Implementation Flashcards
Which IPSec mode is used to create a VPN between two gateways
Tunnel mode
Who can change a resource’s category in a mandatory access control environment?
Administrators only
What is the purpose of content inspection
To search for malicious code or behavior
Which information do routers use to forward packets to their destinations?
The network address and subnet mask
Where should you physically store mobile devices to prevent theft?
- Locked cabinet
* Safe
What is Lightweight Extensible Authentication Protocol (LEAP)
A proprietary wireless LAN authentication method developed by Cisco Systems
Between which two OSI layers does Secure Sockets Layer (SSL) operate?
- Between the OSI Transport and Application layers
* Layer 4 to Layer 7
What is the purpose of Remote Access Dial-In User Service (RADIUS)?
Enables remote access users to log onto a network through a shared authentication database
What is a TMP?
A dedicated processor that uses cryptographic keys to perform a variety of tasks
What would a certification authority (CA) do if a private key associated with a certificate had been compromised?
Revoke the certificate
Which settings ensure that accounts are not used beyond a certain date and/or time?
Account expiration
What is the purpose of network access control (NAC)?
Ensures that the computer on the network meets an organization’s security policies
What are the two modes of WPA and WPA2?
- Personal, aka
- Preshared Key
- WPA-PSK / WPA2-PSK
- Enterprise
What is the name of the area that connects to a firewall and offers services to untrusted networks?
Demilitarized zone (DMZ)
Which security-server application and protocol implement authentication of users from a central server over UDP?
Remote Authentication Dial-In User Service (RADIUS)
What is the purpose of an aggregation switch?
Combine multiple streams of bandwitdh into one
Which type of IDS detects malicious packets on a network?
Network intrusion detection system (NIDS)
What is a sandbox in a secure staging deployment?
A test environment that is completely isolated from the rest of the network
What does the acronym MAC denote?
Mandatory Access Control
What application or service uses TCP/UDP port 3389?
Remote Desktop Protocol (RDP)
Which audit category will audit all instances of users exercising their rights?
Audit Privilege Use audit category
Which setting ensures that repeated attempts to guess a user’s password is not possible beyond the configured value?
Account lockout
What is the purpose of BitLocker To Go?
Ensure that USB flash drives issued by the organization are protected by encryption
What does the subject field in an X.509 v3 certificate contain?
The name of the certificate owner
What does the acronym RADIUS denote?
Remote Authentication Dial-In User Service
Which implementation of the File Transfer Protocol (FTP) provides the least security?
Trivial File Transfer Protocol (TFTP)
What port number does HTTP use?
Port 80
Which two security protocols does IP Security (IPSec) use?
- Authentication Header (AH)
* Encapsulating Security Payload (ESP)
What is the purpose of load balancing?
Distribute the workload across multiple devices
On which standard is Lightweight Directory Access Protocol (LDAP) based?
X.500
What are the non-overlapping channels for 802.11g/n
Channels 1, 6, and 11
Which protocol provides real-time, online revocation information about certificates?
Online Certificate Status Protocol (OCSP)
What is the purpose of anti-spam applications or filters?
Prevent unsolicited email
What is the purpose of a spam filter?
Identify and block unwanted messages
What are the non-overlapping channels for 802.11b?
Channels 1, 6, 11, and 14
Certificate enrollment procedures typically require a user to provide proof of identify and which other item to a certification authority (CA)?
Public key
What is the primary security advantage of using network address translation (NAT)?
Hides internal IP addresses from the public network
What does VLAN segregation accomplish?
It protects each individual segment by isolating the segments
Which firewall port should you enable to allow POP3 traffic to flow through the firewall?
TCP port 110
What is a VPN concentrator?
A device that creates a virtual private network (VPN)
Which type of key management does Secure Multipurpose Internet Mail Extensions (S/MIME) use: centralized or decentralized?
Centralized
What is the purpose of content inspection?
Search for malicious code or behavior
Which security protocol is best used for connection-oriented systems such as an intranet?
Secure Socket Layer/ Transport Layer Security (SSL/TLS)
Does the S/MIME protocol use certificates?
Yes
What is the purpose of MAC filtering?
To restrict the clients that can access a wireless network
Which category of IDS might increase logging activities, disable a service, or close a port as a response to a detected security breach?
Active detection
Which firewall port should you enable to allow SMTP traffic through the firewall?
Port 25
On which standard are certificates based?
X.509
What is the purpose of secure shell(SSH)?
Secure remote access
What is Protected Extensible Authentication Protocol (PEAP)?
