Domain 3

Question 1

Secure ________ are those that have built-in security mechanisms so that, by defaultSecurity can be enforced via the protocol

Answer 1

Protocols

Question 2

________ provides integrity by validating DNS data
_______ uses TCP port 53

Answer 2

Domain Name System Security Extensions (DNSSEC)

Question 3

An encrypted remote terminal connection program used for remote connections to a server

____ uses TCP port 22

Answer 3

Secure Shell (SSH)

Question 4

____________ is designed to provide cryptographic protections to e-mails and is built into the majority of modern e-mail software to facilitate interoperability

Answer 4

Secure/Multipurpose Internet Mail Extensions (S/MIME)

Question 5

_____ is a protocol to secure communications, typically over a telephony or communications-based network

Answer 5

Secure Real-time Transport Protocol (SRTP

Question 6

What uses an SSL/TLS tunnel to connect these services
This communication occurs over port TCP 636

Answer 6

Lightweight Directory Access Protocol over SSL (LDAPS)

Question 7

is the use of FTP over an SSH channel _____ uses TCP port 22

Answer 7

SSH File Transfer Protocol (SFTP)

Question 8

A standard for managing devices on IP-based networks. All versions of SNMP require ports 161 and 162 to be open on a firewallThe only secure version of SNMP is _______

Answer 8

Simple Network Management Protocol, Version 3 (SNMPv3)

Question 9

What is the use of SSL or TLS to encrypt a channel over which HTTP traffic HTTPS is used for secure web communications, Using port 443, it offers integrity and confidentiality

Answer 9

Hypertext Transfer Protocol over SSL/TLS (HTTPS)

Question 10

________ is a set of protocols developed to securely exchange packets at the network layer (layer 3) of the OSI model ______ uses two protocols to provide traffic security:
•Authentication Header (AH)•Encapsulating Security Payload (ESP

Answer 10

IPSec

Question 11

The AH protects the IP address, which enables data origin authenticationThe AH Provides Authentication & Integrity for each data packet, but it does not provide privacy because only the header is secured.

Answer 11

Authentication Header (AH)

Question 12

This provides security services for the higher-level protocol portion of the packet only, not the IP header

Answer 12

Encapsulating Security Payload (ESP

Question 13

This encrypts only the data portion of a packet
This enables an outsider to see source and destination IP addresses

Answer 13

Transport Mode

Question 14

provides encryption of source and destination IP addresses as well as of the data itself. This provides the greatest security

Answer 14

Tunnel Mode

Question 15

An Internet standard protocol used by e-mail clients to retrieve e-mail from a remote server
E-mail clients using this generally leave messages on the server until the user explicitly deletes them
IMAP uses port 143, but secure IMAP4 uses port 993

Answer 15

Internet Message Access Protocol

Question 16

What internet standard protocol used by e-mail clients to retrieve e-mail from a remote server supports simple download-and-delete requirements for access to remote mailboxes, it uses port 110, but secure uses port 995

Answer 16

Post Office Protocol (POP)

Question 17

Internet standard protocol for electronic mail (e-mail) transmission across IP-based networks ____ is used to transmit mail from server to server and POP3 and IMAP are used to access the mail on a personal device

Answer 17

Simple Mail Transfer Protocol (SMTP)

Question 18

Beyond knowing the general meaning and functionality of the protocols, you need to know the scenarios in which you would deploy them.

Answer 18

Use cases

Question 19

There are two forms of communication
Voice translates to phone calls while video translates to video calls or video conferencing. For this use case, this is appropriate. Additionally, there would likely be use of TLS for parts of the communication

Answer 19

Voice and video

Question 20

For, the primary service is Network Time Protocol (NTP) NTP is a protocol to sync clocks between two devices over the network. It operates using UDP on port 123

Answer 20

Time synchronization

Question 21

For email , the primary protocols are SMTP (port 25, for email relay), POP/IMAP (for email retrieval using legacy email clients), S/MIME (for encrypted email), HTTPS (for administration and web-based email), and SSL/TLS (for securing various communications

