Exam Prep

Card Set Information

Exam Prep
2013-12-21 01:33:54

Second Cert
Show Answers:

  1. TCP attacks
    • TCP uses synchronized connections
    • TCP SYN or TCP ACK Flood Attack P.74 TCP Sequence Number Attack
    • TCP/IP hijacking
  2. ICMP attack
    • UDP attack
    • Associated with echoing
    • ICMP supports maintenance and reporting in a TCP/IP network.
    • Part of the IP level of the protocol suite.
    • Used by Ping
    • Used with DoS attacks
  3. Smurf attacks 

    UDP attack
    • Uses IP spoofing and broadcasting
    • Sends a ping to a group of hosts
    • ICMP ping request answered with an ICMP ping reply
    • Overload of network and target system
    • DoS attack that consumes the network bandwidth of the replying system while victim system deals with flood of ICMP traffic
    • Eliminate with:  prohibit ICMP traffic through a router
  4. Birthday attack
    Targeted at the key, not the algorithm itself, just on the results.  If you key is hashed, the possibility is that given enough time, another value can be created that will give the same hash value.  Pages 342-343

    Based on statistical likelihood of a match.  As the key length grows, the probability of a match decreases.
  5. Weak key attacks
    • Page 343
    • Many common passwords are used by lots of people.  Hash value easier to guess with a short key length.
  6. Mathematical attack
    • Page 343
    • Can be focused on the encryption algorithm itself, the key mechanism, or any potential area of weakness in the algorithm.  Depend on intercepting large amounts of data and methodically attempting to decrypt the messages
  7. PKI
    Public Key Infrastructure

    • PKC is a part of PKI
    • Public Key Cryptograpy
  8. Public Key
    Someone would use your public key to encrypt a message and send it to you.
  9. Private Key
    Asymmetric Algorithms use two keys to encrypt and decrypt data.

    You use your private key to decrypt a message that has been encrypted using your public key and sent to you.
  10. Safe deposit box

    Who has the private key?
    Who has the public key?
    • Box owner keeps the public key.
    • Bank retains the second, or private, key.
    • Must use both keys to open the box.
  11. Asymmetric algorithms
    • RSA
    • ECC - Elliptic Curve Cryptography    smaller than RSA, implemented in    smaller devices
    • Diffie-Hellman
    • El Gamal - similar to Diffie-Hellman
    •  Used for transmitting digital signatures and key exchanges
  12. RSA
    • Asymmetric Algorithm
    • Used with SSLSecure Sockets Layer
    • Rivest, Shamir, Adleman
    • Early public-key encryption system that uses large integer numbers as the basis of th eprocess
  13. Diffie-Hellman
    • Asymmetric Algorithm
    • Used primarily to send keys across the network

    Page 325
  14. ECC
    • Asymmetric Algorithm
    • Elliptic Curve Cryptography

    Page 326
  15. El Gamal
    Asymmetric Algorithm
  16. AES
    • Page 324
    • Advanced Encryption Standard
    • Adopted by the U.S. government
    • Block size of 128 bits, but three different key lengths: 128, 192 and 256 bits.
    • Based on the Rijndael cipher, the work of Rijmen and DaemenApproved by the National Security Agency (NSA) for top secret information

  17. Kerberos
    • 'tickets' to allow nodes communicating over a non-secure network 
    • symmetric key cryptography 
    • Windows 2000 and later use Kerberos as their default authentication method. 
    • The client authenticates itself to the Authentication Server (AS) which forwards the username to a Key distribution center (KDC). The KDC issues a Ticket Granting Ticket (TGT), which is time stamped, encrypts it using the user's password and returns the encrypted result to the user's workstation. This is done infrequently, typically at user logon; the TGT remains valid until it expires.
    • It requires continuous availability of a central server. When the Kerberos server is down, no one can log in. 
    • Kerberos has strict time requirements, which means the clocks of the involved hosts must be synchronized within configured limits.
  18. LDAP
    An application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.

    A common usage of LDAP is to provide a "single sign-on" where one password for a user is shared between many services, such as applying a company login code to web pages (so that staff log in only once to company computers, and then are automatically logged into the company intranet).

     X.500 specification

    LDAP was originally intended to be a lightweight alternative protocol for accessing X.500 directory services through the simpler (and now widespread) TCP/IP protocol stack.

    Today, X.500 directory protocols can be used directly over TCP/IP.

    TCP port and UDP[5] port 389

    Each entry has a unique identifier: its Distinguished Name (DN).

