Security

Question 1

What is Triple A?

Answer 1

Conceptual securiy model
- Authentication
- Authorization
- Accounting

Question 2

What is Authentication?

Answer 2

Verifying who a user claims to be.
May use separate credentials or a centralized storage system

Question 3

What is Authorization?

Answer 3

Establishing and enforcing rules for who is permitted to access what

Question 4

What is Accounting?

Answer 4

Recording each attempt to authenticate or authorize a user.
Informtion often used for auditing

Question 5

What is CIA(NA)?

Answer 5

Another conceptual model for security
- Confidentiality
- Integrity
- Availibility
- Non-repudiation
- Authentication

Question 6

What is encryption?

Answer 6

Using a cipher (computer program) to convert plaintext to ciphertext

Question 7

What is decryption?

Answer 7

Reverses encryption (ciphertext to plaintext)

Question 8

What is a key?

Answer 8

A long string of bits used to encrypt or decrypt data

Question 9

Explain symmetric key encryption?

Answer 9

A shared key is used to encrypt AND decrypt plaintext

Question 10

Explain asymmetric key encryption?

Answer 10

Each user has their own pair of keys:
public key - shared with public
private key - only user has access
ONE key is used for encrypt and the OTHER is used to decrypt

Question 11

What is a message digest?

Answer 11

A unique identified for a message created using a hash function

Question 12

What is a digital signature?

Answer 12

An encrypted message digest

Question 13

What is a digital certificate?

Answer 13

Certifies that a digital signature is authentic

Question 14

What is Public Key Infrastructure?

Answer 14

The tools used to create and manage key certificates.

Question 15

What is a VPN?

Answer 15

Uses encryption to extend an enterprise network onto the internet

Question 16

What are flows?

Answer 16

Collections of packets sent between two specific hosts

Question 17

What are rules?

Answer 17

Identifies the host involved in a flow, the protocols used, and determines if the flow is allowed or not

Question 18

What is a firewall?

Answer 18

A router configured to enforce rules

Question 19

What is a DMZ?

Answer 19

Additional network managed by an enterprise used to separate devices that may receive external flows

Question 20

Why use a DMZ?

Answer 20

Simplifies firewall rules

Question 21

What is an IDS?

Answer 21

Monitors a network switch for unusual behavior

Question 22

Explain the client-server model

Answer 22

• Web servers store resources
• Web clients request resources and render them

Question 23

What is a protocol?

Answer 23

Common language between two programs

Question 24

What is HTTP?

Answer 24

Protocol used between web servers and browsers

Question 25

Examples of static web resources?

Answer 25

HTML, CSS docs, images

Question 26

What are dynamically generated web resources?

Answer 26

programming instructions executed on a server host

Question 27

What are dynamic web resources?

Answer 27

programming instructions included in HTTP response for browser to execute

Question 28

What does a browser consist of?

Answer 28

• rendering engine
• JavaScript engine
• environment where JS can execute

Question 29

What is Just-in-Time complilation?

Answer 29

compilation during program execution rather than before

Question 30

Provide a layered view of the web

Answer 30

• Content
• Structure: organizes content
• Presentation: formats organized content
• Behavior: enhances user interactions

Question 31

What is JavaScript?

Answer 31

programming language used to provide browser’s behavioral instructions