Secure Protocols Flashcards

1
Q

True or false: Any secure connection that happens on the internet is either an encrypted application like SSH or uses an encryption protocol like TLS.

A) True
B) False

A

A) True

True. Connections made without an encrypted application or protocol are insecure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which port number does SMTP use?

A) 23
B) 25
C) 110
D) 143

A

B) 25

Port 25 is correct. Port 23 is Telnet, 143 is IMAP, and 110 is POP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which port number does DNS run on?

A) 80
B) 69
C) 53
D) 161/162

A

C) 53

Port 53 is correct. Port 80 is HTTP, port 69 is TFTP, ports 161/162 are SNMP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Load balancers, SSL accelerator, and DDoS mitigators can all be effectively set up in which of these network zones?

A) DMZ
B) LAN
C) WAN
D) All of the above

A

A) DMZ

The DMZ can support all three. Load balancing inside the LAN is possible but there’s no reason to place SSL accelerators or DDoS mitigators inside a LAN. These devices could sit in a WAN, but their function is to protect servers within a LAN.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the development frameworks is based on small, rapid, and measurable deliverables or sprints?

A) Waterfall
B) Rails
C) Agile
D) JavaScript

A

C) Agile

Agile is based on small and rapid sprints. Due to the nature of the sprint, the scope can be modified as the daily process is considered, and the sprint deliverable testing is validated. Rails and JavaScript are languages, not development frameworks. Waterfall is a full-scope, big-picture framework with large deliverables and highly defined scope and timelines.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Client-side code execution has which of the following characteristics?

A) The client machine can do the input validation processing, form the query, and send to the server
B) The client-side code needs to be available on the client machines
C) It is somewhat less secure because the security is only as good as the machine it’s executed on
D) It sends a lot of code over the internet
E) All of the above

A

E) All of the above

All of the above is the correct answer. The client machine does the processing, making it subject to the local environment’s capabilities and security settings. Once the input is processed on the client side, it is sent over to the server. Code updates and patches need to be sent to the client machine as needed to keep the code synced with the server code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the code testing phases is most likely to use a sandbox environment?

A) Static code review
B) Staging
C) Planning
D) Continuous integration

A

B) Staging

Staging for deployment and testing is usually done in a sandbox environment. Code review and planning can be performed in the development environment. Once code is ready to be run though its paces, a sandbox allows for different configurations. Throughputs and bursts test without effecting working or development environments. Continuous integration is done in the development environment and moved through the sandbox for deployment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly