Architecture and Design Flashcards
What are the three issues that symmetric data encryption fails to address?
- Digital integrity
- Repudiation
- Scalable Key Distribution
Which encryption method is more scalable?
Asymmetric encryption
What is the key length used by a one-time pad?
- The key length is the same length as the message that is to be encrypted
- The message length determines the key length
Which term refers to the assurance that data has not been altered in transmission?
Data integrity
What is the size, in bits, of a Message Digest version 5 (MD5) hash?
128 bits
What is meant by the term VM escape?
An exploit in which the attacker runs code on a VM that allows an OS running within it to break out and interact directly with the hypervisor
What key is used to decrypt a digital signature: public or private
Public
What does the acronym MFD denote?
Multi-functional device
Which private-key encryption algorithm does Pretty Good Privacy (PGP) use to encrypt data?
International Data Encryption Algorithm (IDEA)
Why should you periodically test an alternate site?
To ensure continued compatibility and recovery
What bit length is the hash value provided by the Secure Hash Algorithm (SHA)
160 bits
What is the name of the array where hashed items are kept?
Hash table
What is the process by which a system determines that a specific user is authorized to perform certain functions?
Authorization
What is the purpose of a file’s MD5 hash value?
To verify file integrity
Which servers are susceptible to the same type of attacks as their host, including DoS attacks, detection attacks, and escape attacks?
Virtual servers
What is the purpose of a Message Authentication Code (MAC)
Message Authentication Code (MAC) helps protect against fraud in electronic fund transfers
What does the acronym IoT denote
Internet of Things
What is meant by the term transitive trust?
A two-way relationship created between parent and child domains
What is the purpose of DLP?
Data Loss Prevention (DLP) is a network system that monitors data on computers to ensure the data is not deleted or removed
What does the acronym UAV denote?
Unmanned Aerial Vehicle
Which fire suppression method, formally used to suppress fires involving electrical equipment or liquids, has been discontinued?
Halon gas
What is a pass-the-hash attack?
When an attacker obtains a hashed user credential and uses it to authenticate to a system without cracking it
Is the Data Encryption Standard (DES) algorithm asymmetric or symmetric?
Symmetric
Which alternate computing facility takes the least amount of time to become operational?
Hot site
Which fingerprint scan will analyze fingerprint ridge direction?
Minutiae matching
What is the primary purpose of Tripwire?
To monitor the baseline configuration of a system and the changes made to it
Which type of attack on a cryptographic algorithm uses brute force methods to encrypt text strings until the output matches the ciphertext?
A mathematical attack?
What is the safest method for creating and managing key pairs: centralized or de-centralized key management?
Centralized key management
What is another name for RAID5
Disk striping with parity
What are the two most important security needs that are met using Secure Multipurpose Internet Mail Extensions (S/MIME)?
- Authentication
* Confidentiality
What are the two other names for single-key cryptography?
- Symmetric key encryption
* Secret-key encryption
What is the most important biometric system characteristic?
Accuracy
What does the acronym FRR denote?
False rejection rate
Should virtual servers have the same information security requirements as physical servers?
Yes
What was the first public-key algorithm ever user?
Diffie-Hellman
When does fuzzing occur?
When unexpected values are provided as input to an application in an effort to make the application crash
Which cryptography technique is based on a combination of two keys:
- A secret private key
- A public key
Public-key cryptography
What public-key algorithm was the first to allow two users to exchange a secret key over an insecure medium without any prior keys?
Diffie-Hellman
What is the primary concern of RAID?
Availability
What does the acronym RAID denote?
Redundant Array of Inexpensive Disks
Is the Message Digest 5 (MD5) algorithm used with symmetric or asymmetric key algorithms?
Asymmetric
What is the purpose of fuzz testing?
To identify bugs and security flaws within an application
What is the purpose of a bollard?
A bollard is a physical security control that prevents cars from accessing certain areas. They are most often deployed in front of retail storefronts
What is another name for RAID 1?
Disk mirroring
What is a hot site?
An alternate computing facility with telecommunications equipment and computers
Is the RSA algorithm symmetric or asymmetric?
Asymmetric
What is Microsoft Baseline Security Analyzer?
A Microsoft app that creates security reports
What is a cold site?
