Security+ Flashcards

1
Q

“Subjects” are what?

A

Users or Groups that are accessing an object or resource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

2 main components of IPSec?

A
Authentication Header (AH)
Encapsulating Security Payload (ESP)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

3 Primary IP Classes are?

A

Class A> 0.0.0.0 -> 127.255.255.255
Class B> 128.0.0.0 -> 191.255.255.255
Class C> 192.0.0.0 -> 192.255.255.255

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

AAA?

A

Authn
Authr
Accounting (tracking/auditing what-/where with logs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the 4 models of Access Control?

A

ROLE Based Access Control (RBAC)
RULE Based Access Control
Discretionary Access Control (DAC)
Mandatory Access Control (MAC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

ARP?

A

Address Resolution Protocol - used once a packet makes it inside a network - ARP routes it to the correct machine on the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

CHAP is similar to PAP in what way?

In what ways do they differ?

A

Both were used in PPP
Both use passwords or pins

PAP sent pins and passwords in the clear
CHAP uses a hashed password that is hashed with a nonce (number used once)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

CIDR?

A

Classless Interdomain Routing notation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Cipher locks are?

A

Door with a code that requires punching in - mechanical or digital…

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Corrective Controls include?

A

Intrusion Protection Systems or Active IDS - can engage to stop an ongoing attack

Backup and Recovery - can work to recover from an attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Integrity?

A

Integrity provides assurances that data has not changed. This includes ensuring that no one has modified, tampered with, or corrupted the data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Detective Controls include?

A

DETECTIVE CONTROLS:

  • Log monitoring
  • Trend analysis
  • Security Auditing
  • Video monitoring
  • Motion detection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Deterrent Controls include?

A

Dogs, Guards, Laws.

Most of the Preventative Controls can also be thought of a Deterrent as well (as in Security Guards)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Difference between Preventative and Detective Controls

A

Preventative are ACTIVE controls - that can stop an incident

Detective are PASSIVE controls - that can’t in themselves stop an incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

DNS records are organized with what desigations?

A

A (IPv4) - address/host records
AAAA (IPv6) - address

PTR - pointers (opposite of an A - if queried with an IP, it will return a hostname)

MX - mail exchange

CNAME - aliases

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is EAP used for and what is it associated with?

A

Extensible Authentication Protocol (EAP)
Associated with RADIUS / Wireless Authentication
Uses Tokens, Smart Cards, Certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

How are Hash’s created and what are they used for?

A

hash is simply a number created by executing a hashing algorithm against data, such as a file or message. As long as the data never changes, the resulting hash will always be the same. By comparing hashes created at two different times, you can determine if the original data is still the same. If the hashes are the same, the data is the same. If the hashes are different, the data has changed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

UDP vs. TCP?

A

UDP uses a connectionless session (no 3-way handshake like TCP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

In Discretionary Access Control what is the basic model?

A

User Centric / User Chooses. LEAST restrictive.
All files and folders have owners and permissions..
This is true for Unix/Linux and NTFS based file systems..

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

In the context of Redundancy - what does SPOF mean?

A

Single Point of Failure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

IPSec? Associated with what 3 technologies?

A

IP security.

1) VPN by way of an Internet Key Exchange (IKE) over UDP
2) associated with IPv6, but can be used with v4.
3) ISAKAMP - sec assoc. key mgmt protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

IPv4 vs IPv6 - how many bits in each part of the address?

A

32bit for v4

128 for v6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

IPv6 format?

A

8 groups of hexadecimal numbers separated by colons e.g. 2001:0db8:85a3:0000:0000:8a2e:0370:7334

Hex numbers are 4 characters long.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

NDP?

Associated with?

A

Neighbor Discovery Protocol

IPv6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

NetBIOS?

A

Network Basic Input/Output System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Of the five factors of authentication what is the weakest?

A

Something you know

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

PAP was used with what?

A

PPP - Point to Point Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Preventative Controls include:

A

PREVENTATIVE CONTROLS:

  • Blocking (Firewalls, etc)
  • Hardening
  • Guards (Security Guards)
  • Change Management
  • Account Disablement Policy
  • Security Awareness Training
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Protocol IDs are?

A

The ID of the network protocol - NOT THE PORT.

E.g. TCP is 6, UDP is 17, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Proximity Cards are:

A

Physical badges held up to scanners - can be combined with a PIN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

RADIUS entire authn process is encrypted, T or F

A

F

Only the password is encrypted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

PAP?

