Domain Three: Architecture and Design Flashcards

1
Q

What are the four main element of code quality and testing ?

A

Code Analysis, Stress Testing, Model Verification, Version Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the two types of code analysis ?

A

Dynamic and Static

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is dynamic code analysis ?

A

Testing during execution by feeding inputs into the application
Fuzzing is a method of dynamic analysis in which a brute force test method is used to detect input and validation issues or vulnerabilities in the system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is static code analysis ?

A

Involves examining the code without execution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is model verification ?

A

Making sure that the systems does what it is intended to do in an expected manner. Do interdependencies with other functions and apps also behave as expected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is stress testing ?

A

Testing the app for performance bottlenecks under normal conditions. Load testing is the testing under peak conditions over and above stress testing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are embedded systems ?

A

Embedded systems are those that are incorporated into other systems examples are Smart TVs and Washing Machines.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Describe IOT/Smart Devices ?

A

These are characterised by remote control of the system at hand. You can think of home automation and fitness sensors as being prime examples of this.

During the course of the history of IOT functionality over security was very much the design pattern and it now should be considering that they have access to our biometric data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the problem in terms of security with printers and MFD devices ?

A

Printers and MFDs are hackable. Printers communicate to servers and computers in a bidirectional manner taking jobs, queuing them and then sending back outcome notifications.

It is perfectly feasible that these devices can send malware back to the server especially as all to often they have been designed for functionality first and security was an afterthought.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are real time operating systems ?

A

Characterised by not queuing data and events but operating on them as soon as they arrive. Think of a robot arm in a car assembly plant. The biggest security risk is something interrupting the timing and this often means that they are difficult to take offline to patch and update which in turn increases the security risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are SCADA systems ?

A

Supervisory Control and Data Acquisition - These systems usually are part of another system that has a physical aspect to them an example being traffic lights.

Traditionally these systems were separated and air gapped so that the only access to them was via external media but they are increasingly becoming connected which has meant a greater security attack surface.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the issues of Aircraft and security ?

A

Physical buttons, switches, gauges etc are replaced with digital devices such as touch screens.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the issues of security with Medical devices ?

A

Often overlooked but these are critical and have to be re-certified everytime they are updated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the issues with unmanned vehicles ?

A

Popular with military controlled over network connection which makes it an attractive target for hacking.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the security issues we should be aware of with vehicles ?

A

Vehicles are coming with more and more hackable technology.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is system on a chip ?

A

These are systems where the software and hardware instructions are all governed from a single chip. Computers are multi chip systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the uses of benchmarks ?

A

These are usually guides on the best practice for configuring systems and components.
CIS (Centre for Internet Security)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the three ways of implementing defence in depth ?

A

There are three ways to implement

Vendor Diversity - For example having both windows and linux devices
Control Diversity - Administration controls such as policies and risk assessments and technical controls such as firewalls and IDS/IPS
User Training - Policy and procedure awareness.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Give an example of a non regulatory framework ?

A

NIST

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Give some examples of Physical security controls ?

A

Lighting - Important to give visibility of action
Signs - Demarcates dangerous or high security areas
Alarms - Warnings
Barricades - Protection of areas
Fencing - Physical around area Cage - Indoor fencing Gate - monitoring on entrance to cage
Bollard - Simple Barricade
Mantraps - Effective against tailgating
Faraday Cages - Used to stop emi
TEMPEST - DoD program to emi and eavesdropping
CCTV - Should be on separate network so they dont provide an entrance to corporate network
Physical Security Logs - Should be taken
Bump Key Resistant Locks - Bump keys are those where the notches are deeply cut allowing an attacker to force the key into the lock and open it

HVAC - Heating, Ventilation, air con
Hot aisles and cold aisles can be used to maintain a data centre temp
Fire suppression systems - dont prevent fires but limit damage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Describe RAID 0

A

Striped Disks - Data is spread across multiple disks which increases speed but not redundancy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Describe RAID 1

A

Mirrored Disks - Data is copied from one disk to another. If the disk is lost we dont lose the data. This is more expensive than other methods.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Describe RAID 5

A

Block Striped with Error check - Most commonly used stripes data and parity checks across multiple drives; increased reliability and speed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Describe RAID 10

A

Stripe of Mirrors - combines striping and mirroring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What are distributive allocations ?

