600 Flashcards Preview

Security > 600 > Flashcards

Flashcards in 600 Deck (100):
1

92 - 128 - 256 bit bit/key strength

AES

2

168 bit/key strength

3DES

3

160 bit/key strength

SHA-1 bit/key strength

4

128 bit/key strength

MD5 bit/key strength

5

MSCHAPv2

Microsoft's authentication protocol

6

a legacy suite of Microsoft security protocols that provides authentication - integrity - and confidentiality

NTLM

7

Stop gap replacement for WEP while hardware was upgraded to support full WPA

TKIP(Temporal Key Integrity Protocol)

8

Allows single file encryption

EFS

9

Social media sites fuel what type of attacks?

Cognitive password attacks

10

encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel.

PEAP(Protected Extensible Authentication Protocol)

11

encrypts a chunk of bits at a time before sending them over the network.

Block cipher

12

a client or user authenticating themselves to a server and that server authenticating itself to the user in such a way that both parties are assured of the others' identity

mutual authentication

13

Strongest access control

MAC

14

limiting MAC addresses to a port prevents what?

Rogue access points

15

Where

Bitlocker

16

Plain text and cipher text are always the same size

block cipher

17

Secure a router in an unsecured closet?

disable the console port

18

a system that is designed to detect potential data breach

DLP(data loss prevention)

19

Personal Electronic Device

PED

20

Disable what to prevent a web server from being used as a mail relay?

SMTP

21

Mitigate ARP spoofing attacks?

Flood guards

22

Cisco: block tftp and record it?

deny udp any server eq 69 log

23

Protect from zero day attacks?

HIPS

24

Triple A Services

Authorization - Authentication - Accounting

25

Query packet for remote identification - lights up multiple flag fields?

XMAS

26

Username - password & PIN?

single factor authentication

27

Smartcards vs key punch?

eliminates shoulder surfing

28

Keys needed to decrypt encrypted data are held in escrow so that an authorized third party may gain access to those keys.

key escrow

29

A network service that supplies session tickets and temporary session keys to users and computers within an Active Directory domain - runs on each domain controller

Kerberos Key Distrobution Center

30

Deploys quickly and cleanly and won't leave behind oily residue - particulate - or water.

FM-200

31

Separation of duties is often implemented between developers and administrators in order to separate which of the following?

Changes to code and the ability to deploy

32

used to encrypt plaintext or to verify a digital signature

public key

33

the use of different keys to perform these opposite functions - each the inverse of the other

asymmetric

34

the same key to perform both encryption & decryption

symmetric cryptography

35

Provides centralized Authentication - Authorization - and Accounting (AAA). Layer 7 UDP -

radius

36

the most widely used software stream cipher and is used in popular protocols such as Secure Sockets Layer (SSL)

rc4

37

Chap (challenge-handshake authentication protocol)

Server sends a challenge the host - who responds with a value obtained by using a one-way hash function. The server compares it to its own calculation of the expected hash value

38

Key length of 168 bits (three 56-bit DES keys) - but due to the meet-in-the-middle attack - the effective security it provides is only 112 bits.

3des

39

Configuring mode - encryption methods and security associations are part of?

IPSec

40

Authentication to TCP 49?

TACACS+

41

Enforces permissions based on data labeling?

Mandatory Access Control (Least Privilege)

42

Goal for acceptable downtime during a disaster or other contingency?

Recovery Time Objective

43

What are certificates for?

code signing - client authentication

44

What device potentially has a DMZ interface?

firewall

45

What should follow patch deployment?

Audit and verification

46

How to ensure users only have access during certain hours?

Time of day restrictions

47

What logs do you use when you need to know if people are trying to access a host?

Security Logs

48

What technologies could be used to provide remote access?

firewall & VPN

49

Smart cards for remote authentication are susceptible to what?

Malicious code on the local system

50

Best tool to check user password complexity?

password cracker

51

How to recover a forgotten password?

brute force

52

What is needed on a server that stores private keys?

hardware security module

53

A certificate authority takes what action in PKI?

issues and signs root certificates

54

Why is input validation important?

