Domain 3.0: Implementation

Question 1

How to make LDAP confidential and secure?

Answer 1

Use TLS technology over port 636

Question 2

HTTP

Answer 2

Unencrypted web traffic over port 80

Question 3

HTTPS

Answer 3

Encrypted web traffic over port 443

Question 4

Port # for FTP

Answer 4

Port 22

Question 5

Port # for SSH

Answer 5

Port 22

Question 6

Port security

Answer 6

Layer 2 traffic control feature that enable individual switch ports to be configured to allow only a specified number of source MAC addresses coming in through the port

Question 7

Loop protection

Answer 7

Makes additional checks in Layer 2 switched networks

Question 8

Flood guard

Answer 8

Firewall feature to control network activity associated with DoS attacks.

Question 9

Static code analysis

Answer 9

White-box software testing process for detecting bugs early in the program development

Question 10

Dynamic code analysis

Answer 10

Based on observing how the code behaves during exection.

Question 11

Fuzzing

Answer 11

Black-box software testing process by which semi-random data is injected into a program or protocol stack to detect bugs

Question 12

Sandboxing

Answer 12

Safe execution environment for untrusted programs

Question 13

What are the recommendation for test environments?

Answer 13

They should be isolated from development environments.

Question 14

What is staging environment?

Answer 14

They reduce risk of introducing issues before solutions are deployed in production.

Question 15

What is baselines?

Answer 15

They establish pattern of use that later use help identify variations that identify unauthorized access attempts.

Question 16

Smart Cards

Answer 16

They used embedded systems with an operating system on the included chip.

Question 17

Waterfall SDLC model

Answer 17

SDLC –> Software Development Life Cycle

Waterfall SDLC model starts with a defined set of requirements and a well-developed plan, and adjustments are confined to the current development stages.

Question 18

Agile SDLC model

Answer 18

It starts with less rigorous guideline and allows for adjustments during the process.

Question 19

Secure DevOps

Answer 19

They include security in the SDLC, ensuring that security is built in during the development process.

Question 20

CI server

Answer 20

CI stands for Continuous integration

A CI Server continually compiles, builds and test each new version of code committed to the central repository without user interaction.

Question 21

Immutability

Answer 21

Valuable program, configuration, or server will never be modified in place.

Question 22

System Hardening

Answer 22

Disabling unnecessary ports and services

Question 23

How to keep attackers from exploiting software bugs?

Answer 23

An organization must continually apply manufacturers’ patches and updates

Question 24

Common used services and associated ports

Answer 24

Port     Service
15: Netstat
20 & 21: FTP
22: SSH, SFTP, SCP
23: Telnet
25: SMTP
53: DNS
80: HTTP
123: NTP
389: LDAP
443: HTTPS
636: LDAPS
989 & 990: FTPS
1812: RADIUS
3389: RDP

Question 25

TPM chips

Answer 25

Secure cryptoprocessor used to authenticate hardware devices

Question 26

File integrity checker

Answer 26

Tool that computes cryptographic hash and compares the result to known good value to ensure that the file has not been modified.

Question 27

Signature-based method

Answer 27

They detects known signatures or patterns

Question 28

VPN concentrator

Answer 28

They are used to allow multiple external users to access internal network resources using secure features that are built in to the device. They are deployed when a single device needs to handle a very large of VPN tunnels.

Question 29

NAC

Answer 29

Network Access Control offers a method of enforcement which helps ensure that computers are properly configured.

Question 30

Zero trust

Answer 30

It’s a model that provides granular and dynamic access control, regardless of where the user or application resides and does not place trust in the entire network.

Question 31

Screened subnet

Answer 31

Small network between internal and the Internet that provides a layer of security and privacy.

Question 32

What is effective control to implement to mitigate the effect of a network intrusion?

Answer 32

Network segregation, isolation and segmentation.

Question 33

Air gaps

Answer 33

Physically isolated machines or networks.

