Domain 6 - Security Assessment and Testing

Question 1

Security Review

Answer 1

Conducted by system maintenance or security personnel

Goal is determine vulnerabilities within a system. Also known as a vulnerability assessment

Question 2

Security Audit

Answer 2

Conducted by 3rd party

Determines the degree to which required controls are implemented

Question 3

Penetration Testing

Answer 3

Ethical hacking to validate discovered weaknesses
Red Teams (Attack)/Blue Teams (Defend)

Question 4

NIST SP 800-42

Answer 4

National Institute of Standards and Technology

Guideline on Security Testing

Question 5

Zero Knowledge

Answer 5

Team has no knowledge of the target and must start with only information that is publically available. This simulates an external attack

Question 6

Partial Knowledge

Answer 6

The team has limited knowledge of the organization

Question 7

Full Knowledge

Answer 7

This simulates an internal attack. The team has full knowledge of network operations

Question 8

Blind

Answer 8

The assessors have only publicly available knowledge. The network teams knows that testing is taking place

Question 9

Double Blind

Answer 9

The assessors have only publicly available knowledge, but in this instance the network teams do NOT know the test is taking place. This will allow evaluation of incident response

Question 10

Targeted Testing

Answer 10

External consultants work with internal staff to focus on specific systems or applications

Question 11

OSI Model

Answer 11

Layer 1 Physical
Layer 2 Data Link
Layer 3 Network
Layer 4 Transport
Layer 5 Session
Layer 6 Presentation
Layer 7 Application

Question 12

HTTP

HHTPS

Answer 12

80

443

Question 13

FTP

Answer 13

20/21

File Transfer Protocol

Question 14

RDP

Answer 14

3389

Remote Desktop Protocol

Question 15

DNS

Answer 15

53

Domain Name System

Question 16

FTPS

Answer 16

989/990

Secure File Transfer Protocol

Question 17

TFTP

Answer 17

69

Trivial File Transfer Protocol

Question 18

DHCP

Answer 18

67/68

Dynamic Host Configuration Protocol

Question 19

ARP

RARP

Answer 19

Address Resolution Protocol

Reverse Address Resolution Protocol

Question 20

Ethernet standard

Answer 20

802.3

CSMA/CD Carrier Sense Multiple Access w/ Collison Detection

Question 21

Wireless Standard

Answer 21

802.11

CSMA/CA Carrier Sense Multiple Access w/ Collison Avoidance

Question 22

Vlan Standard

Answer 22

802.1q

Question 23

WEP

Auth, Encrypt, Integrity

Answer 23

PSK Pre Shared Key
Wired Equivalent Protocol encrypted with RC4(Stream Cipher)
integrity check by CRC Cyclic redundancy check
64, 128,256 bit key, but -24 for IV(Initialization Vector) so actual 40,104,232 bit key

Question 24

WPA Personal

Auth, Encrypt, Integrity

Answer 24

PSK
encrypted by TKIP(Temporary Key Internet Protocol) with RC4
Integrity by MIC Message Integrity Check
128 bit key + 48 bit IV

Question 25

WPA Enterprise

Auth, Encrypt, Integrity

Answer 25

802.1x with RADIUS Server
encrypted with TKIP and RC4
integrity by MIC
128 bit key + 48 bit IV

Question 26

WPA2 Personal

Auth, Encrypt, Integrity

Answer 26

PSK
encrypted CCMP(block-chain) with AES(block Cipher)
integrity CBC-MAC Chain Block Cipher MAC
256 bit key