Category: Remote Access Server (RAS)

A

Password Authentication Protocol

Passswords are sent over clear text!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

TACACS+ ?

Category: Remote Access Server (RAS)

A

Terminal Access Controller Access-Control System Plus

  • TACACS+ is an alternative to RADIUS, from Cisco.
  • Benefit of TACACS+ is that it can interact with Kerberos, allowing it to work with a broader range of environments, including Microsoft domains.
  • Encrypts the entire authentication process, whereas RADIUS encrypts only the password.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

CHAP?

Category: Remote Access Server (RAS)

A

Challenge Handshake Authentication Protocol (CHAP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

DIAMETER

Category: Remote Access Server (RAS)

A

Diameter.

Diameter is an improvement over RADIUS and it supports Extensible Authentication Protocol (EAP) for security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Flavors of CHAP?

Category: Remote Access Server (RAS)

A

MS-CHAP and MS-CHAPv2

V2 now solely used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

RADIUS

Category: Remote Access Server (RAS)

A

Remote Authentication Dial-In User Service (RADIUS).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

XTACACS

Category: Remote Access Server (RAS)

A

Extended Terminal Access Controller Access-Control System (XTACACS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

RAS?

A

Remote Access Service - anything remote you need to sign into

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Risk Assessment - Quantitative vs. Qualitative

A

Quantify = assess risk based on monetary/asset value (SLE/ALE, etc)

Qualitative = based on assessment of Probability x (times) Impact (usually using historical data)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

SAML?

A

Security Assertion Markup Language (SAML)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

SNMP?

A

Simple Network Management Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Telnet is still commonly used T/F?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

TLS?

A

Transport Layer Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

UDP?

A

User Datagram Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

What are 2 RAS Authn Services that are considered “AAA”

A

RADIUS and TACACS+

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

What are all the things a smart card provides?

A

The smart card provides:

  • non-repudiation
  • authentication (2factor: both HAVE & KNOW)
  • confidentiality (encryption)
  • integrity (signing)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

What are authentication types also known as?

A

Factors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

What are planning documents known as Matrices used for in Access Control?

A

Role Matrix: used to map roles to privileges for planning purposes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

What are Rule Based Access Controls usually associated with?

A

Firewalls / ACLs / Lists

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

What are SAMLs 3 main actors?

A

Principal: this is typically a user.

Identity Provider

Service Provider (the authn server)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

What are some of the best practices of password management?

A

Use strong ones,
don’t write them down,
don’t share,
use technology to enforce policies like expiration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

What are some of the characteristics of Kerberos

A
  • mutual authentication that can help prevent man-in-the-middle attacks
  • uses tickets to help prevent replay attacks.
  • network authentication protocol within a Microsoft Windows Active Directory domain or a Unix realm.
  • database of objects such as Active Directory and a KDC (or TGT server) to issue timestamped tickets that expire after a certain time period.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

What are some of the Layers in “Layered Security”?

A

Network (Firewall, Reverse Proxy Servers),
Host-based (Intrusion Detection System - IDS) and Antivirus,
Software (Monitoring)

Layered security, or defense in depth, combines multiple layers of security, such as a firewall, an IDS, content filtering, and antivirus software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

What are the GOALS of Controls w.r.t. a Security Incident?

A

Preventative Controls - try to prevent an incident from occurring
Detective Controls - try to detect an incident that’s already occurred
Corrective Controls - try to correct the damage done by an incident
Deterrent Controls - try to deter an incident from occurring in the first place
Compensating Controls - act as alternatives when primary controls are not feasibles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

What are the 2 ways to simplify IPv6 format?

A

1) Drop Leading 0s
2) 0 Compression (ommitting any hex that’s all zeros, e.g. somehex::someotherhex::onelasthex)

Remember - any number less than 4 characters will have been simplified in some way

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

What are the 3 parts of the TCP handshake?

A

SYN (synchronize) from client to server.
SYN/ACK (synch/ack) from server to client.
ACK from client to server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

What are the 3 Private IP Subnets

A
  1. x.x.x
  2. 16.x.x > 172.31.z.z
  3. 168.x.x
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

What are the 5 factors of authentication?

A
Something you KNOW
Something you HAVE
Something you ARE
SomeWHERE you are (location)
Something you DO
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

What are the characteristics of a strong password?

A

> 8 characters

No dictionary words

At least 3-4 of the following types:

  • Upper case
  • Lower case
  • Numbers
  • Special characters
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

What can Protocol IDs be used for?

A

Firewall configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

What does a minimum password age help with?