A protocol that encapsulates the EAP within an encrypted and authenticated Transport Layer Security (TLS) tunnel
What is meant by the term hardware root of trust?
Highly reliable hardware, firmware, and software components that perform specific, critical security functions
Which authentication protocol separates authentication and authorization: TACACS+ or RADIUS?
TACACS+
Why is password disclosure a significant security issue in a single sign-on (SSO)network
It could compromise the entire system because authentication grants access to ANY systems on the network to which the actual user may have permission
Which type of IDS or IPS uses an initial database of known attack types but dynamically alerts their signatures based on learned behavior?
Heuristic
Which port number is used by SSH, SCP, and SFTP?
Port 22
Which authentication protocol uses tickets to authenticate users?
Kerberos
Which two chips are used to implement hardware-based encryption?
- Trusted Platform Module (TPM)
* Hardware Security Module (HSM)
Which function does a single sign-on (SSO) system provide?
It allows a user to present authentication credentials once and gain access to all computers within the SSO system?
What is the top-most level of the LDAP hierarchy?
Root
What does the acronym TPM denote?
Trusted Platform Module
What does the acronym SMTP denote?
Simple Mail Transfer Protocol
Which three security features do digital certificates provide?
- Authentication
- Data integrity
- Non-repudiation
Which security device requires physical possession and has passwords that can only be used once?
Token
What is the difference between trusted platform module (TMP) chips and hardware security module (HSM) chips
- TPM chips are a part of the motherboard
* HSM chips are part of a PCI cart that is mounted to the motherboard
Which type of IDS detects attacks on individual devices?
Host Intrusion Detection System (HIDS)
What port number does NNTP use?
TCP port 119
Which type of access control is the multi-level security mechanism used by the Department of Defense (DoD)?
Mandatory access control (MAC)
Which port number does LDAP use for communications encrypted using SSL/TLS?
Port 636
Which firewall port should you enable to allow IMAP4 traffic to flow through the firewall?
TCP port 143
What are the two major types of intrusion detection systems (IDS)?
- Network IDS (NIDS)
* Host IDS (HIDS)
What defines the allowed uses for a certificate issued by a certification authority (CA)?
Certificate policy
What does the acronym KDC denote?
Key distribution center
Which port numbers are used by NetBIOS?
Ports 137-139
What is the most common type of system used to detect intrusions into a computer network?
Network Intrusion Detection System (NIDS)
Which account should you disable immediately after installing a new operating system (OS) to harden the OS?
Guest account
What does the acronym IDS denote?
Intrusion Detection System
What port number does DNS use?
Port 53
Does each VLAN create its own collision domain or its own broadcast domain?
Broadcast domain
What is the purpose of S/MIME?
Secure encryption and digital signatures for email
What is the purpose of SNMP?
Routing and switching management
Which password attack does account lockout policy protect against?
Brute force attack
What does the acronym NFC denote?
Near field communication
What is Shinnoleth?
An identity management and federated identity-based authentication and authorization system for SAML
What is the default automatched key-management protocol for IPSec?
Internet Key Exchange (IKE)
What is the name for the data structure that maintains a list of certificates that have been revoked before their expiration date?
Certificate Revocation List (CRL)
Which wireless protocol provides the best security: WEP, WAP, WPA, or WPA2
WiFi Protected Access IIversion 2 (WPA2) with CCMP
Which security protocol was designed as an interim solution to replace WEP without requiring the replacement of legacy hardware?
Temporal Key Integrity Protocol (TKIP)
What is the most significant misuse of cookies?
Misuse of personal data
Who has the responsibility for configuring access rights in discretionary access control (DAC)?
The data owner or data custodian
Which type of access control was originally developed for military use?
Mandatory Access Control (MAC)
What is the default rule found in a firewall’s access control list (ACL)?
Deny All
What Ethernet standard uses a wireless access point with a remote authentication dial-in user service (RADIUS) server to authenticate wireless users?
802.1x
Can an expired digital certificate be renewed?
No
Which Kerberos component holds all users’ and services’ cryptographic keys and generates tickets?
Key Distribution Center (KDC)
Which type of IDS detects malicious packets on a network?
Network Intrusion Detection System (NIDS)
Which three security features does Authentication Header (AH) provide?
- Integrity
- Authentication
- Anti-replay service
What is the name of the list of locations where software can check to see whether a user’s certificate has been revoked?
CRL Distribution Point (CDP)
Which port number is used by SMB?
TCP port 445
Which type of authentication is accomplished by authenticating both the client and server sides for a connection through the encrypted exchange of credentials?
Mutual authentication
What type of connectivity provides a remote user the ability to safely connect to his or her corporate network while maintaining data confidentiality and integrity?
