Part1 (ch 6-9) Flashcards

1
Q

PKI

A

Prove the owners of public keys are who they say they are

To issue a Public Key (used to encrypt messages) should have a digital certificate (public assertion of identity)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

CSR

A

Certificate Signing Request, when someone wants a certificate they fill out a CSR & send it to the CA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

RAs

A

Registration Authority, checks Id & submits CSR, but doesn’t sign or issue certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

digital certificate

A

A wrapper for a public key, has the info about the subject & who issued the certificate
based on X.509 standard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

PKCS

A

Public Key Cryptography Standards, RSA created these to promote public key infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

CN & SAN

A

Common Name used to id FQDN but difficult to use correctly

Subject Alternative Name, browser uses SAN over CN & can have different website subdomains (*.comptia.org)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

server certificate

A

guarantees security of any site a user gives data to

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the main weakness of a hierarchical trust model?

A

The structure depends on the integrity of the root CA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How does a subject go about obtaining a certificate from a CA?

A

the subject generates a key pair then adds the public key along with subject information and certificate type in a (CSR) and submits it to the CA.
If the CA accepts the request, it generates a certificate with the appropriate key usage and validity, signs it, and transmits it to the subject.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What cryptographic information is stored in a digital certificate?

A

The subject’s public key and the algorithms used for encryption and hashing. The certificate also stores a digital signature from the issuing CA, establishing the chain of trust.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You are developing a secure web application. What sort of certificate should you request to show that you are the publisher of a program?

A

A code signing certificate. Certificates are issued for specific purposes. A certificate issued for one purpose should not be reused for other functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does it mean if a certificate extension attribute is marked as critical?

A

That the application processing the certificate must be able to interpret the extension correctly. Otherwise, should reject the certificate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

key’s life cycle

A

Key Generation, Cert generation, storage (keep private key secure), revoke (if private key compromised), expire & renewal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

M-of-N control

A

N # of admin permitted to access (N > M)

M # of admin present to get access (M > 1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

(OCSP)

A

Online Certificate Status Protocol - gives status of requested certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Encoding Certificate: DER & PEM

A

Distinguished Encoding Rules (binary files)
Privacy-enhanced Mail (ASCII) “BEGIN CERTIFICATE”
cryptographic data for certificates & keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the potential consequences if a company loses control of a private key?

A

puts both data confidentiality and identification and authentication systems at risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

You are advising a customer about encryption for data backup security and the key escrow services that you offer. How should you explain the risks of key escrow and potential mitigations?

A

Escrow archiving the key

The risk is that an insider attack from your company may be able to decrypt the customer data backups. This risk can be mitigated by requiring M-of-N access to the escrow keys, reducing the risk of a rogue administrator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

HTTP Public Key Pinning (HPKP)

A

ensures that when a client inspects the certificate presented by a server or a code-signed application, it is inspecting the proper certificate by submitting one or more public keys to an HTTP browser via an HTTP header.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Subject vs. Objects

A

users, devices, or software processes, or anything else that can request and be granted access to a resource

networks, servers, databases, files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

IAM

A

Identity Access Mgmt
Identification: create acct or Id for user or device
Authentication: Prove Identity & make it unique
Authorization: Permissions
Accounting: Track Usage (Resource, Rights,…)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

CIA Authentication Design

A

Confidential: critical to avoid impersonating
Integrity: Reliable, not easily tricked
Availability: Does not impeded workflow

Used for Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is the difference between authorization and authentication?

A

Authorization manages the privileges granted on a computer system or resource.
Authentication protects the user account by testing if the person accessing that account is who she/he says she/he is.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What methods can be used to implement location based authentication?

