Chapter 3 - Implementation Flashcards

Question 1

Q

Domain Name System Security Extensions (DNSSEC)

Answer

A

Validates DNS responses such as origin authentication and data integrity
Prevents attackers from manipulating or poisoning the responses to DNS requests

Question 2

Q

Secure Shell (SSH)

Answer

A

An encrypted terminal communication that provides secure terminal communication and file transfer features

Question 3

Q

Secure/ Multipurpose Internet Mail Extensions (S/MIME)

Answer

A

Keep emails confidential
Allows to protect information and provide digital signatures

Question 4

Q

Secure Real-time Transport Protocol (SRTP)

Answer

A

Take normal conversation across the network and add encryption so nobody can listen to your conversation
Uses AES
HMAC-SHA1

Question 5

Q

Lightweight Directory Access Protocol Over SSL (LDAPS)

Answer

A

Used for reading and writing directories over an Internet Protocol network
Uses SSL and/ or Simple Authentication and Security Layer (SASL)

Question 6

Q

File Transfer Protocol, Secure (FTPS)

Answer

A

Transferring files securely between devices
Uses SSL for encryption

Question 7

Q

SSH File Transfer Protocol (SFTP)

Answer

A

Provides secure file system functionality
Resuming interrupted transfers, directory listings, remote file removal
Uses SSH for encryption

Question 8

Q

Simple Network Management Protocol, Version 3 (SNMPv3)

Answer

A

Used for security when querying routers and switches
Provides confidentiality, integrity, and authentication

Question 9

Q

Hypertext Transfer Protocol over SSL/TLS (HTTPS)

Answer

A

Secure version of HTTP
Used for making sure our browser communication is running over an encrypted connection

Question 10

Q

IPSec

Answer

A

Communicating between two locations across the internet in a secure form - encryption and packet signing (integrity)

Question 11

Q

IPSec - Authentication Header (AH)/ Encapsulating Security Payloads (ESP)

Answer

A

AH - provides integrity
ESP - provides encryption

Question 12

Q

IPSec - Tunnel/ Transport

Answer

A

Tunnel mode is used to create virtual private networks for network-to-network communications
Transport mode, only the payload of the IP packet is usually encrypted or authenticated

Question 13

Q

Post Office Protocol (POP)/ Internet Message Access Protocol (IMAP)

Answer

A

A way to send and receive email securely
Both use SSL for encryption

Question 14

Q

Protocol Use Cases - Voice and Video

Answer

A

Use SRTP
Keeps conversations private by using AES

Question 15

Q

Protocol Use Cases - Time Synchronization

Answer

A

Use NTPsec
Secure network time protocol

Question 16

Q

Protocol Use Cases - Email and Web

Answer

A

Email - Use S/MIME
Web - Use HTTPS over SSL/ TLS

Question 17

Q

Protocol Use Cases - File Transfer

Answer

A

Use FTPS or SFTP (SSH File Transfer Protocol)

Question 18

Q

Protocol Use Cases - Directory Services

Question 19

Q

Protocol Use Cases - Remote Access

Question 20

Q

Protocol Use Cases - Domain Name Resolution

Answer

A

Use DNSSec

Question 21

Q

Protocol Use Cases - Routing and Switching

Answer

A

Use SSH with SNMPv3 and HTTPS

Question 22

Q

Protocol Use Cases - Network Address Allocation

Question 23

Q

Protocol Use Cases - Subscription Services

Answer

A

Use automation subscriptions with constant updates and check for encryption/ integrity checks

Question 24

Q

Dynamic Host Configuration Protocol (DHCP)

Answer

A

Assigning IP addresses and other communication parameters to devices connected to the network using a client–server architecture
Starvation Attacks

Question 25

Q

The Endpoint

Answer

A

Physical devices that connect to a network system such as mobile devices, desktop computers, virtual machines, embedded devices, and servers

Question 26

Q

Antivirus

Answer

A

Software designed to detect and destroy computer viruses
Examples: Trojan horses, worms

Question 27

Q

Anti-malware

Answer

A

Software designed to detect and destroy computer viruses
Examples: Spyware, adware

Question 28

Q

Endpoint Detection and Response (EDR)

