600 Flashcards
(100 cards)
1
Q
92 - 128 - 256 bit bit/key strength
A
AES
2
Q
168 bit/key strength
A
3DES
3
Q
160 bit/key strength
A
SHA-1 bit/key strength
4
Q
128 bit/key strength
A
MD5 bit/key strength
5
Q
MSCHAPv2
A
Microsoft’s authentication protocol
6
Q
a legacy suite of Microsoft security protocols that provides authentication - integrity - and confidentiality
A
NTLM
7
Q
Stop gap replacement for WEP while hardware was upgraded to support full WPA
A
TKIP(Temporal Key Integrity Protocol)
8
Q
Allows single file encryption
A
EFS
9
Q
Social media sites fuel what type of attacks?
A
Cognitive password attacks
10
Q
encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel.
A
PEAP(Protected Extensible Authentication Protocol)
11
Q
encrypts a chunk of bits at a time before sending them over the network.
A
Block cipher
12
Q
a client or user authenticating themselves to a server and that server authenticating itself to the user in such a way that both parties are assured of the others’ identity
A
mutual authentication
13
Q
Strongest access control
A
MAC
14
Q
limiting MAC addresses to a port prevents what?
A
Rogue access points
15
Q
Where
A
Bitlocker
16
Q
Plain text and cipher text are always the same size
A
block cipher
17
Q
Secure a router in an unsecured closet?
A
disable the console port
18
Q
a system that is designed to detect potential data breach
A
DLP(data loss prevention)
19
Q
Personal Electronic Device
A
PED
20
Q
Disable what to prevent a web server from being used as a mail relay?
A
SMTP
21
Q
Mitigate ARP spoofing attacks?
A
Flood guards
22
Q
Cisco: block tftp and record it?
A
deny udp any server eq 69 log
23
Q
Protect from zero day attacks?
A
HIPS
24
Q
Triple A Services
A
Authorization - Authentication - Accounting
25
Query packet for remote identification - lights up multiple flag fields?
XMAS
26
Username - password & PIN?
single factor authentication
27
Smartcards vs key punch?
eliminates shoulder surfing
28
Keys needed to decrypt encrypted data are held in escrow so that an authorized third party may gain access to those keys.
key escrow
29
A network service that supplies session tickets and temporary session keys to users and computers within an Active Directory domain - runs on each domain controller
Kerberos Key Distrobution Center
30
Deploys quickly and cleanly and won't leave behind oily residue - particulate - or water.
FM-200
31
Separation of duties is often implemented between developers and administrators in order to separate which of the following?
Changes to code and the ability to deploy
32
used to encrypt plaintext or to verify a digital signature
public key
33
the use of different keys to perform these opposite functions - each the inverse of the other
asymmetric
34
the same key to perform both encryption & decryption
symmetric cryptography
35
Provides centralized Authentication - Authorization - and Accounting (AAA). Layer 7 UDP -
radius
36
the most widely used software stream cipher and is used in popular protocols such as Secure Sockets Layer (SSL)
rc4
37
Chap (challenge-handshake authentication protocol)
Server sends a challenge the host - who responds with a value obtained by using a one-way hash function. The server compares it to its own calculation of the expected hash value
38
Key length of 168 bits (three 56-bit DES keys) - but due to the meet-in-the-middle attack - the effective security it provides is only 112 bits.
3des
39
Configuring mode - encryption methods and security associations are part of?
IPSec
40
Authentication to TCP 49?
TACACS+
41
Enforces permissions based on data labeling?
Mandatory Access Control (Least Privilege)
42
Goal for acceptable downtime during a disaster or other contingency?
Recovery Time Objective
43
What are certificates for?
code signing - client authentication
44
What device potentially has a DMZ interface?
firewall
45
What should follow patch deployment?
Audit and verification
46
How to ensure users only have access during certain hours?
Time of day restrictions
47
What logs do you use when you need to know if people are trying to access a host?
Security Logs
48
What technologies could be used to provide remote access?
firewall & VPN
49
Smart cards for remote authentication are susceptible to what?
