Part1 (ch 6-9)

Question 1

PKI

Answer 1

Prove the owners of public keys are who they say they are

To issue a Public Key (used to encrypt messages) should have a digital certificate (public assertion of identity)

Question 2

CSR

Answer 2

Certificate Signing Request, when someone wants a certificate they fill out a CSR & send it to the CA

Question 3

RAs

Answer 3

Registration Authority, checks Id & submits CSR, but doesn’t sign or issue certificates

Question 4

digital certificate

Answer 4

A wrapper for a public key, has the info about the subject & who issued the certificate
based on X.509 standard

Question 5

PKCS

Answer 5

Public Key Cryptography Standards, RSA created these to promote public key infrastructure

Question 6

CN & SAN

Answer 6

Common Name used to id FQDN but difficult to use correctly

Subject Alternative Name, browser uses SAN over CN & can have different website subdomains (*.comptia.org)

Question 7

server certificate

Answer 7

guarantees security of any site a user gives data to

Question 8

What is the main weakness of a hierarchical trust model?

Answer 8

The structure depends on the integrity of the root CA.

Question 9

How does a subject go about obtaining a certificate from a CA?

Answer 9

the subject generates a key pair then adds the public key along with subject information and certificate type in a (CSR) and submits it to the CA.
If the CA accepts the request, it generates a certificate with the appropriate key usage and validity, signs it, and transmits it to the subject.

Question 10

What cryptographic information is stored in a digital certificate?

Answer 10

The subject’s public key and the algorithms used for encryption and hashing. The certificate also stores a digital signature from the issuing CA, establishing the chain of trust.

Question 11

You are developing a secure web application. What sort of certificate should you request to show that you are the publisher of a program?

Answer 11

A code signing certificate. Certificates are issued for specific purposes. A certificate issued for one purpose should not be reused for other functions.

Question 12

What does it mean if a certificate extension attribute is marked as critical?

Answer 12

That the application processing the certificate must be able to interpret the extension correctly. Otherwise, should reject the certificate.

Question 13

key’s life cycle

Answer 13

Key Generation, Cert generation, storage (keep private key secure), revoke (if private key compromised), expire & renewal

Question 14

M-of-N control

Answer 14

N # of admin permitted to access (N > M)

M # of admin present to get access (M > 1)

Question 15

(OCSP)

Answer 15

Online Certificate Status Protocol - gives status of requested certificate

Question 16

Encoding Certificate: DER & PEM

Answer 16

Distinguished Encoding Rules (binary files)
Privacy-enhanced Mail (ASCII) “BEGIN CERTIFICATE”
cryptographic data for certificates & keys

Question 17

What are the potential consequences if a company loses control of a private key?

Answer 17

puts both data confidentiality and identification and authentication systems at risk

Question 18

You are advising a customer about encryption for data backup security and the key escrow services that you offer. How should you explain the risks of key escrow and potential mitigations?

Answer 18

Escrow archiving the key

The risk is that an insider attack from your company may be able to decrypt the customer data backups. This risk can be mitigated by requiring M-of-N access to the escrow keys, reducing the risk of a rogue administrator

Question 19

HTTP Public Key Pinning (HPKP)

Answer 19

ensures that when a client inspects the certificate presented by a server or a code-signed application, it is inspecting the proper certificate by submitting one or more public keys to an HTTP browser via an HTTP header.

Question 20

Subject vs. Objects

Answer 20

users, devices, or software processes, or anything else that can request and be granted access to a resource

networks, servers, databases, files

Question 21

IAM

Answer 21

Identity Access Mgmt
Identification: create acct or Id for user or device
Authentication: Prove Identity & make it unique
Authorization: Permissions
Accounting: Track Usage (Resource, Rights,…)

Question 22

CIA Authentication Design

Answer 22

Confidential: critical to avoid impersonating
Integrity: Reliable, not easily tricked
Availability: Does not impeded workflow

Used for Authentication

Question 23

What is the difference between authorization and authentication?

Answer 23

Authorization manages the privileges granted on a computer system or resource.
Authentication protects the user account by testing if the person accessing that account is who she/he says she/he is.

Question 24

What methods can be used to implement location based authentication?

Answer 24

You can query the location service running on a device or geolocation by IP.
You could use location with the network, based on switch port, wireless network name, virtual LAN (VLAN), or IP subnet.