Answer

A

A method of threat protection that detects a threat, investigates the threat, and responds to the threat

Question 29

Q

Data Loss Prevention (DLP)

Answer

A

The detection of potential data breaches/data ex-filtration transmissions
Data “leakage”

Question 30

Q

Next-generation Firewall (NGFW)

Answer

A

Combining a traditional firewall with other network device filtering functions and controls
Application features, attacks and malware, encrypted data, and access to URLs

Question 31

Q

Host-based Intrusion Prevention System (HIPS)

Answer

A

Recognizes and blocks known attacks
Secure OS and application configs and validates incoming service requests

Question 32

Q

Host-based Intrusion Detection System (HIDS)

Answer

A

Uses log files to identify intrusions
Can reconfigure firewalls to block

Question 33

Q

Host-based Firewall

Answer

A

A personal software that runs on every endpoint that examines traffic and processes

Question 34

Q

Boot Integrity

Answer

A

Ensures that the operating system kernel has not been modified by any malware
Rootkits

Question 35

Q

Boot Security/ Unified Extensible Firmware Interface (UEFI) (BIOS)

Answer

A

A set of routines residing in firmware that boots the operating system and sets up the hardware

Question 36

Q

Measured Boot

Answer

A

Process of measuring each component, from firmware up through the boot start drivers to provide a way to inform the last software stage if someone tampered with the platform

Question 37

Q

Boot Attestation

Answer

A

Receives the boot report and changes are identified and made if there have been malware infections

Question 38

Q

Database Security

Answer

A

Protecting stored data and the transmission of data

Question 39

Q

Application Security

Answer

A

The process of developing, adding, and testing security features within applications to prevent security vulnerabilities

Question 40

Q

Input Validations

Answer

A

Process of checking to see if all input is correct and making the change if it isn’t
Normalization

Question 41

Q

Secure Cookies

Answer

A

Information used for tracking, personalization, and session management that is stored on your computer by the browser

Question 42

Q

Hypertext Transfer Protocol (HTTP) Headers

Answer

A

An additional layer of security that ensures encrypted communication
Prevents XSS attacks

Question 43

Q

Code Signing

Answer

A

Code digitally signed by the developer to show the code has not been altered

Question 44

Q

Allow List

Answer

A

Nothing can run unless it’s approved

Question 45

Q

Block/ Deny List

Answer

A

Nothing on this list can be executed

Question 46

Q

Secure Coding Practices

Answer

A

A balance between time and quality
Make sure to test - QA

Question 47

Q

Static Code Analysis

Answer

A

The analysis of computer programs performed without executing them

Question 48

Q

Manual Code Review

Answer

A

The process of reading the source code line by line to look out for possible vulnerabilities

Question 49

Q

Dynamic Code Analysis

Answer

A

Designed to test a running application for potentially exploitable vulnerabilities

Question 50

Q

Fuzzing/ Fuzzers

Answer

A

The injection of invalid, malformed, or unexpected inputs into a system to reveal software defects and vulnerabilities

Question 51

Q

Hardening

Answer

A

Minimizing the attack surface and removing all possible points of exploitation

Question 52

Q

Open Ports and Services

Answer

A

Possible point of entry
Controlled with firewall
0-65,535

Question 53

Q

Registry

Answer

A

Primary configuration database used to know when applications are modified

Question 54

Q

Disk Encryption

Answer

A

The prevention of access to application data files

Question 55

Q

Operating System (OS) Hardening

Answer

A

Doing regular updates, managing user accounts, limiting network access, and keep anti-malware and antivirus up to date

Question 56

Q

Patch Management

Answer

A

The systematic notification, identification, deployment, installation, and verification of operating system and application software code revisions

Question 57

Q

Patch Management - Third Party Updates

Answer

A

Process of installing patches to third-party applications, that are installed on your company’s endpoints

Question 58

Q

Patch Management - Auto-update

Answer

A

Not very good because an update might not be what you want
Test first

Question 59

Q

Self-encrypting Drive (SED)

Answer

A

A hardware based full disk encryption that does not need an operating system software

