Book Tests Flashcards
the greatest danger from leaving default username and passwords on devices is from ___ attacks
automated
in order to hijack a domain, the following generally needs to occur
the registration needs to lapse
when typing a url into a browser takes you to the wrong site, but typing the IP address doesn’t, then it is a case of ___
DNS poisoning
a Pixie Dust attack requires ___ to be enabled on the wireless network
WPS
a ___ scan reveals system sprawl and undocumented devices
arp (or Discovery on IPv6)
passive attack tools are defined as tools that will not ___
engage the system, or alert the target’s systems in any way
use ___ to guard against a DNS poisoning attack
DNSSEC
If a public DNS server is being used in an amplification attack, disable ___ in the server to stop it
Open Resolution
a ___ attack forces a process to load unauthorized code from a dynamically linked library
DLL injection
an ___ is the most sophisticated threat agent
Advanced Persistent Threat (APT)
to protect against ___ attacks, disable browser extensions
man in the browser
a ___ will usually eliminate vulnerability to SQL injections
Web Application Firewall (WAF)
self-signed certificates can be OK to use for ___
internal use
ASLR is a security technique that
randomizes the location of objects in memory (Address Space Layout Randomization)
another term for deauthentication attacks is ___
disassociation attacks
in a ___ spoofing attack, a local switch is fooled into directing reply traffic back to the spoofer
MAC
passive reconnaissance for pen testing can be accomplished with [nmap; Nessus; Metasploit; Aircrack]
Aircrack -ng
public certificates that can be shared are files that have the extension ___
.CRT
while rainbow tables are good at cracking complex passwords, if the password is ___ they are much less effective
salted
after a ___ attack, the attacker can typically execute any commands they wish
buffer overflow
checking the “Enable Safe Checks” on a vulnerability scanner means the scanner ___
will only use non-intrusive plugins
___ prevent the system from executing unauthorized code
Host intrusion prevention systems (HIPS)
ARP poisoning works by broadcasting a false ___, meaning the attacker must have access to the ___
MAC address; LAN
when an attacker uses a foothold in one system to access another system, this is called a ___
pivot
when a system works fine for awhile, then slows down until it is rebooted this is a symptom of a ___
memory leak
a Pass the Hash attack is only effective against a ___ server running ___
windows; NTLM
to improve the quality (and decrease false positives) of vulnerability scans, use ___ scanning
credentialed
an attack that exploits a ___ uses the timing of commands, lie the lag between Time of Check (TOC) and Time of Use (TOU)
Race Condition
a WiFi ___ is designed to carry out a rouge AP (access point) attack
Pineapple
a ___ is malware that spreads on it’s own power
worm
a misconfigured ___ could stop everyone on a network from accessing certain websites
content filter
a ___ can check the health of computers on a network without leaving permanent software on the machines
Dissolvable Network Admission Control (NAC)
an LDAP entry contains __ for domain information, ___ to identify the name and ___ to identify the organization
DC (Domain Component); CN (Common Name); OU (Organizational Unit)
Addresses in the range 169.254.0.0/16 are assigned by the ___ protocol when a system is unable to receive an address via other means.
Automatic Private IP Assignment (APIPA)
___ queries a service for header information provided to clients. This information often includes the specific service running on a port as well as version information.
Banner grabbing
___ restricts the number of unique MAC addresses that may originate from a single switch port.
Port security
___ indicates that a device is capable of acting as a host server for other devices, such as cameras, flash drives, or peripherals
USB on-the-go (USB OTG)
tracert uses ___ transport protocols by default
UDP
VPN connections established in ___ mode encrypt the payload of data packets, but do not provide encryption for packet headers
transport
Android applications must be in ___ format to sideload onto a device
Android Application Package (APK)
Encrypted LDAPS sessions use TCP port ___
636
The ___ protocol supports only authentication and integrity for IPsec connections. The ___ protocol supports confidentiality, integrity, and authentication
Authentication Headers (AH); Encapsulating Security Payload (ESP)
The ___ performs clock synchronization across devices
Network Time Protocol (NTP)
___ would limit the applications that users may install on mobile devices but would not provide for storage segmentation
Application control
When measuring RSSI, the network with the strongest signal is the one with the ___ value
