Supplemental

Question 1

when a client sends a request to a WAP, they are added to that devices ___

Answer 1

Associated List

Question 2

the first step in giving 802.11 some security was ___, which uses the ___ encryption protocol

Answer 2

Wired Equivalency Privacy (WEP); RC4

Question 3

WEP uses encryption keys ___, making it relatively easy to hack

Answer 3

that are generated by the WAP and shared

Question 4

the current standard for wireless encryption is ___, also known as ___

Answer 4

802.11I, WPA2

Question 5

802.11i/WPA2 uses ___ for authentication using a ___ server, and the ___ encryption protocol.

Answer 5

802.1x; RADIUS; AES

Question 6

because much of the hardware couldn’t handle AES encryption when 802.11i was released, the ___ was developed and later named ___

Answer 6

Temporal Key Integrity Protocol (TKIP); Wireless Protected Access (WPA)

Question 7

TKIP/WPA improved the ___ of key generation and WPA2 uses AES encryption via ___

Answer 7

initialization vector; CCMP

Question 8

RADIUS solves the problem of ___, but not ___.

Answer 8

authentication; authorization

Question 9

RADIUS servers refer to the internet gateway as the ___ and the user trying to authenticate as the ___

Answer 9

client; supplicant

Question 10

RADIUS servers can use any of the following ports:

Answer 10

UDP 1812, 1813, 1645, 1646

Question 11

Windows networks have two particular authentication protocols, one is ___ in which the client and server both send challenge messages, and the other is ___, in which the Domain Controller acts as a ___

Answer 11

NT LAN Manager; Kerberos; Key Distribution Center (KDC)

Question 12

the TKIP increased the key initialization vector from ___ bits to ___

Answer 12

24; 48

Question 13

UNIX systems use a ___ to protect their hashed password database

Answer 13

shadow password file

Question 14

in ___ a physical chip installed on a device holds passwords, keys and digital signatures for authentication

Answer 14

Trusted Platform Module (TPM)

Question 15

Bitlocker is an example of built in ___

Answer 15

Whole Disk Encryption

Question 16

the ___ files on a computer cannot be encrypted, making ___ on startup critical

Answer 16

boot process; authentication

Question 17

___ hashing is commonly used in digital signatures

Answer 17

Message Digest

Question 18

a ___ attack takes advantage of occasional hashing collisions

Answer 18

birthday

Question 19

___ hash algorithms were developed by the NSA and are used in PGP, TLS, SSL and IPsec because they are considered more secure than MD5

Answer 19

Secure Hash Algorithm (SHA)

Question 20

unlike AES, DES or Blowfish, ___ is a streaming cipher

Answer 20

RC4

Question 21

IPsec uses two modes, ___ and ___ mode

Answer 21

transport; tunnel

Question 22

___ is a secure form of Telnet

Answer 22

Secure Shell (SSH)

Question 23

HTTPS is secured with ___

Answer 23

either SSL or TLS

Question 24

the easiest disaster recovery exercise is a ___

Answer 24

document review

Question 25

in a ___ attack, a piece of software is modified to carry malware

Answer 25

refactoring

Question 26

___ allows devices to communicate over very short ranges using a chip implanted in the device

Answer 26

Near Field Communications (NFC)

Question 27

rejecting a user that is actually authorized is a Type __ error

Answer 27

1

Question 28

the main users of an Interconnection Service Agreement (ISA) are ___

Answer 28

telecommunications companies

Question 29

SCP and SFTP use ___ for encryption (and Port 22) while FTPS uses ___ for encryption

Answer 29

SSH, SSL/TLS

Question 30

the Linux command ___ shows all files and directories, and if used with the switch ___, will show ownership permissions for files

Answer 30

ls; -a

Question 31

the Linux command ___ shows all network connections, routing tables and protocol statistics. To find out if your machine is functioning as a server, use the switch ___ and look to see if any of the connections say ___

Answer 31

netstat; -a; “listening” in the right-hand column

Question 32

The Linux command Netstat can be used to see who your machine is talking to by shutting down all browsers and using the switch ___

