Remember

Question 1

WPA

Answer 1

Wi-Fi Protected Access (WPA) was an interim replacement for Wired Equivalent Privacy
(WEP). WEP has known vulnerabilities and should not be used. WPA provided an immediate solution to the weaknesses of WEP without requiring users to upgrade their hardware. Even when WPA replaced WEP, its developers recognized that WPA wasn’t solid enough to last for an extended period. Instead, WPA improved wireless security by giving users an alternative to WEP with existing hardware while the developers worked on creating the stronger WPA2 protocol.
WPA is susceptible to password-cracking attacks, especially when the AP has a weak
passphrase. The attacker uses a wireless protocol analyzer to capture the authentication traffic and then uses an offline brute force attack to discover the passphrase. Attackers often use a disassociation attack (discussed later in this chapter) to force the user to reauthenticate.

Question 2

WPA2

Answer 2

Wi-Fi Protected Access II (WPA2) is the permanent replacement for WPA. WPA2 (also known as IEEE 802.11i) uses stronger cryptography than WPA. The Wi-Fi Alliance requires all devices
carrying its WI-FI CERTIFIED logo to meet WPA2 standards, including the use of the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP). Although WPA2 provides significant security improvements over previous wireless
encryption techniques, some enterprises need stronger security.

Question 3

WPA and WEP

Answer 3

WPA provided an immediate replacement for WEP and originally used TKIP, which
was compatible with older hardware. Later implementations support the stronger AES
encryption algorithm. WPA2 is the permanent replacement for WEP and WPA. WPA2 supports CCMP (based on AES), which is much stronger than the older TKIP protocol and
CCMP should be used instead of TKIP.

Question 4

MAC’s

Answer 4

1. Media access control. A 48-bit address used to identify network interface cards. It is also called
   a hardware address or a physical address.
2. Mandatory access control. An access control model that uses sensitivity labels assigned to
   objects (files and folders) and subjects (users). MAC restricts access based on a need to know.
3. Message authentication code (MAC) provides integrity similar to how a hash is
   used.

Question 5

Hypervisors I and II

Answer 5

Type I hypervisors run directly on bare-metal systems without an operating system.
Type ll hypervisors are software that run within an operating system. Container virtualization
runs within isolated cells or containers and does not have its own kernel.

Question 6

Kerberos

Answer 6

Kerberos is a network authentication protocol within a Microsoft Windows Active
Directory domain or a Unix realm. It uses a database of objects such as Active Directory and a KDC (or TGT server) to issue timestamped tickets that expire after a certain time period. Additionally, Kerberos uses symmetric-key cryptography to prevent unauthorized disclosure and to ensure confidentiality.

Question 7

LDAP

Answer 7

LDAP is based on an earlier version of X.500. Windows Active Directory domains and Unix realms use LDAP to identify objects in query strings with codes such as CN=Users and DC-GetCertifiedGetAhead. LDAPS encrypts transmissions with TLS.

Question 8

SSO

Answer 8

Single sign-on enhances security by requiring users to use and remember only one set of credentials for authentication. Once signed on using SSO, this one set of credentials is used throughout a user’s entire session. SSO can provide central authentication against authentication. a federated database for different operating systems. SSO systems depend on strong Same sign-on is not the same as SSO. In a same sign-on system, users reenter their credentials each time they access another system. However, they use the same credentials.

Question 9

Type I
Type II
Type III

Answer 9

Something you know
Something you have
Something you are

Question 10

ESP

Answer 10

ESP stands for encapsulationg security payload, which provides integrity and encryption
AH or authentication headers only provide integrity, IKE or Internet Key exchange is used
during the setup of IPSec, and ISAKMP or Internet Security Association and Key
Management Protocol provides a framework for authentication and key exchange.

Question 11

Deterrent
Corrective
Compensating
Administrative

Answer 11

A deterrent control is designed to discourage the violation of a security policy. Since the
cameras are clearly visible, they are acting as a deterrent control. A corrective control is
one that is used to fix or eliminate a vulnerability. A compensating control is used to
minimize a vulnerability when it is deemed too difficult or impractical to fully correct the
vulnerability. An administrative control is used to create a policy or procedures to
minimize or elminate a vulnerability.

Question 12

OAuth

Answer 12

An open source standard used for authorization with Internet-based single sign-on
solutions.

Question 13

OCSP

Answer 13

Online Certificate Status Protocol. An alternative to using a CRL. It allows entities to query a
CA with the serial number of a certificate. The CA answers with good, revoked, or unknown.