A

You can query the location service running on a device or geolocation by IP.
You could use location with the network, based on switch port, wireless network name, virtual LAN (VLAN), or IP subnet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

KDC aka TGS
AS
TGT

A

Key Distribution Center (vouches for identity)
Authentication Service
Ticket Granting Ticket (token confirms id)

Client sends AS a request for a TGT
AS checks if PW hash matches Active Directory
If yes, AS gives TGT & TGS session key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Kerberos

A

Lets nodes confirm identity securely

1) Request Service Ticket from TGS
2) Client gives TGS a TGT
3) TGS gives Service Session Key & service ticket
4) Client forwards service ticket + timestamp
5) App server decrypts service ticket
6) App server may give client timestamp
7) Server responds to client’s request if ACL ok

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Offline Attack

A

Attacker has database of PW hashes

Detect by checking the file system audit log

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Packet Sniffer

A

Monitors network traffic (can be used by attackers in NTLM or CHAP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Brute Force Attack
Dictionary Attack
Rainbow Table
Hybrid PW Attack

A

Every Combo to match a hash & plaintext
SW generates hash values using plaintext dictionary
Table of all possible PW & their hashes - salt protects
Dictionary & Brute Force Combo

30
Q

In what scenario would PAP be considered a secure authentication method?

A

The only way to ensure the security of PAP is to ensure that the endpoints established a secure tunnel (using IPSec, for instance). Best not to use PAP

31
Q

True or false? In order to create a service ticket, Kerberos passes the user’s password to the target application server for authentication.

A

False—only the KDC verifies the user credential. The Ticket Granting Service (TGS) sends the user’s account details (SID) to the target application for authorization (allocation of permissions), not authentication

32
Q

Which property of a plaintext password is most effective at defeating a brute-force attack?

A

The length of the password. If the password does not have any complexity (if it is just two dictionary words, for instance), it may still be vulnerable to a dictionary based attack. A long password may still be vulnerable if the output space is small or if the mechanism used to hash the password is faulty (LM hashes being one example).

33
Q

True or false? When implementing smart card logon, the user’s private key is stored on the smart card.

A

True. The smart card implements a crypto-processor for secure generation and storage of key and certificate material
Smart cards stores user digital certificate, PIN, & private key used for certification

34
Q

Smart-card Authentication, Kerberos

A

1) Smart card + Pin
2) Smart Card uses private key to create TGT to send to AS
3) AS returns with TGT & TGS session key

35
Q

NAS (Network Access Server)

A

Radius Client/Authenticators
Edge Network Appliances, switches, AP, VPN gateways

any device that handles remote logins to establish a point-to-point protocol connection. Some people call these devices media access gateways or remote access servers

36
Q

Supplicant

A

In AAA, the device requesting access (i.e. PC or laptop)

37
Q

OATH

2 algorithms for OTPs

A

Open Authentication
HOTP (i.e. QR code, tokens don’t expire)
TOTP (PW quickly expires)

HMAC One-Time-Password Algo vs Token OTP

38
Q

FRR
FAR
CER

A

False Rejection Rate - legit user not recognized
(False Negative)
False Acceptance Rate - interloper accepted
(False Positive)
Crossover Error Rate - lower = more reliable

39
Q

How is a fingerprint reader typically implemented as hardware?

A

As a capacitive cell

40
Q

What two ways can biometric technologies be used other than for logon authentication?

A

For identification based on biometric features and in continuous authentication mechanisms.

41
Q

default account

A

Created by the OS or application when it is installed. Has every permission available. In Windows, this account is called Administrator; in Linux, it is called root.

42
Q

Service Accounts

A

Used to run processes & background services

System (most privilege), Local (Standard, anonymous user), Network (same as Local but can use acct credentials)

43
Q

SSH & 3rd party credentials

A

Host key pair Ids SSH server
User key pair lets client login to SSH
These are poorly managed, sony hack
API keys are also vulnerable

44
Q

For what type of account would interactive logon be disabled?

A

Interactive logon refers to starting a shell. Service accounts do not require this type of access. Default superuser accounts, such as Administrator and root, may also be disabled, or limited to use in system recovery or repair.

45
Q

How to Id a user account?

A

SID, name, credential, profile (stores user info)

46
Q

PW age vs. PW History

A

Age (How long since the PW was used)

History (Was the PW already used?)

