system files for modification
|
|
|
Why are VLAN's considered broadcast domains?
|
all hosts on the VLAN can broadcast to all other hosts on the VLAN
|
|
|
What language are most new smart card applications written in?
|
Java
|
|
|
What is a bastion host?
|
A bastion host is a computer on a network that provides a single entrance and exit point to the Internet from the internal network and vice versa.
|
|
|
What type of IDS will likely detect a potential attack first and why?
|
Network-based IDS because it runs in real-time.
|
|
|
What drawback do heuristic-based IDS's have?
|
higher rate of false positives
|
|
|
What are the six steps to incident response?
|
Preparation, Identification, Containment, Eradication, Recovery, Follow-Up
|
|
|
What are most fire extinguishers loaded with?
|
FE-36
|
|
|
What is FE-13 used for?
|
It is the preferred alternative to Halon 1301.
|
|
|
What is the maximum length of a valid IP datagram?
|
64K
|
|
|
What is the RFC-recommended size of an IP datagram?
|
576 bytes
|
|
|
What is IGMP used for?
|
It is a communications protocol used to manage the membership of Internet Protocol multicast groups or simply mulicasting.
|
|
|
What is bytestream?
|
data from Application layer is segmented into datagrams that source and destination computers will support
|
|
|
What two pieces of information comprise a socket?
|
source IP address and source port
|
|
|
"At the Network Interface layer, what is the packet of information placed on the wire known as?"
|
a frame
|
|
|
What TCP/IP layer do man-in-the-middle attacks take place at?
|
internet layer
|
|
|
What IP layers do DoS attacks occur at?
|
any layer
|
|
|
What IP layer do SYN floods occur at?
|
transport layer
|
|
|
Which hashing algorithm is more secure, MD5 or SHA-1?
|
SHA-1
|
|
|
What is the key length for Blowfish?
|
variable length
|
|
|
How are digital signatures implemented?
|
a hash is created and encrypted with the creator's private key
|
|
|
How are asymmetric algorithms used for authentication?
|
Authenticator sends a random number (nonce) to receiver, who encrypts it with their private key
|
|
|
"In a bridge CA architecture, what is the CA that connects to a bridge CA called?"
|
a principal CA
|
|
|
Who defines a certificate's life cycle?
|
The issuing CA.
|
|
|
At what OSI layer (and above) must networked computers share a common protocol?
|
data link and above
|
|
|
What security hole does SPAP have?
|
remote server can be impersonated
|
|
|
What protocol does RADIUS use?
|
UDP
|
|
|
What protocol does TACACS+ use?
|
TCP
|
|
|
What sort of devices normally use TACACS?
|
network infrastructure devices
|
|
|
What limitation does IPSec have?
|
only supports unicast transmissions
|
|
|
What does IPSec require to be scaleable?
|
a PKI
|
|
|
What are the three major components of SSH?
|
Transport Layer protocol SSH-TRANS)User authentication protocol (SSH-USERAUTH)connection protocol (SSH-CONN)
|
|
|
What do BSS and ESS stand for?
|
Basic Service Set and Extended Service Set
|
|
|
What does ESS offer that BSS does not?
|
the ability to roam between AP's
|
|
|
What are the two parts of a Key Distribution Center?
|
An authentication server (AS) and a ticket-granting server (TGS)
|
|
|
What are the three major classification levels with MAC?
|
Top Secret, Confidential, Unclassified
|
|
|
What does echo do?
|
responds to packets on UDP port 7
|
|
|
What does chargen do?
|
Responds to packets on UDP port 19 with random characters.
|
|
|
What is an FTP bounce?
|
Running scans against other computers through a vulnerable FTP server.
|
|
|
What version of BIND allows for mutual authentication?
|
BINDv9
|
|
|
What ports are commonly used for NetBIOS names and sessions?
|
"TCP/UDP 137, 138, 139"
|
|
|
What ports do DHCP and BOOTP/Bootstrap servers use?
|
TCP/UDP ports 67
|
|
|
What port does NNTP use?
|
TCP/UDP 119
|
|
|
What port does LDAP use?
|
TCP/UDP port 389
|
|
|
What port does LDAPS use?
|
TCP/UDP port 636
|
|
|
Why can hand geometry only be used for verification, rather than identification?
|
Hand geometry is not unique.
|
|
|
What advantages do hand geometry scans have over fingerprint scans?
|
They are faster, cleaner, and less invasive.
|
|
|
What are the advantages and disadvantages of retinal scanning?
|
most reliable but most invasive
|
|
|
What disadvantage does speech recognition have?
|
Easier to spoof than other biometric techniques.
|
|
|
What are QIC tapes primarily used for?
|
Backing up standalone computers.
|
|
|
What are DAT drives primarily used for?