Answer 21

Email and web

Question 22

you can opt to use FTP (quick, easy, lacking security), FTPS (like FTP but adds encryption), or SFTP (securely transfer files over SSH)Alternatively, you can use HTTPS for web-based file transfers

Answer 22

File Transfer

Question 23

Delete

Answer 23

Delete

Question 24

For ____ _____ to devices, HTTPS is the most common protocol
For ____ _____ to servers, SSH (mostly for Linux-based computers) and RDP (Remote Desktop Protocol, mostly for Windows-based computers) are commonly used

Answer 24

Remote Access

Question 25

For DNS, DNSSEC is the most common security protocol
Although not widely implemented, it is the standard for securing DNS when you have requirements for DNS security

Answer 25

Domain Name Resolution

Question 26

Open Shortest Path First (OSPF) is an interior gateway protocol that provides robustness
Border Gateway Protocol (BGP) is a complex routing protocol that provides the backbone functionality of the internet
For administration purposes, SSH and HTTPS are commonly used

Answer 26

Routing and switching

Question 27

To efficiently and automatically distribute IP addresses to devices on a network, Dynamic Host Configuration Protocol (DHCP) is the most used
DHCP works via broadcast traffic initially

Answer 27

Network address resolution

Question 28

Network News Transfer Protocol (NNTP) is a legacy protocol used to communicate with Usenet, which hosts forums and file transfer
With NNTP, you subscribe to desired groups, whether for discussion or file transfer

Answer 28

Subscription services

Question 29

Endpoint security is a concept that each system is responsible for its own security
Appropriate level of security controls includes anti-malware software or local firewall
Each system should be capable of maintaining local security to an appropriate level

Answer 29

Endpoint protection

Question 30

Most current antivirus software packages provide protection against a wide range of threats, including viruses, worms, Trojans, and other malware
Use of an up-to-date antivirus package is essential in the current threat environment

Answer 30

Antivirus

Question 31

What is the name of a product designed to protect your machine from malicious software or malware.
Most of these solutions are combined with antivirus solutions into a single product.

Answer 31

Anti-malware

Question 32

______ ______ are solutions are integrated solutions that combine individual endpoint security functions into a complete package
Having a packaged solution makes updating easier

Answer 32

Endpoint detection and Response (EDR)

Question 33

____ ____ solutions serve to prevent sensitive data from leaving the network without notice

Answer 33

Data loss prevention (DLP)

Question 34

_____ _____ ______ act by inspecting the actual traffic crossing the firewall—not just looking at the source and destination addresses and ports, but also at the actual content being sent

Answer 34

NGFW)Next-generation firewalls (NGFWs)

Question 35

What act is to detect undesired elements in network traffic to and from the host

Answer 35

Host-based intrusion detection system
(HIDS)

Question 36

is a HIDS with additional components to permit it to respond automatically to a threat condition

Answer 36

A host-based intrusion prevention system (HIPS)

Question 37

protective mechanisms that monitor and control traffic passing in to and out of a single system

Answer 37

Host-based firewall or Personal firewalls

Question 38

What is the characteristic of the intended hardware/firmware/software load for the system following the expected state
Having a means to ensure ? is a means of assuring that the hardware, firmware, and initial loading of software are free of any tampering

Answer 38

Boot integrity

Question 39

_______ offers a solution to the problem of boot integrity, called _______ , which is a mode that, when enabled, only allows signed drivers and OS loaders to be invoked

Secure Boot enables the attestation that the drivers and OS loaders being used have not changed since they were approved for use

Answer 39

Boot security/Unified Extensible Firmware Interface (UEFI)UEFI

Question 40

What is also a method of depending on the Root of Trust in starting a system, but rather than using signatures to verify subsequent components, a measured boot process hashes the subsequent processes and compares the hash values to known good values