A

This is the mechanisms by which load is distributed across redundant resources. If the resources are servers then distributive load is the method that allocates work to those servers.

If the resource is data then geographical locations can be used as a means of distribution.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is redundancy ?

A

Redundancy is the use of multiple independent elements to perform critical functions

This can be done through multiple servers, connections or even ISPs and many organisations maintain a supply of spare parts to readily repair any failed hardware components.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Describe high availability and fault tolerance ?

A

High Availability is the maintaining of a systems availability through an unusual event by the use of a hot systems.
Fault Tolerance is the maintaining of a systems availability during an non critical event by the use of a warm system. The event is non critical because we should have built enough redundancy in the system to cover a foreseen eventuality such as a disk failure,

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What are the benefits of automation ?

A

Cuts down risks due to using humans. Releases operations team members back from routing tasks.
Continuous Monitoring can be used to automatically respond to certain events
Continuous validation - automated testing to resolve issues with configuration management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is elasticity and scalability ?

A

Scalability is the ability of the system to accommodate larger loads just by adding resources either making hardware stronger (scale up) or adding additional nodes (scale out).

Elasticity is the ability to fit the resources needed to cope with loads dynamically usually in relation to scale out. So that when the load increases you scale by adding more resources and when demand wanes you shrink back and remove unneeded resources. Elasticity is mostly important in Cloud environments where you pay-per-use and don’t want to pay for resources you do not currently need on the one hand, and want to meet rising demand when needed on the other hand.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is the concept of non persistence ?

A

These are machine images that changes are made to but are not expected to persists. Ephemeral storage is a good example.
Snapshots are the point in time backups of VMs
Rollback to known configuration - Microsoft term for rolling back to last known registry configuration that was saved by OS
Live Boot Media - USBs that have a bootable OS on them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What are templates and master images ?

A

Templates can be used to create master images of machine instances. You can use automation for post configuration task such as IP addresses, licensing and instance specific configuration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Describe the two software development lifecycles ?

A

Agile vs Waterfall,

There are two forms of Agile - Scrum and XP or extreme programming

Scrum has a 30 day sprint and a product backlog. Its crucial that developers know secure coding practices.
XP has a more flexible definition of a sprint and there is a greater emphasis on user acceptance testing to create incremental advances.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What is the reasoning around code re-use ?

A

We should aim to re-use code where possible and remove dead code as it can be a security risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What is code signing ?

A

This is using PKI to digitally sign a code download in order to verify its source and integrity. A trusted CA should be used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What is data exposure ?

A

Data at rest and in transit should always be protected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What are the rules around encryption ?

A

Use the most up to date algorithms, dont craft your own.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What is the rule around memory management ?

A

Memory should be reclaimed after use and appropriate values should be assigned to variable types.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What is obfuscation ?

A

Is hiding element such as code or data items so if they are leaked hackers cant make use of them.
Code obfuscation is sometimes frowned upon.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What are the rules around proper error handling ?

A

Information when an application errors should never be relayed back to a user as it can be used against the system by a hacker. The main challenge is where to store the information. The ideal location is an acl controlled log file.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Why use proper input handling ?

A

We should use proper input validation to make sure that malicious users cant inject values and code into our applications that could cause a security issue.

All input should be viewed as hostile.

Proper input validation will mitigate the following attacks

Buffer Overflows
Cross Site Scripting
Cross Site Request Forgeries
Injection Attacks

Normalisation is the process of checking inputs and formatting them to be of the correct format - Postcodes, email, social security numbers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Where should we implement checks server or client ?

A

Both are ideal but because we cant be sure of the client environment we must always have server side validation and checking. We should always distrust anything coming from the client and validate it on the server side.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Why use stored procedures ?

A

Stored Procedures on a database are preferred to dynamic queries sent from the application layer as they have a specific name and input structure and dont reveal the inner workings of the database as dynamic queries do.

This technique prevents sql injection attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

What is secure devops ?

A

Secure DevOps is about making sure that within the devops environment security has a first order place.

Automation of highly repetitive tasks releases workers to concentrate on more high value work.
Examples of automation are static code analysis and vulnerability scanning

Immutable Systems (Cattle) vs Pets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Describe the traditional four environment types ?

A

Dev, test, staging and prod

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What is sandboxing ?

A

Can be done for whole environment down to applications running on your phone. The idea is to provide security through isolation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

What is emi/emp ?

