Final Exam Flashcards

1
Q

What is cryptography?

A
  1. “secret writing”

2. Encryption/Decryption of messages to protect against unauthorized viewers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Types of modern encryption

A

Algorithm public, key secret and provides security.

Can be symmetric(secret) or asymmetric(public)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a symmetric Key?

A

Symmetric is traditional encryption. give it a password, and you can encrypt and decrypt with that password.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Known by anybody, and can be used to encrypt messages and verify signatures

or

uses two keys – a public key known to everyone and a private or secret key known only to the recipient of the message.

A

Public Key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

When you digitally sign, take a hash of the clear text, and encrypt that with your own private key, and send it. Other user can decrypt it with your public key.

A

Digital Signatures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is hashing used for?

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does CIA stand for?

A

Confidentiality, Integrity, Availability, and Authenticity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Confidentiality means.

A

Concealment of information or resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Trustworthiness of data or resources in terms of preventing improper and unauthorized changes.

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The ability to use desired info or resources.

A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Authenticity is…

A

Identification and assurance of origin of info.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the default route?

A

0.0.0.0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

OSPF is the acronym for?

A

Open Shortest Path First

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is OSPF used for?

A

routing protocol for IP networks. Uses a link state routing algorithm and falls into the group of interior routing protocols.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

CA is?

A

CA (certificate authority) guys that issue certificates, CA sends your certificate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

CSR is?

A

CSR(Certificate Signing Request) is a document you send to a CA to get their stamp of approval and added to their list of people. This is generated with a private key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the steps of the Hierarchical Public Key Infrastructure?

A
  1. Generate Private Key
  2. Generate CSR
  3. Send CSR to CA
  4. CA sends your certificate
18
Q

What is IPSEc?

A

It is a general IP security framework, If you encrypt at layer 3, everything above it will be encypted.

19
Q

Which layer is for the encryption for IPSEC

A

Layer 3

20
Q

What is DNS(Cache Poisoning)?

A

a computer hacking attack, whereby data is introduced into a DNS resolver cache, causing the name server to return the incorrect IP address.

21
Q

What is DNS(Hijacking)

A

the practice of subverting the resolution of Domin Name System queries.

22
Q

The art of manipulating people so they give up confidential information is?

A

Social Engineering

23
Q

Explain the Man in the Middle Attack

A

As an attacker, inserting yourself in the center. Forcing all of the traffic to go through you, making you see it all and having the ability to modify the data.

24
Q

What is Mandatory Access control?

A

The system specifies which subjects can access specific data objects. (More strict and secure)

25
Q

When the owner of the object specifies which subjects can access the objects, this is considered what type of Access control?

A

Discretionary Access Control.

26
Q

What does AAA stand for?

A

Authentication, Authorization, Accountability

27
Q

Accountability

A

When you are held accountable for what you do.

28
Q

Authorization

A

What you are authorized to handle.

29
Q

Authenication

A

Verifying that the person is who they say they are, authenticate with password.

30
Q

Stateful Firewalls….

A

Treats each packet independently
Remembers connection-level information
allows the server to send return traffic
Efficient and secure

31
Q

White Hat hackers are?

A

Good

32
Q

Black Hat Hackers are?

A

Bad

33
Q

Grey Hate Hackers…

A

Do not care if it is good or bad, they are in the middle

34
Q

Used to gather information

A

Network Reconnaissance

35
Q

What is an advantage of Symmetric Encryption over Public Key Encryption?

A

Symmetric Encryption is faster

36
Q

What is IPSEC used for?

A

1) IP security framework.
2) provides: access control, integrity, authentication, originality, confidentiality
3) transparent to applications and security for individual users

37
Q

P2P Bit Torrent

A
  • Distribute the same file to many peers.
  • Single publisher, many downloaders.
  • Emphasis on efficient fetching, not searching.
  • To prevent freeloading, there are incentives for peers to contribute.
38
Q

P2P Gnutella

A
  • fully decentralized
  • search cost distributed to all connected clients
  • large scope for searching, requires long time
  • high overhead
39
Q

What is nmap?

A

(Network Mapper) is a security scanner used to discover hosts and services on a computer network, thus creating a “map” of the network.

40
Q

What is nmap used for?

A

Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.