Question 60

Q

Opal

Answer

A

Standard specification of SED
Defines a way of encrypting the stored data so unauthorized person who gains possession of the device cannot see the data

Question 61

Q

Hardware Root of Trust

Answer

A

The ability to trust that the system is going to be safe and secure

Question 62

Q

Trusted Platform Module (TPM)

Answer

A

Designed to help with cryptographic functions that are used within the operating system

Question 63

Q

Sandboxing

Answer

A

Gives users a safe, lightweight environment to execute code and run applications to test

Question 64

Q

Full-disk Encryption (FDE)

Answer

A

Encrypting everything on the drive

Answer 62

A

Process of distributing a set of tasks over multiple servers, with the aim of making their overall processing more efficient

Answer 63

A

Having two or more load balancer servers running at the same time

Answer 64

A

Having some servers on standby and when the active server fails, the passive server takes over

Answer 65

A

Round-robin - each server is selected in turn
Weighted round-robin - prioritizing the server use
Dynamic round-robin - Monitor server load and send to server with the lowest use

Answer 66

A

Directing a client’s requests to the same backend web or application server for the duration of a “session” or the time it takes to complete a task or transaction

Answer 67

A

An architectural approach that divides a network into multiple segments or subnets, each acting as its own small network

Answer 68

A

Creates a collection of isolated networks within the data center
Severely hinders access to system attack surfaces

Answer 69

A

Additional layer of security between the internet and you

Answer 70

A

Traffic between device in the same data center

Answer 71

A

A private network for partners and authorized users
Examples: vendors, suppliers

Answer 72

A

Private network for employees within a company only

Answer 73

A

A framework that assumes a complex network’s security is always at risk to external and internal threats

Answer 74

A

Mechanism for creating a secure connection between a computing device and a computer network or internet

Answer 75

A

Automated service that establishes a connection between the client and the VPN with no user interactions whatsoever

Answer 76

A

Remote user sends everything to the VPN concentrator

Answer 77

A

Remote user sends some information to VPN concentrator and separate website

Answer 78

A

Enables users to connect to a private network remotely using a VPN

Answer 79

A

If you want to connect to location together with two concentrators
Example: corporate network and remote site

Answer 80

A

Connecting sites over a layer 3 network as if they were connected at layer 2

Answer 81

A

Created using the SSL protocol to create a secure and encrypted connection over a less-secure network, such as the Internet

Answer 82

A

Creates a VPN tunnel without a separate VPN application

Answer 83

A

The process of restricting unauthorized users and devices from gaining access to a corporate or private network

Answer 84

A

The process of restricting unauthorized users and devices from gaining access to a corporate or private network

Answer 85

A

Uses the Active Directory to make checks of user device during login and logoffs actions

Answer 86

A

The management of devices and IT assets remotely without using the corporate LAN

Answer 87

A

Help secure the network by making sure to block foreign devices from forwarding packets

Answer 88

A

Prevent attacks on a network by blocking Bridge Protocol Data Units (BPDUs) that are sent from unauthorized devices
Enabled port shuts down as soon as a BPDU is received

Answer 89

A

The sending of traffic between two switches forever
The use of IEEE standard 802.1D prevents loops

Answer 90

A

Layer 2 security technology incorporated into the operating system of a capable network switch that filters DHCP traffic determined to be unacceptable

Answer 91

A

A security access control method whereby the MAC address assigned to each network interface controller is used to determine access to the physical hardware address

Answer 92

A

A hardened and monitored device that spans two dissimilar security zones and provides a controlled means of access between them

Answer 93

A

A system that sits between the users and external network to receive and send user requests as well as catching information, access control, URL filtering, and content scanning

Answer 94

A

Used to protect and control user access to the internet
“Internal Proxy”

Answer 95

A

Used to protect inbound traffic from the internet to your internal service

Answer 96

A

Detects and reports network security problems by monitoring network or system activities for malicious or anomalous behavior

Answer 97

A

A network security tool that continuously monitors a network for malicious activity and takes action to prevent it

Answer 98

A

Monitors inbound network traffic to find sequences and patterns that match a particular attack signature

Answer 99

A

An intrusion detection system for detecting both network and computer intrusions and building a baseline of what’s “normal”

