3.0 Implementation Flashcards

1
Q

network communication protocol that enables two computers to communicate (c.f http or hypertext transfer protocol, which is the protocol used to transfer hypertext such as web pages) and share data

And uses port 22

A

SSH Secure Shell

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A set of specifications for securing electronic mail and a technology that allows you to encrypt your emails. based on asymmetric cryptography to protect your emails from unwanted access.

Now a successor for PEM

A

Secure/Multipurpose Internet Mail Extensions S/MIME

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The protocol provides encryption, confidentiality, message authentication, and replay protection to your transmitted audio and video traffic

Uses UDP protocol

A

SRTP Secure Real Time Transport Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

is an open and cross platform protocol used for directory services authentication

uses port 389

A

Lightweight Directory Access Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

is an open and cross platform protocol used for directory services authentication however its over SSL

uses port 636

A

LDAP Secure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

standard communication protocol used for the transfer of computer files from a server to a client on a computer

uses port 21 and 20

A

FTP File Transfer Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

standard communication protocol used for the transfer of computer files from a server to a client or client to server however its add on encryption

Uses port 990

A

FTPS Secure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

a network protocol for securely accessing, transferring and managing large files and sensitive data and uses ssh

Uses port 22

A

SSH FTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

an application-layer protocol for monitoring and managing network devices on a local area network (LAN) or wide area network (WAN)

includes new security features that add support for authentication and encryption of messages as well as protecting packets during transit

Use port 161 and 162

A

simple network management protocol v3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What protocol uses port 80?

A

HTTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What protocol uses port 443?

A

HTTPS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

a group of networking protocols used for setting up secure encrypted connections, such as VPNs, across publicly shared networks

A

IPSec

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

protocol provides data origin authentication, data integrity, and replay protection. However, it does not provide data confidentiality, which means that all of your data is sent in the clear

A

Authentication Header

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

protocol provides data confidentiality, and also optionally provides data origin authentication, data integrity checking, and replay protection

A

ESP encapsulating security payload

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

IPsec mode sets up a secure connection

A

IP Tunnel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

IPsec Mode only encrypts the data being sent without establishing a secure connection

A

IP Transport mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

commonly used message request protocol in the Internet world for transferring messages from an e-mail server to an e-mail client.

uses port 110

A

Post Office Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

a protocol where email clients to retrieve email messages from a mail server over a TCP/IP connection

uses port 143

A

Internet Message Access Protocol (IMAP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

a program designed to detect and remove viruses and other kinds of malicious software from your computer or laptop

A

Anti Virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

a type of software program created to protect information technology (IT) systems and individual computers from malicious software

A

anti malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

an endpoint security solution that continuously monitors end-user devices to detect and respond to cyber threats like ransomware and malware

A

endpoint detection and response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

makes sure that users do not send sensitive or critical information outside the corporate network

A

data loss prevention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

third generation of firewall technology, designed to address advanced security threats at the application level through intelligent, context-aware security features

A

next generation firewall NGFW

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

an approach to security that relies on third-party software tools to identify and prevent malicious activities. prevention systems are typically used to protect endpoint devices

A

Host IPS Intrusion Base Prevention System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

help organizations to identify threats inside the network perimeter by monitoring host devices for malicious activity that, if left undetected, could lead to serious breaches

A

Host IDS Intrusion Detection System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

protects your machine from rootkits and other malware. This type of Boot will check each start up component including the firmware all the way to the boot drivers and it will store this information into the TPM

A

Measured Boot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

software integrity measurements are immediately committed to during boot, thus relaxing the traditional requirement for secure storage and reporting.

A

Boot Attestation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

attribute is only sent to the server with an encrypted request over the HTTPS protocol

A

Secure Cookies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

is a method of computer program debugging that is done by examining the code without executing the program

A

Static Code Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

analysis involves running code and examining the outcome, which also entails testing possible execution paths of the code

A

dynamic code analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

an automated software testing method that injects invalid, malformed, or unexpected inputs into a system to reveal software defects and vulnerabilities

A

Fuzzing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

encrypt data as it is written to the disk

A

Self Encrypting Drives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

protects the data on your device in the event it is lost or stolen.

