Domain 3.0: Implementation

Question 1

you can make LDAP traffic confidential and secure by using ____ technology operating over port ___

Answer 1

TLS, 636 (port LDAPS)

Question 2

web traffic is unencrypted over ____ occurs by default over port ____

Answer 2

HTTP, 80

Question 3

encrypted web traffic over ____ occurs by default over port _____

Answer 3

HTTPS, 443

Question 4

FTP SSH uses ___ port ____ by default

Answer 4

TCP, 22

Question 5

port security is a layer ___ traffic control feature that enables individual switch ports to be configured to allow only specified number of source MAC addresses coming in through the port

Answer 5

2

Question 6

_____ protection makes additional checks in Layer 2 switched networks

Answer 6

loop

Question 7

a ____ guard is a firewall feature to control network activity associated with DoS attacks

Answer 7

flood guard

Question 8

____ code analysis is a white box software testing process for detecting bugs early in the program development

Answer 8

static

Question 9

_____ code analysis is based on observing how the code behaves during execution

Answer 9

dynamic

Question 10

_____ is a black box software testing process by which semi random data is injected into a program or protocol stack to detect bugs

Answer 10

fuzzing

Question 11

_____ provides a safe execution environment fo untrusted programs

Answer 11

sandboxing

Question 12

____ environments should be isolated from development environments

Answer 12

testing

Question 13

____ environments reduce the risk of introducing issues before solutions are deployed in production

Answer 13

staging

Question 14

______ can establish patterns of use that later can help identify variations that identify unauthorized access attempts

Answer 14

baselines

Question 15

____ ____ use embedded systems with an os on the included chip

Answer 15

smart cards

Question 16

the ______ SDLC (software development life cycle) model starts with a defined set of requirements and a well developed plan, and adjustments are confined to the current development stage

Answer 16

waterfall

Question 17

the ____ SDLC model starts with less rigorous guidelines and allows for adjustments during the process

Answer 17

agile

Question 18

____ ____ includes security in the SDLC, ensuring that security is built in during the development process

Answer 18

secure devOps

Question 19

a __ _____ continually compiles, builds, and tests each new version of code committed to the central repository without user interaction

Answer 19

CI server

Question 20

_______ means that a valuable program, configuration or server will never be modified in place

Answer 20

immutability

Question 21

___ _____ involves disabling unnecessary ports and services

Answer 21

system hardening

Question 22

to keep an attacker from exploiting software bugs, an organization must continually apply manufacturers’ ___ and _____

Answer 22

patches and updates

Question 23

what port is Netstat commonly used for, purpose

Answer 23

15, lists active processes and who launched them, rarely used due to security concerns. Also same port as B2 Trojan

Question 24

what port is FTP commonly used

Answer 24

20 or 21

Question 25

port SSH/SFTP/SCP

Answer 25

22

Question 26

port telnet

Answer 26

23 client/server app protocol that provides access to virtual terminals of remote systems on local area networks or the Internet

Question 27

port SMTP

Answer 27

25, simple mail transfer protocol, insecure

Question 28

port DNS

Answer 28

53

Question 29

port HTTP

Answer 29

80

Question 30

port NTP (network time protocol) and purpose

Answer 30

123 time synchronization, replaced with NTPsec port 4460

Question 31

port LDAP, purpose

Answer 31

389 lightweight directory access protocol reading and writing directories over an IP network. to query and update an X.500 directory

Question 32

port HTTPS

Answer 32

443

Question 33

port LDAPS

Answer 33

636

Question 34

port FTPS

Answer 34

989 and 990

Question 35

port RADIUS

Answer 35

1812

Question 36

port RDP, purpose

Answer 36

3389, remote desktop protocol--connecting to another computer on the same network

Question 37

____ chips are secure cryptoprocessors used to authenticate hardware devices

Answer 37

TPM

Question 38

a ___ ____ checker tool computes a cryptographic hash and compares the result to known good values to ensure that the file has not been modified

Answer 38

file integrity

Question 39

____-_____ methods detect known signatures or patterns

Answer 39

signature-based

Question 40

a ___ _______ is used to allow multiple external users to access internal network resources using secure features that are built into the device. they are deployed when a single device needs to handle a very large number of VPN tunnels

Answer 40

VPN concentrator

Question 41

____ offers a method of enforcement which helps ensure that computers are properly configured

Answer 41

NAC (network access control)

Question 42

___ ____ is a model that provides a granular and dynamic access control, regardless of where the user or application resides, and doesn't place trust in the entire network

Answer 42

zero trust

Question 43

a ____ ____ is a small network between the internal network and the Internet that provides a layer of security and privacy

Answer 43

screened subnet

Question 44

____ acts as a liaison between an internal network and the Internet across a routing device. it allows multiple computers to connect to the Internet using one IP address

Answer 44

NAT (network address translation)

Question 45

network segmentation, _____, and segmentation are effective controls an organization can implement to mitigate the effect of a network intrusion

Answer 45

isolation

Question 46

___ ____ are physically isolated machines or networks

Answer 46

air gaps

Question 47

network taps, ____, and mirror ports are the primary methods used to get network traffic to network monitoring tools

Answer 47

SPAN (switched port analyzer)

Question 48

the purpose of a ___ is to unite network nodes logically into the same broadcast domain, regardless of their physical attachment to the network

Answer 48

VLAN

Question 49

___ ___ is managed by 2 basic methods: knowledge based and behavior based detection

Answer 49

intrusion detection

Question 50

an ___ monitors packet data by using behavior-based (to identify anomalies) or knowledge-based methods, operating in network based or host based configurations

