all domains - quick learning and terms Flashcards

1
Q

what is OSI layer 1 and what devices are there and protocol data unit (PDU)

A
  1. Physical
  2. PDU - bits
  3. Hubs, repeaters and gateways
  4. 802.11 (wireless family) radio frequency, infrared, microwave, bluetooth
  5. ethernet, wired (twisted, pair, coax, fiber optics, SONET
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what is OSI layer 2 and what devices are there and what protocol data unit (PDU), protocols

A
  1. Data
  2. PDU - frames
  3. gateways, switches, Bridges, WAPs
  4. arp, rarp, PPTP, L2TP(vpn tunnels) , ppp (encapsulates IP traffice over analog, provides authentication, encryption (poor) and compression))
  5. authentication protocols pap, chap and eap
  6. FDDI, ISDN,
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

what is OSI layer 3 and what devices are there and what protocol data unit (PDU), protocols

A
  1. Network
  2. PDU - packets
  3. Routers, gateways and packet filtering firewall
  4. IP, ICMP(ping), IPSEC, IKE, ISAKMP, PING, IGMP IGMP, NAT, SKIP, OSPF (routing protocols)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

what is OSI layer 4 and what devices are there and what protocol data unit (PDU)

A
  1. Transport
  2. ports 65535
  3. pdu -segments
  4. TCP/UDP and SSL/TLS(used to encrypt http and other data traffic) (makes sure to know tcp/udp nuances)-
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

TCI/IP model layers

A
  1. Application
  2. Transport
  3. internet
  4. Network access
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what is the TCP 3 way handshake

A
  1. syn
  2. syn/ack
  3. ack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

what does network access layer in TCP/IP model map to in the OSI

A

TCP IP Network layer access maps to physical layer and data layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

what does the Internet layer in TCP/IP model map to in OSI

A

Internet maps to the OSI Network layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

what does the transport layer in TPC/IP model map to in OSI

A

transport layer maps to the transport layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

what does the application layer in the TCP/IP model map to in the OSI model

A

the TCP/IP application layer maps to the OSI session, presentation and application layers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. mnemonic for protocol data units (PDU)
  2. what layer
  3. what are they
A
  1. some people fear birthdays from 4 to 1
    Transport layer - segments
    Network layer - packet
    Data layer - frame
    physical layer - bits
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

what is OSI layer 5 and what devices are there

A
  1. Session
  2. circuit proxy firewall, gateways, PC’s
  3. socks is an example of proxy firewall
  4. session management capabilities between hosts
  5. remember session information like passwords, so verification does not need to repeat, dialog control
  6. Netbios, SMB, RPC, NFS, and SQL
  7. RPC - remote procudure protocol
  8. attacks – Session hijack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

what layer is encryption decrypted

A

layer 6 - presentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. what layers can gateways operate in
  2. what are they also called
  3. what logical function do the perform
A
  1. layers 1-7
  2. protocol translators
  3. they break broadcast and collision domains
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

what is OSI layer 6 and what devices are there

A
  1. Presentation
  2. coding and conversation functions on application layer data
  3. responsible for “presentation” character conversion, codecs, compression and decompression for streaming audio and video, image conversion, formatting (TIFF, JPEG, MPEG)
  4. establishes, manages, and terminates communication sessions between presentation layer entities
  5. encryption/decryption
  6. attacks – Phishing - Worms - Trojans
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

what is OSI layer 7 and what devices are there

A
  1. Application
  2. application firewalls, gateways, computers
  3. greatest intelligence to make decisions
  4. human computer interaction and where applications can access network services
  5. application firewalls (very intelligent, very advanced decisions like deep packet inspection, slow)
  6. HTTP/S, DNS, SSH, SNMP, LDAP, DHCP, Telnet, POP3 IMAP,
  7. attacks - Phishing - Worms - Trojans
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

what port number and protocol is POP3

A
  1. TCP 110
  2. TLS TCP 995
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

what port number and protocol is SMTP

A

TCP port 25
possibly TCP 587

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

what port number and protocol is IMAP

A
  1. TCP 143
  2. TLS TCP 993
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

what port number and protocol is RDP

A
  1. TCP and UDP 3389
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

what is the DHCP request flow look like

A
  1. discovery
  2. offer
  3. request
  4. acknowledge
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

what transport protocol uses secure shell (SSH) and encrypts both command and data

