Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
52 Cards in this Set
- Front
- Back
|
What are the seven stages in a certificate life cycle?
|
certificate enrollment; distribution; validation; revocation; renewal; destruction; auditing
|
|
|
What security advantage do managed hubs provide over other hubs?
|
they can detect physical configuration changes and report them
|
|
|
What is port mirroring?
|
on switches, the ability to map the input and output of one or more ports to a single port
|
|
|
What does an attacker need to conduct ARP cache poisoning?
|
physical connectivity to a local segment
|
|
|
What security hole does RIPv1 pose?
|
RIPv1 does not allow router passwords
|
|
|
What are the five main services provided by firewalls?
|
packet filtering; application filtering; proxy server; circuit-level; stateful inspection
|
|
|
Which of the five router services do e-mail gateways provide?
|
application filtering
|
|
|
What OSI layer do stateful firewalls reside at?
|
network layer
|
|
|
What are the three types of NAT?
|
static NAT; dynamic NAT; overloading NAT
|
|
|
What security weakness does SPAP have?
|
does not protect against remote server impersonation
|
|
|
How do the RADIUS client and server avoid sending their shared secret across the network?
|
shared secret is hashed and hash is sent
|
|
|
In MAC, what is read-up?
|
the ability of users in lower security categories to read information in higher categories
|
|
|
In MAC, of read-up, read-down, write-up, and write-down, which two are legal? Which two are illegal?
|
legal- read-down, write-up
illegal- read-up, write-down |
|
|
Do hashing algorithms protect files from unauthorized viewing?
|
no, only verify files have not been changed
|
|
|
What is an SIV?
|
System Integrity Verifier- IDS that monitors critical system files for modification
|
|
|
Why are VLAN's considered broadcast domains?
|
all hosts on the VLAN can broadcast to all other hosts on the VLAN
|
|
|
What language are most new smart card applications written in?
|
Java
|
|
|
What is a bastion host?
|
a gateway in a DMZ used to secure an internal network
|
|
|
What type of IDS will likely detect a potential attack first? Why?
|
Network-based IDS: runs in real-time
|
|
|
What drawback do heuristic-based IDS's have?
|
higher rate of false positives
|
|
|
What are the four layers of the TCP/IP suite? How do they map to the OSI model?
|
Application > Application-Session
Transport > Transport Internet > Network Network < Data Link-Physical |
|
|
What are the six steps to incident response?
|
Preparation; Identification; Containment; Eradication; Recovery; Follow-Up
|
|
|
What are most fire extinguishers loaded with?
|
FE-36
|
|
|
What is FE-13 used for?
|
explosion prevention
|
|
|
What is FE-13 used for?
|
explosion prevention
|
|
|
What is the maximum length of a valid IP datagram?
|
64K
|
|
|
What is the RFC-recommended size of an IP datagram?
|
576 bytes
|
|
|
What is IGMP used for?
|
multicasting
|
|
|
What is bytestream?
|
data from Application layer is segmented into datagrams that source and destination computers will support
|
|
|
What two pieces of information comprise a socket?
|
source IP address and source port
|
|
|
At the Network Interface layer, what is the packet of information placed on the wire known as?
|
a frame
|
|
|
What IP layer do man-in-the-middle attacks take place at?
|
internet layer
|
|
|
What IP layers do DoS attacks occur at?
|
any layer
|
|
|
What IP layer do SYN floods occur at?
|
transport layer
|
|
|
Which hashing algorithm is more secure, MD5 or SHA-1?
|
SHA-1
|
|
|
What is the key length for Blowfish?
|
variable length
|
|
|
How are digital signatures implemented?
|
a hash is created and encrypted with the creator's private key
|
|
|
How are asymmetric algorithms used for authentication?
|
authenticator sends a random number (nonce) to receiver, who encrypts it with their private key
|
|
|
In a bridge CA architecture, what is the CA that connects to a bridge CA called?
|
a principal CA
|
|
|
Who defines a certificate's life cycle?
|
the issuing CA
|
|
|
At what OSI layer (and above) must networked computers share a common protocol?
|
data link and above
|
|
|
What security hole does SPAP have?
|
remote server can be impersonated
|
|
|
What protocol does RADIUS use?
|
UDP
|
|
|
What protocol does TACACS+ use?
|
TCP
|
|
|
What sort of devices normally use TACACS?
|
network infrastructure devices
|
|
|
What limitation does IPSec have?
|
only supports unicast transmissions
|
|
|
What does IPSec require to be scaleable?
|
a PKI
|
|
|
What are the three major components of SSH?
|
Transport Layer protocol (SSH-TRANS); User authentication protocol (SSH-USERAUTH); connection protocol (SSH-CONN)
|
|
|
What do BSS and ESS stand for?
|
Basic Service Set and Extended Service Set
|
|
|
What does ESS offer that BSS does not?
|
the ability to roam between AP's
|
|
|
What are the two parts of a Key Distribution Center?
|
An authentication server (AS) and a ticket-granting server (TGS)
|
|
|
What are the three major classification levels with MAC?
|
Top Secret; Confidential; Unclassified
|
