S16-Logical Security

Question 1

Identity and Access Management (IAM)

Answer 1

Identification, Authentication and authorization mechanisms for users and computers

Question 2

What are IAM endpoints?

Answer 2

• Desktops
• Laptops
• Tablets
• Cellphones
• etc.

Question 3

Roles

Answer 3

Identifying an asset by defining the resource an asset has permission to access based on the function the asses fulfills

Question 4

What things can roles be assigned too?

Answer 4

• Servers
• People
• Endpoints

Question 5

What are some IAM tasks?

Answer 5

• Directory Services and repositories
• Access management tools
• Auditing and reporting systems

Question 6

Goals and Functions of iAM

Answer 6

• Create and deprovision accounts
• Manage accounts
• Audit accounts
• Evaluate identity-based threats
• Maintain compliance

Question 7

Multifactor Authentication

Answer 7

Authenticates or proves an identity using more then 1 method

Question 8

what are the different forms of authentication?

Answer 8

• Something you know
• Somethin you have
• something you are
• something you do
• something you are

Question 9

Something you know

Answer 9

Knowledge factor
- Eg. password, username

Question 10

Something you have

Answer 10

Possession Factor
- Eg. smartcards, RSA key fobs, RFID tags

Question 11

something you are

Answer 11

Inherence Factor
- Eg. Fingerprints, retina scans, voice prints

Question 12

something you do

Answer 12

Action Factor
- Eg. How you sign your name
- how you draw a pattern
- how you say a catch phrase

Question 13

somewhere you are

Answer 13

Location Factor
- Geotagging
- Geofencing

Question 14

Dictionary attack

Answer 14

Guesses the password by attempting to check every single word or phrase contained within a word list, called a dictionary

Question 15

Brute Force attack

Answer 15

Tries every possible combo until the password is cracked

Question 16

Hybrid Attack

Answer 16

Combination of dictionary and brut force attacks

Question 17

Authentication

Answer 17

The process of determining whether someone or something is who or what it claims itself to be

Question 18

Lightweight Directory Access Protocol (LDAP)

Answer 18

A database that is used to centralize information about the clients and the objects on the network

Question 19

what port does LDAP use?

Answer 19

Port 389 (Plain texts version)
Port 636 (Secure)

Question 20

Active Directory (AD)

Answer 20

Organizes and manages everything on the network, including clients, servers, devices, and users

Question 21

Kerberos

Answer 21

Focused on authentication and authorization within a windows domain environment
- Uses a ticketing system on your domain controller

Question 22

What port does Kerberos use?

Answer 22

Port 88

Question 23

Single Sign-On (SSO)

Answer 23

Authentication method where users can have a single strong password or utilize multi-factor authentication

Question 24

Security Assertion Markup Language (SAML)

Answer 24

simplifies the authentication process for users and enables SSO by allowing the IdP to manage user identities and credentials, and the SP to verify those credentials and grant access.

Question 25

what is IdP (SAML)?

Answer 25

"Identity Provider" Manages user identities and authenticates users.

Question 26

What is SP (SAML)?

Answer 26

"Service Provider" The application or service the user wants to access.

Question 27

What is a SAML Assertion?

Answer 27

A secure, XML-based message containing information about the user's identity and authorization, sent from the IdP to the SP.

Question 28

Remote Authentication Dial-In User Service (RADIUS)

Answer 28

a networking protocol that provides centralized authentication, authorization, and accounting (AAA) for users accessing a network or service

Question 29

What communication types can RADIUS support?

Answer 29

- Dial-up - VPN - Wireless Auth. - 802.1x - Extensible Auth. Protocol (EAP)

Question 30

What ports does RADIUS use?