A

EMI is electrical interference and EMP is a pulse of that interference and this can damage or prevent the operation of the affected device. Mitigated by the use of shielded cables and grounded circuits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

What is HSM ?

A

Generate and store keys, can connect via usb and can be used as a means to authenticate and encrypt and apply digital signatures as well.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

What is secure boot ?

A

Malware targeting drivers present a problem because they get loaded before security tools and therefore can be missed. Secure boot only allows drivers signed and vetted to be installed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

What is a trusted platform module ?

A

Trusted Platform Modules are chips on the motherboard to create and store keys. The TPM hashes sections of the hardware, firmware and software and on the next run compares the new hash against the previous to see if anything has changed if it has it may prevent authentication.

TPM are not accessible via the normal channels so cannot be interfered with.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

What is bios ?

A

UEFI and BIOS its older counterpart are the firmware that aids interoperability between the OS and hardware. UEFI is more recent and more secure.

Stored in non volatile memory so survives the powering down of the device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

What arethe different types of OS ?

A

Networking OS - That which runs on networking hardware such as routers
Server OS - Runs as an interface between hardware and applications normally doesnt have a gui
Workstation OS - GUI
Appliances - Machines dedicated to one task only
Kiosks - Standalone machines that allow some limited functionality
Mobile Operating Systems - Streamlined for mobile devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Describe virtualisation ?

A

Virtualisation is the ability to run distinct os separately on one machine

Type 1 - Hardware faster than type 2 alternative
Type 2 - Software easier to get up and running

Containerisations/Application Cells

Less overhead than virtualisation as it doesnt clone an entire copy of the os.

VM Sprawl is where we lose control over the amount of VMs that are being created and this can happen because it is just easy to spin up VMs. There should be proper policies and procedures in place to control VM sprawl.

VM escape is where an attack escapes the confines of a VM to attack the base operating system. We should have the same controls on these systems as others. IDP/IDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

When designing a network what are the major design considerations ?

A

Device Placement, Security Zones, Failure Modes, Connectivity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

What are the typical areas in Security Zones placement ?

A

Data and trust sensitivity.

55
Q

Give two examples of a security zone ?

A

Guest Network and Management VLAN

56
Q

Describe the failure mode consideration ?

A

When a security device fails should it fail so that no traffic passes (fail closed) or should it allow all traffic to pass (fail open)

57
Q

Why would I use a VLAN ?

A

A VLAN is a Virtual Local Area Network (https://www.makeuseof.com/wan-vs-lan/). It’s a logical grouping of devices on a network, usually based on location or function. For example, all computers in a school’s library could be assigned to the “Library” VLAN, while all computers in the school’s computer lab could be assigned to the “Computer Lab” VLAN. In this way, VLANs can improve the efficiency and flexibility of a local area network.

A VLAN can improve security and performance by isolating traffic on your network.

58
Q

Name the two ways of creating a logical segmentation in a network ?

A

VLAN and Subnetting

59
Q

Give an example of security through obscurity ?

A

Using non standard ports.

60
Q

What is software defined network ?

A

Software defined network separates the control plane from the data plane. Previously the software designed to control hardware devices was tightly coupled usually from the same provider. SDN breaks this by offering a more generic and flexible software layer that makes it easier to have dynamic configurations and security.

61
Q

What is SD-WAN ?

A

An incarnation of SDN for WAN good for routing via application and choosing a variety of connection based on cost.

62
Q

What is Secure Access Service Edge (SASE) ?

A

Secure access service edge, often abbreviated (SASE), is a security framework that converges software-defined wide area networking (SD-WAN) and Zero Trust security solutions into a converged cloud-delivered platform that securely connects users, systems, endpoints, and remote networks to apps and resources.

SASE has four main traits:

  1. Identity-driven:
    Access is granted based on the identity of users and devices.
  2. Cloud-native:
    Both infrastructure and security solutions are cloud-delivered.
  3. Supports all edges:
    Every physical, digital, and logical edge is protected.
  4. Globally distributed:
    Users are secured no matter where they work.
63
Q

What is zero trust ?

A

Zero Trust assumes that there is no trust boundary and no network edge. Instead each action is validated and requested as part as a continuous authentication process and access is only allowed after policies are checked, including elements like identity, permissions, system configuration and security status, threat intelligence etc

64
Q

What is a subject in zero trust ?