A

Helps to prevent users from resetting passwords back to previous password right after being forced to change it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

What does PKI stand for?

A

Public Key INFRASTRUCTURE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

What does TLS do that SSL doesn’t?

A

TLS encrypts the data before transmission

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

What is a nonce?

A

Number used once

Used in hashing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

What is commonly used with smart cards to increase security and what does it provide?

A

A pin or password

Provides 2-factor auth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

What is HOTP?

A

HMAC-based One Time Password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

What is mutual authentication?

A

Client authn to the server, and server authn to the client

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

What is Non-Repudiation, and what are some of the ways to enforce it?

A

Ability through Digital Signatures and/or audit logs, etc to authenticate that a person was the originator of a message or an action, and later not be able to DENY that it was them that sent the message…
Smart Cards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

What is the basic concept behind MAC access control?

A

Labels.

Users with a particular label are allowed to see files/folders with a particular label.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

What is TOTP, how is it different than HOTP?

A

Time-based one time password- uses a time stamp instead of a counter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

What network protocols do RADIUS & TACACS+ use?

A

RADIUS uses UDP (User Datagram Protocol)

TACACS uses TCP (Transmission Control Protocol)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

What Operating System uses a Mandatory Access Control model and what’s it called?

A

Linux

SELinux (Security Enhanced Linux)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

What Protocols are commonly associated with DoS attacks?

A

UDP - because there’s no handshake - the streaming overwhelms the server.

ICMP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

What’s a DACL contain?

A

A group of ACE (Access Control Entries) - that are made up of SIDs and Persmissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

What’s a DACL?

A

Discretionary Access Control List - every MS object in the NTFS world has one and it shows everyone that has access to a file or folder.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

What’s a SID and what’s it associated with?

A

Security Identifier - it’s what MS systems use to ident someone. Associated with DAC access control model (Discretionary)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

What’s a way to prevent Tailgating?

A

Mantraps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

What’s another name for the “something you are” authn factor?

A

Biometrics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

What’s the main difference between SFTP and FTPS?

A

SFTP uses SSH (port 22)

FTPS uses TLS/SSL (either on 989 or 990)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

What’s the main vulnerability of HMAC-based One Time Password (HOTP)?

A

A generated password that has not been used can be used indefinitely.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

What are the names for biometrics systems failure rates?

A

The False Accept Rate (FAR, also known as a type 2 error) identifies the percentage of times false acceptance occurs.

The False Reject Rate (FRR, also known as a type 1 error) identifies the percentage of times false rejections occur.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

When manually resetting a password- what’s best to remember?

A

The password should be set to expire on first use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

Why do adminstrators disable ICMP services/ports?

A

Becuase they can be used in DoS attacks and because they make the services discoverable outside of the server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

Write the following subnet mask for the subnet 192.168.1.1 in CIDR notation:
255.255.0.0

A

192.168.1.1 / 48

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

Switches deal with _____ traffic while Hubs deal with ______?

A

Unicast

Broadcast

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

Loop protection on a Switch is enabled by what protocols and prevents ______?

A

STP (Spanning Tree Protocol) or RSTP.

Prevents switch looping that can seriously degrade network performance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

VLANs can do what and are enabled by what?

A

Can logically seperate computers (or groups of users,etc) through software-defined LANs.

Enabled by smart SWITCHES - one switch can create multiple VLANs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

802.1x can be used for what kind of networks?

A

Wired AND wireless

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

802.1x can be implemented with what kind of servers?

A

RADIUS or DIAMETER

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

What is Port Security?

A

Securing the physical ports of a network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

Routers allow/deny traffic based on _______?

A

ACLs - basic packet filtering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

In the context of ACLs - what does Implicit Deny do and what are they used in?

A

All traffic that isn’t explicitly allowed is implicity denied.

Routers and Firewalls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

What are some of the rules of Implicit Deny?

A

Deny Any Any or Deny All All (where the first one indicates the type - UDP, TCP, etc) and the second means Inbound/Outbound

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

Firewall Rules generally take what format?

A
Permission
Protocol
Source
Destination
Port
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

Firewalls implement “implicit deny” by implementing what at the end of the ACL?

A

Deny Any Any,
Deny Any
Drop All

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

Web Application Firewalls can prevent what kind of attacks?

A

Cross Site Scripting Attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

What are 3 of the ways to segment/block network traffic?

A

VLANs,
Routers,
Firewalls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

DMZs are typically in between what?

A

2 firewalls - one to the outside Internet and one to the inside intranet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

NAT?

A

Network Address Translation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q

NAT is typically found where?