Answer 40

Measured boot

Question 41

What is the reporting of the state of a system with respect to components and their relationship to the Root of Trust
Part of the UEFI/Root of Trust specification is the means of reporting via digital signatures of the verified integrity of the system components

Answer 41

Boot attestation

Question 42

What engines have built-in encryption capabilities
The advantage to these encryption schemes is that they can be tailored to the data structure, protecting the essential columns while not impacting columns that are not sensitive

Answer 42

Database

Question 43

What is the process of substituting a surrogate value, called a _____, for a sensitive data element
This allows processing of the data, including referential integrity without disclosing the sensitive value

Answer 43

Tokenization

Question 44

________ is the process of adding a random element to a value before performing a mathematical operation like hashing
This is done to add randomization and to also prevent identical original values from being hashed into an identical hash

Answer 44

Salting

Question 45

is a mathematical method of reducing a data element to a short form that is not reversible to the original form

Answer 45

Hashing

Question 46

Having a stringent and comprehensive validation of inputs prior to processing them is essential to filter out specific attacks

Answer 46

Input validations

Question 47

An attribute in the cookie called the secure attribute, when set, instructs the browser and server to only transport the cookie over HTTPS channels
As cookies are transmitted in plaintext across the Web, they are subject to being read by unauthorized parties

Answer 47

Secure cookies

Question 48

Using a security-related set of response headers can alleviate such risks as protocol downgrade attacks, clickjacking, cookie hijacking and other attacks
An example is the HTTP Strict Transport Security (HSTS) directive:
Strict-Transport-Security: max-age 3600; includeSubDomains

Answer 48

Hypertext Transfer Protocol (HTTP) headers

Question 49

Code is signed by the manufacturer, either the commercial vendor or the in-house team
This ensures that code has not been changed since being signed, allowing its integrity to be verified at any time

Answer 49

Code signing

Question 50

A ____________ is a list of applications that are permitted to run on the OS

Answer 50

Whitelisting

Question 51

A _________ is a list of applications that should not be allowed to run on the OS

Answer 51

Blacklisting

Question 52

______ ____ _______ is when the code is examined without being executed

____ ___ ______ is frequently performed

Answer 52

Static code analysis

Question 53

A ______ ______ _______ can be either undirected or directedIn an undirected review, a programmer examines the code to see what it does and how it does it
A directed review is one where the code author walks through the code, explaining each line to the rest of the team

Answer 53

Manual code review

Question 54

? is performed while the software is executed, either on a target system or an emulated systemThe system is fed specific test inputs designed to produce specific form of behaviors

Answer 54

Dynamic code analysis

Question 55

(or ____ testing) is a brute force method of addressing input validation issues and vulnerabilities
The basis for _______ a program is the application of large numbers of inputs to determine which inputs cause faults and which ones might be vulnerable to exploitation

Answer 55

Fuzzing

Question 56

Any port and service that is not going to be used on a system should be disabled, and the ports should be blocked by the firewallThis has the effect of reducing the attack surface on a target and eliminating any vulnerability-based risk from services that are not needed

Answer 56

Open ports and services

Question 57

The _________ in Microsoft Windows systems acts as a repository of all information related to configurations. Configuration options for the OS are located in the ______
Configuration options for applications are also located in the _______

Answer 57

Registry

Question 58

? can provide data protection even if the disk is removed from one system and placed in another
Having the data encrypted on the disk renders it unusable without the proper keys

Answer 58

Disk encryption

Question 59

Updates and patches should be applied where and when possible
All users should implement strong passwords and change them on a regular basis
Privileged user accounts should be used only when necessary, and logging should be implemented

Answer 59

OS

Question 60

? What is the process used to maintain systems in an up-to-date fashion, including all required patchesEvery OS, from Linux to Windows, requires software updates, and each OS has different methods of assisting users in keeping their systems up to date

Answer 60

Patch management

Question 61

As more and more applications are added, from a wider and wider selection of vendors, the process of keeping track of what software is up to date and which programs require updating is a challenge
The key to making this work is to ensure that the solution chosen covers the apps you use, and you properly enroll the apps with the program so it knows what to update