Question 25

KDC aka TGS
AS
TGT

Answer 25

Key Distribution Center (vouches for identity)
Authentication Service
Ticket Granting Ticket (token confirms id)

Client sends AS a request for a TGT
AS checks if PW hash matches Active Directory
If yes, AS gives TGT & TGS session key

Question 26

Kerberos

Answer 26

Lets nodes confirm identity securely

1) Request Service Ticket from TGS
2) Client gives TGS a TGT
3) TGS gives Service Session Key & service ticket
4) Client forwards service ticket + timestamp
5) App server decrypts service ticket
6) App server may give client timestamp
7) Server responds to client’s request if ACL ok

Question 27

Offline Attack

Answer 27

Attacker has database of PW hashes

Detect by checking the file system audit log

Question 28

Packet Sniffer

Answer 28

Monitors network traffic (can be used by attackers in NTLM or CHAP)

Question 29

Brute Force Attack
Dictionary Attack
Rainbow Table
Hybrid PW Attack

Answer 29

Every Combo to match a hash & plaintext
SW generates hash values using plaintext dictionary
Table of all possible PW & their hashes - salt protects
Dictionary & Brute Force Combo

Question 30

In what scenario would PAP be considered a secure authentication method?

Answer 30

The only way to ensure the security of PAP is to ensure that the endpoints established a secure tunnel (using IPSec, for instance). Best not to use PAP

Question 31

True or false? In order to create a service ticket, Kerberos passes the user’s password to the target application server for authentication.

Answer 31

False—only the KDC verifies the user credential. The Ticket Granting Service (TGS) sends the user’s account details (SID) to the target application for authorization (allocation of permissions), not authentication

Question 32

Which property of a plaintext password is most effective at defeating a brute-force attack?

Answer 32

The length of the password. If the password does not have any complexity (if it is just two dictionary words, for instance), it may still be vulnerable to a dictionary based attack. A long password may still be vulnerable if the output space is small or if the mechanism used to hash the password is faulty (LM hashes being one example).

Question 33

True or false? When implementing smart card logon, the user’s private key is stored on the smart card.

Answer 33

True. The smart card implements a crypto-processor for secure generation and storage of key and certificate material
Smart cards stores user digital certificate, PIN, & private key used for certification

Question 34

Smart-card Authentication, Kerberos

Answer 34

1) Smart card + Pin
2) Smart Card uses private key to create TGT to send to AS
3) AS returns with TGT & TGS session key

Question 35

NAS (Network Access Server)

Answer 35

Radius Client/Authenticators
Edge Network Appliances, switches, AP, VPN gateways

any device that handles remote logins to establish a point-to-point protocol connection. Some people call these devices media access gateways or remote access servers

Question 36

Supplicant

Answer 36

In AAA, the device requesting access (i.e. PC or laptop)

Question 37

OATH

2 algorithms for OTPs

Answer 37

Open Authentication
HOTP (i.e. QR code, tokens don’t expire)
TOTP (PW quickly expires)

HMAC One-Time-Password Algo vs Token OTP

Question 38

FRR
FAR
CER

Answer 38

False Rejection Rate - legit user not recognized
(False Negative)
False Acceptance Rate - interloper accepted
(False Positive)
Crossover Error Rate - lower = more reliable

Question 39

How is a fingerprint reader typically implemented as hardware?

Answer 39

As a capacitive cell

Question 40

What two ways can biometric technologies be used other than for logon authentication?

Answer 40

For identification based on biometric features and in continuous authentication mechanisms.

Question 41

default account

Answer 41

Created by the OS or application when it is installed. Has every permission available. In Windows, this account is called Administrator; in Linux, it is called root.

Question 42

Service Accounts

Answer 42

Used to run processes & background services

System (most privilege), Local (Standard, anonymous user), Network (same as Local but can use acct credentials)

Question 43

SSH & 3rd party credentials

Answer 43

Host key pair Ids SSH server
User key pair lets client login to SSH
These are poorly managed, sony hack
API keys are also vulnerable

Question 44

For what type of account would interactive logon be disabled?

Answer 44

Interactive logon refers to starting a shell. Service accounts do not require this type of access. Default superuser accounts, such as Administrator and root, may also be disabled, or limited to use in system recovery or repair.

Question 45

How to Id a user account?

Answer 45

SID, name, credential, profile (stores user info)

Question 46

PW age vs. PW History

Answer 46

Age (How long since the PW was used)

History (Was the PW already used?)