A

Full Disk encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

use full disk hardware encryption technology to secure data stored in them. By encrypting the entire drive, users do not have to worry about their data being accessed if the drive, laptop or mobile device gets stolen or lost

A

Opal FDE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

the foundation on which all secure operations of a computing system depend. It contains the keys used for cryptographic functions and enables a secure boot process. It is inherently trusted, and therefore must be secure by design.

A

Hardware root of trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

cryptographic module that enhances computer security and privacy. Protecting data through encryption and decryption, protecting authentication credentials, and proving which software is running on a system are basic functionalities associated with computer security. Feature is.built into the motherboard

A

trusted platform module

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

a load balancer configuration that distributes their workloads across multiple active servers

A

Active Active Load Balancer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

handles the full workload, while a backup server remains on standby, only activating in the event of a failure.

A

Active Passive Load Balancer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

specify the manner in which a server load is shared across a server pool

A

Schedule Load Balancer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

required to load balance clients requests and to reroute clients in case of failover

A

Virtual IP Load Balancer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

boosts performance by configuring a backend server to work efficiently with user requests.

A

Persistence load balancer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

the transfer of data packets from server to server within a data center

A

East-West Traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

provides a secure network for an organization to share information with relevant people outside the organization

A

Extranet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

private network contained within an enterprise that is used to securely share company information and computing resources. These can only be accessed by employees only

A

Intranet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

a strategic approach to cybersecurity that secures an organization by eliminating implicit trust and continuously validating every stage of a digital interaction

A

Zero Trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

works as an automated service that establishes a connection between the client and the VPN with no user interactions whatsoever

A

Always on VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

dividing your internet connection between two connections. The public network/open server and the private network. By doing so, enables you to leverage VPN to encrypt confidential data while still having direct access to the internet

A

spilt Tunnel VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

using your VPN for all your traffic

A

Full Tunnel VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

VPN connects remote users from any location to a corporate network

A

Remote VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

VPN connects individual networks to each other

A

Site to Site VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

communication protocol keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems

A

SSL Secure Socket Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

communication protocol keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems. However the traffic is encrypted and its a successor of SSL

A

TSL Transport Socket Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs

encapsulating the frame inside a User Datagram Protocol (UDP) packet, which in turn is encapsulated inside an IP packet.

A

layer 2 tunneling protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

performs security checking and authentication on the endpoint device directly, and provides information and assessment results to the NAC server for authentication

A

NAC Network Access Control Agent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

are not installed on the clients and are often used to inspect employee-owned mobile devices.

A

NAC Network Access Control Agentless

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

a solution that provides a secure dedicated alternate access method into an IT network infrastructure to administer connected devices and IT assets without using the corporate LAN

A

out-of-band management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

a feature of many managed switches in which the switch intentionally ceases to forward all broadcast traffic if the bandwidth consumed by incoming broadcast frames exceeds a designated threshold

A

Broadcast Storm Prevention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

is a data message transmitted across a local area network to detect loops in network topologies. contains information regarding ports, switches, port priority and addresses.

A

Bridge Protocol Data Unit (BPDU)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

preventing ports from moving into a forwarding state that would result in a loop opening up in the network

A

Loop prevention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

feature ensures that DHCP clients obtain IP addresses only from authorized DHCP servers and this device records mappings between IP addresses and MAC addresses of DHCP clients, preventing DHCP attacks on the network

A

Dynamic Host Configuration Protocol (DHCP) snooping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

is a system on a network used to access and manage devices in a separate security zone. This system is secure that you would log into and access another system

A

Jump server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

server allows multiple clients to route traffic to an external network. For instance, a business may have a proxy that routes and filters employee traffic to the public Internet

A

Forward or proxy server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

sits behind a firewall first and secondly it sits in front of web servers forwards public facing client (e.g. web browser) requests to those web servers

A

Reverse proxy server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

detection system is designed to help organisations monitor their cloud, on-premise and hybrid environments for suspicious events that could indicate a compromise. This includes policy violations and port scanning, plus unknown source and destination traffic

A

network-based intrusion detection system NIDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

detection system is designed to help organizations monitor their cloud, on-premise and hybrid environments for suspicious events that could indicate a compromise. This includes policy violations and port scanning, plus unknown source and destination traffic

A

network-based intrusion detection system NIDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

s a network security tool that continuously monitors a network for malicious activity and takes action to prevent it

A

Network based intrusion prevention system NIPS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

detection relies on a preprogramed list of known indicators of compromise (IOCs)

A

Signature Based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

is a scanning method that looks for malware-like behavior patterns. It is commonly used to detect new or not-yet-known malware

A

heuristic behavior-detection solution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

IDSes typically work by taking a baseline of the normal traffic and activity taking place on the network. They can measure the present state of traffic on the network against this baseline in order to detect patterns that are not present in the traffic normally

A

Anomaly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

a type of monitoring that is having an IPS off to the side that is receiving information from a switch that is redirecting traffic from other devices on the network. This can be done with a port mirror in the Cisco world that’s called a switch port analyzer or span. Or maybe a physical network tap that’s redirecting that traffic.

