Logical Security

Question 1

What is Identity and Access Management (IAM)?

Answer 1

Security process for identification, authentication, and authorization of users, computers, and entities

IAM provides access to organizational assets like networks, operating systems, and applications.

Question 2

Who are the unique subjects in IAM?

Answer 2

• Personnel
• Endpoints
• Servers
• Software
• Roles

Each subject plays a distinct role in the IAM process.

Question 3

What are endpoints in IAM?

Answer 3

Devices (desktops, laptops, tablets, cell phones) used to access the network

Endpoints are crucial for user access to organizational resources.

Question 4

Define roles in IAM.

Answer 4

Define permissions based on the function an asset fulfills, applicable to personnel, endpoints, servers, and software

In Windows, permissions are assigned to groups of users.

Question 5

What is account creation and deprovisioning in IAM?

Answer 5

Provisioning new accounts and disabling/deleting existing accounts

This is a fundamental task in managing user access.

Question 6

What does account auditing involve?

Answer 6

• Managing permissions
• Reviewing account activity to ensure legitimacy

Account auditing is essential for maintaining security and compliance.

Question 7

What is the biggest risk in IAM?

Answer 7

The risk caused by accounts

User accounts, especially privileged and shared accounts, pose significant risks.

Question 8

True or False: Privileged accounts have basic permissions.

Answer 8

False

Privileged accounts have elevated permissions and require additional auditing.

Question 9

What is Multifactor Authentication (MFA)?

Answer 9

Authenticating or proving identity using more than one method

At least two methods are required for MFA.

Question 10

List the categories of MFA.

Answer 10

• Something You Know
• Something You Have
• Something You Are
• Something You Do
• Somewhere You Are

Each category represents a different method of authentication.

Question 11

What are the weaknesses of passwords?

Answer 11

• Unchanged default credentials
• Common passwords
• Weak or short passwords

These weaknesses make passwords vulnerable to attacks.

Question 12

What is a dictionary attack?

Answer 12

Guessing the password using every word or phrase in a dictionary, including variations

This is a common method used by attackers to compromise accounts.

Question 13

What is the benefit of using longer and more complex passwords?

Answer 13

Harder to crack

Password length and complexity are crucial for security.

Question 14

Fill in the blank: A possession factor in MFA includes _______.

Answer 14

[Smart card, RSA key fob, RFID tag]

Question 15

What is the purpose of geofencing?

Answer 15

Used to track devices and receive alerts if they enter or leave a predefined area

Geofencing is a method to ensure that devices are in an authorized location for authentication.

Question 16

What is LDAP?

Answer 16

Centralized client/object database containing a hierarchical organization of the users, groups, servers, and systems in the network

LDAP is crucial for managing directory services.

Question 17

What does Kerberos provide?

Answer 17

Windows domain authentication/authorization and mutual authentication

Kerberos issues tickets for authentication and ticket granting.

Question 18

What is Single Sign-On (SSO)?

Answer 18

Single login for multiple resources

SSO simplifies access but can pose security risks if credentials are compromised.

Question 19

What is SAML used for?

Answer 19

XML-based authentication data exchange

SAML is often used for SSO or federated identity management.

Question 20

What is RADIUS?

Answer 20

Centralized administration for authentication

RADIUS is commonly used for dial-up, VPN, and wireless authentication.

USES UDP

Question 21

What does IPSec provide?

Answer 21

Authentication and encryption of data packets to create a secure communication path

IPSec is widely used for VPNs.

Question 22

What is the benefit of Time-Based Authentication?

Answer 22

Enhances security, resistant to replay attacks

TOTP is a common implementation of time-based authentication.

Question 23

Define the Least Privilege principle.

Answer 23

Users should use the lowest level of permissions necessary to complete job functions

This principle applies to user accounts, system designs, and network configurations.

Question 24

What is Discretionary Access Control (DAC)?

Answer 24

Access control method where owners of resources determine access permissions

DAC allows owners to assign permissions to files or folders they create.