Answer 100

A

An intrusion detection system for recording expected patterns concerning the entity being monitored and reporting it

Answer 101

A

A system that uses artificial intelligence to scan for malicious behavior from a program either within the system, or trying to access the system

Answer 102

A

The examination of a copy of the network traffic
Cannot block or prevent the traffic

Answer 103

A

Sits in the middle or inline the network traffic and monitors and control in real-time

Answer 104

A

A device specifically designed to manage and control a large environment
Safeguards and manages cryptographic keys and provides cryptographic processing

Answer 105

A

A console(s) that receives all censored data and provides output of what is going on on the network

Answer 106

A

Filters, monitors, and blocks HTTP/ HTTPS traffic to and from a web service

Answer 107

A

Keeps track and monitors the state of active network connections while analyzing incoming traffic and looking for potential traffic and data risks

Answer 108

A

Does not keep track of traffic flows and examines each packet individually regardless of history

Answer 109

A

When multiple security features or services are combined into a single device within your network
Includes: web security gateway, URL filter, malware inspection, spam filter, CSU/ DSU, Router, switch, firewall, IDS/ IPS, bandwidth shaper, VPN endpoint

Answer 110

A

Used to enable instances present in a private subnet to help connect to the internet or AWS services

Answer 111

A

Blocks users from loading questionable websites or hosted files via corporate device or network resources

Answer 112

A

Provides traditional firewall functionality

Answer 113

A

Traditional firewall with features like application control and high-speed hardware

Answer 114

A

Provides efficient and flexible connectivity options

Answer 115

A

Can be installed on own hardware from anywhere

Answer 116

A

Has the fattest throughput

Answer 117

A

Application-aware and can view non-encrypted data

Answer 118

A

Provides valuable East/ West network security

Answer 119

A

Specifies which users or system processes are granted access to resources, as well as what operations are allowed on given resources

Answer 120

A

Describes the process of controlling traffic flows and ensuring the performance of critical applications with limited network capacity

Answer 121

A

Most recent version of the Internet Protocol
Secures most attacks but new attacks will occur since this is new

Answer 122

A

Cross connecting two or more ports on a network switch so that traffic can be simultaneously sent to a network analyzer or monitor connected to another port

Answer 123

A

A simple device that connects directly to the cabling infrastructure to split or copy packets for use in analysis and security

Answer 124

A

Ongoing security checks that identify threats, respond to evets, and maintain compliance

Answer 125

A

Identifying when changes to operating system and application files occur
Some should NEVER change

Answer 126

A

Traffic between the data center and the rest of the network

Answer 127

A

An encrypted security protocol that protects internet traffic on wireless networks
Uses encryption called CCMP block cipher mode

Answer 128

A

Update of the WPA2 security
Uses GCMP cipher mode encryption - stronger encryption

Answer 129

A

A security protocol used by WPA2 for encryption
CCMP uses AES for confidentiality and CBC-MAC for integrity

Answer 130

A

A security protocol used by WPA3 for encryption
A strong encryption than WPA2
GCMP uses AES for confidentiality and GMAC for integrity

Answer 131

A

A Diffie-Hellman derived key exchange with an authentication component
Everyone uses different session key, even with same PSK
Fixes WPA2 PSK problem

Answer 132

A

A authentication framework
Integrates with 802.1X to prevent access to network until the authentication succeeds
Uses RFC standards

Answer 133

A

Protected EAP
Uses TLS and uses a digital certificate or a generic token card instead of a PAC

Answer 134

A

EAP Flexible Authentication via Secure Tunneling
Authenticates by means of a protected access credential (PAC)
Negotiates and TLS tunnel and needs a RADIUS server

Answer 135

A

Requires digital certificates on all devices and a TLS tunnel is built for the user authentication process
Need a PKI

Answer 136

A

EAP Tunneled Transport Layer Security
Support other authentication protocols in a TLS tunnel
Requires digital certificate on the AS

Answer 137

A

Port-based Network Access Control (NAC)
You do not get access to the network until you authenticate
Used with RADIUS, LDAP, TACACS+

