General Security Flashcards
1
Q
4 Phases of DITSCAP and NIACAP accreditation
A
- Definition”
2
Q
A weakness in a system which might be exploited
A
Vulnerability
3
Q
ALE
A
Annualized Loss Expectancy
4
Q
Also called a maintenance hook
A
Trap door
5
Q
An event that can cause harm to a system and create a loss of C, I , A
A
Threat
6
Q
Are SSL and TLS compatible?
A
no
7
Q
Are SSL sessions stateful or stateless?
A
stateful
8
Q
ARO
A
Annualized Rate of Occurence
9
Q
At the Network Interface layer, what is the packet of information placed on the wire known as?
A
a frame
10
Q
At what OSI layer (and above) must networked computers share a common protocol?
A
data link and above
11
Q
Attack that exploits difference in time when a security control is applied and a service is used
A
TOC/TOU attack
12
Q
Biba, Clark Wilson, and Non?Interference models cover what aspect of security
A
Integrity
13
Q
Combination of ITSEC, TCSEC, and Canada’s CTCPEC
A
Common Criteria
14
Q
Consolidation of power should not be allowed in a secure system, this is called
A
Separation (or segregation) of duties
15
Q
Design where a component failure allows the system to continue to function
A
Fault?tolerant
16
Q
Design where a failure causes non?critical processes to terminate, and system runs in a degraded state
A
Fail?soft or Resilient
17
Q
Design where a failure causes termination of processes to protect the system from compromise
A
Fail?safe
18
Q
Design where a failure causes the system to use backup spare components to compensate for failed ones
A
Fail?over
19
Q
Do hashing algorithms protect files from unauthorized viewing?
A
no, only verify files have not been changed
20
Q
Does DSS use symmetric or asymmetric keys?
A
asymmetric
21
Q
Does L2TP require IP connectivity?
A
no
22
Q
Does PPTP require IP connectivity?
A
yes
23
Q
Does TLS use the same ports for encrypted and unencrypted data?
A
no
24
Q
EF
A
Exposure Factor
25
European counterpart to TCSEC
ITSEC (Information Technology Security Evaluation Criteria)
26
Execution and memory space assigned to each process is called a _______ _______
Protection Domain
27
From what does RSA derive its strength?
the difficulty of factoring large numbers
28
How are asymmetric algorithms used for authentication?
authenticator sends a random number (nonce) to receiver, who encrypts it with their private key
29
How are digital signatures implemented?
a hash is created and encrypted with the creator's private key
30
How are RSA and DES used together?
RSA is used to encrypt the key for transmission; DES is used for message encryption
31
How can source routing be defended against?
routers can be configured to discard source?routed packets
32
How do the RADIUS client and server avoid sending their shared secret across the network?
shared secret is hashed and hash is sent
33
How does a host respond to a FIN packet if the scanned port is open? Closed?
open: packet discarded; closed: RST
34
How does a host respond to a TCP connect scann if the scanned port is open? Closed?
open: SYN?ACK; closed: RST
35
How does an 802.1x authenticator handle authentication traffic?
Passes it to a RADIUS server for authentication
36
How does an application?level firewall handle different protocols?
with a proxy program for each protocol
37
How does an XMAS scan work?
a variety of TCP packets are sent to elicit a response
38
How does CHAP work?
server sends random value to client; client uses MD5 to create hash with ID, random value, and shared secret; client sends hash to server; server performs same function and compares values
39
How is source routing used by attackers?
used to route packets around security devices
40
In a 128?bit WEP key, how long is the actual secret key?
104 bits? the first 24 bits are used for the Initialization Vector (IV)
41
In a bridge CA architecture, what is the CA that connects to a bridge CA called?
a principal CA
42
In biometric scanning, what is the crossover rate?
error percentage when Type I and II errors are equal
43
In MAC, of read?up, read?down, write?up, and write?down, which two are legal? Which two are illegal?
legal? read?down, write?up"
44
In MAC, what is read?up?
the ability of users in lower security categories to read information in higher categories
45
In relation to AAA, what is CIA?