Question 34

What are primary methods to get network traffic to network monitoring tools?

Answer 34

Network taps, SPAN and mirror ports.

SPAN stands for Switch Port analyzer.

Question 35

VLAN’s purpose

Answer 35

Virtual LAN - they unite network nodes logically into the same broadcast domain, regardless of their physical attachment to the network.

Question 36

What are two basic methods that manages intrusion detection?

Answer 36

Knowledge-based and behavior based.

Question 37

How does IDS monitor packets?

Answer 37

They use behavior based to identify anomalies or knowledge-based method operating in network-based or host-based configurations.

Question 38

NIDS and NIPS are designed to do what?

Answer 38

They are designed to catch attacks in progress within a network, not just on individual machines or boundary between private and public networks.

Question 39

Where can proxy servers be placed in the network?

Answer 39

Between private network and the Internet for Internet connectivity. They can be also placed internally for web content caching.

Question 40

What does firewalls separate?

Answer 40

They separate external and internet networks.

Question 41

What type of firewalls are out there?

Answer 41

Packet-filtering firewall (network layer, Layer 3)

Proxy-service firewall including circuit level (session layer, Layer 5)

Application level (application layer, Layer7) gateways

Stateful inspection firewall (application layer, Layer 7)

Question 42

What is stateless firewall?

Answer 42

They work as basic access control list filter.

Question 43

What are stateful firewalls?

Answer 43

Deeper inspection firewall type that analyze traffic patterns and data flows, often combining layered security and known as next-gen firewalls.

Question 44

Wireless access methods includes what?

Answer 44

From least secure to most secure include open authentication, shared authentication and EAP

Question 45

WPA-Personal

Answer 45

They require password shared by all devices on the network

Question 46

WPA-Enterprise

Answer 46

Requires certificate and uses an authentication server from which keys are distributed

Question 47

WPA2, WPA3 favors which encryption over what encryption?

Answer 47

WPA2 and WPA3 favors CCMP (Counter Mode Cipher Block Chaining Message Authentication Code Protocol, also known as CCM mode Protocol) over TKIP common to WPA.

TKIP (Temporal Key Integrity Protocol) should be still used for systems that are unable to support 802.1i.

Question 48

EAP authentication protocols include the following:

Answer 48

EAP-TLS, PEAP, EAP-TTLS, and EAP-FAST. Only EAP-TLS requires a client certificate and only EAP-FAST does not require a server certificate.

Question 49

EAP

Answer 49

Extensible Authentication Protocol is an authentication framework and is used by WPA, WPA2 and WPA3 for authentication.

Question 50

PEAP

Answer 50

Protected Extensible Authentication Protocol is a protocol that encapsulate EAP in a TLS tunnel and only requires a certificate on the server.

Question 51

What is jailbreaking / rooting?

Answer 51

It’s a method to remove restriction on mobile devices imposed by the manufacturers and can introduce risks.

Question 52

What is the recommended actions to be done when an employee leave an organization?

Answer 52

Disable their account, and do not delete.

Question 53

What is recommended action for generic accounts used by multiple users?

Answer 53

They are to be prohibited.

Question 54

What are two models exist for working with logical control, especially with assignment of permissions and rights?

Answer 54

User-based and role

Group based

Question 55

What should happen when there’s too many failed authentication attempts?

Answer 55

They should incur a penalty such as account lockout.

Question 56

What will the issue be prevented when enforcing password history?

Answer 56

They prevent users from reusing old passwords.

Question 57

What is the common method for identifying access violations and issues?

Answer 57

Auditing user permissions

Question 58

What is a federation system?

Answer 58

It allows for accessbility from each domain. Accounts in one area can be granted access right to any other resource, whether local or remote within the domains.

Question 59

What are example of remote access authentications?