Answer 138

A

Links a user’s identity across multiple organization’s networks
Uses 802.1X

Answer 139

A

Everyone uses same key
Unique WPA3 session key is derived from the PSK use SAE

Answer 140

A

Uses WPA3/ WPA3 802.1X
Authenticates users individually with an authentication server
Example: RADIUS

Answer 141

A

No password is required to configure the authentication on your wireless access point/ router

Answer 142

A

The allowing of “easy” setup of a mobile device
Example: PIN, NFC, Push button

Answer 143

A

Web page accessed with a web browser that is displayed to newly connected users of a Wi-Fi or wired network before they are granted broader access to network resources

Answer 144

A

Inspections of an area where work is proposed, to gather information for a design or an estimate to complete the initial tasks required
Examples: access points, frequencies, etc.

Answer 145

A

Identification of wireless signal strengths

Answer 146

A

Provides information about wireless networks, including their signal strength, coverage, names, and security configuration

Answer 147

A

The overlapping of channels that cause frequency conflicts

Answer 148

A

Placing routers strategically to avoid overlap, interference, and excessive signal distance while maximizing coverage and minimizing access points
Examples of interference: microwaves, building materials

Answer 149

A

Controllers - Strong encryption with HTTPS, automatic logout after no activity
Access Points - Strong passwords and firmware updates

Answer 150

A

Centralized management of wireless access points that manage system configuration and performance

Answer 151

A

Mobile devices - “Cell phones”
Separates land into “cells” - antenna coverages a cell with certain frequencies

Answer 152

A

An internet connection that’s shared with multiple devices in a home or business via a wireless router

Answer 153

A

High speed communication over short distances
Connects our mobile devices to other electronics

Answer 154

A

Two-way wireless communication
Helps with Bluetooth pairing
Examples: payment systems

Answer 155

A

A wireless mobile technology used for device communication over short ranges
Requires light-of-sight - control entertainment system

Answer 156

A

Physical connectivity to device that is used to store and extract files or other documents

Answer 157

A

One-to-one connection - conversation between two devices

Answer 158

A

802.11 wireless
One-to-many connection

Answer 159

A

Precise navigation that determines location based on timing differences - latitude, longitude, altitude
4 satellites at a time

Answer 160

A

Radar technology that uses electromagnetic fields to automatically identify and track tags attached to objects

Answer 161

A

The managing of company-owned and mobile-owned devices by setting policies and access control

Answer 162

A

Managed through allow lists that only approve apps that can be installed and that are not malicious

Answer 163

A

Mobile Content Management (MCM)
Secure access to data and protect data from outsiders by securing file sharing and viewing

Answer 164

A

Removing all data from a mobile device

Answer 165

A

Restricting or allowing features when the device is in a particular area
Examples: cameras, logins, etc.

Answer 166

A

The precise tracking details that can track within feet to either find your phone or you

Answer 167

A

Used to lock your phone to secure you data so nobody can get in without the use of a password

Answer 168

A

Information that appears on the mobile device screen

Answer 169

A

Used to protect against unauthorized access
Recovery of a password or PIN can be initiated with the MDM

Answer 170

A

You are the authentication factor

Answer 171

A

Combination of multiple contexts
Where you normally login (IP address)
Where you normally frequently are (GPS location)
Other devices that may be paired (Bluetooth)

Answer 172

A

A way to separate personal data from corporate data by creating a logical container to enhance corporate data security

Answer 173

A

Keeps data separate
Isolate the device’s OS and preinstalled apps from user-installed apps and user data

Answer 174

A

Encrypting all of the data on the mobile device

Answer 175

A

Provides security services such as encryption, key generation, digital signatures, authentication
Now in MicroSD card form

Answer 176

A

Class of software tools that provide a single management interface for mobile, PC and other devices

Answer 177

A

Monitor, provision, update and remove apps
Create an enterprise app catalog so users can pick what to install

Answer 178

A

Security enhancements for Android
A security solution for Android that identifies and addresses critical gaps

Answer 179

A

App Store/ Google Play
Not all apps are secure of appropriate for business

Answer 180

A

Rooting - Android
Jailbreaking - Apple
Able to gain complete control of the operating system and remove some restrictions present in the software

Answer 181

A

Installing unapproved software/ app from a third-party source or transferring files between two devices