Question 47

What container would you use if you want to apply a different security policy to a subset of objects within the same domain?

Answer 47

Organization Unit (OU)

Question 48

DAC
RBAC
Mandatory access control (MAC)
ABAC

Answer 48

Discretionary Access Control - Owner gives rights, weakest, more flexible
Rule-based Access Control - better, system-enforced rules
MAC - only given access to their clearance level or lower (hierarchy-based)
Attribute-based Access Control - try rbac before this

Question 49

Directory services

What is the purpose of directory services?

Answer 49

principal means of providing privilege management and authorization on an enterprise network, storing information about users, computers, security groups/roles, and services

To store information about network resources and users in a format that can be accessed and updated using standard queries.

Question 50

SAML

Answer 50

Security Assertions Markup Language
Written in XML & SOAP, provider Identity assert (via digital signature) for federations
i.e. AWS
SOAP - simple object access protocol (XML, tight)

Question 51

REST

Answer 51

Representational State Transfer

looser public cloud API, more control over implementation, better mobile app support

Question 52

OAuth

Answer 52

Open Authorization, RESTful API, does not authenticate users

Question 53

OIDC

Answer 53

Open ID Connect - authentication protocol implemented with OAuth

Question 54

CTF

Answer 54

Capture the flag, ethical hacker training programs.
Threat actor activity (blue team)
Vulnerability (red team)

Question 55

Switches
Routers
Firewalls
Load Balancers
DNS

Answer 55

Forward frames, OSI-2
Forward packets, OSI-3
apply ACL to filter in Network segment, OSI-3
Distribute traffic between Network for optimal performance, OSI-4
Ph book, OSI-7

Question 56

ARP

Answer 56

Does anybody know how has this IP?

Question 57

Zone

Answer 57

area of the network where the security configuration is the same for all hosts within it.
Internet (public), Extranet (semi), Intranet (private)

Question 58

screened subnet

Answer 58

2 firewalls placed on either side of DMZ

Question 59

screened host

Answer 59

cheaper DMZ for SOHO, dual-homed proxy/gateway

Question 60

DMZ

How can an enterprise DMZ be implemented?

Answer 60

a perimeter network protecting an organization’s internal (LAN) from untrusted traffic.

A subnetwork that sits between the public internet and private networks

By using two firewalls (external and internal) around a screened subnet, or by using a triple-homed firewall (one with three network interfaces).

Question 61

Why is subnetting useful in secure network design?

Answer 61

Subnet traffic is routed, allowing it to be filtered by devices such as a firewall. An attacker must be able to gather more information about the configuration of the network and overcome more barriers to launch successful attacks.

Question 62

What port security feature mitigates ARP poisoning?

Answer 62

Dynamic ARP inspection—though this relies upon DHCP snooping being enabled.

Question 63

What is a dissolvable agent?

Answer 63

Some network access control (NAC) solutions perform host health checks via a local agent, running on the host. A dissolvable agent is one that is executed in the host’s memory and CPU but not installed to a local disk.

Question 64

mac address vs ip address

Answer 64

MAC Address is used to ensure the physical address of computer. It uniquely identifies the devices on a network. While IP address are used to uniquely identifies the connection of network with that device take part in a network

Question 65

WAP

Answer 65

wireless access point, forwards traffic to& from switch network
MAC address (aka BBISD) ids each WAP 
SSID ids each Wireless network

Question 66

WPA

Answer 66

Wi-fi Protected Access, fix critical vulnerabilities in WEP
Add TKIP to make it stronger
Use WPA2 with 128-bit keys & CCMP over TKIP
Tougher on Replay attacks

Question 67

SAE

Answer 67

Simultaneous Authentication of Equals

replaces WPA’s 4-way handshake with Diffie-Hellman key agreement

Question 68

GCMP

Answer 68

AES Galois Counter Mode Protocol

Enterprise must use 192-bit, updated cryptographic protcols

Question 69

Evil Twin

Answer 69

Rogue WAP masquerading as a legit one

i.e. hotel WAP

Question 70

persistence

What mechanism provides the most reliable means of associating a client with a particular server node when using load balancing?

Answer 70

keep a client connected to a session

Persistence is a layer 7 mechanism that works by injecting a session cookie. This is generally more reliable than the layer 4 source IP affinity mechanism