Question 14

OpenID Connect

Answer 14

An open source standard used for identification on the Internet. It is typically used with OAuth and it allows clients to verify the identity of end users without managing their credentials.

Question 15

out-of-band

Answer 15

A configuration that allows a device to collect traffic without the traffic passing through it. Sometimes called passive. Compare with inline.

Question 16

P12

Answer 16

PKCS#12. A common format for PKI certificates. They are CER-based (binary) and often hold
certificates with the private key. They are commonly encrypted.

Question 17

P7B

Answer 17

PKCS#7. A common format for PKI certificates. They are DER-based (ASCII) and commonly used
to share public keys.

Question 18

Paas

Answer 18

Platform as a Service. A cloud computing model that provides cloud customers with a
preconfigured computing platform they can use as needed. Compare with laas and Saas.

Question 19

PAP

Answer 19

Password Authentication Protocol. An older authentication protocol where passwords or PINS
are sent across the network in cleartext. Compare with CHAP and MS-CHAPV2.

Question 20

passive reconnaissance

Answer 20

A penetration testing method used to collect information. It typically uses open-source intelligence. Compare with active reconnaissance.

Question 21

PBKDF2

Answer 21

Password-Based Key Derivation Function 2. A key stretching technique that adds additional bits to a password as a salt. It helps prevent brute force and rainbow table attacks.

Question 22

PEAP

Answer 22

Protected Extensible Authentication Protocol. An extension of EAP sometimes used with 802.1x. PEAP requires a certificate on the 802.1x server.

Question 23

PEM

Answer 23

Privacy Enhanced Mail. A common format for PKI certificates. It can use either CER (ASCII) or DER (binary) formats and can be used for almost any type of certificates.

Question 24

perfect forward secrecy

Answer 24

A characteristic of encryption keys ensuring that keys are random. Perfect forward secrecy methods do not use deterministic algorithms.

Question 25

permission auditing review

Answer 25

An audit that analyzes user privileges. It identifies the privileges (rights and permissions) granted to users, and compares them against what the users need.

Question 26

PFX

Answer 26

Personal Information Exchange. A common format for PKI certificates. It is the predecessor to P12 certificates.

Question 27

NIST

Answer 27

National Institute of Standards and Technology. NIST is a part of the U.S. Department of Commerce, and it includes an Information Technology Laboratory (ITL). The ITL publishes special publications related to security that are freely available to anyone.

Question 28

Nmap

Answer 28

A command-line tool used to scan networks. It is a type of network scanner.

Question 29

nonce

Answer 29

A number used once. Cryptography elements frequently use a nonce to add randomness.

Question 30

non-persistence

Answer 30

A method used in virtual desktops where changes made by a user are not saved. Most (or all) users have the same desktop. When users log off, the desktop reverts to its original state.

Question 31

nslookup

Answer 31

A command-line tool used to test DNS on Microsoft systems. Compare with dig.

Question 32

NTLM

Answer 32

New Technology LAN Manager. A suite of protocols that provide confidentiality, integrity,
and authentication within Windows systems. Versions include NTLM, NTLMv2, and NTLM2 Session.

Question 33

MOU/MOA

Answer 33

Memorandum of understanding or memorandum of agreement. A type of agreement that defines responsibilities of each party. Compare with ISA.

Question 34

MS-CHAPV2

Answer 34

Microsoft Challenge Handshake Authentication Protocol version 2. Microsoft implementation of CHAP. MS-CHAPV2 provides mutual authentication. Compare with CHAP and PAP.

Question 35

NAC

Answer 35

Network access control. A system that inspects clients to ensure they are healthy. Agents inspect clients and agents can be permanent or dissolvable (also known as agentless).

Question 36

NDA

Answer 36

Non-disclosure agreement. An agreement that is designed to prohibit personnel from sharing
proprietary data. It can be used with employees within the organization and with other organizations.

Question 37

Netcat

Answer 37

A command-line tool used to connect to remote systems.

Question 38

netstat

Answer 38

A command-line tool used to show network statistics on a system.

Question 39

network scanner-

Answer 39

A tool used to discover devices on a network, including their IP addresses, their operating system, along with services and protocols running on the devices.

Question 40

loop prevention

Answer 40

A method of preventing switching loop or bridge loop problems. Both STP and RSTP prevent switching loops.

Question 41

MAC filtering

Answer 41

A form of network access control to allow or block access based on the MAC address. It is configured on switches for port security or on APs for wireless security.

Question 42

mail gateway

Answer 42

A server that examines and processes all incoming and outgoing email. It typically
includes a spam filter and DLP capabilities. Some gateways also provide encryption services.