A

On internet-facing Firewalls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
102
Q

What’s a commmon form of NAT?

A

PAT - Port Address Translation

Uses a Single IP address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
103
Q

Pros/Cons of NAT?

A

Can be used to leverage more expensive Public IP addresses.

Hides computers/servers not meant to be public.

Doesn’t work with IPSec (IPv6)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
104
Q

What is Dynamic NAT?

A

Uses multiple IP addresses to help balance load

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
105
Q

What is UTM?

A

Unified Threat Management

Combines several network security controls in one server/appliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
106
Q

What are some of the things a UTM can monitor?

A

Email and email attachments, malicious code in websites.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
107
Q

What is one common type of UTM?

A

Web Security Gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
108
Q

OSI Network Layers - what are the layers…

A

“Please Do Not Throw Suasage Pizza Away”

  1. Physical (cables/hubs)
  2. Data Link (switches)
  3. Network (router/layer3 switch)
  4. Transport (UDP/TCP, etc)
  5. Session (establishing/maintaining/terminating)
  6. Presentation (ASCII, etc)
  7. Application (HTTP, RDP, LDAP, etc)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
109
Q

What are IPS’s and IDS’s and what is the difference?

A

IPS = Intrusion Prevention System (ACTIVE - always placed inline with traffic - so it can prevent attack from reaching downstream networks)

IDS = Intrusion Detection System (PASSIVE - usually)

All IPSs are IDSs, but not all IDSs are IPSs (only ACTIVE IDSs can be considered IPSs)

Both use protocol analyzers / sniffers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
110
Q

HIDS is usually used along with what?

A

Along with a traditional antivirus since HIDS can help detect network-based issues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
111
Q

What is a SYN flood?

A

A form of DoS attack.
Attackers issue multiple simultaneous SYN requests of a server and intentionally don’t respond with the ACK after the SYN/ACK - therefore making the server think it’s connections are just latent - but this causes the server to overload and can crash it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
112
Q

Where is a NIDS installed?

A

On a network device like a router or firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
113
Q

A Network-based Intrusion Detection System cannot monitor encrypted traffic, T/F?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
114
Q

What’s another name for Anomoly-based detection?

A

Heustics-based

115
Q

What’s the other form of detection other than Anomoly-based

A

Signature Based - requires a set of signatures/rules to look for

116
Q

Signature based detection usually uses a common set of vulnerabilities that are publicly available - what is that called?

A

CVE - Common Vulnerabilities and Exposures list

117
Q

What are the 2 main goals of a honeypot?

A
  1. To divert an attack away from a live network

2. To observe an ongoing attack (to learn methods, etc)

118
Q

Honeypots are usually found by attacks by being routed there by ______?

A

NIDS - Network Intrusion Detection systems (or NIPS)

119
Q

What are the 802.11 standards?

A
  1. 11a (54 Mbit/s)
  2. 11b (11 Mbit/s)
  3. 11g (54 Mbit/s)
  4. 11n (600 Mbit/s)
120
Q

WAPs use what kind of antennae typically?

A

Omnidirectional

121
Q

Sometimes WAPs are connected together across a distance with what type of antennae?

A

Yagi

122
Q

What is one way of reducing risk for a WLAN?

A

Reducing the range of the WAP by reducing the power and therefore the coverage

123
Q

What are the encryption specs of WPA2?

What did this replace?

A

Uses CCMP based on AES.

Replaced TKIP with RC4 (used by WEP and WPA)

124
Q

What is an 802.1x server used for, how is it implemented, and what does it provide?

A

Used to authenticate users over Wireless
Can be implemented with RADIUS.
Provides Enterprise-mode wireless access -and AUTHENTICATION (over using a simple passphrase)

125
Q

PEAP and EAP-TTLS require what on the 802.1x server?

A

A certificate.

126
Q

EAP-TLS is like PEAP and EAP-TTLS, but also requires what?

A

A cert on the server and each of the clients.

127
Q

A captive portal can be cheaper alternative to what?

A

Standing up an 802.1x server for wireless access

128
Q

When enabling a WAP - _____ mode separates wireless clients from connecting to each other.

A

Isolation

129
Q

What are a couple things you should do to additionally secure a wireless router?

A
  1. Change the default admin account ID and the password.
  2. Enable MAC filtering
  3. Change the default SSID
130
Q

MAC addresses cannot be modified so are thought of as foolproof, T/F

A

False

131
Q

It is not that much more secure to disable the SSID of a wireless router, T/F

A

True

132
Q

How does WEP/WPA allow for vulnerabilities?