A

Passive Monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

a type of monitoring that is having the IPS on the network evaluating all traffic that is being sent

A

Inline monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

External device that is tamper-resistant hardware devices that secure cryptographic processes by generating, protecting, and managing keys used for encrypting and decrypting data and creating digital signatures and certificates

A

Hardware Security Module

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

is a piece of code that uses a number of protocols to gather information about your network, such as topology details, configurations, and network statistics

A

Collector

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

is a device, or service provider, that can consolidate multiple disparate circuits or carrier services into an easy-to-use, easy-to-manage, single circuit.

A

Network Aggregators

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

protects web applications from a variety of application layer attacks such as cross-site scripting (XSS), SQL injection, and cookie poisoning, among others

A

Web application Firewall

76
Q

inspect network packets, tracking the state of connections using what is known about the protocols being used in the network connection

A

Stateful Firewall

77
Q

firewalls do not inspect traffic. firewall also does not examine an entire packet, but instead decides whether the packet satisfies existing security rules. These firewalls require some configuration to arrive at a suitable level of protection

A

Stateless Firewall

78
Q

an information security term that refers to a single security solution, and usually a single security appliance, that provides multiple security functions at a single point on the network

A

Unified Threat Management

79
Q

a way to map multiple local private up addresses to a public address one before transferring the information

A

NAT Network Address Translation

80
Q

the use of a program to screen and/or exclude access to web pages or email deemed objectionable.

A

content/url filtering firewall

81
Q

a type of firewall that governs traffic to, from, or by an application or service

A

application firewall

82
Q

firewalls are extra layers of security which can also be used for monitoring and login as well on the client computer

A

host base firewall

83
Q

is a network security solution designed specifically for environments in which deploying hardware firewalls is difficult or impossible, buts it a virtual components that is being used in public and private cloud environments;

A

Virtual Firewall

84
Q

a set of technologies that work on a network to guarantee its ability to dependably run high-priority applications and traffic under limited network capacity

A

Quality of Service

85
Q

is a purpose-built device that passively makes a copy of network data but does not alter the data

A

port taps

86
Q

Wifi encryption Uses AES (Advanced Encryption system) and CCMP (Cipher Block Chaining Message)

A

WiFi Protected Access 2

87
Q

utilizes 192-bit security while still using the 802.1X standard to provide a secure wireless network for enterprise use. Meant to replace WPA2

A

WiFi Protected Access 3

88
Q

a simple counter-based block cipher implementation. Every time a counter-initiated value is encrypted and given as input to XOR with plaintext which results in ciphertext block

A

counter mode block cipher or CBC-MAC

89
Q

Wireless security that works with WPA3 and authentication is performed with a hash of a generated key that is unique to each authentication. Provides stronger defense against password guessing

A

simultaneous authentication of equals

90
Q

A protocol used on encrypted networks to provide a secure way to send identifying information to provide network authentication. It supports various authentication methods, including as token cards, smart cards, certificates, one-time passwords and public key encryption.

A

extensible authentication protocol EAP

91
Q

a protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel.

would only validate server certificate to establish TLS session, then an additional — potentially insecure — authentication would be performed in the tunnel

A

Protect EAP

92
Q

an EAP method that enables secure communication between a client and an authentication server by using Transport Layer Security (TLS) to establish a mutually authenticated tunnel

A

EAP-FAST

93
Q

extensible Authentication Protocol tunnel transport layer security. an extension of EAP sometimes used with 802.1X. It allows systems to use some older authentication methods such as PAP within a TLS tunnel. It requires a certificate on the 802.1X server but not on the client’s.

A

EAP-TTLS

94
Q

What port does FTP uses?

A

Port 20 and 21

95
Q

What port does DNS uses?

