401/501 Study Guide

Question 1

What Port is DNS?

Answer 1

53

Question 2

CIA Triad

Answer 2

C - Confidentiality
I - Integrity
A - Availability

**These three are EQUALLY as important

Question 3

When information remains true to the creators intent

Answer 3

Integrity

Question 3

What are some common network applications that use UDP?

Answer 3

• Domain Name System (DNS)
• Streaming media…like IPTV
• Voice over IP (VoIP)
• Trivial File Transfer Protocol (TFTP)
• Many online games

Question 4

Information conforms to reality

Answer 4

Authenticity

Question 5

According to 1000 Foot View, what are the core principles of IA?

Answer 5

Confidentiality, Availability, Authenticity, Authorized Use, Privacy, Non-Repudiation, Utilization, Possession, Integrity

Question 6

When information is fit for a purpose and in a usable state

Answer 6

Utilization

Question 7

Only authorized personnel may access cost incurring services
Ex.) toll-fraud prevention

Answer 7

Authorized Use

Question 8

What are the Five DIACAP Activities?

Answer 8

1. Initiate & Plan IA C&A
2. Implement & Validate assigned IA Controls
3. Make Certification Determination & Accreditation Decision
4. Maintain Authorization to Operate & Conduct Reviews
5. Decommission

Question 9

When only authorized personnel may disclose or observe information

Answer 9

Confidentiality

Question 10

When the originator of message or transaction may not later deny action

Answer 10

Non-Repudiation

Question 11

What does DIACAP stand for?

Answer 11

Department of Defense Information Assurance Certification Accreditation Processes

Question 12

What Port is HTTP?

Answer 12

80

Question 13

What layer of the OSI Model Diagram provides end-to-end data transmission integrity?

Answer 13

Transport

Question 14

Who invented the one-time password?

Answer 14

Gilbert Vernam
Called it the “Vernam Cipher”
1917

Question 15

*a simpler message-based connectionless protocol

Communication is achieved by transmitting information in one direction from source to destination without verifying the readiness or state of the receiver

• connectionless protocols do not set up a dedicated end-to-end connection

Answer 15

User Datagram Protocol (UDP)

Question 16

What layer of the OSI Model Diagram establishes, maintains and manages sessions?
For example~ the synchronization of data flow

Answer 16

Session

Question 17

What is Port 110?

Answer 17

POP3

Question 18

What does OSI stand for?

Answer 18

Open Systems Interconnection

Question 19

What are the 7 levels of the OSI Model Diagram?

Answer 19

7     Application 
6     Presentation 
5     Session 
4     Transport 
3     Network 
2     Data Link
1     Physical

Question 20

What layer of the OSI Model Diagram provides data representation between systems?

Answer 20

Presentation

Question 21

What layer of the OSI Model Diagram provides transfer of information units to the other end of the physical link?

Answer 21

Data Link

Question 22

What Port is HTTPS?

Answer 22

443

Question 23

An attack in which the attacker sends a large number of connection or information requests to overwhelm and cripple a target

Answer 23

Denial-of-Service (DoS) attack

Question 24

What Port is LDAP?

Answer 24

389

Question 25

The process of using social skills to convince people to reveal access credentials or other valuable information to the attacker

Answer 25

Social engineering

Question 26

When information is ready for use within stated operational parameters

Answer 26

Availability

Question 27

The industry standard for computer security since the development of the mainframe.
Known as the Holy Trinity of IA

~based on 3 characteristics that describe the utility of information.

Answer 27

C.I.A. Triad

Based on confidentiality, integrity, and availability

Question 28

A self-replicating computer program that uses a network to send copies of itself to other nodes, and it may do so without any user intervention. It does not need to attach itself to an existing program

Answer 28

Worm

Question 29

What hackers do – The Five Phases of Hacking

Answer 29

Phase 1 - Reconnaissance 
Phase 2 - Scanning 
Phase 3 - Gaining Access 
Phase 4 - Maintaining Access
Phase 5 - Covering Tracks

Question 30

Methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits

Answer 30

Biometrics

Question 31

Software designed to infiltrate a computer without the owner’s informed consent

Answer 31

Malware

-short for malicious software

Question 32

An attack in which a coordinated stream of connection requests is launched against a target from many locations at the same time

ie. Black Friday, Cyber Monday, Super Bowl Sunday

Answer 32

Distributed Denial-of-Service (DDoS) attack

Question 33

A bit pattern that defines which portion of the 32 bits represents a subnet address

Answer 33

Subnet Mask

Question 34

What Port is FTP?

Answer 34

20, 21

Question 35

This can provide a two-factor authentication method because the user may have to enter a PIN. This means the user must provide something she knows and something she has

Answer 35

Smart card

Question 36

What is Port 143?