A
  1. SFTP, built on SSH
  2. uses only 1 port
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

what does ftps offer over ftp

A
  1. secured with SSL/TLS
    2 both still use TCP 20 (data) and 21 (control)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

what port number and protocol is FTP and FTPS

A
  1. TCP port 20 for data
  2. TCP port 21 for control
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

what layer of OSI isolates traffic into broadcast domains

  1. 4
  2. 5
  3. 3
  4. 1
A

3 - domain 3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

what port number is telnet and what protocol

A

TCP 23

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

what port number is IMAP and what protocol

A

TCP 143

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

what port number is netbios and datagram and what protocol

A

TCP and UDP port 138

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

what port numbers and protocol is DHCP

A

UDP 67 for server
UDP 68 for client

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

port number and protocol for LDAP

A

TCP 389

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

port number and protocol for Kerberos authentication

A

TCP and UDP port 88

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

port number and protocol for DNS

A

TCP and UPD port 53

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

port number and protocol for SSH

A

TCP 22

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

port number and protocol for TFPT

A

UDP port 69

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

port number and protocol for SNMP

A

UDP port 161

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

port number and protocol for SNMP(trap)

A

TCP/UDP 162

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

port number and protocol for TACACS+

A

TCP/UDP 49

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

port number and protocol for Radius authentication

A

TCP/UDP port 1812

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

port number and protocol for Radius accounting

A

TCP/UDP 1813

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

what are the private address ranges

A

Class A 10.0.0.0 to 10.255.255.255
Class B 172.16.0.0 to 172.31.255.255
Class C 192.168.0.0 to 192.168.255.255

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Asynchronous Communication transfers data by sending:
A. bits of data sequentially
B. bits of data sequentially in irregular timing patterns
C. bits of data in sync with a heartbeat or clock
D. bits of data simultaneously

A

B. bits of data sequentially in irregular timing patterns

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

cryptography does not help in?

  1. detecting fraudulent disclosure
  2. detecting fraudulent deletion
  3. detecting fraudulent modification
  4. detecting fraudulent insertion
A
  1. detecting fraudulent disclosure
43
Q

a momentary power outage is known as which electrical issue

  1. fault
  2. surge
  3. spike
  4. blackout
A
  1. fault
44
Q

which set of documents provides technical guidance for software developers and is published by the IETF internet engineering task force

  1. ISO standards
  2. IETF comments
  3. RFC - request for comments publication
  4. RFC group standards
A
  1. RFC - request for comments publication
45
Q

which software development model is actually a meta-model that incorporates a number of software development models

  1. the critical path model (CPM)
  2. the spiral model
  3. the modified waterfall model
  4. the waterfall model
A
  1. the spiral model
46
Q

Which ones are the placeholders for literal values in a SQL query that is being sent to database on a server?

  1. Assimilation variables
  2. Reduction variables
  3. Blind variables
  4. Resolution variables
A
  1. Blind variables
47
Q

similar to secure shell (SSH-2), secure sockets layer(SSL) uses symmetric encryption for encrypting the bulk of the data being sent over the session and it uses symmetric or public key cryptography for:

  1. name resolution
  2. server authentication
  3. peer authentication
  4. peer identification
A
  1. peer authentication
48
Q

What is defined as inference of information from other, intermediate, relevant facts?
A. Secondary evidence
B. Conclusive evidence
C. Hearsay evidence
D. Circumstantial evidence

A

D. Circumstantial evidence

49
Q

Which of the following is best defined as a circumstance in which a collection of information items is required to be classified at a higher security level than any of the individual items that comprise it?

Aggregation
Inference
Clustering
Collision

A

The Internet Security Glossary (RFC2828) defines aggregation as a circumstance in which a collection of information items is required to be classified at a higher security level than any of the individual items that comprise it.

50
Q

Which of the following ACID property in DBMS ensures that the concurrent execution of transactions results in a system state that would be obtained if transactions were executed serially, i.e. one after the other?
A. Atomicity
B. Consistency
C. Isolation
D. Durability

A

Isolation – The isolation property ensures that the concurrent execution of transactions results in a system state that would be obtained if transactions were executed serially, i.e. one after the other.