Mitigates buffer overflow

55

An inexpensive way to to deter physical intrutions?

fake cameras

56

3rd party access to data

Common security concern for cloud computing?

57

Counter measure for SQL injection?

input validation

58

Congestion on firewall and half-open connections?

DDoS

59

Employee badges?

Smartcard

60

Interferes with network-based detection techniques?

SSL

61

Random test data generated by an automated system?

Fuzzing

62

Analyze a malicious payload?

protocol analyzer

63

when a hash function produces the same hash value for two different sets of data

Collision

64

Unauthorized access via Bluetooth

Bluesnarfing

65

social engineering over telephone system

Vishing

66

Physical accquisition of discarded data

Dumpster diving

67

tbd

Cross-site scripting

68

Open Source on-the-fly encryption

TrueCrypt

69

Asset Value x Exposure Factor

SLE Single Loss Expectancy

70

VLAN Ethernet standard

802.1q

71

Users can grant other access

Discretionary Access Control

72

Supports VPNs - combined with IPsec to provide security

L2TP

73

Authenticates and/or encrypts each IP packet of a communication session.

IPsec

74

Predecessor or TLS - developed by Netscape. Asymmetric cryptography for authentication and confidentiality of the key exchange - symmetric encryption for data/message confidentiality - and message authentication codes for message integrity

SSL

75

TLS

Is initialized at layer 5 (the session layer) then works at layer 6 (the presentation layer)

76

Also known as Triple DES. A block cipher algorithm used for encryption.

3DES

77

The standard that provides for bandwidths of up to 54Mbps in the 5GHz frequency spectrum.

802.11a

78

The standard that provides for bandwidths of up to 11Mbps in the 2.4GHz frequency spectrum. This standard is also called WiFi or 802.11 high rate.

802.11b

79

The standard that provides for bandwidths of 20Mbps+ in the 2.4GHz frequency spectrum.

802.11g

80

Agreed-upon principles set forth by a company to govern how the employees of that company may use resources such as computers and Internet access.

acceptable use policy

81

An attack aimed at gaining access to your resources

access attack

82

The meansof giving or restricting user access to network resources.

Access Control

83

List of rights that an object has - to resources on a network.

Access Control List (ACL)

84

The point at which access to a network is accomplished. This term is often used in relation to WAP (Wireless Access Point).

access point (AP)

85

The act of being responsible for an item. The administrator is often accountable for the network and the resources on it.

accountability

86

The act of keeping track of activity.

accounting

87

A message confirming that a data packet was received. This occurs at the Transport layer of the OSI model.

acknowledgment (ACK)

88

The replacement for NT Directory Service (NTDS) that is included with Windows 2000/2003.

Active Directory

89

A response generated in real time.

active response

90

Also known as TCP/IP hijacking. This involves an attacker gaining access to a host in the network and logically disconnecting it from the network.

active sniffing

91

A technology implemented by Microsoft that allows customized controls - icons - and other features to increase the usability of web-enabled systems.

ActiveX

92

Any action undertaken by a user.

activity

93

A network created when two RF-capable devices are brought within transmission range of each other. A common example is handheld PDAs beaming data to each other.

ad hoc RF network

94

Protocol used to map MAC (physical) addresses to IP addresses.

Address Resolution Protocol (ARP)

95

These work by looking for deviations from a pattern of normal network traffic.

AD-IDS

96

A set of rules that govern administrative usage of the system.

administrative policies

97

The user who is accountable and responsible for the network.

administrator

98

A FIPS publication that specifies a cryptographic algorithm for use by the U.S. government.

Advanced Encryption Standard (AES)

99

Software that gathers information to pass on to marketers - or intercepts personal data such as credit card numbers.

Adware

100

A header used to provide connectionless integrity and data origin authentication for IP datagrams - and used to provide protection against replays.

AH (Authentication Header)