Answer 182

A

Unofficial new or modified version of firmware created by third parties

Answer 183

A

Allowing consumers to move their cell phone from one carrier to another

Answer 184

A

Operating system updates that can be significant that can be installed without using a cable

Answer 185

A

Could be used for espionage or inappropriate use
MDM can disable or enable in certain locations

Answer 186

A

Text messages, video, audio that can be exposed to data leaks and phishing attempts
MDM can allow only during certain time frames or locations

Answer 187

A

A communication protocol between mobile telephone carriers and between phone and carrier, aiming at replacing SMS messages with a text-message system that is richer

Answer 188

A

Data that is stored/ transferred onto external or removable devices
USB or flash drives

Answer 189

A

Connect devices directly together by being both the host and a device
No computer or cable required
Usually mobile device and USB/flash drive

Answer 190

A

Useful for meetings and note taking
Can be a legal liability depending on states
MDM can disable or geo-fence

Answer 191

A

Phone knows your exact location especially when you document to social media which can cause security concerns

Answer 192

A

Ad Hoc - Connecting wireless devices directly without an access point
Wireless Direct - enables mobile phones, cameras, printers, PCs, and gaming devices to create their own Wi-Fi networks without an internet connection

Answer 193

A

Turns your phone into a mobile WiFi hotspot, so your devices can use your phone’s data to establish an internet connection

Answer 194

A

A way to connect to the internet wirelessly when you are away from your home or office network

Answer 195

A

Apple Pay, Android Pay, Samsung Pay
Once primary authentication is bypassed, payment is allowed

Answer 196

A

Employee owns device but needs to meet the company’s requirements
Both a home device and a work device

Answer 197

A

Company buys the device but its used as both personal and corporate
Organization keep full control and is protected using corporate policies

Answer 198

A

Employee buys the device but its used as both personal and corporate
Organization keep full control and is protected using corporate policies

Answer 199

A

Company buys and owns the device and controls the content on the device
Not for personal use - no mixing business with home use

Answer 200

A

Apps and data are separated from the mobile device and data is stored securely

Answer 201

A

Isolated locations with a cloud region that commonly spans across multiple regions
Can use load balancers

Answer 202

A

Providing access to cloud resources to users who get access
Identity and Access Management (IAM)

Answer 203

A

Cloud-based methods and tools that organizations use to secure and manage their digital credentials like signatures and keys

Answer 204

A

Integrate security across multiple platforms and audit these security controls by validating them

Answer 205

A

One permission mistake can cause a breach
Public access should not be default
Identity and Access Management (IAM)

Answer 206

A

Data is more accessible that non-cloud data
Server-side - encrypt data in cloud and when stored on disk
Client-side - already encrypted when sent to cloud

Answer 207

A

Copy data from one place to another
Can be real-time data duplication

Answer 208

A

Maintain up time if an outage or disaster occurs by having backups with constant duplication of data

Answer 209

A

The building of the network from the cloud console
Servers, databases, storage devices

Answer 210

A

All external IP addresses
Connect to the cloud from anywhere

Answer 211

A

All internal IP addresses
Connect to the private cloud over VPN
No access from internet

Answer 212

A

Data is separated from the application and adds security systems between application components
WAF, NGFW

Answer 213

A

Viewing specific API queries and monitoring incoming and outgoing data

Answer 214

A

Data stored on a public cloud

Answer 215

A

Connecting cloud components within and outside the cloud
Cloud devices communicating with each other

Answer 216

A

Combine internal cloud resources with external
Combine public and private subnets

Answer 217

A

On-premises or cloud based software that sits between cloud service users and cloud applications, and monitors all activity and enforces security policies

Answer 218

A

A way to try and protect users and devices regardless of location and activity

Answer 219

A

Relatively inexpensive compared to appliances

Answer 220

A

Deploying of a firewall at a desired network boundary so that all traffic crossing the boundary is routed through that firewall

Answer 221

A

Layer 4 (TCP/ UDP), Layer 7 (application)

Answer 222

A

Security controls integrated and supported by the cloud provider that has many configuration options

