Domain 6 - Security Assessment and Testing

Question 1

Security Review

Answer 1

Conducted by system maintenance or security personnel

Goal is determine vulnerabilities within a system. Also known as a vulnerability assessment

Question 2

Security Audit

Answer 2

Conducted by 3rd party

Determines the degree to which required controls are implemented

Question 3

Penetration Testing

Answer 3

Ethical hacking to validate discovered weaknesses
Red Teams (Attack)/Blue Teams (Defend)

Question 4

NIST SP 800-42

Answer 4

National Institute of Standards and Technology

Guideline on Security Testing

Question 5

Zero Knowledge

Answer 5

Team has no knowledge of the target and must start with only information that is publically available. This simulates an external attack

Question 6

Partial Knowledge

Answer 6

The team has limited knowledge of the organization

Question 7

Full Knowledge

Answer 7

This simulates an internal attack. The team has full knowledge of network operations

Question 8

Blind

Answer 8

The assessors have only publicly available knowledge. The network teams knows that testing is taking place

Question 9

Double Blind

Answer 9

The assessors have only publicly available knowledge, but in this instance the network teams do NOT know the test is taking place. This will allow evaluation of incident response

Question 10

Targeted Testing

Answer 10

External consultants work with internal staff to focus on specific systems or applications

Question 11

OSI Model

Answer 11

Layer 1 Physical
Layer 2 Data Link
Layer 3 Network
Layer 4 Transport
Layer 5 Session
Layer 6 Presentation
Layer 7 Application

Question 12

HTTP

HHTPS

Answer 12

80

443

Question 13

FTP

Answer 13

20/21

File Transfer Protocol

Question 14

RDP

Answer 14

3389

Remote Desktop Protocol

Question 15

DNS

Answer 15

53

Domain Name System

Question 16

FTPS

Answer 16

989/990

Secure File Transfer Protocol

Question 17

TFTP

Answer 17

69

Trivial File Transfer Protocol

Question 18

DHCP

Answer 18

67/68

Dynamic Host Configuration Protocol

Question 19

ARP

RARP

Answer 19

Address Resolution Protocol

Reverse Address Resolution Protocol

Question 20

Ethernet standard

Answer 20

802.3

CSMA/CD Carrier Sense Multiple Access w/ Collison Detection

Question 21

Wireless Standard

Answer 21

802.11

CSMA/CA Carrier Sense Multiple Access w/ Collison Avoidance

Question 22

Vlan Standard

Answer 22

802.1q

Question 23

WEP

Auth, Encrypt, Integrity

Answer 23

PSK Pre Shared Key
Wired Equivalent Protocol encrypted with RC4(Stream Cipher)
integrity check by CRC Cyclic redundancy check
64, 128,256 bit key, but -24 for IV(Initialization Vector) so actual 40,104,232 bit key

Question 24

WPA Personal

Auth, Encrypt, Integrity

Answer 24

PSK
encrypted by TKIP(Temporary Key Internet Protocol) with RC4
Integrity by MIC Message Integrity Check
128 bit key + 48 bit IV

Question 25

WPA Enterprise | Auth, Encrypt, Integrity

Answer 25

802.1x with RADIUS Server encrypted with TKIP and RC4 integrity by MIC 128 bit key + 48 bit IV

Question 26

WPA2 Personal | Auth, Encrypt, Integrity

Answer 26

PSK encrypted CCMP(block-chain) with AES(block Cipher) integrity CBC-MAC Chain Block Cipher MAC 256 bit key