Malicious code on the local system
50
Best tool to check user password complexity?
password cracker
51
How to recover a forgotten password?
brute force
52
What is needed on a server that stores private keys?
hardware security module
53
A certificate authority takes what action in PKI?
issues and signs root certificates
54
Why is input validation important?
Mitigates buffer overflow
55
An inexpensive way to to deter physical intrutions?
fake cameras
56
3rd party access to data
Common security concern for cloud computing?
57
Counter measure for SQL injection?
input validation
58
Congestion on firewall and half-open connections?
DDoS
59
Employee badges?
Smartcard
60
Interferes with network-based detection techniques?
SSL
61
Random test data generated by an automated system?
Fuzzing
62
Analyze a malicious payload?
protocol analyzer
63
when a hash function produces the same hash value for two different sets of data
Collision
64
Unauthorized access via Bluetooth
Bluesnarfing
65
social engineering over telephone system
Vishing
66
Physical accquisition of discarded data
Dumpster diving
67
tbd
Cross-site scripting
68
Open Source on-the-fly encryption
TrueCrypt
69
Asset Value x Exposure Factor
SLE Single Loss Expectancy
70
VLAN Ethernet standard
802.1q
71
Users can grant other access
Discretionary Access Control
72
Supports VPNs - combined with IPsec to provide security
L2TP
73
Authenticates and/or encrypts each IP packet of a communication session.
IPsec
74
Predecessor or TLS - developed by Netscape. Asymmetric cryptography for authentication and confidentiality of the key exchange - symmetric encryption for data/message confidentiality - and message authentication codes for message integrity
SSL
75
TLS
Is initialized at layer 5 (the session layer) then works at layer 6 (the presentation layer)
76
Also known as Triple DES. A block cipher algorithm used for encryption.
3DES
77
The standard that provides for bandwidths of up to 54Mbps in the 5GHz frequency spectrum.
802.11a
78
The standard that provides for bandwidths of up to 11Mbps in the 2.4GHz frequency spectrum. This standard is also called WiFi or 802.11 high rate.
802.11b
79
The standard that provides for bandwidths of 20Mbps+ in the 2.4GHz frequency spectrum.
802.11g
80
Agreed-upon principles set forth by a company to govern how the employees of that company may use resources such as computers and Internet access.
acceptable use policy
81
An attack aimed at gaining access to your resources
access attack
82
The meansof giving or restricting user access to network resources.
Access Control
83
List of rights that an object has - to resources on a network.
Access Control List (ACL)
84
The point at which access to a network is accomplished. This term is often used in relation to WAP (Wireless Access Point).
access point (AP)
85
The act of being responsible for an item. The administrator is often accountable for the network and the resources on it.
accountability
86
The act of keeping track of activity.
accounting
87
A message confirming that a data packet was received. This occurs at the Transport layer of the OSI model.
acknowledgment (ACK)
88
The replacement for NT Directory Service (NTDS) that is included with Windows 2000/2003.
Active Directory
89
A response generated in real time.
active response
90
Also known as TCP/IP hijacking. This involves an attacker gaining access to a host in the network and logically disconnecting it from the network.
active sniffing
91
A technology implemented by Microsoft that allows customized controls - icons - and other features to increase the usability of web-enabled systems.
ActiveX
92
Any action undertaken by a user.
activity
93
A network created when two RF-capable devices are brought within transmission range of each other. A common example is handheld PDAs beaming data to each other.
ad hoc RF network
94
Protocol used to map MAC (physical) addresses to IP addresses.
Address Resolution Protocol (ARP)
95
These work by looking for deviations from a pattern of normal network traffic.
AD-IDS
96
A set of rules that govern administrative usage of the system.
administrative policies
97
The user who is accountable and responsible for the network.
administrator
98
A FIPS publication that specifies a cryptographic algorithm for use by the U.S. government.
Advanced Encryption Standard (AES)
99
Software that gathers information to pass on to marketers - or intercepts personal data such as credit card numbers.
Adware
100
A header used to provide connectionless integrity and data origin authentication for IP datagrams - and used to provide protection against replays.
AH (Authentication Header)