Confidentiality, Integrity, Availability
46
Is 802.11g backwards?compatible with 802.11a and 802.11b?
backwards?compatible with 802.11b only at 11 Mbps
47
Is L2TP usually implemented through hardware or software?
hardware
48
Is PPTP usually implemented through hardware or software?
software
49
Is RSA a public? or private?key system?
public?key
50
ITSEC separately evaluates ____ and _____
Functionality and Assurance
51
Lack of parameter checking leaves a system vulnerable to this type of attack
Buffer overflow
52
No Read Up, No Write Down describes what Security Model
Bell LaPadula
53
Non?repudiation has been compared to what real?world version of authentication?
using a public notary
54
Observing the timer value in the TCP stack makes what possible?
determining the OS in use, useful in planning attacks
55
Operates at the highest level of information classification where all users must have clearances for the highest level
System High mode
56
Operating system loaded without the front?end security enabled, is only done in this mode
Single?user mode
57
Operators are given varying assignments for a time period, then their assignment changes. This is called
Rotation of duties
58
Programming technique used to encapsulate methods and data in an object
Information Hiding
59
Required tracking of changes to a system under B2, B3, and A1 is called
Configuation Management
60
Separation of duties, least privilege, personnel security, configuration control, Record retention, are examples of what type of controls?
Administrative Controls
61
SLE
Single Loss Expectancy
62
Software controls, media controls, hardware controls, physical access controls are examples of what type of controls?
Operations Controls
63
System component that manages and enforces access controls on objects
Reference Monitor
64
TCSEC Discretionary Protection (two classes)
C1 (User logon, Groups allowed)"
65
TCSEC level that addresses both covert storage and timing channels
B3, A1
66
TCSEC Level that addresses covert storage channels
B2
67
TCSEC Mandatory Protection (three classes)
B1 (MAC)"
68
TCSEC Minimal Protection (one class)
D (Minimal Protection)
69
TCSEC Verified Protection (one class)
A1 (Mathematical model must be proven)
70
The Boundary that separates the TCB from the rest of the system.
Security Perimeter
71
The ITSEC subject of an evaluation is called the ___ __ _____
Target of Evaluation (TOE)
72
This Access Control model specifies the rights that a subject can transfer to an object, or that a subject can take from another subject.
Take?Grant model
73
This recovery mode permits access by only privileged users from privileged terminals
Maintenance mode
74
This refers to the data left on media after erasure
Data Remanence
75
This standard includes levels of assurance, from D (Least secure) to A (Most secure)
TCSEC (Trusted Computer Security Evaluation Criteria)
76
This type of recovery is required for only B3 and A1 TCSEC levels
Trusted Recovery
77
Two operators are needed to perform a function. This is called
Dual Control
78
Two operators review and approve each other's work. This is called
Two?man control
79
Unit of evaluations levels in the Common Criteria
Evaluation Assurance Level"
80
What advantage does compulsory tunneling provide?
allows VPN connections to be concentrated over fewer high?capacity lines
81
What advantage does LEAP have over EAP?
LEAP allows for mutual authentication
82
What advantage does LEAP have over EAP?
LEAP allows for mutual authentication
83
What advantage does RADIUS have over TACACS+?
better vendor support and implementation
84
What advantage does TACACS+ have over RADIUS?
better security
85
What advantage does TACACS+ have over TACACS?
multi?factor authentication
86
What advantages do hand geometry scans have over fingerprint scans?
they are faster, cleaner, and less invasive
87
What algorithm does AES use?
Rijndael
88
What are DAT drives primarily used for?
basic network backups
89
What are most fire extinguishers loaded with?
FE?36
90
What are QIC tapes primarily used for?
backing up standalone computers
91
What are the advantages and disadvantages of retinal scanning?
most reliable but most invasive
92
What are the five main services provided by firewalls?
packet filtering; application filtering; proxy server; circuit?level; stateful inspection
93
What are the four layers of the TCP/IP suite? How do they map to the OSI model?
Application > Application?Session"
94
What are the four WAP layers?
Wireless Application Environment (WAE); Wireless Session Layer (WSL); Wireless Transport Layer Security (WTLS); Wireless Transport Layer (WTL)
95
What are the seven stages in a certificate life cycle?
certificate enrollment; distribution; validation; revocation; renewal; destruction; auditing
96
What are the six steps to incident response?
Preparation; Identification; Containment; Eradication; Recovery; Follow?Up
97
What are the three A's in computer forensics?
Acquire, Authenticate, Analyze
98
What are the three components of AAA?
Authentication, Authorization, Access Control
99
What are the three major classification levels with MAC?
Top Secret; Confidential; Unclassified
100
What are the three major components of SSH?
Transport Layer protocol (SSH?TRANS); User authentication protocol (SSH?USERAUTH); connection protocol (SSH?CONN)
101
What are the three types of NAT?
static NAT; dynamic NAT; overloading NAT
102
What are the two advantages of block ciphers over stream ciphers?
they are faster and more secure
103
What are the two basic types of DoS attacks?
flaw exploitation attacks and flooding attacks
104
What are the two encryption modes for IPSec?