Question 27

WPA2 Enterprise | Auth, Encrypt, Integrity

Answer 27

802.1x with RADIUS Server encrypted CCMP with AES integrity CBC-MAC 256 bit key

Question 28

RIPv1 | Interior/exterior, type,class

Answer 28

IGP, Distance Vector, classful

Question 29

IGRP | Interior/exterior, type,class

Answer 29

IGP, Distance Vector, classful | Cisco proprietary

Question 30

RIPv2 | Interior/exterior, type,class

Answer 30

IGP, Distance Vector,classless

Question 31

EIGRP | Interior/exterior, type,class

Answer 31

IGP, Distance Vector, classless | Cisco proprietary

Question 32

OSPF | Interior/exterior, type,class

Answer 32

IGP, Link-state, Classless

Question 33

IS-IS | Interior/exterior, type,class

Answer 33

IGP, Link-state, Classless

Question 34

BGP | Interior/exterior, type,class

Answer 34

EGP, Path-vector, Classless

Question 35

IAAA

Answer 35

``` Identification: Make a claim (userid etc) Authentication: Provide support (proof) for your claim Authorization: What rights and permissions you have Auditing: Accountability—matching actions to subjects ```

Question 36

Access Control Types

Answer 36

Logical Physical Administrative

Question 37

Authentication Type I

Answer 37

Something you know

Question 38

Authentication Type II

Answer 38

Something you Have

Question 39

Authentication Type III

Answer 39

Something you are

Question 40

Type I Error

Answer 40

False Rejection(FRR)--A legitimate user is barred from access. Is caused when a system identifies too much information. This causes excessive overhead.

Question 41

Type II Error

Answer 41

False Acceptance(FAR)—An impostor is allowed access. This is a security threat and comes when a system doesn’t evaluate enough information

Question 42

CER

Answer 42

(Crossover Error Rate) The level at which the FAR and FRR meet. The lower the number, the more accurate the system.

Question 43

Race Condition

Answer 43

try to cause authorization to happen before authentication

Question 44

Single Sign On

Answer 44

``` Ease of use for end users Centralized Control Ease of administration Kerberos LDAP Sesame KryptoKnight ```

Question 45

Kerberos

Answer 45

A network authentication protocol designed from MITs project Athena. Kerberos tries to ensure authentication security in an insecure environment Port 88 Allows for single sign on Never transfers passwords Uses Symmetric encryption to verify Identifications Avoids replay attacks

Question 46

Kerberos Components

Answer 46

Essential Components: AS (Authentication Server): Allows authentication of the user and issues a TGT TGS: After receiving the TGT from the user, the TGS issues a ticket for a particular user to access a particular service KDC (Key Distribution Center) a system which runs the TGS (Ticket Granting Service) and the AS (Authentication Service) Ticket: Means of distributing Session Key Principles (users, applications, services) Kerberos Software (integrated into most Operating Systems. MS Windows 2000 and up support Kerberos) Main Goal: User needs to authenticate himself/herself without sending passwords across the network—needs to prove he/she knows the password without actually sending it across the wire.

Question 47

SESAME

Answer 47

European technology, developed to extend Kerberos and improve on it’s weaknesses Sesame uses both symmetric and asymmetric cryptography. Uses “Privileged Attribute Certificates” rather than tickets, PACS are digitally signed and contain the subjects identity, access capabilities for the object, access time period and lifetime of the PAC. PACS come from the Privileged Attribute Server.

Question 48

DAC

Answer 48

Discretionary Access Control Security of an object is at the owner’s discretion Access is granted through anACL (Access Control List) Commonly implemented in commercial products and all client based systems Identity Based

Question 49

MAC

Answer 49

Mandatory Access Control Data owners cannot grant access! OS makes the decision based on a security label system Subject’s label must dominate the object’s label Users and Data are given a clearance level (confidential, secret, top secret etc)* Rules for access are configured by the security officer and enforced by the OS.

Question 50

RBAC

Answer 50

Role Based Access Control Uses a set of controls to determine how subjects and objects interact. Don’t give rights to users directly. Instead create “roles” which are given rights. Assign users to roles rather than providing users directly with privileges.

Question 51

AAA

Answer 51

Authentication Authorization Auditing

Question 52

RADIUS

Answer 52

``` Port 1812, 1813 UDP 3 separate processes for AAA only encrypts user/pass uses Industry Standard ```

Question 53

TACACS+

Answer 53

``` Port 49 TCP one process for AAA encrypts everything Cisco Devices ```

Question 54

Guideline on Security Testing

Answer 54

National Institute of Standards & Tech SP 800-42