    LDAP (Lightweight Directory Access Protocol) is an application protocol for querying and modifying items in directory service providers like Active Directory, which supports a form of LDAP.Short answer: AD is a directory services database, and LDAP is one of the protocols you can use to talk to it.
  19. TACACS+
    Originally designed as means to automate logins, by which a person who was already authenticated on one host in the network could connect to another host on the same network without needing to authenticate again, TACACS is an open (quasi-)standard.

    Cisco Systems began supporting TACACS in its networking products in the late 1980s, eventually adding their own extensions to the protocol, which the company then called 'XTACACS' ('eXtended TACACS'). In the simple (non-extended) form, Cisco's implementation was compatible with the original TACACS, while the extended form (XTACACS) was not.

    'TACACS+', in which the individual tasks of authentication, authorization and accounting were separate processes. Also, while the XTACACS and TACACS use UDP (port 49), TACACS+ uses TCP (but still port 49).

    • 3 separate processes:  AAA
    • Authentication
    • Authorization
    • Accounting

    • Whereas RADIUS combines authentication and authorization in a user profile, TACACS+ separates the two operations. Another difference is that
    • TACACS+ uses the Transmission Control Protocol (TCP) while
    • RADIUS uses the User Datagram Protocol (UDP).
  20. RADIUS
  21. DoD Model
    • Corresponding Layers
    • DoD Model                 OSI Model 
    • Process Application Layer                                                      Application                                        Presentation                                      Session
    • Host-to-Host Layer        Transport
    • Internet Layer               Network
    • Network Access Layer    Data Link                                           Physical
  22. Port sweep
  23. Port scan
  24. Effect of SMS text messages
  25. DHCP ports
  26. hypervisors
  27. Authorization in Active Directory is done by what?
  28. SSH cannot be used to secure which protocol?
  29. MBSA
  30. Nessus
  31. GFI LANGuard
  32. PPTP VPN can run over which protocols?
  33. IPS has a lot of false positives. What type of IPS is it?
  34. WSUS
  35. Which RSA standard is NOT used by Transparent Data Encryption?
    PKCS# ???
  36. Kismet functions
  37. What port is used to transfer the Cisco IOS to a router?
  38. Which one of these does the answer apply to?

    Host hardening methods
    Application hardening methods
    Network hardening methods
    • System tampering protection,
    • process spawning control, and executable files protection
  39. What would be most effective in blocking a zero-day exploit that uses encrypted network packets to start malicious processes on a host?
    Anomaly based HIPS???
  40. EFS
  41. question
    SFTP port
  42. TFPT port
  43. Most secure wireless protocol?
    • EAP
    • CCMP
  44. P2P networking
  45. Disadvantage of a low interaction honeypot?
  46. How does LDAP store objects?
  47. What can a war driver use to defeat low power settings and proper antenna placement on a wireless network?
  48. FIPS Suite B for protection of data up to the SECRET level - Why use this?
  49. Which attack harvests passwords from a web browsers cache?
    XSS or XSRF?
  50. What does a BCP define?
    Is it Recovery point objectives and recovery time objectives
  51. What type of risk controls would avoid single points of failure, and include fault-tolerant measures, and recovery procedures?
    • Operational - what I chose
    • Technical
    • Management
    • All of these?
  52. What is used to insure the integrity of a forensic image of a hard drive?
    • 3DES - what I guessed
    • RC4
    • AES256
    • SHA256
  53. Which encryption method has up to a 448 bit key?
    Is it Two-Fish?
  54. In which color of penetration testing are testers given a user account with typical privileges?
    • Grey box - I chose this one
    • Black box
    • White box

    2. White-box testingWhite-box testing usually involves close communication and information sharing between your technology group and pen testers. Pen testers are typically supplied with legitimate user accounts, URLs, and even user guides and documentation. This type of penetration test will usually provide the most comprehensive results and is currently the most commonly requested.
  55. What is grey box testing?
    Grey Box testing is a technique to test the application with limited knowledge of the internal workings of an application. In software testing, the term the more you know the better carries a lot of weight when testing an application.Mastering the domain of a system always gives the tester an edge over someone with limited domain knowledge. Unlike black box testing, where the tester only tests the application's user interface, in grey box testing, the tester has access to design documents and the database. Having this knowledge, the tester is able to better prepare test data and test scenarios when making the test plan.
  56. What is black box testing?
    The technique of testing without having any knowledge of the interior workings of the application is Black Box testing. The tester is oblivious to the system architecture and does not have access to the source code. Typically, when performing a black box test, a tester will interact with the system's user interface by providing inputs and examining outputs without knowing how and where the inputs are worked upon.
  57. What is white box testing?
    White box testing is the detailed investigation of internal logic and structure of the code. White box testing is also called glass testing or open box testing. In order to perform white box testing on an application, the tester needs to possess knowledge of the internal working of the code.The tester needs to have a look inside the source code and find out which unit/chunk of the code is behaving inappropriately.
  58. A circuit level firewall does improve on a packet filtering firewall in which of the following ways?
    (Choose all that apply.)
    • A Filters on time of day 
    • B Filters on transport layer protocols such as TCP and UDP 
    • C Filters on source IP address and port 
    • D Filters on destination IP address and port