Answer 223

A

Components performing calculations of instances
Amazon Elastic Compute Cloud (EC2)
Google Compute Engine (GCE)
Microsoft Azure

Answer 224

A

Provisioning resources when needed - use of application
Scale up and down

Answer 225

A

Manage and identify data flows and make decisions based off of the data
Define and set policies of instances

Answer 226

A

Allow private cloud subnets to communicate to other cloud services
Keep conversations private

Answer 227

A

Manage access to compute engines

Answer 228

A

Use an OS specifically built for containerization
Or group container types together on the same host

Answer 229

A

Designing, coding and configuring your application to prevent and defend against cyber threats

Answer 230

A

Support across multiple cloud providers that has more extensive reporting

Answer 231

A

A list of entities for users and devices that can provide authentication

Answer 232

A

An identifier or property of an entity that provides identification
Personal - name, email address
Other - job title, mail stop

Answer 233

A

Assigned to a person or device

Answer 234

A

Contains information about what happened when a user authenticated

Answer 235

A

Using a key instead of username and password

Answer 236

A

Integrates with devices that may require PIN

Answer 237

A

Account on a computer associated with a specific person
Data and files can be private to that user

Answer 238

A

Used by more than one person that uses a guest login

Answer 239

A

Access to a computer for guests that do not have any controls of settings, but just the userspace

Answer 240

A

Used exclusively by services running on a computer
Access can be defined for a specific service

Answer 241

A

Elevated or complete access to a systems

Answer 242

A

Controlling access to an account

Answer 243

A

Making your password stronger to prevent guessing or brute force attacks by increasing password entropy (predictability)

Answer 244

A

Passwords that a user has used previously in a system that the attacker may already have

Answer 245

A

Links to password history - user cannot reuse a password that a user has already used

Answer 246

A

Using location to set policies on whether a user has access to a system by using IP subnet or Geolocation and use Geofencing or Geotagging to restrict access to a user in certain areas

Answer 247

A

Something trying to be accessed outside of normal working hours therefore preventing access to the user

Answer 248

A

Criteria for granting access to various servers, applications, and other resources on your network

Answer 249

A

Authorization given to users that enables them to access specific resources on the network, such as data files, applications, printers and scanners

Answer 250

A

Should be performed routinely to make sure everyone has the correct permissions and are using the resources granted correctly

Answer 251

A

A calculation made by comparing a user’s last known location to their current location, then assessing whether the trip is likely or even possible in the time that elapsed between the two measurements

Answer 252

A

Too many unsuccessful login attempts will cause a lockout which in turn prevents brute force attacks

Answer 253

A

When someone leaves organization or moves to a different part of the company
Makes account inaccessible but will still save the files and data that was on that account

Answer 254

A

A physical device that accounts as hardware based authentication

Answer 255

A

Location where all passwords are stored in an encrypted format

Answer 256

A

Hardware for cryptographic functions that help with encryption

Answer 257

A

A physical computing device that safeguards and manages cryptographic keys and provides cryptographic processing

Answer 258

A

Using personal knowledge as an authentication factor
Static KBA - Pre-configured shared secrets - model of first car
Dynamic KBA - Identity verification service - street number in Florida

Answer 259

A

An authentication protocol originally used by Point-to-Point Protocol to validate users
Three-way handshake

Answer 260

A

Basic authentication method used in legacy systems
Sent in the clear and has a non-encrypted password exchange

Answer 261

A

It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN and prevents access to network until the authentication succeeds

Answer 262

A

More common AAA protocol
Client-server protocol enables remote access servers to communicate with a central server

Answer 263

A

A session and user authentication service that permits a user to use one set of login credentials

Answer 264

A

Primary role in online security and enables users to authenticate through a third-party to gain access to multiple applications

Answer 265

A

A Cisco designed extension to TACACS that encrypts the full content of each packet

Answer 266

A

Authorization framework that provides authorization between applications and determines what resources a user will be able to access

Answer 267

A

A decentralized authentication protocol that allows users to authenticate with multiple websites using a single set of credentials

Answer 268

A

A network authentication protocol that only need to authenticate once and then it will be trusted by the system

Answer 269

A

An authorization model that evaluates attributes (or characteristics), rather than roles, to determine access
Examples: IP address, time of day, desired action, etc.