highest
___ NAC leaves software running on the endpoint that may remain in constant contact with the NAC solution.
Agent-Based
the command ___ is used to capture network traffic
tcpdump
the command ___ is used to scan network ports
nmap
the command ___ is used to redirect data to a network connection
netcat
___ storage devices allow the writing of data in a permanent fashion where modification is impossible
Write once, read many (WORM)
a ___ can be used to cheaply and easily restrict network access to a small number of devices
Preshared Key (PSK)
IPsec ___ mode is primarily used for site-to-site connections, ___ mode is normally used for connections involving endpoint devices
Tunnel; Transport
When registering DNS entries for a load balanced service, administrators should assign the entry to ___
a virtual IP address that maps to the public interface of the load balancer
S/MIME provides ___, ___ and ___ for email attachments
confidentiality; integrity; non-repudiation
SNMP versions prior to ___ did not provide secure authentication due to their use of plaintext community strings
v3
when using mobile devices for multi-factor authentication, use ___ to send notices
push notification
Microsoft ___ VPN automatically triggers VPN connections based upon security policies
Always On
___ requires the explicit marking of memory regions as executable, preventing malicious attacks that seek to execute code out of other regions of memory
Data execution prevention (DEP)
The most common false positive report for application whitelisting results from ___
an unexpected update from the software vendor that changes the signature of the application
___ are traditional firewalls with advanced capabilities, including defense against application-layer attacks, such as SQL injection
Next generation firewalls (NGFW)
___ services are a form of threat intelligence that provide organizations with a frequently updated list of known malicious IP addresses that can be automatically blocked at the firewall
IP reputation
___ allow the automated modification of access point settings to adapt to the changing radio frequency environment
Wireless (WiFi) controllers
___ environments allow employees to access a remote desktop computing environment and work within that environment without transferring data to the device used to access the desktop
Virtual Desktop Infrastructure (VDI)
TLS VPNs typically use port ___, which is commonly allowed full outbound access through firewalls
443
In a type ___ hypervisor, the hypervisor runs directly on the system hardware, eliminating the need for an underlying operating system and reducing the environment’s attack surface. Type ___ hypervisors require the use of a host operating system
1; 2
the American Society of Heating, Refrigerating, and Air-Conditioning Engineers (ASHRE) recommends that data centers maintain temperatures within the range of ___ degrees Fahrenheit and keep relative humidity between ___
64.4 and 80.6; 8% and 80%
Input validation should always be performed on the ___
web server
use a network ___ to create a monitor port that allows the intrusion detection system to see all network traffic
terminal access point (TAP)
Tripwire is a ___ that is also able to perform system configuration monitoring
file integrity monitoring solution
Snort is an ___ system
intrusion detection and prevention
Standard ACLs are able to filter traffic based only upon ___ but Extended ACLs can filter based upon the ___ as well
source address; destination address
___ is commonly used to escape a SQL query for injection and should be carefully handled during input validation
single quotation mark (‘)
___ characters are used in cross-site scripting (XSS) injections
greater-than and less-than (< >)
ARP is used for ___ lookups
MAC address
All organizations involved in the processing of credit card transactions are contractually obligated to comply with the ___
Payment Card Industry Data Security Standard (PCI DSS)
Most security professionals consider ___ feet to be the minimum height for a fence protecting critical assets
eight
The ___ lays out the requirements for an operating system to be certified by the government as a Trusted Operating System
Common Criteria
___ VPNs are unique because they rely upon the same Transport Layer Security protocol used by HTTPS connections. Because of this, most customer networks will allow the access by default
TLS
Kiosk computers and even multifunction printers may be running standard operating systems, but ___ devices won’t have enough memory to do so
Internet of things (IoT)
___ static code analysis traces variables that may contain user input and ensures that they are sanitized before being used by a potentially vulnerable function
Taint