A

The encryption mechanism RC4 - reuses encryption keys, so once a key is determined, it can be used to decrypt all data.

133
Q

What is an IV attack on a WEP-protected WAP?

A

Attacker uses packet injection to increase the amount of packets to analysze and discovers the encryption key.

134
Q

How is WPA cracking achieved?

A

Attacker forces or waits for the 4-way auth handshake to occurr and and capture the information. They then use brute force attack to discover the passphrase.

135
Q

What is WPS and should it be used?

A

Wifi Protected Setup - the little button you press to automatically join a network.

NO - is should be disabled if possible.

136
Q

What is an Evil Twin?

A

A WAP with the same SSID as a legitimate access point.

137
Q

Bluejacking?

A

Unsolicited sending of messages to Bluetooth device

138
Q

Bluesnarfing?

A

The access and stealing of data over Bluetooth

139
Q

IPSec tunneling mode does what?

A

Encrypts the whole packet as Transport mode only encrypts the payload

140
Q

Encapsulating Security Payload (ESP) provides ________, ______, and _______ for VPN traffic.

A

confidentiality, integrity, and authentication

141
Q

IPSec Protocol ID #?

A

50

142
Q

IPSec uses what over port 500?

A

IKE - internet key exchange

143
Q

NAC?

A

Network Access Control

144
Q

What word is typically associated with NAC?

A

Health - as in health check through health agents

145
Q

What are 2 of the health checks a NAC agent will perform

A
  1. Up to date virus software
  2. Up to date OS
  3. Firewall enabled
146
Q

Core principles of system hardening include:

A

Removing/disabling unwanted/unneeded services

Removing/uninstalling applications

Disabling/removing unneeded accounts

147
Q

Hardening systems by removing services helps to

  1. Improves the overall _____ _____ of systems
  2. Reduces the ____ _____
  3. Reduces risks associated with ____ _____
A
  1. Security posture
  2. Attack surface
  3. Open Ports
148
Q

As part of hardening it’s a good idea to disable/remove the _____ account.

A

Guest

149
Q

The lifecycle of a hardened system is:

  1. Deploy Initial Secure _____ of a system
  2. ______ monitor and enhance the security of a system
  3. ______ to automatically correct or isolate a system
A
  1. BASELINE
  2. CONTINUOUSLY - through host-based and group policy, etc
  3. REMEDIATE
150
Q

Group Policy for accounts can….?

A

Disable guest accounts and rename Admin account

151
Q

Group Policy for password policies can…?

A

Ensure policies are enforced and enforce lockout policies associated with them

152
Q

Group Policy for auditing can….?

A

Enable audit logs for access and logon/logoff

153
Q

Group Policy for user rights can….?

A

Allow or restrict execution of applications, etc

154
Q

Group Policy for system services can….?

A

Allow administrators to disable services, or prevent users from disabling them…

155
Q

Group Policy for software restrictions can….?

A

Control what applications/software get installed on a system.

156
Q

Group Policy settings are applied only once, T/F?

A

False - they are continuously applied

157
Q

What magical MS product can help you configure Group Policy?

A

The SCW - the Security Configuration Wizard

158
Q

SCAP? and what is it?

A

Security Content Automation Protocol

- built into many vulnerability scanners to check what security settings have or haven’t been changed

159
Q

What is another name for Host Software Baseline?

A

Application baseline - what’s installed on a system and what’s allowed to be installed

160
Q

What do administrators do with a Host Software Baseline?

A

Compare what’s installed on a system against the approved software list and check for differences

161
Q

What are Application Configuration Baselines

A

The specific application-related settings for a given software installation

162
Q

Baseline reporting can be one way to _____ the current state of a system or application

A

AUDIT

163
Q

What is a VM Escape attack?

A

Being able to directly interact with the Hypervisor or Host system from a VM

164
Q

What kind of MS patch is released right away?

A

OOB - Out of Band - security vulnerability-related patches

165
Q

An example of a SCADA system is _______, and typically ARE/AREN’T connected to the internet?

A

Power plants, etc

NOT

166
Q

What is Defense in Depth?

A

Having multiple Security Layers

167
Q

What are 2 security design techniques for static systems?

A

Control redundancy - have 2 of everything, place them in different networks.

Diversity - have 2 different Firewall vendors so if one fails the other may catch.

168
Q

With respect to tracking mobile phones - what can RFID do to help?

A

Help with inventory control

169
Q

Strongest way to secure data at rest and in transit is through _____ and _____?