Answer 32

-n

Question 33

the Linux command ___ shows all the hops made by a packet to reach its destination. If you can’t reach a website then use this to see if the failure is in the first few hops, meaning the failure is ___

Answer 33

tracert; in your network

Question 34

the Linux command ___ will show all devices connected to your network and can be used to determine if a switch is being misused

Answer 34

arp

Question 35

the AES encryption standard is also known as ___

Answer 35

Rijindael

Question 36

the ___ encryption model uses Web of Trust and a public key

Answer 36

PGP

Question 37

Risk Assessment looks at ___ and ___

Answer 37

Probability; Impact

Question 38

when Diffie-Hellman uses an elliptical formula it is known as

Answer 38

ECDH

Question 39

99.99% availability leaves ___ of down time per year

Answer 39

52 minutes

Question 40

EAP-___ uses predetermined symmetric keys for authentication, EAP-___ is able to use TLS with both sides supplying a certificate and EAP-___uses TLS but only the server has a certificate

Answer 40

PSK; TLS; TTLS

Question 41

the ___ authentication protocol is rarely used anymore because it passes the username and password as clear text

Answer 41

Password Authentication Protocol (PAP)

Question 42

___ is the main Linux utility that is used to troubleshoot DNS issues

Answer 42

dig

Question 43

___ encapsulates an EAP connection in an encrypted and authenticated tunnel

Answer 43

Protected EAP (PEAP)

Question 44

Microsoft group policy complexity requirement means passwords contain characters from at least ___ different categories

Answer 44

3

Question 45

___ is the usual method of valuing assets, which can be derived from the opinions of managers

Answer 45

asset classification

Question 46

Containerization is virtualizing the ___

Answer 46

Operating System

Question 47

the US Dept of Defense uses a Personal Identity Verification card called a ___

Answer 47

Common Access Control (CAC)

Question 48

___ analysis looks at data, but does not identify trends or patterns

Answer 48

log

Question 49

The ___ file on a local machine provides for fully qualified domain name (FQDN) resolution in the absence of DNS and can be used to redirect users to the wrong web site.

Answer 49

hosts

Question 50

A ___ serves as a centralized authentication point for virtual private network connections.

Answer 50

VPN concentrator

Question 51

A ___ attack is a type of ICMP attack where large amounts of ping packets are sent from a spoofed IP address on the network to the network broadcast address, causing many replies back to the victim and possibly bringing about a denial of service.

Answer 51

smurf

Question 52

A ___ program opens a back door for the hacker to gain access to the system remotely at a later time

Answer 52

RAT

Question 53

A ___ is a group of compromised systems that the hacker has control over and uses to attack a victim’s system.

Answer 53

botnet

Question 54

___ is the best choice for preventing cross-site scripting (XSS) attacks on websites

Answer 54

input validation

Question 55

A ___ device responds by not doing anything to cause harm when the failure occurs. A ___ device responds by making sure the device is using a secure state when a failure occurs.

Answer 55

fail-safe; fail-secure

Question 56

___ uses Microsoft Point-to-Point Encryption (MPPE) protocol to encrypt all traffic from the client to the server.

Answer 56

Microsoft CHAP (MS-CHAP)

Question 57

___ indicates how long an asset may be down or offline without seriously impacting the organization.

Answer 57

The maximum tolerable downtime (MTD)

Question 58

A minimum password age requires that users must wait a certain amount of time before ___

Answer 58

they are allowed to change passwords.

Question 59

___ involves an attacker attempting to take control of or use a Bluetooth-enabled cell phone to place calls.

Answer 59

Bluebugging

Question 60

IPSec provides encryption services for ___ when used in a VPN implementation.

Answer 60

L2TP

Question 61

A ___ is a unique number assigned to each individual user account on a Windows system

Answer 61

security identifier (SID)

Question 62

disaster recovery steps include preparation, ___, ___, ___, ___, reporting

Answer 62

Reporting, Detection, analysis, containment, and eradication