Transport, where only the data is encrypted; and Tunneling, where the entire packet is encrypted
105
What are the two main components of L2TP?
L2TP Access Controller (LAC) and L2TP Network Server (LNS)
106
What are the two main types of firewalls?
application?level and network?level
107
What are the two most popular hashing routines in use today?
MD5 and SHA?1
108
What are the two parts of a Key Distribution Center?
An authentication server (AS) and a ticket?granting server (TGS)
109
What are the two types of network?level firewalls?
packet filters and stateful packet inspection
110
What are the two types of symmetric algorithms?
block and stream
111
What are tokens also known as?
One?time passwords
112
What are two characteristics of a null scan?
TCP sequence number set to 0; no TCP flags set
113
What can be done to reduce the effects of half?open attacks?
reduce the time a port waits for a response
114
What disadvantage does CRL have that OCSP addresses?
updates must be downloaded frequently to be accurate
115
What disadvantage does CRL have the OCSP addresses?
updates must be downloaded frequently to be accurate
116
What disadvantage does speech recognition have?
easier to spoof than other biometric techniques
117
What do BSS and ESS stand for?
Basic Service Set and Extended Service Set
118
What DoD classification does DAC map to?
Level?C classification
119
What DoD classification does MAC map to?
Level?B classification
120
What does 802.1x do?
provides an authentication framework for wired and wirelss networks
121
What does an attacker need to conduct ARP cache poisoning?
physical connectivity to a local segment
122
What does CHAP use for authentication?
hashing
123
What does chargen do?
responds to packets on UDP port 19 with random characters
124
What does echo do?
responds to packets on UDP port 7
125
What does ESS offer that BSS does not?
the ability to roam between AP's
126
What does IPSec require to be scaleable?
a PKI
127
What does IPSec use for authentication and key exchange?
Diffie?Hellman
128
What does IPSec use for encryption?
40?bit DES algorithm
129
What does PGP use in place of a CA?
a web of trust""
130
What does S/FTP use for encryption?
SSL
131
What does WEP stand for?
Wired Equivalent Protection
132
What drawback do heuristic?based IDS's have?
higher rate of false positives
133
What encryption does S/MIME use?
RSA
134
What encryption scheme does WEP use?
RC4
135
What four trust models do PKI's fall into?
heirarchical; network/mesh; trust list; key ring
136
What frequency does 802.11b operate at?
2.4 GHz
137
What frequency does 802.11g operate at?
2.4 GHz
138
What happens if an application?level protocol doesn't have a proxy program for a given protocol?
the protocol can't pass through the firewall
139
What IP layer do man?in?the?middle attacks take place at?
internet layer
140
What IP layer do SYN floods occur at?
transport layer
141
What IP layers do DoS attacks occur at?
any layer
142
What is a bastion host?
a gateway in a DMZ used to secure an internal network
143
What is a key difference in security between MAC and DAC?
In MAC, a user who can access a file cannot necessarily copy it
144
What is a TCP ACK scan used for?
determining if a port is filtered by a firewall
145
What is a teardrop attack?
a type of DoS attack using a false fragmentation offset value
146
What is a window scan?
a scan that attempts to determine the OS in use by its default TCP window size
147
What is AES?
Advanced Encryption Standard? algorithm used by US government for sensitive but unclassified information
148
What is an AUP?
Acceptable Use Policy
149
What is an FTP bounce?
running scans against other computers through a vulnerable FTP server
150
What is an open relay?
an SMTP relay that does not restrict access to authenticated users
151
What is an open relay?
an SMTP relay that does not restrict access to authenticated users
152
What is an SIV?
System Integrity Verifier? IDS that monitors critical system files for modification
153
What is Authenticode?
a method of signing ActiveX controls
154
What is Authenticode?
a method of signing ActiveX controls
155
What is bytestream?
data from Application layer is segmented into datagrams that source and destination computers will support
156
What is compulsory tunneling?
situation where VPN server chooses the endpoint of a communication
157
What is CRL?
Certificate Revokation list? list of subscribers to a PKI and their certificate status
158
What is DEN?
Directory?Enabled Networking? specification for how to store network information in a central location
159
What is ECC?
Elliptical Curve Cryptography? public?key cryptographic method which generates smaller, faster, and more secure keys
160
What is FE?13 used for?
explosion prevention
161
What is FE?13 used for?
explosion prevention
162
What is hashing?
changing a character string into a shorter fixed?length value or key
163
What is HTTPS?
HTTP over SSL
164
What is IDEA?