The ___ is a modern tool designed to assess compliance with security baselines
Microsoft Security Compliance Toolkit (SCT)
when digitally signing code you have developed, use the ___ key
private key of you or your company
the best measure of a biometric system’s accuracy is where the ___ (type 1) and ___ type 2 cross, called the ___
FRR (false rejection rate); FAR (false acceptance rate); CER (crossover equal rate)
___ testing specifically evaluates the performance of applications in response to mutated input combinations
Fuzz
Windows ___ allows administrators to easily determine the patch level of multiple systems
System Center Configuration Manager (SCCM)
Mac OS X uses ___ for all applications installed through the App Store
sandboxing
TCP wrappers is a ___ technology
firewall
OAuth is commonly used to provide API-based ___ for web applications, OpenID consumer-grade implementations, and SAML for enterprise-grade
single sign-on (SSO)
___ accounts are used to provide applications with access to resources necessary for the provision of their services
Service
The two main technologies used to generate one-time passwords are the ___ algorithm (generated sequentially and do not expire until use) and the ___ algorithm (based upon the time of authentication and expire frequently)
HMAC-based One Time Password (HOTP); Time-based One Time Password (TOTP)
When a user presents a digital certificate for authentication purposes, the primary purpose of that certificate is to provide a signed copy of the user’s ___
public key
a website would like to access information in Taylor’s Google account. ___ is the account/resource owner
Taylor
The PIV ___ is used to verify that the PIV credential was issued by an authorized entity, has not expired, has not been revoked, and holder of the credential (YOU) is the same individual it was issued to
authentication certificate
NIST’s digital identity security guidelines suggest that organizations set a minimum password length of ___ characters for passwords that are memorized by the user
8
The ___ command computes and displays Resultant Set of Policy (RSoP) information for a remote user and computer. This allows administrators to determine the end result of a set of policies applied to a user account
gpresult
___ is an open-source federated identity management solution that is most commonly used in academic institutions
Shibboleth
oAuth and OpenID Connect are broadly used solutions for ___ authentication
web-based
Group Policy Objects are processed in the following order: ___ policies are processed first, followed by ___ GPOs, ___ GPOs, and ___ GPOs
local; site; domain; Organizational Unit (OU)
___ allows the system owner to set authorization based upon security labels (MAC)
Security-enhanced Linux (SELinux)
In 802.1x authentication, the end user’s system contains a component called the ___ that initiates the authentication process. The supplicant connects to the authenticator, normally a network switch or wireless access point, that then reaches out to an ___ to confirm the user’s identity
supplicant; authentication server
Using the ___ authentication mode ties database accounts to domain user accounts and provides the greatest level of assurance that user accounts will be promptly disabled
Windows
In a federated authentication system, a ___ trust is required if there are three or more domains
transitive
In SAML authentication the ___ is the principal. The ___ is the service provider and the ___ is the identity provider
user requesting authentication; organization providing the request service; organization providing the login account
802.1x authentication is normally carried out using a ___ protocol
RADIUS
Best practices in authentication security dictate that user accounts should be subject to ___ after failed login attempts
an exponentially increasing login delay
___ is an authentication protocol built directly on top of the oAuth 2.0 framework
OpenID connect
In 802.1x authentication, the supplicant connects to the authenticator, normally a ___, that then reaches out to an authentication server to confirm the user’s identity
network switch or wireless access point
The Health Insurance Portability and Accountability Act (HIPAA) contains security and privacy provisions covering ___
protected health information (PHI)
Wireless access points are generally not configured to log ___. They typically record only diagnostic information
network traffic
a database of customer spending habits fits into the category of ___ (PII/PHI/PCI)
personally identifiable information (PII)
A ___ is the standard document used to document the need for a change, the test plan, implementation plan, and rollback procedure.