    I chose  C  and D
  59. WMI filter
    page wml or wmi

  60. What type of cloud computing would be useful to a company with a lot of sensitive data on unreliable systems?
    • IasS
    • PaaS
  61. Which type of firewall would best protect against XSS, CSRF, and SQL injection?
    • A Stateful packet inspection firewall 
    • B Proxy server 
    • C Network firewall 
    • D WAF

    I chose D  WAF
  62. SPIT
  63. Types of SSL certificates?
    • Wildcard?
    • SSL Plus?
  64. What is EV Plus?
  65. A laptop using RADIUS performs which role?
    • Page 135
    • Server
  66. Which type of virus infects only a small percentage of files to avoid detection?
    pages 82-86
  67. Which IPSec protocol provides confidentiality?
  68. IPSec protocols
  69. What CANNOT encrypt email at rest? 
    A RSA 
    B AES 
    C Diffie Hellman 
    D SHA
    I think it is RSA but not sure
  70. RSA
  71. What type of protocol is EFS?
  72. What is used to identify users and computers to the SAM?

    What is SAM?
  73. What is Penetration testing 
    B Vulnerability scanning?  Difference???
  74. What is an Attack Surface Analyzer?
  75. What is the most secure way to encrypt data?
  76. What is SCTP?
    • The Stream Control Transmission Protocol (SCTP) is a new IP transport
    • protocol, existing at an equivalent level with UDP (User Datagram
    • Protocol) and TCP (Transmission Control Protocol), which provide
    • transport layer functions to many Internet applications.  It provides some of the same service features of both: it is message-oriented like UDP and ensures reliable, in-sequence transport of messages with congestion control like TCP.
  77. AAA security protocols
    • A RADIUS 
    • B Diameter 
    • C TACACS+ 
  78. DNS spoofing
    The DNS server is given information about a name server that it thinks is legitimate when it isn't.
  79. IP Spoofing
    The goal is to make the data look as if it came from a trusted host when it didn't ( thus spoofing the IP address of the sending host).
  80. Which type of attack can also do stack fingerprinting?
    • A Smurf        Page 77
    • B Xmas tree 
    • C SYN flood   Page 74, 57
    • D DoS           Page 57
    • See pages 72 - 76 for TCP attacks
    • Page 77 for UDP attacks
  81. Which key is used to verify a digital signature?
    The sender uses the receiver's public key to create a has value that is stored in the message digest.  The sender then sends the message to the receiver.  The receiver can use their private key and compare the value of the message digest.  If the message value from the private key is the same as the message digest sent with the message, the receiver knows he message is authentic.

