Memorization Deck

Question 1

What are the contents of an X.509 v3 digital certificate?

Answer 1

Owners public key
Owners distinguished name
CA’s distinguished name
Date issued
Expiration date
Version number of certificate (current version is X.509 v3)
Serial number assigned by CA (no two certs have the same number)

X.509 v2 certs also contain “Issuer Identifier and Subject Identifier”

Question 2

How does PGP differ from X.509?

Answer 2

PGP relies on a web of trust where anyone can sign and attest to the validity of others’ certificates.

X.509 relies on a hierarchical system of certificate authorities.

Question 3

What are the secure protocols?

Answer 3

SSH (Symmetric or Asymmetric)
SFTP (SSH)
FTPS (TLS)
NTPsec
HTTPS (TLS)
S/MIME (TLS)
IPsec
SSL/TLS
LDAPS
SRTP (AES & HMAC-SHA1)

Question 4

What does DNSsec provide?

Answer 4

Authenticates the DNS server and provides data integrity. It does not provide privacy.

Question 5

What services does a CASB provide?

Answer 5

Security policies and compliance regulations such as:

Visibility (Access only by authorized users)
Compliance (Regulations such as HIPPA, PCI)
Threat Prevention (Access and malware protection)
Data Security (DLP and Encryption)

Question 6

How do you protect a web applications, API’s and JSON?

Answer 6

Using a Next-Gen Secure Web Gateway

Question 7

What does a SWG provide? Where does it sit on the network?

Answer 7

URL Filtering
Application Control
DLP
Anti-virus
HTTPS Inspection

Edge of the network.

Question 8

State the Order of Volatility

Answer 8

CPU registers, CPU cache
Router table, ARP cache, process table, kernel stats, memory
Temporary file systems
Disk
Remote logging and monitoring
Physical configuration, network topology
Archival media