51
Q

Which of the following level in CMMI model focuses on process innovation and continuous optimization?
A. Level 4
B. Level 5
C. Level 3
D. Level 2

A

Level 5 is the optimizing process and focus on process innovation and continuous integration.

52
Q

What attack involves the perpetrator sending spoofed packet(s) which contains the same destination and
source IP address as the remote host, the same port for the source and destination, having the SYN flag, and
targeting any open ports that are open on the remote host?
A. Boink attack
B. Land attack
C. Teardrop attack
D. Smurf attack

A

A land (Local Area Network Denial) attack involves sending a spoofed TCP SYN packet (connection initiation)
with the target host’s IP address to an open port as both source and destination. This causes the machine to
reply to itself continuously.

53
Q

in terms of risk analysis and dealing with risk, which of the four common ways listed below is the practice of coming up with alternatives so that the risk in question is not realized

  1. transference
  2. acceptance
  3. mitigation
  4. avoidance
A
  1. avoidance
54
Q

Identification and authentication are the keystones of most access control systems. Identification
establishes:
A. user accountability for the actions on the system
B. top management accountability for the actions on the system
C. EDP department accountability for the actions of users on the system
D. authentication for actions on the system

A

A. user accountability for the actions on the system

55
Q

which security operations position is responsible for examining logs from firewalls and IDS syst5em as as audit logs

  1. security engineer
  2. access admin
  3. security analyst
  4. security architect
A
  1. security analyst
56
Q

this position would be responsible for the overall protection of information assets with the company. what position would that be?

  1. information systems security manager
  2. data owner
  3. custodian
  4. executive management
A
  1. executive management

this would likely be the CISO or COO but both are part of executive management

57
Q

what are the major components of SAML

  1. profile, assertions, protocol and binding
  2. profile, authentication, attribute and authorization
  3. pre-authorization, assertions, protocols and authorization
  4. profile, assertions, protocols and authentication
A
  1. profile, assertions, protocol and binding
58
Q

which term is described in the situation that a document is not available, and the court finds the excuse provided acceptable, and the party is allowed to use secondary evidence to prove the contents of the document?

  1. exculpatory evidence
  2. inculpatory evidence
  3. circumstantial evidence
  4. best evidence rule
A
  1. best evidence rule
59
Q

Which of the following is needed for System Accountability?
Which of the following is needed for System Accountability?
A. Audit mechanisms.
B. Documented design as laid out in the Common Criteria.
C. Authorization.
D. Formal verification of system design.

A

Correct Answer: A
Explanation/Reference:
Is a means of being able to track user actions. Through the use of audit logs and other tools the user actions are recorded and can be used at a later date to verify what actions were performed.
Accountability is the ability to identify users and to be able to track user actions.

60
Q

In which phase of Internet Key Exchange (IKE) protocol is peer authentication performed?

  1. Pre Initialization Phase
  2. Phase 1
  3. Phase 2
  4. No peer authentication is performed
A
  1. Phase 1

phase 2 is negotiate IPSec SAs to setup IPSec tunnel

61
Q

which of the following is not a cryptographic attack

  1. brute force
  2. hybrid cryptosystem
  3. frequency analysis
  4. rainbow table
A
  1. hybrid cryptosystem

wrong answer frequency analysis:
In cryptanalysis, frequency analysis is the study of the frequency of letters or groups of letters in a ciphertext. The method is used as an aid to breaking classical ciphers

62
Q

what port uses udp port 69

  1. sftp
  2. tftp
  3. scp
  4. ftp
A
  1. tftp
63
Q

what is the difference between unit testing and regression testing

A

unit testing, is testing an individual piece of code.
regression testing, focuses on testing the whole software or application functioning

64
Q

what is not a MOM when talking about crimes
motivation
means
opportunity
methods

A

Answer: methods is not part of MOM

MOM = motivation, opportunity and means

65
Q

what is DCE

A

data circuit terminal equipment

66
Q

which of the following device in frame relay WAN technique is a service provide device that does the actual data transmission and switching in the frame relay cloud?