An alternate computing facility with no telecommunications equipment or computers
Which backup method backs up every file on the server each time it runs?
Full backup
What are the two types of ciphers?
- Block ciphers
* Streaming ciphers
What does the acronym CER denote?
Crossover error rate
What is the purpose of application hardening?
Ensures that an application is secure and unnecessary services are disabled
Which type of disaster recovery site provides very little fault tolerance for the primary data center and relies on backups to bring the data center back online?
Cold site
Why is the location of an alternate site important?
You do not want it to be affected by the same disaster as your primary facility?
What is the basis by which a device is measured for integrity
The secure baseline
Which type of cryptography relies more on physics, rather than mathematics, as a key aspect of its security model?
Quantum cryptography
What does thy acronym HVAC denote?
Heating, Ventilation, and Air Conditioning
What is a honeynet?
When two or more honeypots are implemented on a network
Which security concept ensures that data is protected from being accessed by unauthorized persons?
Confidentiality
What block cipher and key size (in bits) are used by the Clipper Chip?
The skipjack block cipher and an 80-bit key length
On what does the Pretty Good Privacy (PGP) mail standard rely?
A web of trust
According to the CompTIA Security+ blueprint, what are the four authentication attributes?
- Somewhere you are
- Something you can do
- Something you exhibit
- Someone you know
What does the acronym VM denote?
Virtual Machine
What does the acronym EMP denote?
Electro-magnetic pulse
What bit length is the hash value provided by the Message Digest 2 (MD2), MD4, and MD5 algorithms?
128-bits
What is meant by the term VM sprawl?
When the number of virtual machines (VMs) on a network reaches a point where the administrator can no longer manage them effectively
What is the main difference between virtualization and cloud computing?
The location and ownership of the physical components
What does the acronym SoC denote?
System on a Chip
What is another name for RAID 0?
Disk striping
What is the purpose of Infrastructure as a Service (IaaS) in cloud computing
It provides computer and server infrastructure, typically through a virtualized environment
What are the two types of eye scan?
- Iris scans
* Retail scans
What does the acronym FAR denote?
False acceptance rate
What is the purpose of Platform as a Service (PaaS) in cloud computing?
It provides not only virtualized deployment platforms but also value-added solution stack and application development platforms
What is the term for the process that applies a one-way mathematical function called a message digest function to an arbitrary amount of data?
Hashing
What is a baseline?
The minimum level of security and performance of a system in an organization
What is the term for a server that has been configured specifically to distract an attacker from production systems?
Honeypot
Which standard is a specification for secure email, designed to prevent the decryption of email messages?
Secure Multipurpose Internet Mail Extension (S/MIME)
Which type of cryptography is more secure: symmetric or asymmetric?
Asymmetric
What is a honeypot?
A decoy system in the network installed to lure potential intruders away from legitimate systems
What is the purpose of SCADA?
To collect data from factories, plants, or other remote locations, and send the data to a central computer that manages and controls the data
What is the purpose of an airgap?
To ensure that a secure computer network is physically isolated from unsecure networks
What backup method serves as the baseline for a backup set?
Full backup
Which two fire suppression agents are used to suppress fires involving paper and wooden furniture?
- Water
* Soda acid
What does the acronym ICS denote?
Industrial Control System
What is the purpose of hot and cold isles?
To control airflow in the data center
What is most commonly used to provide proof of a message’s origin?
Digital signature
What is the purpose of embedding a timestamp within ciphertext?
Decrease the chances of a message being replayed
What does the acronym VDE denote?
Virtual Desktop Environment
What is the purpose of a mantrap?
Prevent people from piggybacking on the credentials of legitimate personnel to gain entry into a building
What does the acronym VDI denote?
Virtual Desktop Infrastructure
What are the four types of water sprinklers?
- Wet pipe
- Dry pipe
- Preaction
- Deluge
Which alternate computing facility is the least expensive to maintain before a disaster occurs?
Cold site
Does Pretty Good Privacy (PGP) provide confidentiality?
Yes
What does the acronym PGP denote?
Pretty Good Privacy
Is the RC2 algorithm symmetric or asymmetric?
Symmetric
Which encryption method is faster?
Symmetric encryption
What is the opposite of confidentiality?