request for change (RFC)
The best place to track the status of all risks facing an organization is in a formal ___
risk register
___ are components of Microsoft Windows that add support for specific encryption algorithms
Cryptographic Service Providers (CSPs)
The purpose of a digital certificate is to share a public key freely with the world. Therefore, the public key is ___
not encrypted at all - it is freely given to anyone who receives the certificate
In the process of creating a digital certificate, the requester ___
creates a certificate signing request (CSR) on the device that will receive the certificate and then sends this CSR to the CA for use in creating the certificate
___ is a strong, modern approach to key exchange
The Elliptic Curve Diffie Hellman algorithm (ECDHE)
The SHA-3 algorithm differs from earlier versions of SHA in that it ___
supports an arbitrary message digest length
If you need to incorporate cryptography in an application, it is generally best to get your module from ___
Open source
The Advanced Encryption Standard uses a ___ fixed block size
128-bit
Diffie-Hellman group ___ uses a strong 256-bit elliptic curve key and is a very strong option
19
WPA2 uses the ___ to provide enhanced security using AES
Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP)
The most commonly used message digest length in the RIPEMD algorithm is ___
160-bit
___ certificates are the most difficult for a website to obtain but provide the highest degree of trust to end users
Extended validation (EV)
3DES encryption uses ___ keys
symmetric
The Tor network uses ___ secrecy to allow the relay nodes to forward communications to their end destination without knowing the identity of the sender or the receiver of the message
perfect forward
When a user or browser wishes to verify a digital certificate, it does so by validating the digital signature using the ___ key
CA’s public
In an 802.1x wireless network, the ___ typically serves as the 802.1x client
wireless access point or wireless controller
The purpose of a digital certificate is to share a ___ key. A browser will extract this key from the certificate and use it to send the server an ___ key to use for the remainder of the session
web server’s public; ephemeral session
What encryption key length is used by the original Data Encryption Standard (DES)?
56
Most hash algorithms do not have message authentication, but the ___ algorithm supports both message integrity and authenticity.
hash-based message authentication code (HMAC)
The 802.1x protocol is an authentication protocol that is specifically designed to provide ___ as well as authentication for wireless networks
port-based authentication for wired networks
The ___ authentication protocol does not provide encryption capability and, therefore, must be run within a communications channel protected by other means
EAP
The two main properties of any cryptographic cipher are confusion and diffusion. Confusion ensures that ___, while diffusion ___
the relationship between the cryptographic key is extremely complex; takes any statistical patterns found in the plaintext and prevents them from appearing in the ciphertext
a ___ product combines the benefits of a firewall, content filter and intrusion detection, though not at high performance levels
Unified Threat Management (UTM)
The U.S. federal government’s Digital Signature Standard (DSS) endorses the use of the ___ (algorithm) for the creation of digital signatures
Digital Signature Algorithm (DSA)
___ is a key stretching algorithm that is both memory-hardened and CPU-hardened
Bcrypt
The SIEM correlation engine should be placed ___
on the internal network where it is not exposed to external traffic
All DNSSEC implementations must support the ___ cipher suite to maintain compatibility between systems
RSA/SHA-1
___ is an attack using a technique to manipulate device drivers
Shimming
in a ___ the attacker executes a request against a third-party website by taking advantage of the fact that the user already has an established session with that site
cross-site request forgery (XSRF) attack
a forward proxy is on the same network as the ___, while a reverse proxy is on the same network as the ___
user; web server
Network access control lists are examples of ___-based access control because the router will make decisions based upon the ___ provided
rule; rules
The most appropriate tool to perform error handling is the use of the ___ construct
try…catch
In order for an ARP spoofing attack to be successful, the attacker and victim must be ___
attached to the same switch, although they do not need to be sharing the same switch port
an ___ attack requires poisoning the MAC address table either on an individual host or on the switch used by the victim
ARP spoofing
The ___ algorithm is cryptographically broken and should never be used for secure applications, such as creating a digital signature
MD5
The Bcrypt algorithm relies upon the ___ cipher to perform key stretching of passwords
Blowfish
Amazon’s ___ service is a serverless computing platform offered to customers on a platform-as-a-service (PaaS) basis
Lambda
if you want to allow internet users to email you at an email server on your LAN, then you must allow ___ traffic past your firewall
SMTP
When using two-factor identification, a RADIUS server may respond to the client’s request with an ___ message asking for additional authentication
Access-Challenge
Router access control lists are only capable of performing ___ filtering, which does not take connection status into account
stateless
In a pass-the-hash attack, the attacker must gain access to hashed Windows account passwords. This is possible by gaining access to a Windows ___
workstation where the target user logs into his or her domain account
The ___ is responsible for overseeing the audits of financial institutions and produces a series of information security standards that apply to those institutions
Federal Financial Institutions Examination Council (FFIEC)
___ is a windows based authentication system no longer recommended because it relies on either the MD4 or MD5 Hash algorithms
NTLM
individuals who are charged with the safekeeping of information under the guidance of the data owner are data ___
custodians
When a Kerberos client requests a session key, the client creates an authenticator consisting of the client’s ID and a timestamp, which is encrypted with the TGS session key obtained from the ___
authentication server