47
Q

What container would you use if you want to apply a different security policy to a subset of objects within the same domain?

A

Organization Unit (OU)

48
Q

DAC
RBAC
Mandatory access control (MAC)
ABAC

A

Discretionary Access Control - Owner gives rights, weakest, more flexible
Rule-based Access Control - better, system-enforced rules
MAC - only given access to their clearance level or lower (hierarchy-based)
Attribute-based Access Control - try rbac before this

49
Q

Directory services

What is the purpose of directory services?

A

principal means of providing privilege management and authorization on an enterprise network, storing information about users, computers, security groups/roles, and services

To store information about network resources and users in a format that can be accessed and updated using standard queries.

50
Q

SAML

A

Security Assertions Markup Language
Written in XML & SOAP, provider Identity assert (via digital signature) for federations
i.e. AWS
SOAP - simple object access protocol (XML, tight)

51
Q

REST

A

Representational State Transfer

looser public cloud API, more control over implementation, better mobile app support

52
Q

OAuth

A

Open Authorization, RESTful API, does not authenticate users

53
Q

OIDC

A

Open ID Connect - authentication protocol implemented with OAuth

54
Q

CTF

A

Capture the flag, ethical hacker training programs.
Threat actor activity (blue team)
Vulnerability (red team)

55
Q
Switches
Routers
Firewalls
Load Balancers
DNS
A

Forward frames, OSI-2
Forward packets, OSI-3
apply ACL to filter in Network segment, OSI-3
Distribute traffic between Network for optimal performance, OSI-4
Ph book, OSI-7

56
Q

ARP

A

Does anybody know how has this IP?

57
Q

Zone

A

area of the network where the security configuration is the same for all hosts within it.
Internet (public), Extranet (semi), Intranet (private)

58
Q

screened subnet

A

2 firewalls placed on either side of DMZ

59
Q

screened host

A

cheaper DMZ for SOHO, dual-homed proxy/gateway

60
Q

DMZ

How can an enterprise DMZ be implemented?

A

a perimeter network protecting an organization’s internal (LAN) from untrusted traffic.

A subnetwork that sits between the public internet and private networks

By using two firewalls (external and internal) around a screened subnet, or by using a triple-homed firewall (one with three network interfaces).

61
Q

Why is subnetting useful in secure network design?

A

Subnet traffic is routed, allowing it to be filtered by devices such as a firewall. An attacker must be able to gather more information about the configuration of the network and overcome more barriers to launch successful attacks.

62
Q

What port security feature mitigates ARP poisoning?

A

Dynamic ARP inspection—though this relies upon DHCP snooping being enabled.

63
Q

What is a dissolvable agent?

A

Some network access control (NAC) solutions perform host health checks via a local agent, running on the host. A dissolvable agent is one that is executed in the host’s memory and CPU but not installed to a local disk.

64
Q

mac address vs ip address

A

MAC Address is used to ensure the physical address of computer. It uniquely identifies the devices on a network. While IP address are used to uniquely identifies the connection of network with that device take part in a network

65
Q

WAP

A
wireless access point, forwards traffic to& from switch network
MAC address (aka BBISD) ids each WAP 
SSID ids each Wireless network
66
Q

WPA

A

Wi-fi Protected Access, fix critical vulnerabilities in WEP
Add TKIP to make it stronger
Use WPA2 with 128-bit keys & CCMP over TKIP
Tougher on Replay attacks

67
Q

SAE

A

Simultaneous Authentication of Equals

replaces WPA’s 4-way handshake with Diffie-Hellman key agreement

68
Q

GCMP

A

AES Galois Counter Mode Protocol

Enterprise must use 192-bit, updated cryptographic protcols

69
Q

Evil Twin

A

Rogue WAP masquerading as a legit one

i.e. hotel WAP

70
Q

persistence

What mechanism provides the most reliable means of associating a client with a particular server node when using load balancing?

A

keep a client connected to a session

Persistence is a layer 7 mechanism that works by injecting a session cookie. This is generally more reliable than the layer 4 source IP affinity mechanism