Disclosure
According to the CompTIA Security+ bluepring, which category of embedded devices include wearable technology and home automation?
Smart Devices and IoT
What is the purpose of input validation?
Ensure that data being entered into a database follows certain parameters
What does the acronym DLP denote?
Data Loss Prevention
What is the name of an encryption key that can be easily reversed-engineered from the encryption data by brute force methods?
Weak key
What are four common service models of cloud computing?
- Infrastructure as a Service (IaaS)
- Monitoring as a Service (MaaS)
- Platform as a Service (PaaS)
- Software as a Service (SaaS)
Which eye scan measures the pattern of blood vessels in the back of the eye
Retinal scan
How is a digital signature created from a message digest?
It is encrypted using the sender’s private key
Which algorithms are asymmetric key algorithms?
- Rivest, Shamir, and Adleman (RSA)
- Elliptic Curve Cryptosystem (ECC)
- Diffie-Hellman
- El Gamal
- Digital Signature Algorithm (DSA)
- Knapsack
What is another name for public-key encryption
Asymmetric encryption
Is International Data Encryption Algorithm (IDEA) symmetric or asymmetric?
Symmetric
Which encryption algorithm uses an 80-bit key to encrypt 64-bit blocks of data?
Skipjack
Is the Skipjack algorithm symmetric or asymmetric
Symmetric
According to the CompTIA Security+ blueprint, what are the three authentication factors?
- Something you know
- Something you have
- Something you are
If Alice wants to encrypt a message using asymmetric encryption that only Bob can read, which key must she use?
Bob’s public key
What is the key size, in bits, of the Data Encryption Standard (DES)?
56-bits
What is meant by the term integrity measurement in a secure staging development?
Monitoring a device to ensure that it has not deviated from the secure baseline?
Is Advanced Encryption Standard (AES) symmetric or asymmetric?
Symmetric
Which hashing algorithm produces a message digest of 160 bits in length?
Secure Hash Algorithm (SHA-1)
Which application hardening method requires that your organization periodically checks with the application vendor?
Patch management
Is the Tripple-DES (3DES) algorithm symmetric or asymmetric?
Symmetric
In asymmetric encryption for a digital signature, which key is used for encryption: public or private?
Private
What is steganography?
A cryptography method in which data is hidden in another media type
What ensures that a user is who he claims to be?
Identification
What is the length of an IDEA key?
128-bit
What does the acronym RTOS denote?
Real-Time Operating System
What is the purpose of a Faraday cage?
Prevent electromagnetic signals from penetrating the area inside the cage
Which key should be encrypted and protected with a password when stored: a public key or a private key?
Private key
Which type of eye scan is considered more intrusive than other eye scans?
Retinal scan
Which type of cipher encrypts data in fixed-size blocks?
Block
According to the CompTIA Security+ blueprint, what is included as specialized systems?
- Medical devices
- Vehicles
- Aircrafts
- Smart meters
Which term refers to voice communication over a network
Telephony or Voice over IP (VoIP)
What is the purpose of Software as Service (SaaS) in cloud computing?
It ensures on-demand, online access to an application suite without the need for local installation
What is a warm site?
An alternate computing facility with telecommunication equipment but no computers
What backup method backs up every file modified on the server since the last full backup, and reset the archive bit?
Incremental backup
What are the four types of cloud computing based on management type?
- Public
- Private
- Hybrid
- Community
What is meant by the term federation when referring to authentication systems?
A system that lets subscribers use the same identification data to obtain access to the networks of all enterprises in the group
What algorithms are symmetric key algorithms
- Data Encryption Standard (DES)
- Triple DES (3DES)
- Blowfish
- IDEA
- RC4
- RC5
- RC6
- Advanced Encryption Standard (AES)
Which type of fire suppression system is the safest for both computer equipment and personnel: FM-200 or Carbon Dioxide?
FM-200
What does the acronym SCADA denote?
Supervisory Control And Data Acquisition
What is the best method to preserve evidence on a computer: bit stream backup or standard backup
Bit stream backup
What is the purpose of secure code review?
It examines all written code for any security holes that may exist
What is the purpose of a fail-safe error handler?
To ensure that the application stops working, reports the error, and closes down
What is the name for a hash algorithm that translates plaintext into an intermediate form
A cipher