|
basic network backups
|
|
|
What three tape types offer high capacity and rapid data transfer?
|
"8mm, DLT, and LTO"
|
|
|
How does a host respond to a TCP connect scann if the scanned port is open? Closed?
|
open: SYN-ACK, closed: RST
|
|
|
What can be done to reduce the effects of half-open attacks?
|
reduce the time a port waits for a response
|
|
|
How does a host respond to a FIN packet if the scanned port is open, closed?
|
open: packet discardedclosed: RST
|
|
|
How does an XMAS scan work?
|
a variety of TCP packets are sent to elicit a response
|
|
|
What TCP sequence number does an XMAS scan use?
|
0
|
|
|
What are two characteristics of a null scan?
|
TCP sequence number set to 0 and no TCP flags set.
|
|
|
What is a TCP ACK scan used for?
|
determining if a port is filtered by a firewall
|
|
|
What is a window scan?
|
OS fingerprint by finding the hosts default TCP window size.
|
|
|
What are the two basic types of DoS attacks?
|
flaw exploitation attacks and flooding attacks
|
|
|
What three basic router/firewall measures will reduce the effects of a DoS attack?
|
egress filteringingress filteringdisabling IP-directed broadcasting
|
|
|
What is source routing?
|
Sender defines hops a packet must travel through
|
|
|
How is source routing used by attackers?
|
used to route packets around security devices
|
|
|
How can source routing be defended against?
|
routers can be configured to discard source-routed packets
|
|
|
What two methods do IDS's use to detect and analyze attacks?
|
Misuse detection and anomoly detection.
|
|
|
What advantage does LEAP have over EAP?
|
LEAP allows for mutual authentication
|
|
|
What protocol does 802.1x use for authentication?
|
EAP
|
|
|
How does an 802.1x authenticator handle authentication traffic?
|
Passes it to a RADIUS server for authentication
|
|
|
What is ECC?
|
Elliptical Curve CryptographyA public-key cryptographic method which generates smaller, faster, and more secure keys. Used more with wireless cell devices.
|
|
|
What standard is LDAP based on?
|
X500
|
|
|
Who developed SSL?
|
Netscape
|
|
|
What three protocols are routinely layered over TLS?
|
IMAP, POP3, and SMTP
|
|
|
What two types of certificates does S/MIME use?
|
PKCS #7 certificates for message content and X.509v3 for source authentication
|
|
|
What is the "hidden node" problem?
|
When a wireless client cannot see the network due to interference.
|
|
|
What does WEP stand for?
|
Wired Equivalent Privacy
|
|
|
In a 128-bit WEP key, how long is the actual secret key?
|
104 bitsThe first 24 bits are used for the Initialization Vector (IV)
|
|
|
FTP data port
|
TCP 20
|
|
|
FTP control port
|
TCP 21
|
|
|
SSH port?
|
TCP 22
|
|
|
Telnet
|
TCP 23
|
|
|
SMTP port?
|
TCP 25
|
|
|
DNS lookup port?
|
UDP 53
|
|
|
DNS zone transfer port?
|
TCP 53
|
|
|
Bootstrap protocol server, DHCP server
|
UDP 67
|
|
|
What port does Bootstrap/bootp and DHCP clients use?
|
UDP 68
|
|
|
TFTP port?
|
UDP 69
|
|
|
HTTP port?
|
TCP 80
|
|
|
Kerberos port?
|
TCP 88
|
|
|
POPv2
|
TCP 109
|
|
|
POPv3 port?
|
TCP 110
|
|
|
Sun RPC port?
|
111
|
|
|
What Port is Network Time Protocol (NTP)?
|
TCP/UDP 123
|
|
|
PKCS #3
|
Diffie-Hellman Key Agreement Standard
|
|
|
NetBIOS name service
|
TCP/UDP 137
|
|
|
NetBIOS datagram service
|
UDP 138
|
|
|
NetBIOS session service
|
TCP 139
|
|
|
IMAP port?
|
TCP 143
|
|
|
SNMP port?
|
UDP 161
|
|
|
SNMP Trap
|
UDP 162
|
|
|
What port does LDAP use?
|
TCP 389
|
|
|
TLS/SSL port?
|
TCP 443
|
|
|
Microsoft DS (NetBIOS service) port?
|
TCP/UDP 445
|
|
|
IKE
|
Internet Security Association and Key Management Protocol
|
|
|
UNIX Syslog port?
|
UDP 514
|
|
|
L2TP port?
|
UDP 1701
|
|
|
PPTP port?
|
TCP 1723
|
|
|
Sun NFS port?
|
TCP 2049
|
|
|
Microsoft Terminal Services port?
|
TCP 3389
|
|
|
PCAnywhere data port?
|
TCP 5631
|
|
|
PCAnywhere status port?