Answer 59

RADIUS - Remote Authentication Dial-In User Service

TACACS+ - Terminal Access Controller Access-Control System Plus

Question 60

RADIUS

Answer 60

Remote Authentication Dial-In User Service provide authentication and authorization functions in addition to network access accounting functions, but it does not provide further access control.

Question 61

Kerberos prevents what type of attacks?

Answer 61

Since they support mutual authentication, they prevent on-path attacks.

Question 62

Why should we be strongly discouraged from using PAP?

Answer 62

User passwords are easily readable.

Question 63

OAuth

Answer 63

Open Authorization provides authorization services and does not provide authentication such as OpenID and SAML

Question 64

SAML

Answer 64

Security Assertion Markup Language offers single sign-on capabilities.

Question 65

IdP

Answer 65

IdP stands for ID Provider. They are source of a username and password and authenticates the user. The SP (Service Provider) provides service to the user.

Question 66

What are example of access control?

Answer 66

MAC - Mandatory access control

DAC - Discretionary access control

ABAC - Attribute-based access control

RBAC - Role-based access control

Question 67

MAC (access control)

Answer 67

Mandatory access control involves assigning labels to resources and accounts (for example, SENSITIVE, SECRET, and PUBLIC). If the label on the account and the resource does not match, the resource remains unavailable in nondiscretionary manner.

Question 68

DAC

Answer 68

Discretionary access control restricts access for each resource in a discretionary manner. This is widely used in Windows OS and servers.

Question 69

RBAC

Answer 69

Role-based access control, sometimes known as Rule-based access control

They dynamically assign roles to users based on criteria that the data custodian or system administrator defines. It can include controls such as time of the day, day of the week, specific terminal access, and GPS coordinates of the requester along with other factor that might overlay a legitimate account’s access request.

Implementation may require rules to be programmed using code rather than allowing traditional access control by checking the box.

Question 70

ABAC

Answer 70

Attribute-based access control is a logical access control model that Federal Identity, Credential, and Access Management (FICAM) Roadmap recommends as the preferred access control model for information sharing among diverse organization.

They are based on Extensible Access Control Markup Language (XACML).

It’s very similar to core components of AAA. The authorization process is determined by evaluating rules and policies against attributes associated with an entity such as subject, object, operation and environment condition.

Question 71

CACs and PIV cards provide what function?

Answer 71

Smart Card functions for identity and authentication.

CAC = Common Access Code, it’s a smart card, size of credit card and the standard identification for active duty uniformed service personnel and so on.

PIV is Personal Identity Verification and it’s a security standard detailed in NIST FIPS 201-2 which creates framework for multi-factor authentication on a smartcard.

Question 72

What is Implicit deny?

Answer 72

Access Control practice in which resource availability is restricted to only logins that are explicitly granted access.

Question 73

PKI replies on what?

Answer 73

Public Key Infrastructure replies on asymmetric key cryptography using certificates which are digitally signed block of data issued by CA.

Question 74

What is CSR

Answer 74

Certificate Signing Request is generated and submitted before a CA signs a certificate

Question 75

What is the recommendation for root CA

Answer 75

Root CA should be taken offline to reduce the risk of key compromise because this would compromise the entire chain or system.

Question 76

What are three types of validated certificates?

Answer 76

DV - Domain Validation
OV - Organization Validation
EV - Extended Validation

Question 77

EV Certificate

Answer 77

Extended Validation provides the highest level of trust and require teh most effort for a CA to validate

Question 78

Which certificates are encoded in binary and which certificate are encoded in ASCII.

Answer 78

DER and PFX certificates are binary encoded.

PEM and P7B certficates are ASCII encoded.

Question 79

What ensures a certificate validility?

Answer 79

This is accomplished through a CRL or OCSP.

Question 80

OCSP Stapling

Answer 80

OCSP (Online Certificate Status Protocol) Stapling puts responsibility of OCSP requests on the web server instead of on the issuing CA.

Question 81

Key Escrow

Answer 81

It stores private key with a trusted third party.