    Provides both message integrity and authentication.
  82. A user receives notice in a pop-up that their computer is infected with a virus. Which way is the most likely to stop this message safely? A: 
    A Alt + F4 
    B Ctrl + Shift + Escape
    Ctrl + Shift + Escape
  83. If you download a registry cleaner for your home computer using BitTorrent, what is the most serious malware that could infect your computer when you run the registry cleaner?
  84. Steganography
    Steganography is the process of hiding one message in another.  It is also called electronic watermarking.
  85. Quantum cryptography
    Page 318.   A message is sent using a series of photons.  If the receiver know the sequence and polarity of the photons, they can decode the message.  Otherwise, the photons look like random noise.  Only implemented using fiber-optic technology.
  86. Router
    The primary instrument used for connectivity between two or more networks
  87. Switches
    Multiport devices that improve network efficiency.  Switches improve network efficiency and network security .  Switch has limited routing information.
  88. RAS
    Page 119
  89. Modems
    Page 118
  90. Modems
    A hardware device that connects the digital signals from a  computer to an analog telephone line.
  91. Hubs
    Device allowing mamy hosts to communicate with each other through the use of physical ports.  Extrememly insecure. All data received through one port is sent to all other ports.
  92. ECC
    Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields.
  93. DAM
    Database activity monitoring (DAM) is a database security technology for monitoring and analyzing database activity that operates independently of the database management system (DBMS) and does not rely on any form of native (DBMS-resident) auditing or native logs such as trace or transaction logs. DAM is typically performed continuously and in real-time.
  94. DAMP
    Database activity monitoring and prevention (DAMP) is an extension to DAM that goes beyond monitoring and alerting to also block unauthorized activities.
  95. AH
    Authentication Header (AH) is a member of the IPsec protocol suite. AH guarantees connectionless integrity and data originauthentication of IP packets. Further, it can optionally protect against replay attacks by using the sliding window technique and discarding old packets (see below).
  96. What is L2TP?
    An Internet-standard protocol combination of PPTP and Layer 2
  97. An Internet-standard protocol combination of PPTP and Layer 2
    • Forwarding (L2F) that enables the tunneling of PPP sessions across a
    • variety of network protocols, such as IP, frame relay, or Asynchronous
    • Transfer Mode (ATM). L2TP was specifically designed to provide
    • tunneling and security interoperability for client-to-gateway and gateway-
    • to-gateway connections. L2TP does not provide any encryption on its
    • own and L2TP tunnels appear as IP packets, so L2TP employs IP
    • Security (IPSec) Transport Mode for authentication, integrity, and
    • confidentiality.
  98. What is PPTP?
    • A Microsoft VPN Layer 2 protocol that increases the security of PPP by providing tunneling and data encryption for PPP packets. It uses the
    • same authentication types as PPP, and is the most widely supported
    • VPN method among older Windows clients. PPTP encapsulates any
    • type of network protocol and transports it over IP networks.
  99. What is SSTP?
    • This protocol uses the Hypertext Transfer Protocol over Secure Sockets
    • Layer (HTTP over SSL) protocol and encapsulates an IP packet with a
    • PPP header and then with an SSTP header. The IP packet, PPP header,
    • and SSTP header are encrypted by the SSL session. An IP header
    • containing the destination addresses is then added to the packet. It is
    • supported in all current Windows operating systems.
  100. Which of the following can connect to a secure application or a secure web site using just a browser?
    A L2TP
    B PPTP 
    C IPSec 
    D SSTP

  101. In eCommerce, which key is used to encrypt the session key?
    • Message A: Client/TGS Session Key encrypted using the secret key of the client/user.
    • Message B: Ticket-Granting-Ticket (which includes the client ID, client network address, ticket validity period, and theclient/TGS session key) encrypted using the secret key of the TGS
  102. In an enterprise network what produces the highest availability for data?
  103. FC-P2P
    Fibre Channel point-to-point (FC-P2P) is a Fibre Channel topology where exactly two ports (devices) are directly connected to each other.It is the simplest topology, no network addressing is needed, because each message has only one possible receiver.The bandwidth is dedicated.
  104. FC-SW
    Fibre Channel switched fabric

  105. What is a defense against compromise of codes on cyberlocks? (Choose all that apply.) 
    A Code expiration 
    B Minimum code length 
    C Biometric component 
    D Card reader
    Biometric component Card reader The lock holds: a lock id, encrypted access codes, a lost key list, and a list of 1,100 events.  https://cubist.cs.washington.edu/Security/2008/02/10/cyberlocks-security-review/
  106. A government contractor wants to block spam and any malicious email traffic. They want to take a multi-layer approach so that if one control is bypassed, another will still block traffic. Which of the following controls will NOT help? (Choose all that apply.) A: 
    A Use a real-time blackhole list 
    B HIDS 
    C Spam Filter 
    D NIDS 
    E Close open relays 
    F Use an enterprise antivirus suite
    See page 83 and page 87
  107. Distribution group
  108. ESXi
    A Hypervisor
  109. Spear fishing
    Getting inside information on targets
  110. SSH cannot be used to secure which Protocol?
  111. The ../ (dot dot slash) attack does what?
    It exploits insufficient validation of user supplied file names so that characters representing "traverse to parent directory" are parsed. The goal is to access a file that is not intended to be accessible such as a password file or other confidential data.
  112. System tampering protection, process spawning control, and executable files protection are:
    • Application hardening methods
    • http://www.techotopia.com/index.php/Security_Baselines_and_Operating_System,_Network_and_Application_Hardening#Application_Hardening
  113. Host hardening methods
  114. Network hardening methods
    • Updating Software and Hardware
    • Password Protection
    • Unnecessary Protocols and Services
    • Ports
    • Wireless Security 
    • Restricted Network Access