|
UDP 5632
|
|
|
ICMP protocol #
|
1
|
|
|
TCP protocol #
|
6
|
|
|
UDP protocol #
|
17
|
|
|
Generic Routing Encapsulation (GRE) protocol #
|
47
|
|
|
What is Generic Routing Encapsulation (GRE) used in?
|
PPTP connections
|
|
|
Authentication Header (AH) protocol #
|
51
|
|
|
Encapsulating Security Payload (ESP) protocol #
|
50
|
|
|
At what OSI layers do gateways function at?
|
Transport layer and above.
|
|
|
What layer provides network access for applications?
|
the Application layer
|
|
|
What layer provides flow control?
|
Application layer
|
|
|
What OSI layer establishes the availability of other computers on the network?
|
Application layer
|
|
|
What OSI layer determines if sufficient resources exist for communication to occur between two computers?
|
Application layer
|
|
|
What layer does SMTP function at?
|
the Application layer
|
|
|
What OSI layer does FTP function at?
|
Application layer
|
|
|
What OSI layer does SNMP function at?
|
Application layer
|
|
|
What layer does Telnet function at?
|
Application layer
|
|
|
What layer does Appletalk function at?
|
Application layer
|
|
|
What layer performs protocol conversion?
|
Presentation layer
|
|
|
What layer performs encryption?
|
Presentation layer
|
|
|
What OSI layer performs compression?
|
Presentation layer
|
|
|
What layer synchronizes computers involved in a communication?
|
Session layer
|
|
|
What OSI layer handles connection establishment, data transfer, and connection release?
|
Session layer
|
|
|
What layer does NetBIOS function at?
|
Session layer
|
|
|
What layer repackages messages into smaller formats?
|
Transport layer
|
|
|
What layer provides error-free delivery and error handling functions?
|
Transport layer
|
|
|
What layers does NetBEUI function at?
|
the Transport and Network layers
|
|
|
What layer does TCP function at?
|
Transport layer
|
|
|
What OSI layer does SPX function at?
|
Transport layer
|
|
|
What layers does NWLink function at?
|
the Transport and Network layers
|
|
|
What layer handles logical addressing?
|
the Network layer
|
|
|
What layer handles routing?
|
Network layer
|
|
|
What layer handles traffic management?
|
Network layer
|
|
|
What OSI layer does IP function at?
|
Network layer
|
|
|
What layer does IPX function at?
|
the Network layer
|
|
|
What devices function at the Network layer?
|
routers
|
|
|
What layer packages raw bits into frames?
|
Data Link layer
|
|
|
What is the purpose of packaging raw bits into frames?
|
they are transmittable across a network
|
|
|
What OS layer includes a Cyclical Redundancy Check (CRC)?
|
Data Link layer
|
|
|
What are the two sublayers of the Data Link layer?
|
the Logical Link Control (LLC) and the MAC sublayers
|
|
|
What does the LLC sublayer use to create links for the MAC sublayer?
|
Destination Service Access Points and Source Service Access Points
|
|
|
What devices function at the Data Link layer?
|
switches, bridges, and brouters
|
|
|
What devices function at the Physical layer?
|
multiplexers and repeaters
|
|
|
How many bits are in a MAC address?
|
48 bits
|
|
|
What protocol is used to map MAC addresses to IP addresses?
|
ARP
|
|
|
Kerberos is a _________ authentication and _________ sign-on solution.
|
Third Party, Single
|
|
|
What is a realm?
|
A realm is the network protected under a single Kerberos implementation.
|
|
|
How many steps are there to kerberos authentication?
|
9
|
|
|
CHAP was developed as a secure alternative to what?
|
PAP(Password Authentication Protocol)
|
|
|
How many steps are there to CHAP Authentication?
|
7
|
|
|
Smurf and Fraggle attacks are conisdered what types of attacks?
|
DRDoSDistributed Reflective Denial of Service
|
|
|
What type of packets does a smurf attack use?
|
ICMP echo reply
|
|
|
What type of packets does a Fraggle attack use?
|
UDP packets directed to port 7 (echo port) or 19 (chargen port)
|
|
|
What is a Land attack?
|
Numerous SYN packets are sent to the victim with source and destination addresses spoofed as the victim’s address. The victim is confused because it’s unable to respond to a packet it sent to itself that it has no record of sending. This often results in a freeze or crash.
|
|
|
What is a Ping Flood?
|
The attacker sends numerous ping echo requests to a victim. The victim responds with the echo. If enough inbound and outbound packets are transmitted, no legitimate traffic will be able to use the communication link.
|
|
|
What is the Ping of Death attack?
|
The attacker sends oversized ping packets to the victim; the victim doesn’t know how to handle invalid packets, and it freezes or crashes.
|
|
|
What is the Bonk Attack?