A

Port 53

96
Q

What port does DHCP uses?

A

Port 67 and 68

97
Q

What port does RDP uses?

A

3389

98
Q

offers strong security. This requires both server and client-side digital certificates for establishing a connection

A

EAP-TLS

99
Q

an extension of EAP sometimes used with 802.1X. It allows systems to use some older authentication methods such as PAP within a TLS tunnel. It requires a certificate on the 802.1X server but not on the client’s.

A

EAP-TTLS

100
Q

IEEE standard for media-level (Layer 2) access control that offers the capability to permit or deny network connectivity based on the identity of the end user or device and enables port-based control using authentication

A

IEEE 802.1x

101
Q

enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.

A

RADIUS Remote Authentication Dial-In User Service

102
Q

authentication enables a remote host to authenticate itself by providing a secret key, which is known to both hosts

A

PSK Pre Shared Key

103
Q

authentication toe uses x. 509 digital certificates for user device authentication. This method uses a RADIUS server for authentication

A

Enterprise

104
Q

a graphical representation of cyber risk data where the individual values contained in a matrix are represented as colors that connote meaning

A

Heat map

105
Q

to analyze the wifi connection, collect the data, and identify the problems responsible for a weak Wi-Fi signal. This collect information from different access points and channels within your network and provide a clear overview with visual reports and dashboards

A

Wi-Fi Analyzer

106
Q

a wireless method of connecting to the Internet over large areas without the need for extensive cabling. Sets up a connection from a single to location to another location

A

Point to Point connection

107
Q

consists of a central base station that supports several subscriber stations. These offer network access from a single location to multiple locations, permitting them to use the same network resources between them

A

Point to Multi Point connection

108
Q

MDM Admin can enable this feature once a device is compromise or lost

A

Remote Wipe

109
Q

setting virtual boundaries and triggering events when these boundaries are crossed by a mobile device on which certain software is installed

A

Geofencing

110
Q

uses data acquired from user devices to identify or describe the user’s actual physical location

A

Geolocation

111
Q

A MFA method that builds risk assessment capabilities into access decisions by analyzing users’ behavior and context, such as which device or network they’re logging in from.

A

Context Aware Authentication

112
Q

the user can artificially categorize different types of data on a mobile device’s storage media

A

Storage Segmentation

113
Q

solutions provide companies with the ability to effectively and scalably monitor and manage their remote endpoint

A

UEM Unified Endpoint Management

114
Q

software that secures and enables IT control over enterprise applications on end users’ corporate and personal smartphones and tablets

A

MAM Mobile Application Management

115
Q

Android feature prevents apps or processes from accessing data and resources that they are not allowed to.

A

SEAndroid
Security Enhancements Android

116
Q

installing apps on an iPhone or android without using their approved App Store or software distribution channel

A

Side loading

117
Q

refers to the ability to download applications, services, and configurations over a mobile or cellular network. used to automatically update firmware, software, and even encryption keys

A

OTA Over the Air

118
Q

a type of text-based protocol for mobile devices that was designed as a replacement for SMS and MMS messaging

A

Rich communication Service RCS

119
Q

a standardized specification that allows a device to read data from a USB device without requiring a PC

A

USB On-The-Go

120
Q

use your existing mobile phone and data plan to share a secure internet connection with another device, typically a laptop or tablet

A

Tethering

121
Q

you have access to a dedicated device, like a portable Wi-Fi device that’s capable of connecting to the closest cellular tower

A

HotSpot

122
Q

enables mobile phones, cameras, printers, PCs, and gaming devices to create their own Wi-Fi networks without an internet connection

A

Wifi Direct

123
Q

set of policies in a business that allows employees to use their own devices – phone, laptop, tablet or whatever – to access business applications and data, rather than forcing employees to use company-provided devices for that purpose

A

Bring your own device BYOD

124
Q

a business model in which an organization provides its employees with mobile computing devices and allows the employees to use them as if they were personally owned notebook computers, tablets or smartphones

A

Corporate owned personally enabled COPE

125
Q

an employee provisioning model in which an organization allows people to select the mobile devices they would like, usually from a limited number of options

A

CYOD Choose your own device

126
Q

a security check point between cloud network users and cloud-based applications. They manage and enforce all data security policies and practices, including authentication, authorization, alerts and encryption