International Data Encryption Algorithm? a 128?bit private?key encryption system
165
What is IGMP used for?
multicasting
166
What is key escrow?
administration of a private key by a trusted third party
167
What is MD5 designed for?
digital signatures
168
What is OCSP?
Online Certificate Status Protocol? a replacement for CRL
169
What is PEM?
Privacy Enhanced Mail? public?key encryption similar to S/MIME
170
What is PGP primarily used for?
email encryption
171
What is port mirroring?
on switches, the ability to map the input and output of one or more ports to a single port
172
What is smurfing?
broadcasting echo requests with a falsified source address, overwhelming the owner of the address
173
What is source routing?
Sender defines hops a packet must travel through
174
What is TACACS?
Terminal Access Controller Access Control System
175
What is the hidden node" problem?"
When a wireless client cannot see the network due to interference.
176
What is the difference between S?HTTP and SSL?
S?HTTP is designed to send individual messages securely; SSL sets up a secure connection between two computers
177
What is the DSS?
Digital Signature Standard? provides for non?repudiation of messages
178
What is the first step in risk analysis?
identifying assets
179
What is the key length for Blowfish?
variable length
180
What is the main difference between S/MIME and PGP?
S/MIME relies upon a CA for public key distribution
181
What is the maximum capacity of 4mm DAT?
40 Gb
182
What is the maximum capacity of 8mm tapes?
50 Gb
183
What is the maximum capacity of DLT?
220 Gb
184
What is the maximum capacity of QIC?
20 GB
185
What is the maximum capacity of Travan?
40 Gb
186
What is the maximum length of a valid IP datagram?
64K
187
What is the maximum throughput of 802.11a?
54 Mbps
188
What is the maximum throughput of 802.11b?
11 Mbps
189
What is the maximum throughput of 802.11g?
54 Mbps
190
What is the most effective way of enforcing security in a dialup network?
require callback
191
What is the primary limitation of symmetric cryptography?
key distribution
192
What is the RFC?recommended size of an IP datagram?
576 bytes
193
What is the standard key length for 3DES?
168 bits
194
What is the standard key length for DES?
56 bits
195
What is the standard key length for IDEA?
128 bits
196
What is the top priority in computer forensics?
document each step taken
197
What is TLS?
Transport?Layer Security? a successor to SSL
198
What is unique about the network/mesh model of PKI?
multiple parties must be present before access to the token is granted
199
What is WML?
Wireless Markup Language? used to create pages for WAP
200
What is WML?
Wireless Markup Language? used to create pages for WAP
201
What is X.509 used for?
digital certificates
202
What kind of algorithm is 3DES?
symmetric
203
What kind of encryption does AES use?
private?key
204
What kind of encryption does HTTPS use?
40?bit RC4
205
What language are most new smart card applications written in?
Java
206
What language is normally used to write CGI scripts?
Perl
207
What limitation do application?level firewalls create for proprietary software?
proprietary software often uses proprietary protocols, which often can't pass the firewall
208
What limitation does IPSec have?
only supports unicast transmissions
209
What makes non?repudiation a stronger version of authentication?
non?repudiation comes from a third party
210
What mathematical fact does a birthday attack rely on?
it is much easier to find two datasets that share a hash than to find a dataset that shares a hash with a given dataset
211
What might be indicated by packets from an internal machine with an external source address in the header?
machine is being used in a DoS/DDoS attack
212
What might be indicated by packets from an internal machine with an external source address in the header?
machine is being used in a DoS/DDoS attack
213
What model is DEN based on?
Common Information Model (CIM)
214
What OS do most PBX's use?
UNIX
215
What OSI layer do stateful firewalls reside at?
network layer
216
What port do DNS lookups use?
UDP port 53
217
What port do DNS zone transfers use?
TCP port 53
218
What port does echo use?
port 7
219
What port does FTP use for data?
port 20
220
What port does HTTPS use?
TCP 443
221
What port does L2TP use?
UDP 1701
222
What port does LDAP use?
TCP/UDP port 389
223
What port does LDAPS use?
TCP/UDP port 636
224
What port does NNTP use?
TCP/UDP 119
225
What port does POP3 use?
port 110
226
What port does RADIUS use?
port 1812
227
What port does SMTP use?
port 25
228
What port does SNMP use?
port 161
229
What port does SSH use?
port 22
230
What port does TACACS use?
port 49
231
What port does Telnet use?
port 23
232
What port does the chargen exploit use?
TCP 19
233
What ports are commonly used for NetBIOS names and sessions?
TCP/UDP 137, 138, 139
234
What ports do DHCP and BOOTP use?
TCP/UDP ports 67 and 68
235
What ports does DNS use?