Answer 270

A

Access to resources based on your role in an organization
Examples: Manager, director, team leader, etc.

Answer 271

A

Manages access to areas, devices, or databases according to a predetermined set of rules or access permissions regardless of their role or position in an organization

Answer 272

A

Each object is labeled with a confidential, secret, top secret, etc. label and the administrator decides what user gets access of what object

Answer 273

A

An identity-based access control model that provides users with a certain amount of control over their data

Answer 274

A

‘Just-in-time’ evaluation to ensure the person who is seeking access to content is authorized to access the content

Answer 275

A

A subset of IAM that allows you to control and monitor the activity of privileged users (who have access above and beyond standard users) once they are logged into the system

Answer 276

A

Control the ability of users to read, change, navigate, and execute the contents of the file system

Answer 277

A

Set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption

Answer 278

A

Deal with key generation, certificate generation, distribution, storage, revocation, and expiration of keys

Answer 279

A

An entity that stores, signs, and issues digital certificates

Answer 280

A

A certificate that was issued as a dividing layer between the Certificate Authority and the end user’s certificate

Answer 281

A

An authority in a network that verifies user requests for a digital certificate and tells the certificate authority (CA) to issue it

Answer 282

A

List of digital certificates that have been revoked by the issuing certificate authority (CA) before their actual or assigned expiration date

Answer 283

A

The common name, subject alternative name, and the expiration

Answer 284

A

A way for a browser to check certificate revocation

Answer 285

A

The Fully Qualified Domain Name (FQDN) for the certificate

Answer 286

A

Additional host name of the cert that is common on web servers
Examples: professormesser.com and www.professormesser.com

Answer 287

A

The legally mandated date by which a certified proposed decision is due to be acted upon
Limit exposure to compromise

Answer 288

A

Certificates are based on the name of the server and this will apply to all server names in a domain

Answer 289

A

Additional host name for the certificate

Answer 290

A

A signature from the developer who created the code for the application and validates the software hasn’t been modified

Answer 291

A

Public key certificates that are not issued by a certificate authority that do not provide any trust value

Answer 292

A

Provides authenticity on the devices that you physically manage/ see

Answer 293

A

Proves to customers that the email is not a forged phishing attempt and their transactions will be safe

Answer 294

A

Used to associate a certificate with a user that can act as a powerful electronic “id card”

Answer 295

A

The public key certificate that identifies the root CA and can issue other certificates such a intermediate

Answer 296

A

Owner of the certificate has some control over a DNS domain

Answer 297

A

Additional checks have verified the certificate owner’s identity

Answer 298

A

A binary format designed to transfer syntax for data structures

Answer 299

A

A de facto file format for storing and sending cryptographic keys, certificates, and other data and used to provide secure electronic mail communication over the internet

Answer 300

A

A password protected file certificate commonly used for code signing your application

Answer 301

A

Primarily a Windows X.509 file extension
Responsible for storing some information about the owner certificate and the specific public key

Answer 302

A

Used to transfer a private and publics key pair that can be password protected
Container format for many certificates that store many X.509 certificates in a single .p12 file

Answer 303

A

Contains certificates and chain certificates that private keys are not included in a .p7b file

Answer 304

A

Web browsers use them to authenticate content sent from web servers, ensuring trust in content delivered online

Answer 305

A

A certificate authority which has been isolated from network access, and is often kept in a powered-down state which in turn protects the CA

Answer 306

A

OCSP stapling makes verifying the revocation status of an SSL/TLS certificate faster and easier for a client than ever before

Answer 307

A

Putting the certificate inside of the application you are using and if the expected key does not match, the application can decide whether or not to shut down

Answer 308

A

Single CA, Hierarchal, mesh, web-of-trust, and Mutual authentication

Answer 309

A

Someone else (3rd party) holding your decryption keys

Answer 310

A

Listing all of the certs between the server and the root CA (intermediate certs) to ensure that only trusted software and hardware can be used while still retaining flexibility

Brainscape's Knowledge GenomeTM

Chapter 3 - Implementation Flashcards

Brainscape's Knowledge Genome^TM