Domain 3.0: Implementation Flashcards

1
Q

How to make LDAP confidential and secure?

A

Use TLS technology over port 636

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

HTTP

A

Unencrypted web traffic over port 80

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

HTTPS

A

Encrypted web traffic over port 443

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Port # for FTP

A

Port 22

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Port # for SSH

A

Port 22

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Port security

A

Layer 2 traffic control feature that enable individual switch ports to be configured to allow only a specified number of source MAC addresses coming in through the port

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Loop protection

A

Makes additional checks in Layer 2 switched networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Flood guard

A

Firewall feature to control network activity associated with DoS attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Static code analysis

A

White-box software testing process for detecting bugs early in the program development

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Dynamic code analysis

A

Based on observing how the code behaves during exection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Fuzzing

A

Black-box software testing process by which semi-random data is injected into a program or protocol stack to detect bugs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Sandboxing

A

Safe execution environment for untrusted programs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the recommendation for test environments?

A

They should be isolated from development environments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is staging environment?

A

They reduce risk of introducing issues before solutions are deployed in production.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is baselines?

A

They establish pattern of use that later use help identify variations that identify unauthorized access attempts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Smart Cards

A

They used embedded systems with an operating system on the included chip.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Waterfall SDLC model

A

SDLC –> Software Development Life Cycle

Waterfall SDLC model starts with a defined set of requirements and a well-developed plan, and adjustments are confined to the current development stages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Agile SDLC model

A

It starts with less rigorous guideline and allows for adjustments during the process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Secure DevOps

A

They include security in the SDLC, ensuring that security is built in during the development process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

CI server

A

CI stands for Continuous integration

A CI Server continually compiles, builds and test each new version of code committed to the central repository without user interaction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Immutability

A

Valuable program, configuration, or server will never be modified in place.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

System Hardening

A

Disabling unnecessary ports and services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

How to keep attackers from exploiting software bugs?

A

An organization must continually apply manufacturers’ patches and updates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Common used services and associated ports

A
Port     Service
15: Netstat
20 & 21: FTP
22: SSH, SFTP, SCP
23: Telnet
25: SMTP
53: DNS
80: HTTP
123: NTP
389: LDAP
443: HTTPS
636: LDAPS
989 & 990: FTPS
1812: RADIUS
3389: RDP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

TPM chips

A

Secure cryptoprocessor used to authenticate hardware devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

File integrity checker

A

Tool that computes cryptographic hash and compares the result to known good value to ensure that the file has not been modified.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Signature-based method

A

They detects known signatures or patterns

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

VPN concentrator

A

They are used to allow multiple external users to access internal network resources using secure features that are built in to the device. They are deployed when a single device needs to handle a very large of VPN tunnels.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

NAC

A

Network Access Control offers a method of enforcement which helps ensure that computers are properly configured.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Zero trust

A

It’s a model that provides granular and dynamic access control, regardless of where the user or application resides and does not place trust in the entire network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Screened subnet

A

Small network between internal and the Internet that provides a layer of security and privacy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What is effective control to implement to mitigate the effect of a network intrusion?

A

Network segregation, isolation and segmentation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Air gaps

A

Physically isolated machines or networks.

34
Q

What are primary methods to get network traffic to network monitoring tools?

A

Network taps, SPAN and mirror ports.

SPAN stands for Switch Port analyzer.

35
Q

VLAN’s purpose

A

Virtual LAN - they unite network nodes logically into the same broadcast domain, regardless of their physical attachment to the network.

36
Q

What are two basic methods that manages intrusion detection?

A

Knowledge-based and behavior based.

37
Q

How does IDS monitor packets?

A

They use behavior based to identify anomalies or knowledge-based method operating in network-based or host-based configurations.

38
Q

NIDS and NIPS are designed to do what?

A

They are designed to catch attacks in progress within a network, not just on individual machines or boundary between private and public networks.

39
Q

Where can proxy servers be placed in the network?

A

Between private network and the Internet for Internet connectivity. They can be also placed internally for web content caching.

40
Q

What does firewalls separate?

A

They separate external and internet networks.

41
Q

What type of firewalls are out there?

A

Packet-filtering firewall (network layer, Layer 3)

Proxy-service firewall including circuit level (session layer, Layer 5)

Application level (application layer, Layer7) gateways

Stateful inspection firewall (application layer, Layer 7)

42
Q

What is stateless firewall?

A

They work as basic access control list filter.

43
Q

What are stateful firewalls?

A

Deeper inspection firewall type that analyze traffic patterns and data flows, often combining layered security and known as next-gen firewalls.

44
Q

Wireless access methods includes what?

A

From least secure to most secure include open authentication, shared authentication and EAP

45
Q

WPA-Personal

A

They require password shared by all devices on the network

46
Q

WPA-Enterprise

A

Requires certificate and uses an authentication server from which keys are distributed

47
Q

WPA2, WPA3 favors which encryption over what encryption?

A

WPA2 and WPA3 favors CCMP (Counter Mode Cipher Block Chaining Message Authentication Code Protocol, also known as CCM mode Protocol) over TKIP common to WPA.

TKIP (Temporal Key Integrity Protocol) should be still used for systems that are unable to support 802.1i.