DTE
DME
DCE
DLE

A

DCE

67
Q

which of the following attacks would capture network user passwords

sniffing
smurfing data diddling
ip spoofing

A

sniffing

68
Q

which of the following tools is used to stress test applications, firewalling and IDS devices by sending large numbers of packets at them including randomly generated and/or malformed packets?

wireshark
snort
ISIC or IP stack integrity checker
security onion

A

ISIC or IP stack integrity checker

69
Q

what is governance

A

The process of how an organization is managed; usually includes all aspects of how decisions are made for that organization, such as policies, roles, and procedures the organization uses to make those decisions.

70
Q

what is Identity as a service (IDaaS)

A

Cloud-based services that broker identity and access management (IAM) functions to target systems on customers’ premises and/or in the cloud.

71
Q

what is Initialization vector (IV)

A

A non-secret binary vector used as the initializing input algorithm, or a random starting point, for the encryption of a plaintext block sequence to increase security by introducing additional cryptographic variance and to synchronize cryptographic equipment.

72
Q

what is Key Clustering

A

When different encryption keys generate the same ciphertext from the same plaintext message.

73
Q

what is Message authentication code (MAC) how do you use it

A
  1. both parties have a shared key
  2. both parties agree on the hash they are using
  3. sender takes the message and hashes with hash (maybe sha256) and key
  4. this creates a MAC or tag
  5. sender sends message + tag/mac to other party
  6. other party takes the message and hashes with their know key and hash
  7. if the their mac/tag is the same as the one they received then they accept the message as not being changed
  8. this method does not provide security
74
Q

Oauth 2.0 basic operations

A
  • resource owner - (you the person)
  • client (the application the wants access or perform actions on behalf of the resource owner)
  • authorization server - the application that knows the resource owner, where the resource owner already has an account
  • resource server - the API that client wants to use on behalf of the resource owner (sometimes the same server as the authorization server
75
Q

code vs cipher

A
  • code is not always secret. does not always provide confidentiality
    • symbols that operate on words or phrases
  • cipher - always meant to hide the true meaning of a message
76
Q

digital signature standard (DSS) works with 3 algorithms (this is not PKI)

A
  • DSA
  • RSA
  • ECDSA
77
Q

what is birthday attack

A
  • looking for collisions in a hash function
78
Q

stream cipher algorithm

A
  • RC4 128 bit
79
Q

only currently used symmetric block cipher

A
  • AES with 128 bit block
  • key size can be 128, 192 and 256
80
Q

what are the accepted PKI (public key infrastructure) algorithms (this is not DSS (digital signature standard))

A
  • RSA (prime numbers)
  • El Gamal - extension of Diffie-Hellman
    • modular arithmetic
  • Elliptic curve - discrete logarithm problem
    • more secure comparted to others if both keys are the same length
    • 256 bit ECC key is roughly the same strength as RSA 2048
81
Q

PKI attributes

A
  • ISO authentication framework
  • X.509 digital certificate standard
  • registration authority
  • certificate authority
  • certificate revocation (2 ways to accomplish this
    • certificate revocation list (CRL)
    • OCSP (online certificate status protocol
82
Q

digital signature process - steps

If I am sending you an email message and want to ensure that the message is not tampered with during transit and I also need to confirm you know the message really came from me, I will use a digital signature

https://www.techtarget.com/searchsecurity/feature/CISSP-cryptography-training-Components-protocols-and-authentication#:~:text=Some%20of%20the%20asymmetric%20algorithms,Diffie%2DHellman%20and%20El%20Gamal.

A
  • my email client will take my message and pass it through a hashing algorithm
  • The result of this process is a message digest that is a set of bits (for example, it would be 128 bits if the hashing algorithm MD5 is used)
  • My email client then takes my private key and encrypts this message digest value, which results in a digital signature.
  • This digital signature and my message are then sent to your system.
  • Your email client takes my public key and decrypts the digital signature and then runs my message through the same hashing algorithm, comparing the hash value I sent with the one your system generated. If the hash values match, your system knows the message has not been modified during transmission. And if your system can decrypt the digital signature with my public key, then your system knows that the message came from me.
83
Q
A
  • remote journaling
    • less expensive - only worried about transactions
    • not maintaining a full copy of DB each day
    • recovery would be - take last backup available, then use the journal information to rerun all the transactions that had not occurred by the time the last backup had occurred
  • Electronic vaulting
    • copying the backup locally to a medium such as tape, then copying that to a remote site
    • need to think of encryption while data is in motion (moving from main site to backup site)
  • database shadowing
    • most expensive
    • mirroring data between sites
84
Q

