CH27 Security Protocols Flashcards
$ tcpdump -n -i eth0
15:01:35.170763 IP 10.0.19.121.52497 > 11.154.12.121.ssh: P 105:157(52) ack 18060 win 16549
15:01:35.170776 IP 11.154.12.121.ssh > 10.0.19.121.52497: P 23988:24136(148) ack 157 win 113
Which of the following statements is true based on this output?
a. 10.0.19.121 is under attack from a host at 11.154.12.121
b. 10.0.19.121 is a client that is accessing an SSH server over port 52497
c. 11.154.12.121 is under attack from a host at 10.0.19.121
b. 11.154.12.121 is a client that is accessing an SSH server over port 52497
b. 10.0.19.121 is a client that is accessing an SSH server over port 52497
This output from the tcpdump command is displaying three packets in a larger sequence of events. Based solely on these three packets, we can only be certain that the server (11.154.12.121) is running an SSH server over port 22. This is based on the first line of the output. The second and third lines are the server responding to the request and sending data back to the client (10.0.19.121) over port 52497. There is not evidence of an attack against either the server or the client based on this output since we can only see the headers and not content being sent between the client and server.
Which of the protocols listed is NOT likely to be a trigger for a vulnerability scan alert when it is used to support a virtual private network (VPN)?
a. IPSec
b. SSLv2
c. PPTP
d. SSLv3
a. IPSec
IPSec is the most secure protocol that works with VPNs. The use of PPTP and SSL is discouraged for VPN security. Due to this, the use of PPTP and SSL for a VPN will likely alert during a vulnerability scan as an issue to be remediated.
Your company just installed a new webserver within your DMZ. You have been asked to open up the port for secure web browsing on the firewall. Which port should you set as open to allow users to access this new server?
a. 21
b. 80
c. 143
d. 443
d. 443
Port 443 is used for HTTPS traffic. Therefore, this port must be opened. This is secure web browsing over SSL or TLS.
Port 21 is used for the File Transfer Protocol (FTP).
Port 80 is used for unsecured web browsing (HTTP).
Port 143 is used for Internet Mail Application Protocol (IMAP).
Which protocol relies on mutual authentication of the client and the server for its security?
a. RADIUS
b. Two-factor authentication
c. CHAP
d. LDAPS
d. LDAPS
OBJ-3.1: The Lightweight Directory Access Protocol (LDAP) uses a client-server model for mutual authentication. LDAP is used to enable access to a directory of resources (workstations, users, information, etc.). TLS provides mutual authentication between clients and servers. Since Secure LDAP (LDAPS) uses TLS, it provides mutual authentication.
Your organization requires the use of TLS or IPsec for all communications with an organization’s network. Which of the following is this an example of?
a. Data at rest
b. DLP
c. Data in use
d. Data in transit
d. Data in transit
OBJ-2.1: Data in transit (or data in motion) occurs whenever data is transmitted over a network. Examples of types of data in transit include website traffic, remote access traffic, data being synchronized between cloud repositories, and more. In this state, data can be protected by a transport encryption protocol, such as TLS or IPsec. Data at rest means that the data is in persistent storage media using whole disk encryption, database encryption, and file- or folder-level encryption. Data in use is when data is present in volatile memory, such as system RAM or CPU registers and cache. Secure processing mechanisms such as Intel Software Guard Extensions can encrypt data as it exists in memory so that an untrusted process cannot decode the information. This uses a secure enclave and requires a hardware root of trust. Data loss prevention (DLP) products automate the discovery and classification of data types and enforce rules so that data is not viewed or transferred without proper authorization. DLP is a generic term that may include data at rest, data in transit, or data in use to function.