This site is 100% ad supported. Please add an exception to adblock for this site.

Security+ Set 4


undefined, object
copy deck
What are the seven stages in a certificate life cycle?
certificate enrollment; distribution; validation; revocation; renewal; destruction; auditing
What security advantage do managed hubs provide over other hubs?
they can detect physical configuration changes and report them
What is port mirroring?
on switches, the ability to map the input and output of one or more ports to a single port
What does an attacker need to conduct ARP cache poisoning?
physical connectivity to a local segment
What security hole does RIPv1 pose?
RIPv1 does not allow router passwords
What are the five main services provided by firewalls?
packet filtering; application filtering; proxy server; circuit-level; stateful inspection
Which of the five router services do e-mail gateways provide?
application filtering
What OSI layer do stateful firewalls reside at?
network layer
What are the three types of NAT?
static NAT; dynamic NAT; overloading NAT
What security weakness does SPAP have?
does not protect against remote server impersonation
How do the RADIUS client and server avoid sending their shared secret across the network?
shared secret is hashed and hash is sent
In MAC, what is read-up?
the ability of users in lower security categories to read information in higher categories
In MAC, of read-up, read-down, write-up, and write-down, which two are legal? Which two are illegal?
legal- read-down, write-up
illegal- read-up, write-down
Do hashing algorithms protect files from unauthorized viewing?
no, only verify files have not been changed
What is an SIV?
System Integrity Verifier- IDS that monitors critical system files for modification
Why are VLAN's considered broadcast domains?
all hosts on the VLAN can broadcast to all other hosts on the VLAN
What language are most new smart card applications written in?
What is a bastion host?
a gateway in a DMZ used to secure an internal network
What type of IDS will likely detect a potential attack first? Why?
Network-based IDS: runs in real-time
What drawback do heuristic-based IDS's have?
higher rate of false positives
What are the four layers of the TCP/IP suite? How do they map to the OSI model?
Application > Application-Session
Transport > Transport
Internet > Network
Network < Data Link-Physical
What are the six steps to incident response?
Preparation; Identification; Containment; Eradication; Recovery; Follow-Up
What are most fire extinguishers loaded with?
What is FE-13 used for?
explosion prevention
What is the maximum length of a valid IP datagram?
What is the RFC-recommended size of an IP datagram?
576 bytes
What is IGMP used for?
What is bytestream?
data from Application layer is segmented into datagrams that source and destination computers will support
What two pieces of information comprise a socket?
source IP address and source port
At the Network Interface layer, what is the packet of information placed on the wire known as?
a frame
What IP layer do man-in-the-middle attacks take place at?
internet layer
What IP layers do DoS attacks occur at?
any layer
What IP layer do SYN floods occur at?
transport layer
Which hashing algorithm is more secure, MD5 or SHA-1?
What is the key length for Blowfish?
variable length
How are digital signatures implemented?
a hash is created and encrypted with the creator's private key
How are asymmetric algorithms used for authentication?
authenticator sends a random number (nonce) to receiver, who encrypts it with their private key
In a bridge CA architecture, what is the CA that connects to a bridge CA called?
a principal CA
Who defines a certificate's life cycle?
the issuing CA
At what OSI layer (and above) must networked computers share a common protocol?
data link and above
What security hole does SPAP have?
remote server can be impersonated
What protocol does RADIUS use?
What protocol does TACACS+ use?
What sort of devices normally use TACACS?
network infrastructure devices
What limitation does IPSec have?
only supports unicast transmissions
What does IPSec require to be scaleable?
What are the three major components of SSH?
Transport Layer protocol (SSH-TRANS); User authentication protocol (SSH-USERAUTH); connection protocol (SSH-CONN)
What do BSS and ESS stand for?
Basic Service Set and Extended Service Set
What does ESS offer that BSS does not?
the ability to roam between AP's
What are the two parts of a Key Distribution Center?
An authentication server (AS) and a ticket-granting server (TGS)
What are the three major classification levels with MAC?
Top Secret; Confidential; Unclassified

Deck Info