A

Encryption and strong access controls

170
Q

What is one downfall of file-based encryption?

A

Someone can take a file that’s encrypted and move it to another device (USB, etc) that doesn’t supprt encryption - the system will decrypt prior to moving…

171
Q

Trusted Platform Module (TPM)?

A

Hardware chip that has an RSA asymetric key on a computer motherboard that can generate, store, and protect other keys.

172
Q

TPM three categories of keys?

A
  1. Endorsement Key, permanent key
  2. Storate root key - created when user activates encyption
  3. Application keys - derived from the storate root key - used to encrypt disks
173
Q

What TPM key does MS Bitlocker use?

A

Application key

174
Q

Hardware Security Module (HSM)?

A

Like a TPM, is a hardware-based, but REMOVABLE encryption device that uses RSA encryption to encrypt data for high-performance servers (e.g. SSL accelerators)

175
Q

Data leakage is also known as _________?

A

Data exfiltration

176
Q

Data exfilitration is: ___________?

A

The unauthorized transfer of data outside an organization and is a significant concern with data leakage.

177
Q

A Data Loss Prevention (DLP) system can be any one of 3 things:

  1. ____-based to inspect data in motion
  2. ____-based to inspect data at rest
  3. _____-based to inspect data in-use
A
  1. Network-based
  2. Storage-based
  3. Endpoint-based
178
Q

DLPs are similar to UTM but inspect this direction of data flow as opposed to UTM’s

A

Outgoing as opposed to incoming

179
Q

Malware types other than viruses…

A
worms,
logic bombs,
Trojans,
ransomware,
rootkits,
spyware
180
Q

Ways a virus developer uses to ARMOR their viruses

A
  1. Complex code
  2. Encryption
  3. Hiding
181
Q

Making malware POLYMORPHIC commonly is done by…

A

Varying the encryption/decryption method slightly

182
Q

Logic Bombs execute when?

A

Whenever some logical condition is triggered

183
Q

T/F? Trojans represent a small percentange of malware?

A

False - they represented 70% of new malware in 2013

184
Q

What is rogueware and what is it also known as?

A

Scareware.

Scares the user into thinking something is wrong and only via paying a fee will the ‘service’ fix the problem.

185
Q

Botnet agents/clients are called _________?

A

Zombies

186
Q

Botnets are often used for what kind of attack?

A

DDoS

187
Q

One of the characteristics of Rootkits is (hint has to do with how it’s detected).

A

B/c it has root access, it will hide itself from detection

188
Q

How is Spear Phishing different than regular phishing?

A

Spear phishing is targeted based on a group of people the attacker wants specific info from.

189
Q

What is Whaling?

A

Like spear phishing but targeting Senior Leadership of an organization

190
Q

What is Vishing (high-level)

A

phishing over the phone using VOIP technologies

191
Q

Heuristic-based Detection is?

A

Runs potential / undiscovered malware in a sandbox and compares its output/actions against statistics about viruses - if it reaches certain thresholds - it is blocked and marked as dangerous

192
Q

Xmas Attack is really…?

A

Not an attack at all - it’s a port scan to try to determine what ports are available and what operating systems are at the target end of the scan.

193
Q

Kerberos is one way to prevent what kind of attack by enforcing mutual authentication?

A

Man in the Middle (MITM)

194
Q

What are two common ways to thwart Replay Attacks?

A

Timestamps and sequence numbers

195
Q

Dictionary password attacks are thwarted by what?

A

Use of complex passwords

196
Q

Birthday attacks take advantage of what hash vulnerabily?

A

Hash collisions

197
Q

What is the primary method to prevent hash collisions?

A

Increase the amount of bits used to hash passwords (i.e. 256 instead of 128, or 512 instead of 256)

198
Q

Rainbow table attacks are a form of dictionary attacks how?

A

By having a giant database of hashed passwords to compare with your target password’s hash.

199
Q

One way to prevent Rainbow table hashing attacks is to…?

A

Salt the password prior to hashing it.

200
Q

DNS Poisoning is?

A

Corrupting/manipulating the DNS records of a users computer of network to redirect to a malicious site.

201
Q

How do DNS systems protect against DNS Poisoning?

A

Through the use of DNSSEC (DNS Security Extensions)

202
Q

DNS Pharming attacks are like DNS Poisoning, but usually involve hacking what?

A

The client computers Hosts file

203
Q

ARP attacks are closely related to what resolution protocol?

A

MAC addressing

204
Q

What is ARP in general?

