Domain 3 Flashcards
Secure Shell (SSH)
is the principal means of obtaining secure remote access to a UNIX or Linux server. The main uses of SSH are for remote administration and Secure File Transfer (SFTP).
atomic clock
Top level Network Time Protocol (NTP) servers (stratum 1) obtain the Coordinated Universal Time (UTC) from a highly accurate clock source
A web server will utilize a directory protocol to enable users to authenticate with domain credentials. A certificate will be issued to the server to setup a secure tunnel. Which protocol is ideal for this situation?
Lightweight Directory Access Protocol Secure (LDAPS) uses port 636 to set up a secure channel to a directory service using a digital certificate.
Secure Multipart Internet Message Extensions (S/MIME)
is used to sign and encrypt mail messages using an email certificate.
Encapsulation Security Payload (ESP)
provides confidentiality and/or authentication and integrity. ESP is used with Internet Protocol Security (IPSec) over layer 3 of the Open Systems Interconnection (OSI) model.
A network engineer is securing communication between two applications on a private network. The applications will communicate using Internet protocol security (IPSec). Recommend the settings that will provide IP header integrity and encrypted data payload.
The Authentication Header (AH) protocol performs a cryptographic hash on the whole packet, including the IP header, plus a shared secret key (known only to the communicating hosts) and adds this HMAC in its header as an Integrity Check Value (ICV).
The Encapsulation Security Payload (ESP) protocol provides confidentiality and/or authentication and integrity. It encrypts the data payload.
Transport mode secures communications between hosts on a private network (an end-to-end implementation). AH and ESP running transport mode provides confidentiality, integrity, and authentication for internal secure communication.
Simple Network Management Protocol (SNMP) v3
supports encryption and strong user-based authentication. Instead of community names, the agent is configured with a list of usernames and access permissions.
SNMPv1
uses community names that are sent in plaintext and should not be transmitted over the network if there is any risk they could be intercepted.
SNMPv2c
also uses community names that are sent in plaintext and should not be transmitted over the network, if there is any risk they could be intercepted. Like SNMPv1, this protocol does not support strong user-based authentication.
Management Information Base (MIB)
is the database that the SNMP agent uses. The agent is a process that runs on a switch, router, server, or SNMP compatible network device.
Secure Post Office Protocol v3 (POP3)
is a mailbox protocol designed to allow mail to be stored on a server and downloaded to the recipient’s email client at their convenience.
Secure Internet Message Access Protocol v4 (IMAP4)
is designed for dial-up access. The client contacts the server to download its messages, then disconnects. IMAP supports permanent connections to a server and connecting multiple clients to the same mailbox simultaneously. Messages are stored and organized on the server.
Transport Layer Security (TLS) 1.2
added support for the strong Secure Hash Algorithm (SHA)-256 cipher. That is the primary difference between TLS 1.1 and TLS 1.2.
Secure Sockets Layer (SSL) 3.0
is less secure than any of the TLS versions and does not support SHA-256 cipher.
Consider the principles of web server hardening and determine which actions a system administrator should take when deploying a new server.
Most web servers must allow access to guests. The guest account must be secured so that it cannot be used to modify any data on the server.
A secure means of uploading files and configuration changes needs to be used, such as Secure Shell (SSH).
Web servers should be deployed using configuration templates where possible. This will assist the administrator with hardening the system.
Unified Communications (UC)
The project managers are utilizing Unified Communications (UC). These solutions are messaging applications that combine multiple communications channels and technologies into a single platform. These communications channels can include voice, messaging, interactive whiteboards, data sharing, email, and social media.
A system administrator completes a file transfer by negotiating a tunnel before the exchange of any commands. Evaluate the file transfer protocols to conclude which protocol the admin used.
File Transfer Protocol over SSL (FTPS) implicitly negotiates a Secure Sockets Layer/Transport Layer Security (SSL/TLS) tunnel before the exchange of any File Transfer Protocol (FTP) commands. This mode uses the secure port 990 for the control connection.