Answer 50

IDS (intrusion detection system)

Question 51

___ and _____ are designed to catch attacks in progress within a network, not just on individual machines or the boundary between private and public networks

Answer 51

NIDSs (network intrusion detection systems) and NIPSs (network intrusion prevention systems)

Question 52

____ ____ can be placed between the private network the Internet for Internet connectivity or can be placed internally for web content caching

Answer 52

proxy servers

Question 53

firewalls separate external and internal networks and include the following types: _____-____ firewalls (network layer/layer 3) ____-____ firewalls, including circuit level (session layer/layer 5) and application level/level 7 gateways ____ _____ firewalls (application/layer 7)

Answer 53

packet filtering, proxy service, stateful inspection

Question 54

a _____ firewall works as a basic access control list filter

Answer 54

stateless

Question 55

_____ firewalls are a deeper inspection firewall type that analyze traffic patterns and data flows, often combining layered security and known as next gen firewalls

Answer 55

stateful

Question 56

_____ ____ methods, from the least secure to the most secure, include open authentication, shared authentication, EAP

Answer 56

wireless access methods

Question 57

___-___ requires a password shared by all devices on the network

Answer 57

WPA-personal

Question 58

____-___ requires certificates and uses an authentication server from which keys are distributed

Answer 58

WPA-enterprise

Question 59

___ and ___ favor CCMP over TKIP common to WPA. TKIP should still be used for systems that are unable to support ____

Answer 59

WPA2, WPA3, 802.1i

Question 60

EAP authentication protocols include EAP-TLS, _____, EAP-TTLS, and EAP-FAST. only ___ requires a client certificate, and only ___ does not require a server certificate

Answer 60

PEAP EAP-TLS, EAP-FAST

Question 61

EAP is an _______ framework and is used by WPA, WPA2, and WPA3 for authentication

Answer 61

authentication

Question 62

_____ encapsulates EAP in a TLS tunnel and only requires a certicate on te server

Answer 62

PEAP

Question 63

______ and rooting mobile devices removes restrictions imposed by the manufacturer and can introduce risk

Answer 63

jailbreaking

Question 64

employees who leave an organization should have their accounts ____ but not deleted

Answer 64

disabled

Question 65

generic accounts used by multiple users must be _____

Answer 65

prohibited

Question 66

when working ____ controls, 2 models exist for the assignment of permissions and rights: ____ ____ and role/group based

Answer 66

logical, user

Question 67

too many failed authentication attempts should incur a penalty, such as account _______

Answer 67

lockout

Question 68

enforcing password history prevents users from _____ old passwords

Answer 68

reusing

Question 69

auditing user permissions is a common method for identifying access _____

Answer 69

violations

Question 70

a _____ system allows accessibility from each domain accounts in one area can be granted access rights to any other resource, whether local or remote within the domains

Answer 70

federation

Question 71

____ ____ ______ includes RADIUS or TACACS+

Answer 71

re,pte access authentication

Question 72

______ provides authentication and authorization functions in addition to network access accounting functions, but it does not provide further access control

Answer 72

RADIUS

Question 73

____ supports mutual authentication, protecting against on path attacks. port #

Answer 73

kerberos, port 88

Question 74

using ___ is strongly discouraged because user passwordds are easily readable

Answer 74

PAP

Question 75

____ provides authorization services and does not provide authentication such as ____ and ____

Answer 75

OAuth, OpenID, and SAML

Question 76

____ offers SSO capabilities

Answer 76

SAML

Question 77

the ___ is the source of a username and password and authenticates the user. the __ provides service to the user

Answer 77

IdP, SP

Question 78

access controls includes _____, ____, ____, and _____

Answer 78

MAC, DAC, ABAC, and RBAC

Question 79

____ and ____ cards provide smart card functions for identity and authentication

Answer 79

CACs, PIV

Question 80

implicit ____ is an access control practice in which resource availability is restricted to only logins that are explicitly granted access

Answer 80

deny

Question 81

PKI relies on _____ key cryptography using certificates, which are digitally signed blocks of data issued a CA (certificate authority)

Answer 81

asymmetric

Question 82

a ___ is generated and submitted before a CA (certificate authority) signs a certificate

Answer 82

CSR

Question 83

a root ___ should be taken offline to reduce the risk of key compromise because this would compromise the entire chain or system

Answer 83

CA

Question 84

the 3 types of validated certificates are: ___, ____, and ___

Answer 84

DV, OV, and EV

Question 85

___ certificates provide the highest level of trust and require the most effort for a CA (certificate authority) to validate

Answer 85

EV

Question 86

___ and PFX certificates are binary encoded; ___ and P7B certificates are ____ encoded, and the contents can easily be cut and pasted

Answer 86

DER PEM ASCII

Question 87

ensuring a certificates validity is accomplished through a ___ or ____

Answer 87

CRL, OCSP

Question 88

____ stapling puts the responsibility of ____ requests on the web server instead of on the issuing CA (certificate authority)

Answer 88

OCSP (for both)

Question 89

_________ protocol is a network file sharing protocol that allows applications on a computer to read and write to files and to request services from server programs in a computer network. Technically has 2 ports

Answer 89

SMB (server message block), port 139 (older version ran on top of NetBIOS allows computers to talk to each other over the same network) port 445 (after Widows 2000, runs on top of TCP works over the Internet)

Question 90

____ _____ stores private key with a trusted 3rd party

Answer 90

key escrow