A

Subjects are the user, systems and services that request access or attempt to use rights.

65
Q

In zero trust what is the policy administrator ?

A

Policy administrator are not individuals rather they are components that establish or remove the communication path between resources and subjects. In a deny situation the enforcement endpoint is instructed to drop the connection.

66
Q

In zero trust architecture what is the role of the policy engine ?

A

Policy engines make decisions based on rules and external systems such as identity management and SIEM. They use a trust algorithm that makes a decision to grant, deny or revoke access to a given resource. Once the decision has been made it is logged and then the policy administrator takes action.

67
Q

What is the role of a policy enforcement endpoint in a zero trust architecture ?

A

Communicated with administrators commonly deployed as both a client and a gateway element

68
Q

In a zero trust architecture what elements live in the control plane ?

A

Adaptive Identity, Policy Administrator, Policy Engine, Threat Scope Reduction

69
Q

In a zero trust architecture what elements live in the data plane ?

A

Subject, Policy Enforcement Endpoints, Enterprise Resources

70
Q

What is Adaptive Identity ?

A

leverages Context based authentication, considers where the user is logging in from, whether the device they are using meets security requirements and will either request additional info or request if standards are not met.

71
Q

What is threat scope reduction ?

A

Limiting the blast radius determined by least privilege and identity base network segmentation rather than the more traditional network segmentation methods such as VLAN and IP addresses

72
Q

What is the role of a Cloud Access Service Broker ?

A

Used to monitor cloud activity and usage and to enforce security policies on users of cloud services.

73
Q

Why should you be wary of downloaded images ?

A

They may be part of a steganography attack.

74
Q

What is the most common way of protecting a Real Time Operating System (RTOS) ?

A

Encrypted Firmware

75
Q

Why are firewalls and antimalware not a viable control for RTOS systems ?

A

RTOS systems often need to have updates downloaded and applied immediately.

76
Q

When should we use gait analysis to identify people ?

A

In crowded situations where facial and other biometric data is not clear

77
Q

What is the primary way to prevent powerloss in an outage ?

A

UPS

78
Q

What does an attacker hope to gain by setting of alarms repeatedly over a period of time ?

A

The generation of a false positive so that when the alarms trigger because of malicious activity people will be desensitised to their occurrence.

79
Q

What does XAAS mean ?

A

Anything as a service

80
Q

What is object detection ?

A

Object detection can detect specific types or classes of object to determine if an object has been moved.

81
Q

What security advantage do you get from managing your internal ip scheme ?

A

Identification of rogue or unknown devices.

82
Q

What is the most secure type of physical lock ?

A

Deadbolts

83
Q

What advantage do you receive with NIC teaming ?

A

Greater throughput and resiliency. NIC teaming is sending data through multiple cards.

84
Q

What critical feature is not a default one for most CCTV installations ?

A

DVR or the ability to record - This can then be used in evidence

85
Q

What does the term industrial camoflage mean ?

A

Making a building as non-descript as possible to avoid detection and attacks.

86
Q

What is the main security problem for static codes in MFA ?

A

Being stolen due to inproper storage. Brute force attacks are not likely as MFA should have built in backup algorithms

87
Q

Whats the best current way for making cryptographic algorithms safer ?

A

Increasing key length

88
Q

Are motion detectors and cameras a physical or detective control ?

A

Detective

89
Q

What is the main advantage of a inert gas system over a carbon dioxide one ?

A

Inert gas will remove oxygen out of the system without the same dangers to humans as carbon dioxide

90
Q

What cabling type is best to prevent tampering and prevent access ?

A

Protected cable distribution

91
Q

What is shielded cabling used for ?

A

Prevention of emi

92
Q

What is the most common threat to physical tokens ?

A

theft

93
Q

What is Fog computing ?

A

Cloud computing at edge of an enterprise network

94
Q

Name three key stretching algorithms ?

A

bcrypt, scrypt, PBKDF2

95
Q

What does ISO 27001 cover ?

A

Control Objectives for 14 different areas

96
Q

What does ISO 27002 cover ?

A

The actual controls to satisfy the objectives

97
Q

What does ISO 27701 cover ?

A

Privacy controls

98
Q

What does ISO 31000 cover ?

A

Risk management

99
Q

What is Role based user training ?