TCP and UDP 53
236
What ports does FTP use?
ports 20 and 21
237
What protocol does 802.1x use for authentication?
EAP
238
What protocol does 802.1x use for authentication?
EAP
239
What protocol does IPSec use to exchange keys?
Internet Key Exchange (IKE)
240
What protocol does RADIUS use?
UDP
241
What protocol does TACACS+ use?
TCP
242
What protocol is being pushed as an open standard for IM?
SIMPLE
243
What protocol is replacing PPTP?
L2TP
244
What security advantage do managed hubs provide over other hubs?
they can detect physical configuration changes and report them
245
What security hole does RIPv1 pose?
RIPv1 does not allow router passwords
246
What security hole does SPAP have?
remote server can be impersonated
247
What security problem does FTP have?
authentication sent in cleartext
248
What security weakness does SPAP have?
does not protect against remote server impersonation
249
What size is an MD5 hash?
128 bits
250
What sort of attack does TACACS+'s lack of integrity checking make it vulnerable to?
replay attacks
251
What sort of devices normally use TACACS?
network infrastructure devices
252
What standard is LDAP based on?
X500
253
What TCP sequence number does an XMAS scan use?
0
254
What three basic router/firewall measures will reduce the effects of a DoS attack?
egress filtering, ingress filtering, and disabling IP?directed broadcasting
255
What three methods are used to determine VLAN membership on the local switch?
port?based; MAC?based; protocol?based
256
What three people were involved in the creation of RSA?
Rivest, Shamir, Adleman
257
What three protocols are routinely layered over TLS?
IMAP, POP3, and SMTP
258
What three tape types offer high capacity and rapid data transfer?
8mm, DLT, and LTO
259
What three utilities comprise SSH?
SSH, Slogon, SCP
260
What two algorithm options exist for PGP?
RSA and Diffie?Hellman
261
What two bit strengths is SSL available in?
40?bit and 128?bit
262
What two bit strengths is SSL available in?
40?bit and 128?bit
263
What two encryption standards is AES designed to replace?
DES and 3DES
264
What two layers does TLS consist of?
TLS Record Protocol and TLS Handshake Protocol
265
What two methods are used to determine VLAN membership on a remote switch?
implicit, based on MAC address; explicit, where the first switch adds a tag
266
What two methods do IDS's use to detect and analyze attacks?
misuse detection and anomoly detection
267
What two pieces of information comprise a socket?
source IP address and source port
268
What two protocols were combined to form L2TP?
Microsoft's PPTP and Cisco's L2F
269
What two services are provided by IPSec?
Authentication Header (AH) and Encapsulating Security Payload (ESP)
270
What two strengths does SSL come in?
40?bit and 128?bit
271
What two types of certificates does S/MIME use?
PKCS #7 certificates for message content and X.509v3 for source authentication
272
What type of access control do most commercial OS's use?
DAC
273
What type of encryption does PGP use?
PKI
274
What type of encryption does PGP use?
PKI
275
What type of encryption does SSH use?
RSA PKI
276
What type of encryption does SSL use?
RSA PKI
277
What type of encryption is AES?
symmetric
278
What type of encryption is Kerberos?
symmetric
279
What type of IDS will likely detect a potential attack first? Why?
Network?based IDS: runs in real?time
280
What type of media access control does 802.11 use?
collision avoidance
281
What type of network is CHAP primarily used on?
PPP
282
What type of network is extremely vulnerable to Man in the Middle attacks?
wireless
283
What version of BIND allows for mutual authentication?
BINDv9
284
Which hashing algorithm is more secure, MD5 or SHA?1?
SHA?1
285
Which is faster, application?level or network?level firewalls?
network?level firewalls
286
Which of the five router services do e?mail gateways provide?
application filtering
287
Who created RC2 and RC4?
Rivest
288
Who defines a certificate's life cycle?
the issuing CA
289
Who developed PGP?
Phillip R. Zimmerman
290
Who developed SSL?
Netscape
291
Why are VLAN's considered broadcast domains?
all hosts on the VLAN can broadcast to all other hosts on the VLAN
292
Why can hand geometry only be used for verification, rather than identification?
hand geometry is not unique
293
Why do routers help limit the damage done by sniffing and MITM attacks?
They send data to a specific subnet only
294
Why is detecting statistical anomolies a good approach to intrusion detection?
don't have to understand the root cause of the anomolies
295
Why is detecting statistical anomolies a good approach to intrusion detection?
don't have to understand the root cause of the anomolies
296
With biometric scanning, what is accepting a user who should be rejected called?
Type II error
297
With biometric scanning, what is rejecting a valid user called?
Type I error