|
The attacker sends a corrupt UDP packet to DNS port 53. This type of attack may cause Windows systems to crash.
|
|
|
What is the Boink attack?
|
The same as Bonk, but the corrupt UDP packets are sent to numerous ports. The result may cause a Windows system to crash.
|
|
|
What method of access control is best suited for environments with a high rate of employee turnover?
|
RBAC
|
|
|
What is the strongest form of authentication?
|
Multi-Factor
|
|
|
What is the strongest form of password?
|
One-Time use
|
|
|
Name three VPN protocols.
|
PPTP, L2TP, IPSec
|
|
|
Name three types of remote access that RADIUS can be used with.
|
dial-up, VPN, terminal servicesIn fact any type of remote access can be used with RADIUS.
|
|
|
RADIUS is known as a _________ server.
|
AAAAuthentication, authorization(or access control), auditing
|
|
|
What type of cryptogrophy does IPSec use?
|
symmetric
|
|
|
What technology can be used to add an additional layer of protection between a directory services-based network and remote clients?
|
RADIUS
|
|
|
What technology uses a six-step handshake process to establish a secured session between a web serer and a web client?
|
SSL
|
|
|
A circuit level firewall filters traffic by monitoring what?
|
By monitoring within a session between an internal trusted host and an external untrusted host. This monitoring occurs at the Session layer (layer 5) of the OSI model. This type of firewall ensures that the packets involved in establishing and maintaining the circuit (a virtual circuit or session) are valid and used in the proper manner.
|
|
|
What are the three basic divisions of cryptography?
|
hashing, symmetric cryptography, and asymmetric cryptography
|
|
|
What bit value is SHA-1?
|
160-bit value
|
|
|
What bit values does MD2-5 use?
|
128-bit values
|
|
|
What is the block size of AES?
|
Variable
|
|
|
What is the key size for AES?
|
128, 192, and 256
|
|
|
Name the common symmetric cryptography solutions.
|
AES, 3DES, DES, IDEA, Blowfish, Twofish, Rivest Cipher (RC5), Carlisle Adams/Stafford Tavares (CAST-128)
|
|
|
Name the common asymmetric solutions.
|
Rivest Shamir Adleman (RSA), Diffie-Hellman, Error Correcting Code (ECC), and El Gamal
|
|
|
From a private corporate perspective what is the most secure key management solution?
|
Centralized
|
|
|
Exposure Factor (EF)
|
This is the percentage of asset value loss that would occur if a risk was realized (for example, if an attack took place).
|
|
|
Single Loss Expectancy (SLE)
|
This is the potential dollar-value loss from a single risk realization incident. It’s calculated by multiplying the EF by the asset value.
|
|
|
Annualized Rate of Occurrence (ARO)
|
This number is the statistical probability that a specific risk may be realized a certain number of times in a year. It’s obtained from a risk assessment company or an insurance company.
|
|
|
Annual Loss Expectancy (ALE)
|
This is the potential dollar value loss per year per risk. It’s calculation by multiplying the SLE by the ARO
|
|
|
PKCS#11
|
An API, designed to be platform independent, defining a generic interface to cryptographic tokens, such as Hardware Security Modules and smart cards.
|
|
|
Encryption is applicable to all of the OSI model layers except?
|
Physical
|
|
|
Which method of authentication must be used in IPSec if the communications mode is gateway-gateway, host-gateway?
|
ESP
|
|
|
What type of firewall can be used to track connectionless protocols such as UDP and RPC?
|
Stateful Inspection
|
|
|
Asymmetric cryptography is based on the work of who?
|
Diffie-Hellman
|
|
|
What is a class A fire extinguisher used for?
|
Ordinary combustibles
|
|
|
What is a class B fire extinguisher used for?
|
Flammable liquids
|
|
|
What is a class C fire extinguisher used for?
|
Energized electrical equipment
|
|
|
What is a class D fire extinguisher used for?
|
Combustible metals
|
|
|
What is a class K fire extinguisher used for?
|
Cooking oils
|
|
|
Symmetric (private) key cryptography when compared to public (asymmetric) cryptography is how many times faster?
|
1,000 to 10,000 times faster.
|
|
|
Within the key management lifecycle, what occurs when the CA creates a certificate signed by its own digital certificate?
|
Certification
|
|
|
What is another term for Thinnet?
|
10Base2
|
|
|
A network hub functions on which layer of the OSI model?
|
Physical
|
|
|
The bell-lapadula model is primarily concerned with protecting?
|
Confidentiality
|
|
|
What is the basis of DAC?
|
Access Control ListsACLs
|
|
|
What are the three access methods used by RBAC?
|
task-based, lattice-based & role-based
|
|
|
Is mutual authentication mandatory or optional in Kerberos?
|
optional
|
|
|
OSPF
|
Open Shortest Path First
|