Virtual Private Network (VPN)
Which term is used when the amount of work that a computer has to do is divided between two or more computers so that more work is performed in the same amount of time?
Load balancing
What does the acronym PKI denote?
Public key infrastructure
What port number does DHCP use?
Port 67
Which port number is used by Microsoft SQL Server?
TCP port 1433
Which port is used for LDAP authentication?
Port 389
Which PKI object do you use to verify that a user sends a message is who they claim to be?
Digital certificate
Which technology enables a LAN to use one set of IP addresses for internal traffic and a second set of addresses for external traffic, while hiding internal addresses or address space?
Network Address Translation (NAT)
How many TCP/UDP ports are vulnerable to malicious attacks?
65,536 ports
What does the acronym RBAC denotes?
- Role Based Access Control
* Rule Based Access Control
Which authentication protocol encrypts the entire packet (not just the password): TACACS+ or RADIUS?
TACACS+
What is the default PPTP port?
TCP port 1723
What does the acronym SED denote?
Self Encrypting Drive
What is the name for a fix that addresses a specific Windows system problem or set of problems?
Hotfix
Which Linux file contains encrypted user passwords that only the root user can read?
/etc/shadow
Which authentication protocol is an open standard: XTACACS or RADIUS?
RADIUS
What is the purpose of network access control (NAC)?
Ensures that the computer on the network meets an organization’s security policies
Which devices can limit the effectiveness of sniffing attacks: switches or routers?
Switches
Which audit category monitors changes to user accounts and groups
Audit Account Management audit category
Which protocol is used by network devices to transmit error messages?
Internet Control Message Protocol (ICMP)
How do you ensure that data is removed from a mobile device that has been stolen?
Use a remote wipe or sanitation program
Which access control model has the lowest cost?
Role-Based Access Control (RBAC)
If a user needs administrative-level access, how many user accounts should be issued to the user?
Two accounts
- One for normal tasks
- One for admin level tasks
Which security server application and protocol implements authentication and authorization of users from a central server over TCP?
Terminal Access Controller Access Control System Plus (TACACS+)
What port does NTP use?
Port 123
Which wireless mode ensures that wireless clients can only communicate with the wireless access point and not with other wireless clients?
Isolation mode?
What is the name for a small piece of information that is saved on a client machine on the hard disk to enable tracking of user information for future Web visits?
Cookie
What is the purpose of domain name system security extension (DNSSEC)?
Secure domain name resolution
What is the purpose of lightweight dictionary application protocol secure (LDAPS)?
Secure directory services
What is the name of the top-most level certification authority (CA)?
- Root authority
* Root CA
What portion(s) of the IP packet are encrypted in IPSec transport mode?
The payload
Which certification authority (CA) has the highest level of trust in a trust hierarchy?
Root CA
What are flood guards?
Devices that protect against Denial of Service (DoS) attacks
Which Layer 3 device allows different logical networks to communicate?
Router
Which security standard is an enhanced version of Secure Sockets Layer (SSL)
Transport Layer Security (TLS)
What do you use to control traffic from the Internet to the LAN (local area network) by controlling the packets that are allowed to enter the LAN?
Firewall
What does the acronym SRTP denote
Secure Real Time Transport Protocol
If the user is NOT prompted for credentials when connected to a Network Access Control (NAC) server, what is the user’s computer missing?
Authentication agent
What does the acronym WAF
Web application firewall
What does the acronym POP denote?
Post Office Protocol
What port number does SSH use?
Port 22
Which term is used to describe a product that provides network firewalling, network intrusion prevention and gateway antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing, data leak prevention and on-appliance reporting?
Unified Threat Management (UTM)
Which IPSec mode is used mostly in host-to-host communications?
Transport mode
What is the name for the process of tracking user activities by recording selected events in the server activity logs?
Auditing
Which two modes does IP Security (IPSec) provide to ensure confidentiality?
- Tunnel mode
* Transport mode
What is the default L2TP port?
UDP port 1701
What is ANT when used in mobile devices?
A proprietary network technology used for the Internet of Things (IoT)
What is the name for a collection of hotfixes that have been combined into a single patch?
Service pack
What is a trusted OS?
An operating system that provides support for multilevel security
When should an administrative account be used?
When performing admin-level tasks
At which OSI layer does IP Security (IPSec) operate?
Network Layer (Layer 3)
Which intrusion detection system (IDS) watches for intrusions that match a known identity?
Signature-based IDS
What two ports does FTP use?
Ports 20 and 21
What does the acronym SAML denote?
Security Assertion Markup Language
Why is GPS tracking often disabled?