Answer 36

IMAP4

Question 37

What are the Access Control Methods?

Answer 37

• Implicit deny
  〰 First answer is no
• Least privilege
  〰 Only permissions they need
• Separation of duties
  〰 Avoid “collusion”
• Job rotation

Question 38

A protected string of characters that is used to authenticate an individual

Answer 38

Password

Question 39

What layer of the OSI Model Diagram transmits bit stream on a physical medium?

Answer 39

Physical

Question 40

What is Port 119?

Answer 40

NNTP

Question 41

What are the Access Control Models?

Answer 41

Mandatory Access Control (MAC)
&
Discretionary Access Control (DAC)

Question 42

Human readable text

Answer 42

Plaintext

Question 43

What layer of the OSI Model Diagram switches & routes information units?

Answer 43

Network

Question 44

What Port is SSH?

Answer 44

22

Question 45

The three tenants of Authentication

Answer 45

⭐️ Something a person knows (password)
⭐️ Something a person has (smartcard)
⭐️ Something a person is (fingerprint)

⭐️⭐️⭐️any 2 of these = Strong Authentication

Question 46

Malware that appears, to the user, to perform a desirable function but, in fact, facilitates unauthorized access to the user’s computer system

Answer 46

Trojan Horse

Question 47

What is Port 25?

Answer 47

SMTP

Question 48

Difference between MAC & DAC

Answer 48

〰MAC〰
⚡️ inflexible, predefined
⚡️ labor intensive

Question 49

A program that searches out other programs & infects them by embedding a copy of itself. When the infected program executes, it is also executed, which begins the infection

Answer 49

Virus

Question 50

Group policies, Password policies, User names & passwords, Time of day restrictions, Account expiration, ACLs and Logical tokens are all a part of what?

Answer 50

Logical Access Control

Question 51

An authentication protocol that challenges the system to verify identity.

Also, it’s an improvement over PAP

Answer 51

CHAP
Challenge Handshake Authentication Protocol

In computing, the Challenge-Handshake Authentication Protocol (CHAP) authenticates a user or network host to an authenticating entity. That entity may be, for example, an Internet access provider.
CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable challenge-value. CHAP requires that both the client and server know the plaintext of the secret, although it is never sent over the network.
Microsoft has implemented a variant of the Challenge-handshake authentication protocol, called MS-CHAP, which does not require either peer to know the plaintext.

Question 52

What Port is Kerberos?

Answer 52

88

Question 53

Privilege escalation, Spyware, Weak passwords, Back doors, Adware, Default accounts and Rootkits are all different types of what?

Answer 53

Vulnerabilities & mitigations associated with network devices

⭐️ System Security Threats

Question 54

What layer of the OSI Model Diagram provides specific services for applications, such as file transfer?

Answer 54

Application

Question 55

What is Port 23?

Answer 55

Telnet

Question 56

Role Based Access Control vs. Rule Based Access Control

Answer 56

✨ Role based access control
〰Job Function = Role(s)
〰Roles are assigned permissions

✨ Rule based access control
〰Ex : Allow * or Deny *

Question 57

Authenticity is necessary to be able to do what?

Answer 57

To ensure that the users or objects (like documents) are genuine & that they have not been forged or fabricated

For example: Authentication breech can occur when a user’s login id and password is used by un-authorized users to send un-authorized information.

Question 58

What class of network is 201.168.10.32?

Answer 58

Class C

Question 59

This is also called a dynamic password. It is used for authentication purposes and is only good once

Answer 59

One-Time password

One-Time pad

Question 60

When a hacker has a collection of these compromised systems, it is referred to as a __________.

Answer 60

Botnet

〰 a network of bots

Question 61

Substitution Cipher

Answer 61

a method of encryption in which units of plaintext are replaced with ciphertext according to a regular system.

Question 62

Transposition Cipher

Answer 62

a method of encryption by which the positions held by units of plaintext are shifted according to a regular system, so that the ciphertext constitutes a permutation of the plaintext

Question 63

IA vs. IS

Answer 63

Information assurance is closely related to information security and the terms are sometimes used interchangeably.

IA is best thought of as a superset of information security
IA is interdisciplinary and draws from multiple fields, including accounting, fraud examination, forensic science, management science, systems engineering, security engineering, and criminology, in addition to computer science.

IA’s broader connotation also includes reliability and emphasizes strategic risk management over tools and tactics.
In addition to defending against malicious hackers and code (e.g., viruses)

IA includes other corporate governance issues such as privacy, compliance, audits, business continuity, and disaster recovery.