Question 25

What does Mandatory Access Control (MAC) use to assign trust levels?

Answer 25

Data labels ## Footnote MAC is commonly used in military systems for highly classified information.

Question 26

What is Role-Based Access Control (RBAC)?

Answer 26

Access control model based on defining roles for job functions ## Footnote Permissions are assigned to roles, and users are assigned to those roles.

Question 27

What is data encryption?

Answer 27

Encoding information and allowing access only with the correct security key ## Footnote Encryption is fundamental for securing data.

Question 28

What are the three states of data?

Answer 28

* Data at Rest * Data in Transit/Motion * Data in Use/Processing ## Footnote Each state requires different security measures.

Question 29

What does the Diffie-Hellman Key Exchange allow?

Answer 29

Allows two systems that do not know each other to exchange keys and trust each other ## Footnote This is crucial for establishing secure communications.

Question 30

What is the purpose of the Authentication Header (AH) in IPSec?

Answer 30

Provides data integrity and origin authentication, but not confidentiality ## Footnote AH is part of the security protocols used in IPSec.

Question 31

What is the function of the Encapsulating Security Payload (ESP)?

Answer 31

Provides authentication, integrity, replay protection, and confidentiality of the data ## Footnote ESP is another key component of IPSec.

Question 32

What is Public Key Infrastructure (PKI)?

Answer 32

A system of hardware, software, policies, procedures, and people that is based on asymmetric encryption ## Footnote PKI is essential for secure data transfer and authentication.

Question 33

What is the first step in the process of establishing a secure connection?

Answer 33

Browser requests server's public key from Certificate Authority

Question 34

What does the browser do with the server's public key?

Answer 34

Browser encrypts shared secret key with server's public key

Question 35

What is used to create a secure tunnel for data transfer?

Answer 35

AES

Question 36

List the benefits of using encryption in secure communication.

Answer 36

* Ensures confidentiality of data * Provides authentication of servers * Facilitates secure communication over networks

Question 37

What is Public Key Cryptography?

Answer 37

Encryption and decryption process that is just one small part of the overall PKI

Question 38

What does PKI stand for?

Answer 38

Public Key Infrastructure

Question 39

What is the role of a Certificate Authority (CA)?

Answer 39

A trusted third party that issues digital certificates and maintains trust between CAs worldwide

Question 40

What is Key Escrow?

Answer 40

Secure storage of cryptographic keys, allowing retrieval in cases of key loss or legal investigations

Question 41

What are the challenges associated with Key Escrow?

Answer 41

Security concerns with key escrow and need for strong regulations and security measures to protect keys

Question 42

What is a Digital Certificate?

Answer 42

A digitally signed electronic document that binds a public key with a user's identity

Question 43

What protocol is standard for digital certificates within PKI?

Answer 43

X.509 Protocol

Question 44

What is a Wildcard Certificate?

Answer 44

Allows multiple subdomains to use the same public key certificate

Question 45

What happens if a server using a wildcard certificate is compromised?

Answer 45

The certificate needs to be revoked, affecting all subdomain servers

Question 46

What is the benefit of having one Wildcard Certificate?

Answer 46

Allows quick reissuance and deployment to all servers

Question 47

What is the Subject Alternate Name (SAN) Field?

Answer 47

A certificate that specifies what additional domains and IP addresses will be supported FOR WHEN YOU'RE USING MORE THAN ONE DOMAIN

Question 48

When should a SAN field be used?

Answer 48

To cover multiple domains with one certificate

Question 49

What is the difference between a Single-Sided Certificate and a Dual-Sided Certificate?

Answer 49

Single-Sided Certificate authenticates only the server; Dual-Sided Certificate requires both server and user to validate each other

Question 50

What is a Self-Signed Certificate?

Answer 50

Signed by the entity it certifies and lacks external verification and trust

Question 51

What does a Third-Party Certificate offer?

Answer 51

A higher level of trust and security, issued by a trusted certificate authority (CA)

Question 52

What is the Root of Trust?