A

Cloud Access Security Broker CASB

127
Q

a new cloud-native solution for providing advanced network protection by inspecting web requests against company policy to ensure malicious applications and websites are blocked and inaccessible

A

Next-generation secure web gateway

128
Q

process of assigning a ‘geo-tag’ or adding some ‘geographical information’ in various ‘media’ forms such as a digital photograph, video or even in a SMS message

A

Geo tagging

129
Q

track information such as GPS address, IP address, or user’s device to pinpoint users’ location and determine whether a behavior was physically possible

A

Impossible Travel Time

130
Q

cryptographic module that enhances computer security and privacy. Protecting data through encryption and decryption, protecting authentication credentials, and proving which software is running on a system are basic functionalities associated with computer security. Built into the mother board

A

TPM Trust Platform Module

131
Q

in order to authenticate, the authenticator sends a “challenge” message to the access-requesting party, which responds with a value calculated using a “one-way hash” function that takes as inputs the challenge and the shared secret

A

CHAP Challenge Handshake Authentication Protocol

132
Q

provides simple password authentication on initial link establishment. It is not a strong authentication method, since passwords are transmitted in clear over the link and there is no protection from repeated attacks during the life of the link

A

Protection Authentication Protocol

133
Q

Type of federation

is designed to authenticate a user, so providing user identity data to a service

Better than OPENID

A

Security Assertion Markup Language SAML

134
Q

remote authentication protocol, that will allow a remote access server to communicate with an authentication server in order to validate an user access onto the networking devices.

Commonly used to access to network devices like routers and switches.uses port 49

A

TACACS+ Terminal Access Controller
Access Control System Plus

135
Q

What port does TACACS+ uses?

A

Port 49

136
Q

What port does IMAP uses?

A

Port 143

137
Q

What port does SSH, SCP and SFTP uses?

A

Port 22

138
Q

What port does telnet use?

A

Port 23

139
Q

What port doe SMTP use?

A

Port 25

140
Q

What port does TFTP use?

A

Port 69

141
Q

What port does Kerberos use?

A

Port 88

142
Q

What port does POP use?

A

Port 110

143
Q

What port does SNMP use?

A

Port 161 and 162

144
Q

What port does SNMP use?

A

Port 162 and 161

145
Q

What port does syslog use?

A

Port 514

146
Q

What port does Layer 2 Tunneling Protocol use?

A

Port 1701

147
Q

What port does Point to point protocol use?

A

Port 1723

148
Q

open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords

Treated as a authorization protocol than authenticating

A

OAuth

149
Q

provides great support for native mobile applications running on iOS and Android. allows you to use an existing account to sign in to multiple websites, without needing to create new passwords.

an open authentication protocol that is no longer being used

A

OpenID

150
Q

security protocol that authenticates service requests between two or more trusted hosts across an untrusted network, like the internet

Uses port 88

A

Kerberos

151
Q

grant access based on a user’s location, role, the time of day, the device being used, the resource in question, and the desired action, i.e., all the attributes necessary to enforce secure authorization dynamically and in real-time

A

ABAC Attributed Based Access Control

152
Q

security, is a mechanism that restricts system access. It involves setting permissions and privileges base on the user role

A

Role BAC

153
Q

access controls are preventative – they don’t determine access levels for employees. Instead, focusing on the rules associated with the data’s access or restrictions

A

Rule BAC

154
Q

access control is the principle of restricting access to objects based on the identity of the subject (the user or the group to which the user belongs).

A

Discretionary Access Control

155
Q

means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (i.e., clearance) of users to access information of such sensitivity

A

Mandatory Access Control

156
Q

It deals with generating, exchanging, storing, using and replacing keys as needed at the user level

A

Key Management

157
Q

offers an easy-to-use, effective solution to create and store asymmetric key pairs for encrypting or decrypting as well as signing or validating anything that depends on a public key infrastructure

is a an organization that acts to validate identities and bind them to cryptographic key pairs with digital certificates

A

CA Certificate Authority

158
Q

a certificate that was issued as a dividing layer between the Certificate Authority and the end user’s certificate. It serves as a verification device that tells a browser that a certificate was issued on a safe, valid source, the CA’s root certificate.

A

Intermediate Certificate

159
Q

an authority in a network that verifies user requests for a digital certificate and tells the certificate authority (CA) to issue it.