Question 64

Differences between TCP & IP

Answer 64

☝️ TCP operates at a higher level
❗️concerned with only two-end systems
i.e. a Web browser and a Web Server

☝️ IP handles lower level transmissions from computer to computer as a message makes its way across the Internet

Question 65

Protect personal privacy and adhere to relevant privacy compliance requirements

Answer 65

Privacy

Question 65

Encrypted or machine readable text

Answer 65

Ciphertext

Question 66

When information remains in the custody of authorized personnel

Answer 66

Possession

Question 68

Who has access?

Answer 68

A cornerstone in the foundation of information security is controlling how resources are accessed so they can be protected from unauthorized modification or disclosure. The controls that enforce access control can be technical, physical, or administrative in nature.

Question 69

TCP/IP

Question 70

Transmission Control Protocol - TCP

Question 71

What are some ways you can identify & authenticate who is connecting?

Question 72

RADIUS

Answer 72

(Remote Authentication Dial In User Service)

Question 73

Firewall Terms

Question 74

Firewall types

Question 75

What Port is TFTP?

Answer 75

69

Question 76

Kerberos

Answer 76

-the way that Windows operates
­user requests access to service running on a different server
­-KDC authenticates user and sends a ticket to be used between the user and the service on the server
-

Question 77

UDP

Answer 77

A simpler message-based connectionless protocol (no handshake)
● Connectionless protocols do not set up a dedicated end-to-end connection
● Communication is achieved by transmitting information in one direction from
source to destination without verifying the readiness or state of the receiver
● Streaming videos, games
● Common network applications that use UDP include:
o Domain Name System (DNS)
o Streaming media applications such as IPTV o Voice over IP (VoIP)

Question 78

Which of the following are capable of functioning as a Firewall? Choose two.
 Proxy
 Router
 PC
 Switch

Answer 78

Proxy service as well as the Router is both capable of Network Address translation (NAT) which is the basic function of a firewall.

Question 79

Subnetting

Answer 79

using the subnet mask value to divide a network into smaller components. This gives you more networks but a smaller number of hosts available on each.
o Subnetting uses bits from the node portion of the host address to create the additional networks, and there are two primary reasons for using it:
1. To use IP addresses more effectively
2. To make the network more secure and manageable
• It accomplishes the latter by confining traffic to the network that it needs to be on, reducing overall network traffic and creating more broadcast domains, thus reducing the range of network-wide broadcast traffic.

Question 80

Web security gateway

Answer 80

A web security gateway and a unified threat management appliance both combine multiple security controls into a single appliance. They can inspect data streams and often include URL filtering, malware inspection, and content inspection components.

Question 81

Private IP Addresses

Answer 81

Class
Beginning address
Ending address
Class A
10.0.0.0
10.255.255.255
Class B
172.16.0.0
172.31.255.255
Class C
192.168.0.0
192.168.255.2

Question 82

Protocols

Answer 82

our agreed­upon method of communication
­Rules for communication
­Often part of a protocol suite or framework ­Described by their functions and interactions ­Protocols need to talk to other protocols

Question 83

Firewalls

Answer 83

Hardware-based network firewall inspects packets
–Can either accept or deny packet entry
–Usually located outside network security perimeter

Question 84

Firewall actions on a packet

Answer 84

-Allow (let packet pass through)
–Block (drop packet)
–Prompt (ask what action to take)

Question 85

Elements of a secure network design

Answer 85

-Demilitarized zones
–Subnetting
–Virtual LANs
–Remote access

Question 86

Demilitarized Zone

Answer 86

~Separate network located outside secure network perimeter

•Untrusted outside users can access DMZ but not secure network

Question 87

Subnetting

Answer 87

IP address may be split anywhere within its 32 bits
•Network can be divided into three parts
–Network
–Subnet
–Host
•Each network can contain several subnets
•Each subnet can contain multiple hosts

Question 88

Port 7

Answer 88

Echo
❖ TCP or UDP
❖ Testing round trip times between hosts

Question 89

Types of security hardware logs

Answer 89

NIDS, NIPS, DNS, proxy servers, and firewalls

Question 90

Log analysis

Answer 90

-Log records events that occur
–Monitoring logs can be useful in determining how attack occurred
–System logs and security application logs
–Network security logs

Question 91

Firewall log items to be examined

Answer 91

-IP addresses rejected and dropped
–Probes to ports that have no application servers on them
–Source-routed packets
–Suspicious outbound connections
–Unsuccessful logins

Question 92

System events log record:

Answer 92

-Client requests and server responses
–Usage information
–Account information
–Operational information

Question 93

Benefits of monitoring system logs:

Answer 93

-Identify security incidents, policy violations, fraudulent activity
–Provide information shortly after event occurs
–Provide information to help resolve problems
–Help identify operational trends and long-term problems
–Provide documentation of regulatory compliance