A

Organisations should use role based training to make sure that individuals receive the appropriate training for their job responsibilities.

100
Q

What are the three baselining phases in configuration management ?

A

Establishing a baseline with industry standards such as CIS
Deploying using centrally managed tools
Maintenance

101
Q

What is a self encrypted drive ?

A

A self encrypted hard drive implement encryption in hardware and firmware.

102
Q

Who is chiefly responsible for determining the purposes and means of processing personal data within an organization ?

A

Data Controller

103
Q

Define an embedded system ?

A

Computer systems that are build into other devices.

104
Q

Define a SCADA system ?

A

Normally a system responsible for critical infrastructure such as water and power and traffic. Scada is a type of system architecture that combines data acquisition and control devices and interfaces that control the entire architecture.

105
Q

What is the main security issue with complex systems such as scada ?

A

They were often not built with security in mind and therefore security can actively interfere with operation. Often the only effective security for such systems is isolation.

106
Q

Describe IOT systems ?

A

A type of embedded system but leverage other technologies such as cloud and machine learning

107
Q

What are the challenges of IOT systems ?

A

Not designed with security in mind, short patching cycles, poor vendor data practices

108
Q

Why is securing embedded systems difficult ?

A

They may not connect to a network making authorisation impossible. They may also have low CPU, memory and power options which makes cryptography, firewalls to expensive in resources. It also makes the ability to patch and monitor

109
Q

Why is asset management important ?

A

Knowing that a system contains processes and handles sensitive data is critical during incident response as well as day to day operations.

110
Q

What is usually a part of asset management ?

A

Asset Tagging, Inventory checking, Inventory creation.

111
Q

Which data role is responsible for determining why and how PII is processed in an organisation ?

A

Data Controller/Owner

112
Q

Which role is delegated to carry out the decisions of the data controller

A

Data Stewards

113
Q

What is the purpose of a data custodians ?

A

Have specific responsibility for security of data from data controller

114
Q

What is the difference between separation of duties and two person control ?

A

Separation of duties is two people doing two distinct tasks that make up an action. Whereas two person control is one task split between two people.

115
Q

Why should you place wireless APs near centre of building ?

A

Limiting the range to not go beyond perimeter walls

116
Q

What is the ideal placement for wireless APs ?

A

High points to avoid obstacles

117
Q

In Wireless technology what is Extended Service Set configurations ?

A

For large buildings it is the meshing together several APs to give a seamless connection experience.

118
Q

What in wireless techechnolgy co channel interference ?

A

Closely position ap with overlapping channel coverage

119
Q

What in wireless technology is adjacent channel interference

A

two aps using channels that are close together but maybe not overlapping

120
Q

In a 2.4 ghz wireless settings what channels should you use to avoid interference ?

A

1, 6, 11

121
Q

What are the major security technologies in wireless ?

A

EAP, Radius, WPA3, AAA

122
Q

Which Wireless protocol is considered deprecated because of its weak 24 bit initialisation vector ?

A

WEP

123
Q

What is TKIP ?

A

A part of WPA it is the generation of a 128 bit key for every packet thus avoiding key re-use

124
Q

Which protocol is insecure becuase of lack of sufficient data integrity checks in TKIP ?

A

WPA

125
Q

Which wireless protocol replaced TKIP with CCMP ?

A

WPA2

126
Q

Which two encryption protocols use AES ?

A

WPA2 and WPA3

127
Q

Which wireless protocol uses the enhanced open method ?

A

WPA3

128
Q

What is management frame protection ?

A

Protect management traffic in WPA3

129
Q

What two protocols for wireless authentication fall under AAA

A

Tacacs+ and Radius

130
Q

What architecture model does Radius follow to achieve AAA

A

Client Server

131
Q

How does TACACS+ differ from Radius ?

A

Separates out Authentication(A) Authorisation(A) and Accountability (A) so that you can apply more fine grained control unlike Radius and also encrypts the whole packet

132
Q

Whats the major difference between PEAP and EAP TLS

A

Peap needs a client certificate on client and server EAP TTLS only server

133
Q

Is EAP an implemented technology ?

A

No it is a specification that is implemented in PEAP, EAP-TTLS, EAP-Fast

134
Q

How does DKIM work ?

A

On reciept of the email the server can verify the digital key by using the sender public key on DNS server.