  115. Recovery Agent functions
    • If you have a stand alone computer and the Recovery Agent is the built in administrator account [which it would be by default] then logon as that account and try to decrypt the files.
    • Decrypt files
  116. CCMP
    • Most secure wireless protocol
    • Counter Mode Cipher Block Chaining Message Authentication Code Protocol
  117. P2P networking and social networking are MOST likely to compromise which aspects of security? (Choose all that apply.) A: 
    A  Confidentiality 
    B  Availability
    Both of these are compromised
  118. Yagi
    A Yagi-Uda array, commonly known simply as a Yagi antenna, is a directional antenna consisting of adriven element (typically a dipole or folded dipole) and additional parasitic elements (usually a so-calledreflector and one or more directors).
  119. WEPcrack
    WEPCrack Main:"WEPCrack is an open source tool for breaking 802.11 WEP secret keys. The tool is is an implementation of the attack described by Fluhrer, Mantin, and Shamir in the paper Weaknesses in the Key Scheduling Algorithm of RC4...WEPCrack was the first publicly available code that demonstrated the above attack...released to Bugtraq on Aug 12, 2001"
  120. Sparce infector
    Sparse infector viruses use conditions before infecting files. Examples include files infected only on the 10th execution or files that have a maximum size of 128kb. These viruses use the conditions to infect less often and therefore avoid detection. They are also called sparse viruses.
  121. Heartbeat
    Best for clustered servers to talk to each other while maintaining high availability
  122. What can stop the viewing of confidential files if a Linux boot disk is used on a Windows server?
    EFS and a bitlocker

     Encrypting File System

    Bitlocker:  BitLocker Drive Encryption is a full disk encryption feature included with the Ultimate and Enterprise editions of Microsoft's Windows Vista and Windows 7, and with the Pro and Enterprise editions of Windows 8[1] desktop operating systems, as well as the server platforms, Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012. It is designed to protect data by providing encryption for entire volumes. By default it uses the AES encryption algorithm inCBC mode with a 128-bit or 256-bit key, combined with the ''Elephant'' diffuser for additional disk encryption-specific security not provided by AES.[2][3] CBC is not used over the whole disk, only for each individual disk sector.
  123. Ransomware
    a type of malicious software designed to block access to a computer system until a sum of money is paid."although ransomware is usually aimed at individuals, it's only a matter of time before business is targeted as well"
  124. Vulnerability scanning
    passively tests security controls, identifies vulnerabilities, identifies a lack of security controls, and identifies common misconfigurations.
  125. What is the most secure way to encrypt data?
  126. OTP

    In cryptography, a one-time pad is a system in which a private key generated randomly is used only once to encrypt a message that is then decrypted by the receiver using a matching one-time pad and key

    • One Time Password
    • http://en.wikipedia.org/wiki/One-time_password
  127. The VLANs, switch firmware, and the firewall rules are being updated by a consulting firm. What is the LEAST important thing to do?
    System state backup
  128. Xmas tree attack
    • It is mainly used to check which machines are alive or reachable, and subsequently what ports are open or responding, so that those
    • machines or ports can be used as an avenue for a follow-up attack. The type of port scanning attack
    • uses an Xmas packet with all the flags turned on in the TCP header of the packet. The name “Xmas” refers to all the flags being “on” (like lights) and so a packet is “lit up like a Christmas tree.”

    • This scan is commonly known as a stealth scan due to its ability to hide the scan in progress, and its
    • ability to pass undetected through some popular firewalls, intrusion detection systems (IDSes), and
  129. RAT
    • A remote access Trojan (RAT) is a malware program that includes aback door for administrative control over the target computer. RATs are usually downloaded invisibly with a user-requested program -- such as a game -- or sent as an email attachment. Once the host system is compromised, the intruder may use it to distribute RATs to other vulnerable computers and establish a botnet.
    • The Back Orifice rootkit is one of the best known examples of a RAT.
    • RAT also stands for remote administration tool.
    • A remote access tool (a RAT) is a piece of software that allows a remote "operator" to control a system as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "RAT" software is usually associated with criminal or malicious activity. Malicious RAT software is typically installed without the victim's knowledge, often as payload of a Trojan horse, and will try to hide its operation from the victim and from security software.
  130. What factors are important for major companies with founding, visionary CEOs, who seem to be irreplaceable? (Choose all that apply.)
    • Removing single points of failure
    • Succession planning
  131. Q:A government contractor wants to block spam and any malicious email traffic. They want to take a multi-layer approach so that if one control is bypassed, another will still block traffic. Which of the following controls will NOT help? (Choose all that apply.)
    • HIDS
    • NIDS
  132. Explain the purpose of 
     VPN concentrators
    • high availability
    • and impressive scalability 
  133. VPN concentrators provide high performance, high availability,
    and impressive scalability.