Question 27

WPA2 Enterprise

Auth, Encrypt, Integrity

Answer 27

802.1x with RADIUS Server
encrypted CCMP with AES
integrity CBC-MAC
256 bit key

Question 28

RIPv1

Interior/exterior, type,class

Answer 28

IGP, Distance Vector, classful

Question 29

IGRP

Interior/exterior, type,class

Answer 29

IGP, Distance Vector, classful

Cisco proprietary

Question 30

RIPv2

Interior/exterior, type,class

Answer 30

IGP, Distance Vector,classless

Question 31

EIGRP

Interior/exterior, type,class

Answer 31

IGP, Distance Vector, classless

Cisco proprietary

Question 32

OSPF

Interior/exterior, type,class

Answer 32

IGP, Link-state, Classless

Question 33

IS-IS

Interior/exterior, type,class

Answer 33

IGP, Link-state, Classless

Question 34

BGP

Interior/exterior, type,class

Answer 34

EGP, Path-vector, Classless

Question 35

IAAA

Answer 35

Identification:
Make a claim (userid etc)
Authentication:
Provide support (proof) for your claim
Authorization:
What rights and permissions you have
Auditing:
Accountability—matching actions to subjects

Question 36

Access Control Types

Answer 36

Logical
Physical
Administrative

Question 37

Authentication Type I

Answer 37

Something you know

Question 38

Authentication Type II

Answer 38

Something you Have

Question 39

Authentication Type III

Answer 39

Something you are

Question 40

Type I Error

Answer 40

False Rejection(FRR)–A legitimate user is barred from access. Is caused when a system identifies too much information. This causes excessive overhead.

Question 41

Type II Error

Answer 41

False Acceptance(FAR)—An impostor is allowed access. This is a security threat and comes when a system doesn’t evaluate enough information

Question 42

CER

Answer 42

(Crossover Error Rate) The level at which the FAR and FRR meet. The lower the number, the more accurate the system.

Question 43

Race Condition

Answer 43

try to cause authorization to happen before authentication

Question 44

Single Sign On

Answer 44

Ease of use for end users
Centralized Control
Ease of administration
Kerberos
LDAP
Sesame
KryptoKnight

Question 45

Kerberos

Answer 45

A network authentication protocol designed from MITs project Athena. Kerberos tries to ensure authentication security in an insecure environment
Port 88
Allows for single sign on
Never transfers passwords
Uses Symmetric encryption to verify Identifications
Avoids replay attacks

Question 46

Kerberos Components

Answer 46

Essential Components:
AS (Authentication Server): Allows authentication of the user and issues a TGT
TGS: After receiving the TGT from the user, the TGS issues a ticket for a particular user to access a particular service
KDC (Key Distribution Center) a system which runs the TGS (Ticket Granting Service) and the AS (Authentication Service)
Ticket: Means of distributing Session Key
Principles (users, applications, services)
Kerberos Software (integrated into most Operating Systems. MS Windows 2000 and up support Kerberos)
Main Goal: User needs to authenticate himself/herself without sending passwords across the network—needs to prove he/she knows the password without actually sending it across the wire.

Question 47

SESAME

Answer 47

European technology, developed to extend Kerberos and improve on it’s weaknesses
Sesame uses both symmetric and asymmetric cryptography.
Uses “Privileged Attribute Certificates” rather than tickets, PACS are digitally signed and contain the subjects identity, access capabilities for the object, access time period and lifetime of the PAC.
PACS come from the Privileged Attribute Server.

Question 48

DAC

Answer 48

Discretionary Access Control
Security of an object is at the owner’s discretion
Access is granted through anACL (Access Control List)
Commonly implemented in commercial products and all client based systems
Identity Based

Question 49

MAC

Answer 49

Mandatory Access Control
Data owners cannot grant access!
OS makes the decision based on a security label system
Subject’s label must dominate the object’s label
Users and Data are given a clearance level (confidential, secret, top secret etc)*
Rules for access are configured by the security officer and enforced by the OS.

Question 50

RBAC

Answer 50

Role Based Access Control
Uses a set of controls to determine how subjects and objects interact.
Don’t give rights to users directly. Instead create “roles” which are given rights. Assign users to roles rather than providing users directly with privileges.

Question 51

AAA

Answer 51

Authentication
Authorization
Auditing

Question 52

RADIUS

Answer 52

Port 1812, 1813
UDP
3 separate processes for AAA
only encrypts user/pass
uses Industry Standard

Question 53

TACACS+

Answer 53

Port 49
TCP
one process for AAA
encrypts everything
Cisco Devices

Question 54

Guideline on Security Testing

Answer 54

National Institute of Standards & Tech SP 800-42