600

Question 1

92 - 128 - 256 bit bit/key strength

Answer 1

AES

Question 2

168 bit/key strength

Answer 2

3DES

Question 3

160 bit/key strength

Answer 3

SHA-1 bit/key strength

Question 4

128 bit/key strength

Answer 4

MD5 bit/key strength

Question 5

MSCHAPv2

Answer 5

Microsoft’s authentication protocol

Question 6

a legacy suite of Microsoft security protocols that provides authentication - integrity - and confidentiality

Answer 6

NTLM

Question 7

Stop gap replacement for WEP while hardware was upgraded to support full WPA

Answer 7

TKIP(Temporal Key Integrity Protocol)

Question 8

Allows single file encryption

Answer 8

EFS

Question 9

Social media sites fuel what type of attacks?

Answer 9

Cognitive password attacks

Question 10

encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel.

Answer 10

PEAP(Protected Extensible Authentication Protocol)

Question 11

encrypts a chunk of bits at a time before sending them over the network.

Answer 11

Block cipher

Question 12

a client or user authenticating themselves to a server and that server authenticating itself to the user in such a way that both parties are assured of the others’ identity

Answer 12

mutual authentication

Question 13

Strongest access control

Answer 13

MAC

Question 14

limiting MAC addresses to a port prevents what?

Answer 14

Rogue access points

Question 15

Where

Answer 15

Bitlocker

Question 16

Plain text and cipher text are always the same size

Answer 16

block cipher

Question 17

Secure a router in an unsecured closet?

Answer 17

disable the console port

Question 18

a system that is designed to detect potential data breach

Answer 18

DLP(data loss prevention)

Question 19

Personal Electronic Device

Answer 19

PED

Question 20

Disable what to prevent a web server from being used as a mail relay?

Answer 20

SMTP

Question 21

Mitigate ARP spoofing attacks?

Answer 21

Flood guards

Question 22

Cisco: block tftp and record it?

Answer 22

deny udp any server eq 69 log

Question 23

Protect from zero day attacks?

Answer 23

HIPS

Question 24

Triple A Services

Answer 24

Authorization - Authentication - Accounting

Question 25

Query packet for remote identification - lights up multiple flag fields?

Answer 25

XMAS

Question 26

Username - password & PIN?

Answer 26

single factor authentication

Question 27

Smartcards vs key punch?

Answer 27

eliminates shoulder surfing

Question 28

Keys needed to decrypt encrypted data are held in escrow so that an authorized third party may gain access to those keys.

Answer 28

key escrow

Question 29

A network service that supplies session tickets and temporary session keys to users and computers within an Active Directory domain - runs on each domain controller

Answer 29

Kerberos Key Distrobution Center

Question 30

Deploys quickly and cleanly and won’t leave behind oily residue - particulate - or water.

Answer 30

FM-200

Question 31

Separation of duties is often implemented between developers and administrators in order to separate which of the following?

Answer 31

Changes to code and the ability to deploy

Question 32

used to encrypt plaintext or to verify a digital signature

Answer 32

public key

Question 33

the use of different keys to perform these opposite functions - each the inverse of the other

Answer 33

asymmetric

Question 34

the same key to perform both encryption & decryption

Answer 34

symmetric cryptography

Question 35

Provides centralized Authentication - Authorization - and Accounting (AAA). Layer 7 UDP -

Answer 35

radius

Question 36

the most widely used software stream cipher and is used in popular protocols such as Secure Sockets Layer (SSL)

Answer 36

rc4

Question 37

Chap (challenge-handshake authentication protocol)

Answer 37

Server sends a challenge the host - who responds with a value obtained by using a one-way hash function. The server compares it to its own calculation of the expected hash value

Question 38

Key length of 168 bits (three 56-bit DES keys) - but due to the meet-in-the-middle attack - the effective security it provides is only 112 bits.

Answer 38

3des

Question 39

Configuring mode - encryption methods and security associations are part of?

Answer 39

IPSec

Question 40

Authentication to TCP 49?

Answer 40

TACACS+

Question 41

Enforces permissions based on data labeling?

Answer 41

Mandatory Access Control (Least Privilege)

Question 42

Goal for acceptable downtime during a disaster or other contingency?

Answer 42

Recovery Time Objective

Question 43

What are certificates for?

Answer 43

code signing - client authentication

Question 44

What device potentially has a DMZ interface?

Answer 44

firewall

Question 45

What should follow patch deployment?

Answer 45

Audit and verification

Question 46

How to ensure users only have access during certain hours?

Answer 46

Time of day restrictions

Question 47

What logs do you use when you need to know if people are trying to access a host?

Answer 47

Security Logs

Question 48

What technologies could be used to provide remote access?

Answer 48

firewall & VPN

Question 49

Smart cards for remote authentication are susceptible to what?

Answer 49

Malicious code on the local system

Question 50

Best tool to check user password complexity?

Answer 50

password cracker

Question 51

How to recover a forgotten password?

Answer 51

brute force

Question 52

What is needed on a server that stores private keys?