Answer 61

Third-party updates

Question 62

Many software vendors now equip their software with an ____ ______ function that calls home, gets the update, and installs it automatically

Answer 62

Auto-update

Question 63

? are methods of implementing cryptographic protection on hard drives and other similar storage media with the express purpose of protecting the data, even if the drive is removed from the machine

Answer 63

Self-encrypting drive (SED)/full-disk encryption (FDE)

Question 64

is used for applying hardware-based encryption to mass storage devices, hard drives (rotating media), solid state drives, and optical drives
Having a standard has the advantages of interoperability between vendors and can be OS independent

Answer 64

Opal

Question 65

?is the concept that if one has trust in a source’s specific security functions, this layer can be used to promote security to higher layers of a system

Answer 65

A hardware root of trust

Question 66

? is a hardware solution on the motherboard, one that assists with key generation and storage as well as random number generation

Answer 66

Trusted Platform Module (TPM)

Question 67

? refers to the quarantine or isolation of a system from its surroundingsIt has become standard practice for some programs with an increased risk surface to operate within a ?, limiting the interaction with the CPU and other processes, such as memory

Answer 67

Sandboxing

Question 68

involves the use of devices that move loads across a set of resources in an effort not to overload individual servers

Answer 68

Load balancing

Question 69

Two or more servers work together to distribute the load in an ? load-balancing configurationIf a server fails, service interruption or traffic loss may result

Answer 69

Active/active

Question 70

All traffic is sent to the active server in an active/? configurationIf the active server fails, the ? server is promoted to active

Answer 70

Active/passive

Question 71

When a load balancer moves loads across a set of resources, it decides which machine gets a request via a ? algorithm
There are a couple of commonly used ? algorithms: affinity-based ? and round-robin scheduling

Answer 71

Scheduling

Question 72

that allow for multiple systems to be reflected as a single IP address

Answer 72

Virtual IP

Question 73

is the condition where a system connects to the same target in a load-balanced system
This can be important for maintaining state and integrity of multiple round-trip events

Answer 73

Persistence

Question 74

is where you have configured the network devices to limit traffic access across different parts of a network
This can be done to prevent access to sensitive machines, but also aids in network traffic management

Answer 74

Network segmentation

Question 75

What is a logical implementation of a LAN and allows computers connected to different physical networks to act and communicate as if they were on the same physical network

Answer 75

Virtual local area network (VLAN)

Question 76

The zone that is between the untrusted Internet and the trusted internal network is called the screened subnet

Answer 76

DMZ
Public internet ~ firewall ~ screened subnet ~ firewall ~ main server

Question 77

refers to network data flows within an enterprise network
North-south traffic refers to data flowing between the enterprise network or data center and the outside of the network

Answer 77

East-west traffic

Question 78

An ? is an extension of a selected portion of a company’s intranet to external partnersThis allows a business to share information with customers, suppliers, partners, and other trusted groups while using a common set of Internet protocols to facilitate operations

Answer 78

Extranet

Question 79

An ? describes a network that has the same functionality as the Internet for users but lies completely inside the trusted area of a network and is under the security control of the system and network administrators

Answer 79

Intranet

Question 80

What is a security model centered on the belief that you should not trust any request without verifying authentication and authorization

What implementations require strict identity verification for every account trying to access resources, regardless of their location

Answer 80

Zero Trust

Question 81

What technologies allow two networks to connect securely across an unsecure stretch of network by tunneling across the intermediate connections

Answer 81

Virtual private network (VPN)

Question 82

What VPNs are a means to avoid this issue using pre-established connection parameters and automation When an Internet connection is made, this VPN client automatically establishes a VPN connection

Answer 82

Always-On

Question 83

What is a form of VPN where not all traffic is routed via the VPN?
What solution routes all traffic over the VPN, providing protection to all networking traffic?