A

It’s the internal network routing mechanism to physical machines

205
Q

ARP Poisoning can help in what kind of attacks?

A

Man in the Middle (redirecting to a malicious site/machine),
&
DoS attacks (redirecting to a non-existant site/machine)

206
Q

What is one of the main ways an attacker can get access to a session ID to perform a Session Hijacking attack?

A

By cross-site scripting attacks

207
Q

What is one coding practice that leads to one of the most common vulnerbilities?

A

Not sanitzing/validating input (form data, etc)

208
Q

What is a No-Op “Sled” associated with used for?

A

Associated with Buffer Overflow Attacks and is used to insert and execute malicious code

209
Q

What is one of the main ways to thwart a SQL injection attack?

A

Input validation

210
Q

What is one of the main ways to thwart a XSS attacks?

A

Input validation

211
Q

What are 2 ways to thwart XSRF attacks?

A
  1. Dual authentication - make the user authenticate again to perform an action
  2. Expire authn cookies after a short time frame
212
Q

What is a Transitive access attack?

A

One in which you use one server or service to access another (like SQL injection)

213
Q

In Risk Management you identify, monitor and mitigate risks, what risk is left over is called…?

A

Residual Risk

214
Q

Quantitave Risk Assessments measures risk in what?

A

Dollars/monetary (i.e. potential losses, etc)

215
Q

Risk Management: what are SLE, ARO and ALE

A

Single Loss Expectancy, Annual Rate of Occurence, Annual Loss Expectancy

216
Q

Risk Management: how do you calculate ALE?

A

SLE x ARO

217
Q

Qualitative Risk Assessments measures risk as?

A

Probability and Impact

218
Q

Black box testing?

A

Pentesting with 0 knowledge of the system

219
Q

White box testing?

A

Pentesters have COMPLETE knowledge of the system

220
Q

Gray box testing?

A

Pentesters have SOME knowledge of the system

221
Q

One of the ways to (continuously) monitor threat activity is through…

A

Log montioring

222
Q

Monitoring logs can be used on what types of logs?

A

Antivirus logs, Application Logs, Performance Logs

223
Q

Contingency Planning - what is RTO

A

Recovery Time Objective - goal (in time) to restore a system after an outage

224
Q

Continency Planning - what is a BIA

A

Business Impact Analysis

225
Q

Continency Planning - what is RPO

A

Recovery Point Objective - point in time where data loss is acceptable (i.e. how much time’s worth of data are you willing to lose)

226
Q

Continency Planning - BCP and DRP are similar, what do they stand for?

A

Business Continuity Plan, Disaster Recovery Plan

227
Q

What to BCP and DRP plans almost always include?

A

A communications plan - who to contact, etc

228
Q

HMAC is a form of what cryptographic technique?

A

Hashing and Encryption - used for Digital Signatures and Message Integrity

229
Q

HMAC improves the process of hashing by including a what?

A

Shared secret

230
Q

LANMAN and NTLM1 are forms of what technique, but are considered compromised and shouldn’t be used?

A

Authentication hashing

231
Q

Symetric encryption uses what?

A

A shared secret to encrypt and decrypt data

232
Q

Its important for Symetric Encryption to do what with the encryption key?

A

Change it regularly

233
Q

What logon technology uses Symetric Encryption?

A

RADIUS

234
Q

When using Stream Ciphers - you should never reuse the enc key, T or F?

A

True

235
Q

What are the 2 most common Block Ciphers in use today?

A

AES and 3DES

236
Q

What are 2 of the lesser used/known Block Ciphers?

A

Blowfish and Twofish

237
Q

Risk Management: How to calculate SLE - Single Loss Expectancy?

A

SLE = Asset Value (AV) x Exposure Factor (EF)

238
Q

What is TSIG & RRSIG normally associated with?

A

DNSSEC - authenticating DNS update transactions

239
Q

What technology is both PREVENTATIVE & CORRECTIVE?

A

Anti-virus

240
Q

What’s FACL associated with?

A

File system access control. It’s the + at the end of a Linux filename.

241
Q

What is explicit TLS?

A

Uses the same port as the non-TLS

242
Q

Data Execution Prevention is associated with mitigating what kind of attack?

A

Buffer Overflow

243
Q

What are 2 technologies associated with encrypting Password data?

A

Bcrypt and PBKDF2

244
Q

What is PHI?

A

Protected Health Information

245
Q

What is the difference between PII and PHI?

A

PII is information about you that personally identifies you.

PHI is info about your health that centers around access - who has access - to your medical records

246
Q

What are the types of RAID?