Explicit FTP over SSL (FTPES) uses the AUTH TLS command to upgrade an unsecure connection established over port 21 to a secure one. This negotiates a SSL/TLS tunnel explicitly and is preferred over FTPS.
tunnel mode
is used by IPsec to provide encrypted communication by encrypting the entire network packet. This method is used mostly in unsecured networks.
Which of the following would secure an endpoint and provide attestation signed by a trusted platform module (TPM)?
A trusted, or measured, boot process uses the trusted platform module (TPM) at each stage in the boot process to check hashes of key system state data, which then uses an attestation process to verify if the system has not been tampered with.
endpoint detection and response (EDR)
product provides real-time and historical visibility into the compromise, contains the malware, and facilitates remediation of the host to its original state.
Host intrusion prevention systems (HIPS)
provide threat detection and prevent those threats based on signature values, heuristic behaviors, and security policies.
An organization deployed a new internal Line of Business (LOB) application that contains custom code. As part of a risk assessment, it requires testing the application for threat vulnerabilities. Considering the available testing approaches, which implementation would satisfy assessment requirements?
Fuzzing is a dynamic analysis technique that checks code as it is running. When using fuzzing, the system is attacked with random data to check for code vulnerabilities.
Employees have the ability to download certain applications onto their workstations to complete work functions. The CIO installed a reliable method to ensure that no modifications to the application have occurred. What method of validation did the CIO implement?
Code signing verifies application code has not been modified by the use of digital signatures. The certificate provided with the signature identifies the author of the application and the code’s authenticity.
Code obfuscation
is a measure in which the developer camouflages code to make it unreadable. This a secure coding practice.
Dynamic analysis
inspects code as it is running for code quality and vulnerabilities. Fuzzing is a common technique used.
Stress testing
attempts to simulate a production environment and focuses on the objective and threshold an application can handle while maintaining performance.
static code analyzer
examines code quality and effectiveness without executing the code. An analyzer can be used in conjunction with development for continued code quality checks or once the code is in its finalization stages.
Model verification
is the process of ensuring software meets its intended purpose and specifications.
self-encrypting drive (SED)
includes both the hardware and software to encrypt data on a drive. Keys are securely stored within for decryption. SED requires credentials to be entered for decryption.
Full disk encryption (FDE)
provides encryption for a whole disk and protects the confidentiality of the data.
Electromagnetic interference (EMI)
are radio frequencies emitted by external sources, such as power lines that disturb signals. EMI can be avoided by the use of shielding.
collector
A collector combines multiple sensors to collect internet traffic for processing by an Intrusion Detection Systems (IDS) and other systems. Depending on where the collector is placed determines the type of traffic analyzed.
aggregation switch
can connect multiple subnets to reduce the number of active ports.
Network Addressing Protocol (NAT)
translates public IP addresses to private and vice versa. By using the NAT protocol on the firewall, a company can hide assets from the public internet.
Cloud engineers are considering network segmentation options that will provide the most security between services on the cloud platform. Which of the following would ensure this type of network security is within the cloud?
East-west traffic describes the network and platform configurations that support cloud and other Internet services where most traffic is actually between servers within the data center.
Zero trust uses systems such as continuous authentication and conditional access to mitigate privilege escalation and account compromise. It can use micro-segmentation to apply security policies to single node like it was in its own zone.
Bridge Protocol Data Unit (BPDU)
guard setting is applied to switches. This causes a portfast-configured port that receives a BPDU to become disabled.
Gateway Load Balancing Protocol (GLBP)
is Cisco’s proprietary service to providing a load-balanced service with a VIP. The infrastructure is Cisco-based, so this service will most likely be implemented.
Common Address Redundancy Protocol (CARP)
is another commonly used network protocol that works in the same way as GLBP.
Virtual IP (VIP)
Each server node has its own IP address, but externally a load-balanced service is advertising a Virtual IP (VIP) address. Clients go to an IP address or FQDN (fully qualified domain name) and will be routed accordingly between the servers in the cluster.
agentless health
An agentless health or posture assessment supports a wide range of devices, such as smartphones and tablets, but less detailed information about the client is available.