Answer 83

Split tunnel/full tunnel

Question 84

? is when a user requires access to a network and its resources but is not able to make a physical connection
? communication links are network connections to two or more networks across an intermediary network layer

Answer 84

Remote access vs. site-to-site

Question 85

What is a set of protocols developed to securely exchange packets at the network layer in
transport mode (end-to-end), security of packet traffic is provided by the endpoint computers
In tunnel mode (portal-to-portal), security of packet traffic is provided between endpoint node machines in each network and not at the terminal host machines?

Answer 85

IPSec

Question 86

What is an application of encryption technology developed for transport-layer protocols across the Web
This protocol uses public key encryption methods to exchange a symmetric key for use in confidentiality and integrity protection as well as authentication

Answer 86

TLSSecure Sockets Layer (SSL)/Transport Layer Security (TLS)

Question 87

What is the current version of the ? protocol standard
This doesn’t require browser plugins and is considered a secure remote access alternative to using SSL/TLS VPNs

Answer 87

HTML5

Question 88

What is an Internet standard and came from the ____ _ a L2P Forwarding protocol, a Cisco initiative designed to address issues with Point-to-Point Tunneling Protocol (PPTP

Answer 88

Layer 2 tunneling protocol (L2TP)

Question 89

is a protocol for the translation of names into IP addresses
DNSSEC (Domain Name System Security Extensions) is a set of extensions to the ? protocol that, using cryptography, enables origin authentication of ? data, authenticated denial of existence, and data integrity

Answer 89

The Domain Name System (DNS)

Question 90

What refers to the management of the endpoints on a case-by-case basis as they connect?

Answer 90

Network access control (NAC)

Question 91

NAC agents are installed on devices that connect to networks in order to produce secure network environmentsWith agentless NAC, the NAC code resides not on the connecting devices, but on the network, and it’s deployed to memory for use in a machine requesting connection to the network

Answer 91

Agent and agentless

Question 92

What are physically separate connections, via separate interfaces that permit the active management of a device even when the data channel is blocked for some reason

Answer 92

Out-of-band management

Question 93

Port address ? based on Media Access Control (MAC) addresses can determine whether a packet is allowed or blocked from a connection

Answer 93

Port security

Question 94

Flood guards are commonly implemented in firewalls and IDS/IPS solutions to prevent DoS and DDoS attacks

Answer 94

Broadcast Storm Prevention

Question 95

An attacker can issue multiple BPDU packets to a system to force multiple recalculations that serve as a network denial of service attack
To prevent this form of attack, edge devices can be configured with ? guards that detect and drop these packets

Answer 95

Bridge Protocol Data Unit (BPDU)

Question 96

To prevent loops, a technology called spanning trees is employed by virtually all switches
STP allows for multiple, redundant paths, while breaking loops to ensure a proper broadcast pattern

Answer 96

Loop prevention

Question 97

What is a defensive measure against an attacker that attempts to use a rogue DHCP device
? prevents malicious DHCP servers from establishing contact by examining DHCP responses at the switch level and not sending those from unauthorized DHCP servers

Answer 97

Dynamic Host Configuration Protocol (DHCP) snooping

Question 98

What is the selective admission of packets based on a list of approved Media Access Control (MAC) addresses
Employed on switches, this method is used to provide a means of machine authentication

Answer 98

Media access control (MAC) Filtering

Question 99

What are hardened systems often used to protect and provide a means to access resources in a screened subnet

Answer 99

Jump servers

Question 100

What can be used to filter out undesirable traffic and prevent employees from accessing potentially hostile websites?
What takes requests from a client system and forwards them to the destination server on behalf of the client?

Answer 100

Proxy servers

Question 101

What proxy operates to forward requests to servers based on a variety of parameters, as described in the other portions of this section
Which proxy can be used to bypass firewall restrictions, act as a cache server, and change your IP address? (more useful before widespread adoption of NAT

Answer 101

Forward

Question 102

Which proxy is typically installed on the server side of a network connection, often in front of a group of web servers, and intercepts all incoming web requests?

Answer 102

Reverse