It is considered a security threat. As long as GPS tracking is enabled and the mobile devie is powered on, the device (and possibly its user) can be located
What is the purpose of secure real-time transport protocol (SRTP)?
Secure voice and video
What is the term for a device that acts as a concentrator for a wireless LAN?
Wireless Access Point (WAP)
What does the acronym FDE denote?
Full Disk Encryption
What are the three protocols that can be used for wireless networks?
- Wired Equivalent Privacy (WEP)
- WiFi Protected Access Version 1 (WPAv1)
- WiFi Protected Access Version 2(WPAv2)
What is a file considered in a mandatory access control environment?
An object
Which type of access control is most suitable for top-secret information?
Mandatory Access Control (MAC)
Which type of authentication combines two or more authentication methods, like something that a person knows (such as a password), something that a person owns (such as a smart card), and a characteristic about the person (such as a fingerprint)?
Multi-Factor Authentication
What is the purpose of GPS tracking on a mobile device?
Allows a mobile device to be located
Would a certification authority (CA) revoke a certificate if the certificate owner’s private key were exposed?
Yes
Do certificates provide encryption?
No
According to CompTIA, why should you disable the SSID broadcast of your wireless router?
Improve network security
What does the acronym L2TP denote?
Layer 2 Tunneling Protocol
Which standard developed by RSA offers encryption of email messages and authentication to recieve email using digital signatures?
S/MIME
Using role-based access control (RBAC), which entities are assigned roles?
Users or subjects
What is a proxy server?
A server that caches and filters content
Which Internet protocol based on X.500 is used to access the data stored in a network directory?
Lightweight Directory Access Protocol (LDAP)
Is a DHCP server normally placed inside a DMZ?
No
What is the purpose of remote access dial-in user service (RADIUS)?
Enables remote access users to log on to a network through a shared authentication database
Which audit category tracks access to all objects outside Active Directory?
Audit Object Access audit category
Which TCP port number does secure socket layer (SSL) use?
Port 443
Which port should you block at your network firewall to prevent Telnet access?
Port 23
What is the purpose of mobile device encryption?
Ensure that the contents of the mobile device are confidential
Which port number does LDAP use when communications are NOT secured using SSL/TLS?
Port 389
What is a good solution if you need to separate two departments into separate networks?
VLAN segregation
Which port number is used by SSL, FTPS, and HTTPS?
TCP port 443
What defines the way in which a certification authority (CA) implements the creation of certificates?
Certificate practice statement
What port number is used by TFTP?
UDP port 69
Which protocol provides connectionless integrity, data origin authentication, replay protection, and confidentiality (encryption) using Authentication Header (AH) and Encapsulating Security Payload (ESP)?
Internet Protocol Security (IPSec)
Which setting ensures that users periodically change their account passwords?
Password expiration
What does the acronym OAUTH denote
Open Authentication
What occurs when a user provides a password or proof of identity to a system?
Authentication
What does the acronym HSM denote?
Hardware Security Module
What is a web security gateway?
A device that filters web content
What is key escrow?
When you maintain a secured copy of a user’s private key to ensure that you can recover the lost key
What is the term for an unauthorized access that a network-based intrusion detection system (NIDS) fails to detect?
- Missed detection
* False negative
What does the acronym UTM denote?
Unified Threat Management
What does the acronym TACACS denote?
Terminal Access Controller Access Control System
What are the two advantages of single sign-on (SSO)?
- Convenience
* Centralized administration
What is the primary functionality of lightweight directory access protocol (LDAP)?
Controls client access to directories
What is an entity that issues and manages certificates?
Certification Authority (CA)
What is the purpose of audit logs?
To document actions taken on a computer network and the party responsible for those actions
What is another term used for layered security
Defense in depth
Which services are usually provided by all-in-one security devices?
- URL filtering
- Content insepction
- Malware inspection
Which security protocol is the standard encryption protocol for use with the WPA2 standard?
Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP)
Which directory protocol does Directory-Enabled Networking (DEN) use?
Lightweight Directory Access Protocol (LDAP)
Which audit category tracks all attempts to log on with a domain user account when enabled on domain controllers?
Audit Account Logon Events audit category
What is the purpose of screen locks on mobile devices?
To prevent users from accessing the mobile device until a password or other factor is entered
What does the acronym DAC denote?
Discretionary Access Control
Which authentication protocol uses UDP: TACACS+ or RADIUS?
RADIUS
What is the main difference between an IDS and an IPS?
- IDS detects intrusions
* IPS prevents intrusions
Which port number does SNMP use?
UDP port 161