A

Registration Authority

160
Q

to make it known that a site’s digital certificate is not trustworthy. It warns a site’s visitors not to access the site, which may be fraudulently impersonating a legitimate site. also protects visitors from man-in-the-middle attacks

A

CRL Certificate Revocation List

161
Q

These attributes that specify group membership, roles, security clearances or other authorization information associated with the certificate holder.

A

Certificate Attributes

162
Q

It is a method used by browsers to make sure a security certificate is valid. Web browsers check the status of security certificates with third-party vendors. If the certificate is valid, the connection to HTTPS will continue

A

OCSP Online Certificate Status Protocol

163
Q

is verification of domain name ownership and control.

A

Domain Validation

164
Q

additional checks had been done by the certificate authority, and they’ve enabled additional features that would show the name of the certificate owner in the browser bar itself,

A

Extended Validation

165
Q

a digital certificate file that is created and stored in binary format. It is a binary encoding for the X. 509 certificates and private keys

A

DER Distinguished Encoding Rules

166
Q

validates the information the CA requires to issue a certificate.

digital certificate applicant to a certificate authority (CA) to request a validation

A

Certificate signing Request

167
Q

represents the server name protected by the SSL certificate

A

Common Name

168
Q

specify additional host names (sites, IP addresses, common names, etc.)

A

Subjective Alternative Name

169
Q

is an Internet standard that provides for secure exchange of electronic mail. employs a range of cryptographic techniques to allow for confidentiality, sender authentication, and message integrity.

Uses RSA, MD2 and MD5 hashing functions

Which is a legacy protocol

A

Privacy Enhanced Mail

170
Q

the intermediate authority certificate necessary for the trustworthiness of the certificate, and the private key to the certificate

an archive that stores everything you need to deploy a certificate.

A

Personal Information Exchange

171
Q

used to store X. 509 certificate. Normally used for SSL certification to verify and identify web servers security. The file contains information about certificate owner and public key

A

CER File or CER certificate

172
Q

an alternate extension for what is generally referred to as a “PFX file. combined format that holds the private key and certificate and is the format most modern signing utilities use

A

P12

173
Q

Certificate that is encoded in Base64 ASCII encoding

A

P7

174
Q

Authority allows the root CA to be reached at any time, which allows for a centralized CRL.
Having a centralized CRL means any certificates can be checked against the centralized source

A

Online Certificate Authority

175
Q

is on completely isolated from the network, providing an extra layer of security
Is sometimes kept completely powered down, providing near complete protection

the hierarchy is dependent on intermediate CAs to sign certificates.

A

Offline certificate Authority

176
Q

improves the connection speed of the SSL handshake by combining two requests into one. This cuts down on the amount of time it takes to load an encrypted webpage

A

OCSP Stapling

177
Q

idea of pinning down certain known good certificate. This way, only the known good certificate from a certain CA is associated with the host.

A

OCSP Pinning

178
Q

storing and providing a mechanism for obtaining copies of private keys associated with encryption certificates, which are necessary for the recovery of encrypted data.

A

Key Escrow

179
Q

certificate is a public key certificate which can be used with multiple subdomains of one domain.

A

Wilcard

180
Q

The role of a root certification authority in PKI is it is the trusted root that issues certificates.

In PKI, if Company A trust Company B and Company B trust Company C, then Company A trusts Company C, this is describing a transitive trust.

A

Trust Model

181
Q

consists of all the certificates needed to certify the subject identified by the end certificate. In practice this includes the end certificate, the certificates of intermediate CAs, and the certificate of a root CA trusted by all parties in the chain.

A

Certificate Chaining

182
Q

certificate is used in order to digitally sign software in order to verify a trustworthy source

certificates not only verify the source of the software, but also that the integrity of the software has been maintained.

A

Code signing

183
Q

a certificate that is signed by the same entity that being issued the certificate. The certificate is only as trustworthy as the signing party.

Useful when implemented on a private system, as an attack on the 3rd party CA is not an issue.

A

Self signing Cert

184
Q

certificates are used to secure an email connection so that it can be encrypted and signed

A

Email Certificate

185
Q

identifies an individual user in the PKI hierarchy, who should be trusted by some intermediate or root CA.

A

User Certificate

186
Q

is the certificate of the root CA, and must be self signed. This certificate must be trusted in order to allow all other certificates to be trusted.

A

root Certificate