Card Set Information
SMTP is associated with port ___.
Running an application to see if a particular port is open is called a ___.
___ is the most mathematically secure file encryption.
Does RADIUS use L2TP?
What is PAP?
password authentication protocol
What is EAP?
extensible authentication protocol
What is port 443?
Is NTLM used for securing communication between a client and a server?
Yes—a hashing algorithm authentication protocol from Microsoft
Which kind of site can be online the quickest: a hot site or a mirrored site?
When connecting safely from home to the corporate network, you should use ___.
What should you consider when executing proper logging procedures?
What information you need to reconstruct events, and the amount of disk space required.
What is a potential security risk of USB drives?
potential for software introduction
The most relevant practice for protecting against OS security flaws is ___.
What is DLT?
digital linear tape backup
Is the “risk” of long-term retention of backup data on DLT (tape) media, mainly based on the retention of data on the media?
No—it’s based on compatibility of media and application systems
Is an attacker more likely to use a “Trojan” or a “rootkit” to hide tools to be used at a later date, after an attacker exploits your system?
What’s a common problem you face when doing audit-log reviews?
the timestamps for the different servers are not synchronized
When you implement an IDS, the most important thing is ___.
Having personnel to interpret the results
How should you place the NIDS, if you want to know the types of attacks against the network perimeter?
Place the NIDS outside the firewall
Weak encryption is a problem with the ___ wireless protocol.
What’s an example of a weak password?
___ can be used to gain control of a web camera.
Active X component
Key “types” refer to ___.
Synchronous versus asynchronous. For example, Kerberos uses asynchronous.
How do you reduce the “attack surface” on an OS.
disable unused services
To log-in remotely onto a workstation, port ___ is needed.
What can MAC flooding do to a switch?
Make it act like a hub
Is HIDS an effective way to “harden” an OS?
Is stegenography used to encrypt and decrypt messages in graphics?
Can stegenography be used to hide messages in wave files?
What’s the difference between RADIUS and TACACS?
TACACS encrypts client-server negotiation dialog
Pre-shared keys are used with ___.
Are “disaster exercises” used in conducting risk assessments?
With HIDS, does someone have to manually review the logs?
If you find lots of viruses on numerous domain workstations, should you implement “centralized” antivirus or “decentralized” antivirus?
What kind of attacks is SSLv2 susceptible to?
man in the middle
What allows for secure key exchange over an unsecured network without a pre-shared key?
What should you do if you discover an unauthorized access point attached to the network?
What reduces effectiveness, when deploying and managing NIPS?
encrypting all network traffic
The DMZ is set up ___.
Within the router
Is “biometrics” a logical access control?
Can S/MIME be used to create digital signatures?
When using a digital signature, concerning “which key” the sender uses, there’s a difference between ___ versus ___.
"encrypting with” versus “sent with"
Is the “tunnel” created by L2TP encrypted?
Is the “tunnel” created by PPTP encrypted?
In physical security, ___ is an access control system which implements a non-trusted but secure zone immediately outside the secure zone?
To see if multiple PCs are infected with zombies, you can use ___.
___ requires an update to the baseline, after installing new software on the system.
What prevents damage to evidence during forensic analysis?
read-only drive connectors
What is someone looking for when doing dumpster diving?
Information that can be used in a subsequent attack
What encryption algorithm deals with large prime numbers?