48
Q

EAP authentication protocols include the following:

A

EAP-TLS, PEAP, EAP-TTLS, and EAP-FAST. Only EAP-TLS requires a client certificate and only EAP-FAST does not require a server certificate.

49
Q

EAP

A

Extensible Authentication Protocol is an authentication framework and is used by WPA, WPA2 and WPA3 for authentication.

50
Q

PEAP

A

Protected Extensible Authentication Protocol is a protocol that encapsulate EAP in a TLS tunnel and only requires a certificate on the server.

51
Q

What is jailbreaking / rooting?

A

It’s a method to remove restriction on mobile devices imposed by the manufacturers and can introduce risks.

52
Q

What is the recommended actions to be done when an employee leave an organization?

A

Disable their account, and do not delete.

53
Q

What is recommended action for generic accounts used by multiple users?

A

They are to be prohibited.

54
Q

What are two models exist for working with logical control, especially with assignment of permissions and rights?

A

User-based and role

Group based

55
Q

What should happen when there’s too many failed authentication attempts?

A

They should incur a penalty such as account lockout.

56
Q

What will the issue be prevented when enforcing password history?

A

They prevent users from reusing old passwords.

57
Q

What is the common method for identifying access violations and issues?

A

Auditing user permissions

58
Q

What is a federation system?

A

It allows for accessbility from each domain. Accounts in one area can be granted access right to any other resource, whether local or remote within the domains.

59
Q

What are example of remote access authentications?

A

RADIUS - Remote Authentication Dial-In User Service

TACACS+ - Terminal Access Controller Access-Control System Plus

60
Q

RADIUS

A

Remote Authentication Dial-In User Service provide authentication and authorization functions in addition to network access accounting functions, but it does not provide further access control.

61
Q

Kerberos prevents what type of attacks?

A

Since they support mutual authentication, they prevent on-path attacks.

62
Q

Why should we be strongly discouraged from using PAP?

A

User passwords are easily readable.

63
Q

OAuth

A

Open Authorization provides authorization services and does not provide authentication such as OpenID and SAML

64
Q

SAML

A

Security Assertion Markup Language offers single sign-on capabilities.

65
Q

IdP

A

IdP stands for ID Provider. They are source of a username and password and authenticates the user. The SP (Service Provider) provides service to the user.

66
Q

What are example of access control?

A

MAC - Mandatory access control

DAC - Discretionary access control

ABAC - Attribute-based access control

RBAC - Role-based access control

67
Q

MAC (access control)

A

Mandatory access control involves assigning labels to resources and accounts (for example, SENSITIVE, SECRET, and PUBLIC). If the label on the account and the resource does not match, the resource remains unavailable in nondiscretionary manner.

68
Q

DAC

A

Discretionary access control restricts access for each resource in a discretionary manner. This is widely used in Windows OS and servers.

69
Q

RBAC

A

Role-based access control, sometimes known as Rule-based access control

They dynamically assign roles to users based on criteria that the data custodian or system administrator defines. It can include controls such as time of the day, day of the week, specific terminal access, and GPS coordinates of the requester along with other factor that might overlay a legitimate account’s access request.

Implementation may require rules to be programmed using code rather than allowing traditional access control by checking the box.

70
Q

ABAC

A

Attribute-based access control is a logical access control model that Federal Identity, Credential, and Access Management (FICAM) Roadmap recommends as the preferred access control model for information sharing among diverse organization.

They are based on Extensible Access Control Markup Language (XACML).

It’s very similar to core components of AAA. The authorization process is determined by evaluating rules and policies against attributes associated with an entity such as subject, object, operation and environment condition.

71
Q

CACs and PIV cards provide what function?

A

Smart Card functions for identity and authentication.

CAC = Common Access Code, it’s a smart card, size of credit card and the standard identification for active duty uniformed service personnel and so on.

PIV is Personal Identity Verification and it’s a security standard detailed in NIST FIPS 201-2 which creates framework for multi-factor authentication on a smartcard.

72
Q

What is Implicit deny?

A

Access Control practice in which resource availability is restricted to only logins that are explicitly granted access.

73
Q

PKI replies on what?

A

Public Key Infrastructure replies on asymmetric key cryptography using certificates which are digitally signed block of data issued by CA.

74
Q

What is CSR

A

Certificate Signing Request is generated and submitted before a CA signs a certificate

75
Q

What is the recommendation for root CA

A

Root CA should be taken offline to reduce the risk of key compromise because this would compromise the entire chain or system.

76
Q

What are three types of validated certificates?

A

DV - Domain Validation
OV - Organization Validation
EV - Extended Validation

77
Q

EV Certificate

A

Extended Validation provides the highest level of trust and require teh most effort for a CA to validate

78
Q

Which certificates are encoded in binary and which certificate are encoded in ASCII.

A

DER and PFX certificates are binary encoded.

PEM and P7B certficates are ASCII encoded.

79
Q

What ensures a certificate validility?

A

This is accomplished through a CRL or OCSP.

80
Q

OCSP Stapling

A

OCSP (Online Certificate Status Protocol) Stapling puts responsibility of OCSP requests on the web server instead of on the issuing CA.

81
Q

Key Escrow

A

It stores private key with a trusted third party.