A

RAID 0 - Striped
RAID 1 - Mirrored
RAID 5 - Striped with single parity
RAID 6 - Striped with dual parity

247
Q

What is are the two main terms used with SAML?

A

Tokens

Assertions

248
Q

In a AAA architecture what is another name for the “Realm”

A

SSID (as in Wireless SSID)

249
Q

What does the linux command ssh-copy-id -i do?

A

Copies your PUBLIC key over to a server

250
Q

Best way to sanitize/destroy disk media?

A
  1. Burning - best
  2. Shredding
  3. Degaussing
251
Q

Chain of Custody - Evidence Collection Steps?

A
  1. Install write-blocker
  2. Create a hash
  3. Perform forensics on copy IMAGE
  4. Store original (Faraday Cage)
252
Q

Order of Volatility - Forensics?

A

Cant - CPU
Remember - RAM
Shit - Swap/Page files

Backups/Peripherals

253
Q

Incident Response - what is PICERL?

A
  1. Prepare
  2. Identify
  3. Contain
  4. Eradicate / Remove
  5. Recover
  6. Lessons Learned
254
Q

What is a table top exercise associated with and used for?

A

Part of Incidence Response - PREPARE phase - for hypothetical threat modeling

255
Q

Business Impact Analysis usually deals with these 3 things?

A

Human Life,
Property,
Safety

256
Q

A Privacy Impact Assessment is usually part of what Analysis?

A

Business Impact Analysis (BIA)

257
Q

What is the fastest method of restoration for backup of physical machines?

A

Differential

258
Q

MTTF is usually associated with?

A

System failures - SPARES!

259
Q

What is Diffie Hellman usually associated with?

A

Key exchange over untrusted networks (VPN)

260
Q

What is Port Address Translation (PAT)?

A

Allows you to map multiple routes through one IP

261
Q

5 things that Mobile Device Management provides?

A
  1. Inventory tracking
  2. App manager (“App Store”)
  3. Policy
  4. OTA Updates
  5. Geofencing
262
Q

BYOD for mobile means…?

A

Bring your own device

263
Q

COPE for mobile means…?

A

Company Owned, Personally Enabled

264
Q

CYOD for mobile means…?

A

Choose Your Own Device - list of approved phones

265
Q

COBO for mobile means…?

A

Company Owned - Business Only (separate phones)

266
Q

COPE usually involves what 3 things?

A

Containerization
Application Manager
AUP: Acceptable Use Policy

267
Q

What are Network Access Controls used for?

A

Health checks on devices accessing the network - think AppGate, VPN checks etc

268
Q

Turning on MAC filtering will affect current connections - T of F?

A

False - it’s a pre-connection policy

269
Q

Forward Proxy is on something that happens on the User side - T or F?

A

True

270
Q

Reverse Proxies are placed on the user’s computer?

A

False - they are server-side

271
Q

What are 2 acronyms associated with VOIP?

A

SIP - Session Initiation Protocol

RTP - Real-time Protocol / RTPS (secure version)

272
Q

What are 2 attacks associated with DHCP?

A

MITM - rogue devices

DoS - DHCP Starvation (mitigate via ARP Inspection)

273
Q

DDoS Attacks are associated with what things?

A

Pings,
Reflective/Amplification,
Spoofing,
SYN:ACK Floods

274
Q

XMAS Tree Attacks are associated with what TCP packet characteristic?

A

FIN / URG / PSH

275
Q

ARP Poisoning can be mitigated by what rudimentary solution?

A

Running a batch file to associate the host computer at startup

276
Q

Which tool creates a connection?
Telnet,
nc,
dig

A

Telnet

nc

277
Q

What tools can be used for banner grabbing?

A

NMAP,
telnet,
nbtstat - may give you some info for the computers on your (windows) network

278
Q

What are 2 frameworks that create a “web of trust”

A

PGP

GNU Privacy Guard

279
Q

What are some PKI issues (4 total)?

A
  1. Cert is expired
  2. CA cert not in trust store / browser
  3. Revoked / Suspended
  4. Broken chain of trust
280
Q

What is a broken trust chain?

A

When a certificate doesn’t include the intermediate CAs all the way back to Root CA

281
Q

OCSP Stapling accomplishes what 2 things?

A

Sends cert & OCSP responder info (revocation info) in the same req/response

282
Q

Subject Alternative Name is used for what?

A

Associating multiple hosts to a single certificate.

Prevents TYPOSQUATTING

283
Q

CRLs are usually associated with what protocol?

A

OSCP