Answer 30

Authentication Messages - Port 1812 - 1645 (proprietary versions) Accounting Messages - Port 1813 - 1646 (proprietary versions)

Question 31

Terminal Access Controller Access Control System Plus (TACACS+)

Answer 31

Proprietary Cisco network security protocol that provides centralized authentication, authorization, and accounting (AAA) services for network devices

Question 32

T/F TACACS+ & RADIUS both support all Protocols

Answer 32

False, TACACS+ supports all Protocols, RADIUS does not.

Question 33

What are some Protocols does RADIUS not support?

Answer 33

- Remote Access - NetBIOS Frame - X.25 PAG connections

Question 34

Time-Based Authentication (TOTP)

Answer 34

Security Mechanism that generates a temporary, dynamic password or token that is valid only for a short period

Question 35

Least Privilege

Answer 35

a security principle that dictates users, processes, and applications should only be granted the minimum access necessary to perform their designated tasks

Question 36

Discretionary Access Control (DAC)

Answer 36

access control method where access is determined by the owner of the resource

Question 37

DAC drawbacks

Answer 37

- Every Object needs an owner - Each owner must determine access rights for each object

Question 38

Mandatory Access Control (MAC)

Answer 38

AN access control policy where the computer system gets to decide who gets access to what

Question 39

How does MAC decide user access?

Answer 39

Through DATA labels and a trust level system

Question 40

Role-Based Access Control (RBAC)

Answer 40

System controlled access that focuses on permissions

Question 41

Unencrypted data

Answer 41

Cleartext, Plaintext

Question 42

Encrypted Data

Answer 42

Ciphertext

Question 43

Data State

Answer 43

Location of data within a processing system

Question 44

what are the 3 data states?

Answer 44

- Rest - Motion - Processing

Question 45

Data at Rest

Answer 45

Any Data that is stored in memory, or a storage device

Question 46

Data in Motion

Answer 46

Any data moving from one system to another over the network or within the same system

Question 47

Protection for Data at rest

Answer 47

- Full Disk Encryption - Folder Encryption - File Encryption - Database Encryption

Question 48

Protection For Data in transit

Answer 48

- Transport Layer Security (TLS) - Secure Socket Layer (SSL) - IPSec - L2TP - WPA2 with AES

Question 49

Data In Use/Processing

Answer 49

Any data read into memory or is currently inside the processor and being worked on or manipulated

Question 50

IP Security (IPSec)

Answer 50

a framework of protocols designed to secure data transmission over IP networks. It's often used in VPNs and provides authentication, data integrity, and confidentiality through encryption.

Question 51

IPSec protections and methods

Answer 51

Confidentiality: - Data Encryption Integrity: - Ensures data is unmodified during transit, Hashing Authentication: - Verify participating parties Anti-Replay: - Checks sequence numbers on all Packets prior to transmission

Question 52

IPSec Steps

Answer 52

1 - Key Exchange 2 - IKE Phase 1 3 - IKE Phase 2 4 - Data Exchange 5 - Termination

Question 53

IKE Phase 1

Answer 53

- IPSec peers have their identities authenticated and encrypted. - Then a negotiation for a matching IKE SA (internet key Exchange security association) - Peers perform an authenticated Diffie-Hellman Key exchange so both sides have a copy

Question 54

What 2 modes can IKE Phase 1 use?

Answer 54

- Main Mode - Aggressive Mode

Question 55

Main Mode (IKE P1)

Answer 55

Conducts three, two-way exchanges between the peers 1 - Agree on which Algorithms and hashes to use 2 - Use Diffie-Hellman exchange to generate shared secret keys 3 - Verify the identity of both sides through the encrypted form of the other's IP address

Question 56

Aggressive Mode (IKE P1)

Answer 56

Uses Fewer Exchanges, resulting in fewer packets and faster connection.

Question 57

What Information is contained inside an IKE SA?

Answer 57

- Authentication Used - Encryption & Hashes Algos. - Diffie-Hellman Groups used - IKE SA Expiration - Shared Secret Key values for encryption Algos.

Question 58

What is The Diffie-Hellman key exchange algorithm?