Answer 52

hardware security module

Question 53

A certificate authority takes what action in PKI?

Answer 53

issues and signs root certificates

Question 54

Why is input validation important?

Answer 54

Mitigates buffer overflow

Question 55

An inexpensive way to to deter physical intrutions?

Answer 55

fake cameras

Question 56

3rd party access to data

Answer 56

Common security concern for cloud computing?

Question 57

Counter measure for SQL injection?

Answer 57

input validation

Question 58

Congestion on firewall and half-open connections?

Answer 58

DDoS

Question 59

Employee badges?

Answer 59

Smartcard

Question 60

Interferes with network-based detection techniques?

Answer 60

SSL

Question 61

Random test data generated by an automated system?

Answer 61

Fuzzing

Question 62

Analyze a malicious payload?

Answer 62

protocol analyzer

Question 63

when a hash function produces the same hash value for two different sets of data

Answer 63

Collision

Question 64

Unauthorized access via Bluetooth

Answer 64

Bluesnarfing

Question 65

social engineering over telephone system

Answer 65

Vishing

Question 66

Physical accquisition of discarded data

Answer 66

Dumpster diving

Question 67

tbd

Answer 67

Cross-site scripting

Question 68

Open Source on-the-fly encryption

Answer 68

TrueCrypt

Question 69

Asset Value x Exposure Factor

Answer 69

SLE Single Loss Expectancy

Question 70

VLAN Ethernet standard

Answer 70

802.1q

Question 71

Users can grant other access

Answer 71

Discretionary Access Control

Question 72

Supports VPNs - combined with IPsec to provide security

Answer 72

L2TP

Question 73

Authenticates and/or encrypts each IP packet of a communication session.

Answer 73

IPsec

Question 74

Predecessor or TLS - developed by Netscape. Asymmetric cryptography for authentication and confidentiality of the key exchange - symmetric encryption for data/message confidentiality - and message authentication codes for message integrity

Answer 74

SSL

Question 75

TLS

Answer 75

Is initialized at layer 5 (the session layer) then works at layer 6 (the presentation layer)

Question 76

Also known as Triple DES. A block cipher algorithm used for encryption.

Answer 76

3DES

Question 77

The standard that provides for bandwidths of up to 54Mbps in the 5GHz frequency spectrum.

Answer 77

802.11a

Question 78

The standard that provides for bandwidths of up to 11Mbps in the 2.4GHz frequency spectrum. This standard is also called WiFi or 802.11 high rate.

Answer 78

802.11b

Question 79

The standard that provides for bandwidths of 20Mbps+ in the 2.4GHz frequency spectrum.

Answer 79

802.11g

Question 80

Agreed-upon principles set forth by a company to govern how the employees of that company may use resources such as computers and Internet access.

Answer 80

acceptable use policy

Question 81

An attack aimed at gaining access to your resources

Answer 81

access attack

Question 82

The meansof giving or restricting user access to network resources.

Answer 82

Access Control

Question 83

List of rights that an object has - to resources on a network.

Answer 83

Access Control List (ACL)

Question 84

The point at which access to a network is accomplished. This term is often used in relation to WAP (Wireless Access Point).

Answer 84

access point (AP)

Question 85

The act of being responsible for an item. The administrator is often accountable for the network and the resources on it.

Answer 85

accountability

Question 86

The act of keeping track of activity.

Answer 86

accounting

Question 87

A message confirming that a data packet was received. This occurs at the Transport layer of the OSI model.

Answer 87

acknowledgment (ACK)

Question 88

The replacement for NT Directory Service (NTDS) that is included with Windows 2000/2003.

Answer 88

Active Directory

Question 89

A response generated in real time.

Answer 89

active response

Question 90

Also known as TCP/IP hijacking. This involves an attacker gaining access to a host in the network and logically disconnecting it from the network.

Answer 90

active sniffing

Question 91

A technology implemented by Microsoft that allows customized controls - icons - and other features to increase the usability of web-enabled systems.

Answer 91

ActiveX

Question 92

Any action undertaken by a user.

Answer 92

activity

Question 93

A network created when two RF-capable devices are brought within transmission range of each other. A common example is handheld PDAs beaming data to each other.

Answer 93

ad hoc RF network

Question 94

Protocol used to map MAC (physical) addresses to IP addresses.

Answer 94

Address Resolution Protocol (ARP)

Question 95

These work by looking for deviations from a pattern of normal network traffic.

Answer 95

AD-IDS

Question 96

A set of rules that govern administrative usage of the system.

Answer 96

administrative policies

Question 97

The user who is accountable and responsible for the network.

Answer 97

administrator

Question 98

A FIPS publication that specifies a cryptographic algorithm for use by the U.S. government.

Answer 98

Advanced Encryption Standard (AES)

Question 99

Software that gathers information to pass on to marketers - or intercepts personal data such as credit card numbers.

Answer 99

Adware

Question 100

A header used to provide connectionless integrity and data origin authentication for IP datagrams - and used to provide protection against replays.

Answer 100

AH (Authentication Header)