Question 43

man-in-the-browser

Answer 43

An attack that infects vulnerable web browsers. It can allow the attacker to capture browser session data, including keystrokes.

Question 44

MD5

Answer 44

Message Digest 5. A hashing function used to provide integrity. MD5 creates 128-bit hashes,
which are also referred to as MD5 checksums. Experts consider MD5 cracked.

Question 45

MDM

Answer 45

Mobile device management. A group of applications and/or technologies used to manage
security policies.
mobile devices. MDM tools can monitor mobile devices and ensure they are in compliance with security policies

Question 46

memory leak

Answer 46

An application flaw that consumes memory without releasing it.

Question 47

3DES

Answer 47

Triple Digital Encryption Standard. A symmetric algorithm used to encrypt data and provide
confidentiality. It is a block cipher that encrypts data in 64-bit blocks.

Question 48

ABAC

Answer 48

Attribute-based access control. An access control model that grants access to resources
based on attributes assigned to subjects and objects.

Question 49

acceptable use policy (AUP)

Answer 49

A policy defining proper system usage and the rules of behavior for employees. It often describes the purpose of computer systems and networks, how users can access
them, and the responsibilities of users when accessing the systems.

Question 50

ACLs

Answer 50

Access control lists. Lists of rules used by routers and stateless firewalls. These devices use the
ACL to control traffic based on networks, subnets, IP addresses, ports, and some protocols.

Question 51

active reconnaissance

Answer 51

A penetration testing method used to collect information. It sends data to systems and analyzes responses to gain information on the target. Compare with passive reconnaissance.

Question 52

ad hoc

Answer 52

A connection mode used by wireless devices without an AP. When wireless devices connect
through an AP, they are using infrastructure mode.

Question 53

administrative controls

Answer 53

Security controls implemented via administrative or management
methods.

Question 54

AES

Answer 54

Advanced Encryption Standard. A strong symmetric block cipher that encrypts data in 128-bit
blocks. AES can use key sizes of 128 bits, 192 bits, or 256 bits.

Question 55

affinity

Answer 55

A scheduling method used with load balancers. It uses the client’s IP address to ensure the client is redirected to the same server during a session.

Question 56

aggregation switch

Answer 56

A switch used to connect multiple switches together into a network. Switches connect to the aggregation switch and it connects to a router.

Question 57

AH

Answer 57

Authentication Header. An option within IPsec to provide authentication and integrity.

Question 58

ALE

Answer 58

Annual (or annualized) loss expectancy. The expected loss for a year. It is used to measure risk
with ARO and SLE in a quantitative risk assessment. The calculation is SLE x ARO = ALE.

Question 59

amplification Attack

Answer 59

An attack that increases the amount of bandwidth sent to a victim.

Question 60

role-BAC

Answer 60

Role-based access control. An access control model that uses roles based on jobs and
functions to define access. It is often implemented with groups (providing group-based privileges).

Question 61

ROT13

Answer 61

A substitution cipher that uses a key of 13. To encrypt a message, you would rotate each letter 13 spaces. To decrypt a message, you would rotate each letter 13 spaces.

Question 62

RPO

Answer 62

Recovery point objective. A term that refers to the amount of data you can afford to lose by identifying a point in time where data loss is acceptable. It is often identified in a BIA.

Question 63

RSA

Answer 63

Rivest, Shamir, and Adleman. An asymmetric algorithm used to encrypt data and digitally sign
transmissions. It is named after its creators, Rivest, Shamir, and Adleman.

Question 64

RSTP

Answer 64

Rapid Spanning Tree Protocol. An improvement of STP to prevent switching loop problems.

Question 65

RTO

Answer 65

Recovery time objective. The maximum amount of time it should take to restore a system after
an outage. It is derived from the maximum allowable outage time identified in the BIA.

Question 66

rule-BAC

Answer 66

Rule-based access control. An access control model that uses rules to define access. Rule-
based access control is based on a set of approved instructions, such as an access control list, or rules that trigger in response to an event, such as modifying ACLs after detecting an attack.

Question 67

Rainbow table

Answer 67

A file containing precomputed hashes for character combinations. Rainbow table
are used to discover passwords. PBKDF2 and bcrypt thwart rainbow table attacks.

Question 68

Forward proxy

Answer 68

Forward proxies are single locations that provide access to many web resources. Reverse
proxies typically use internal-facing proxies at the front end to control and protect the
private server, stateful packet inspection is a firewall, and open proxies are usable by
anybody on the Internet