Answer 58

a cryptographic protocol that allows two parties to establish a shared secret key over an insecure network without directly transmitting the key itself.

Question 59

IKE Phase 2

Answer 59

- Negotiate the IPSec SA parameters protected by an existing IKE SA - Establish IPSec SA - Periodically Renegotiate IPSec SAs - Perform Additional Diffie-Hellman Exchanges

Question 60

Quick Mode (IKE P2)

Answer 60

Occurs after IKE P1. actual encryption and authentication parameters for protecting network traffic are negotiated and security associations (SAs) are established.

Question 61

Transport Mode

Answer 61

Uses Packet's original IP Header to be used for client-to-site VPNs - Ideal for Client to Site

Question 62

Tunneling Mode

Answer 62

Encapsulates the entire packet and puts another header on top of it - Ideal for Site to Site

Question 63

Authentication Header (AH)

Answer 63

Provides connectionless data integrity and data origin authentication of IP datagrams and provides protection against replay attacks

Question 64

Encapsulating Security Payload (ESP)

Answer 64

Provides Authentication, Integrity, Replay protection, and data confidentiality

Question 65

Public Key Infrastructure (PKI)

Answer 65

An entire system of hardware, Software, policies, procedures, and people that is based on asymmetric encryption. - creates the asymmetrical key pairs that consist of public and private keys that are used in the encryption and decryption process - Asymmetric encryption and decryption system

Question 66

Public Key Cryptography

Answer 66

a system where two keys are used for encryption and decryption: a public key and a private key - Asymmetric encryption and decryption process

Question 67

Certificate Authority

Answer 67

Issues digital certificates and keeps the level of trust between all of the certificate authorities around the world

Question 68

Key Escrow

Answer 68

Process where cryptographic keys are stored in a secure, third-party location, which is effectively an "Escrow"

Question 69

Digital Certificate

Answer 69

Digitally signed electronic document that binds a public key with a user's identity

Question 70

What standard do Digital Certificates use inside of PKI ?

Answer 70

X.509 protocol standard

Question 71

Wildcard Certificate

Answer 71

Allows all of the subdomains to use the same public key certificate and have it displayed as valid

Question 72

Subject Alternate Name (SAN) Field

Answer 72

Certificate that specifies what additional domains and IP addresses are going to be supported

Question 73

Single-Sided Certificate

Answer 73

Only Requires the server to be validated

Question 74

Dual-Sided Certificate

Answer 74

Requires both the server and user to be Validated

Question 75

Self-Signed Certificate

Answer 75

An entity claims its own identity and vouches for itself

Question 76

Third-Party Certificate

Answer 76

Digital cert. issued and signed by a trusted Certificate Authority (CA)

Question 77

Root of Trust

Answer 77

Each cert. is validated using the concept of a root of trust or the chain of trust

Question 78

What are some third-party trusted providers?

Answer 78

- Verisign - Amazon - Goggle - CloudFlare

Question 79

Certificate Authority (CA)

Answer 79

Trusted Third-party that issues digital certs.

Question 80

Registration Authority (RA)

Answer 80

a trusted entity within a Public Key Infrastructure (PKI) that verifies the identity of individuals or organizations seeking digital certificates

Question 81

Certificate Signing Request (CSR)

Answer 81

A block of encoded text that contains information about the entity requesting the certificate

Question 82

What type of information is contained in a CSR?

Answer 82

- Organization name - Domain Name - Locality - Country

Question 83

Certificate Revocation List (CRL)

Answer 83

Online list of digital certs. that the CA has revoked

Question 84

Key Escrow

Answer 84

Secure copy of a user's private key is stored

Question 85

Key Recovery Agent

Answer 85

Specialized type of software that allows the restoration of a lost or corrupted key to be performed

Question 86

Key management

Answer 86

Refers to how an organization will generate, exchange, store and use encryption keys