Answer 52

Validates certificates in a chain from a trusted root certificate authority

Question 53

What is a Certificate Signing Request (CSR)?

Answer 53

Contains entity details and public key, vital for obtaining a digital certificate from a CA

Question 54

What is a Certificate Revocation List (CRL)?

Answer 54

Maintained by CAs, lists revoked digital certificates to prevent their use

Question 55

What is Key Recovery?

Answer 55

Specialized software to restore lost or corrupted keys

Question 56

What is involved in Key Management?

Answer 56

Generating, exchanging, storing, and using encryption keys securely

Question 57

Why is a strong key essential for encryption?

Answer 57

Weak passwords can compromise the confidentiality of files even with strong encryption algorithms

Question 58

What method is often used to encrypt symmetric keys for secure transmission?

Answer 58

Asymmetric methods

Question 59

What is the importance of Secure Key Exchange?

Answer 59

It ensures the secure transmission of encryption keys

Question 60

What should be done with encryption keys when not in use?

Answer 60

They must be securely stored

Question 61

What is the purpose of Regular Key Rotation?

Answer 61

Keys should be changed periodically to enhance security and reset the clock on potential attacks

Question 62

EXAM username and password is not 2 factor authentication. true or false

Answer 62

TRUE it is single factor

Question 63

What does TACACS+ stand for?

Answer 63

Terminal Access Controller Access-Control System Plus ## Footnote TACACS+ is a Cisco proprietary protocol.

Question 64

What is TACACS+ primarily used for?

Answer 64

Authentication and authorization ## Footnote It is commonly used as an 802.1X network authenticator.

Question 65

What transport protocol does TACACS+ use?

Answer 65

TCP ## Footnote TACACS+ is considered slower than RADIUS due to its use of TCP.

Question 66

What are two benefits of using TACACS+?

Answer 66

* Provides additional security features * Independently conducts authentication, authorization, and accounting processes ## Footnote These features enhance network security and management.

Question 67

What major network protocols does TACACS+ support?

Answer 67

All major network protocols ## Footnote However, it requires Cisco devices for implementation.

Question 68

When using a client to site VPN what mode should you use?

Answer 68

Transport mode because it doesn't increase packet size so you won't breach mtu of 1500 bytes

Question 69

Tunneling mode is usually used for

Answer 69

Site to site VPNs

Question 70

What is Transport Mode?

Answer 70

Uses original IP header ## Footnote Suitable for client-to-site VPNs

Question 71

What is Tunneling Mode?

Answer 71

Encapsulates the entire packet ## Footnote Suitable for site-to-site VPNs

Question 72

What does the Authentication Header (AH) provide?

Answer 72

Data integrity and origin authentication, but not confidentiality ## Footnote AH ensures that the data has not been altered and verifies the identity of the sender.

Question 73

What does the Encapsulating Security Payload (ESP) provide?

Answer 73

Authentication, integrity, replay protection, and confidentiality of the data ## Footnote ESP is used to encrypt the data and ensure secure transmission.

Question 74

What mode do Client-to-Site VPNs typically use for integrity?

Answer 74

Transport mode with AH ## Footnote AH stands for Authentication Header, which provides integrity and authentication for IP packets.

Question 75

What is used for encryption of data in Client-to-Site VPNs?

Answer 75

ESP ## Footnote ESP stands for Encapsulating Security Payload, which provides encryption and optional authentication.

Question 76

What mode do Site-to-Site VPNs typically use?

Answer 76

Tunneling mode ## Footnote Tunneling mode encapsulates the entire packet for secure transmission.

Question 77

Which protocols are typically used by Site-to-Site VPNs for integrity and encryption?

Answer 77

AH and ESP ## Footnote AH provides integrity, while ESP provides both encryption and integrity.

Question 78

Fill in the blank: Client-to-Site VPNs typically use _______ for integrity.

Answer 78

AH

Question 79

Fill in the blank: Site-to-Site VPNs typically use _______ mode for protection of entire packets.

Answer 79

Tunneling