drive destruction

A
  • clearing -
    • digitally wiping or overwriting with zeros and ones
    • least effective
  • purging
    • methods like degaussing
  • destruction
    • physical destruction - shredding, fire, pulverizing
85
Q

specific techniques to data destruction on storage

A
  • zeroing
    • erases data on the disk and overwrites with zeros
  • overwriting
    • data is written to storage locations that previously held sensitive data
    • random passes of zeros and ones, no patterns
    • the number of times this is done, depends on the storage media and sensitivity of data
86
Q

scoping and tailoring

A
  • scoping - considering which security controls apply and what assets they need to protect
  • tailoring - modifying the set of controls to meet the specific characteristics and requirements of the organization
87
Q

brute force attack - which do they have

  • plaintext
  • neither plain or cipher text
  • both plain and cipher text
  • ciphertext
A
  • cipher text
    explanation: attacker will try every key until the cipher text is decrypted
88
Q

known plaintext - what does the attacker have

A

both plaintext and cipher

89
Q

RSA is susceptible to what

  • side channel attack
  • meet in the middle attack
  • chosen ciphertext
  • known plaintext
A
  • chose ciphertext

explanation:

  • attacker can use the RSA public key to encrypt plaintext, then decrypt the resulting ciphertext in order to determine patterns
  • this can be mitigated with random padding
90
Q

SAML components

A

1. Client

The user trying to authenticate into a web-based application.

2. Identity Provider (IdP)

The server or authorization authority that the client ultimately authenticates with. It holds the client’s credentials. Example:
When you log in to an application using Gmail credentials, Gmail is the IdP.

3. Service Provider (SP)

The web-based application that the client tries to access. Example: When you log in to GitHub using your Gmail credentials, then GitHub is the SP. SPs do not authenticate the user but delegate the task to the IdP.

4. Identity Management Service/Single Sign-On (IDM/SSO) Service

The service that enables communication between the SP with the IdP, allowing clients to access a service using a single account.

91
Q

saml attributes

A
  • SSO
  • web based authorization
  • Tokens
  • XML metadata
92
Q

what does a land attack do

A

attacker sends a packet with the same source and destination address and port

93
Q

change management steps

A
  • request the change -
  • review the change - experts within the org. review the change
  • approve/reject the change - approve or reject based off the review, then record the response in change management documentation
  • test the change - tested on non production server if possible. verify changes do not cause any harm
  • schedule and implement the change - schedule change for the least impact on system and users. give time for rollback if needed.
  • document the change - update configuration management doc. updated docs ensures that administrators can return systems back to the state they were in if there are unrelated disasters after changes
94
Q

groupings of subjects and objects that have the same security level requirements is what

A

security domain

95
Q

which of the following prevents accidental data access by ensuring that a class defines only the data that is requires

  • polymorphism
  • encapsulation
  • polyinstantiation
  • inheritance
A

encapsulation

explanation:

  • encapsulation ensures that a class defines only the data that it requires.
  • also known as data hiding, is a characteristic of object-oriented programming
96
Q

which of the following software errors is least likely to produce user visible error message

  • use of expired session token
  • unauthorized use of admin privileges
  • tampering attempts
  • incorrect for input
A

tampering attempts

explanation: of the available options, tampering attempts are the least likely to produce user visible error messages.

97
Q

what must a user have for all information processed in system high mode

A

security clearance and access approval

98
Q

what attacks are layer 1 of OSI

A

Signal Jamming - Wiretapping

99
Q

what attacks are at layer 2 of OSI

A

Collision - DOS /DDOS - Eavesdropping, arp poison, mac spoofing

100
Q

what attacks are at layer 3 of osi

A

smurfing flooding - ICMP spoofing - DOS

101
Q

what attacks are at layer 4 of osi

A

SYN flood - fraggle

102
Q

what attacks are at layer 5 of osi

A

sesion hijack

103
Q

what attack is at layer 6

A

Phishing - Worms - Trojans

104
Q

what attack is at layer 7

A

Phishing - Worms - Trojans