What is a key difference in security between MAC and DAC? What DoD classification does MAC map to?

What DoD classification does DAC map to? What does CHAP use for authentication? What is AES? What type of encryption is AES? What kind of algorithm is 3DES? What algorithm does AES use? What two encryption standards is AES designed to replace? What is the most effective way of enforcing security in a dialup network? What port do DNS zone transfers use? What port do DNS lookups use? Why do routers help limit the damage done by sniffing and MITM attacks? What are the two types of symmetric algorithms? What are the two advantages of block ciphers over stream ciphers? What is the main difference between S/MIME and PGP? What is the maximum throughput of 802.11a? What frequency does 802.11b operate at? What is the maximum throughput of 802.11b? What frequency does 802.11g operate at? What is the maximum throughput of 802.11g? Is 802.11g backwards-compatible with 802.11a and 802.11b? What type of media access control does 802.11 use? What sort of attack does TACACS+'s lack of integrity checking make it vulnerable to? What two bit strengths is SSL available in? What two bit strengths is SSL available in? What is the maximum capacity of QIC? What is the maximum capacity of 4mm DAT? What is the maximum capacity of 8mm tapes? What is the maximum capacity of Travan? What is the maximum capacity of DLT? With biometric scanning what is rejecting a valid user called? With biometric scanning what is accepting a user who should be rejected called? In biometric scanning what is the crossover accuracy? What mathematical fact does a birthday attack rely on? What is CRL?

In MAC a user who can access a file cannot necessarily copy it. Level-B classification Level-C classification hashing Also known as Rijndael, is a block cipher adopted as an encryption standard by the U.S. government. symmetric symmetric Rijndael DES and 3DES require callback TCP port 53 UDP port 53 They send data to a specific subnet only block and stream They are faster and more secure. S/MIME relies upon a CA for public key distribution 54 Mbps 2.4 GHz 11 Mbps 2.4 GHz 54 Mbps backwards-compatible with 802.11b only at 11 Mbps collision avoidance replay attacks 40-bit and 128-bit 40-bit and 128-bit 20 GB 40 Gb 50 Gb 40 Gb 220 Gb Type I Error Type II error When type I error equals Type II error. it is much easier to find two datasets that share a hash than to find a dataset that shares a hash with a given dataset Certificate Revocation List

A list of certificates (more accurately: their serial numbers) which have been revoked, are no longer valid, and should not be relied on by any system user. Online Certificate Status Protocol What is OCSP? The replacement for CRL What disadvantage does CRL have that OCSP addresses? Does TLS use the same ports for encrypted and unencrypted data? What is the difference between S-HTTP and SSL? What is the primary limitation of symmetric cryptography? What protocol is being pushed as an open standard for IM? In relation to AAA what is CIA? What are the three components of AAA? What is an open relay? Describe the Diffie-Hellman key exchange. What encryption scheme does WEP use? Who created RC2 and RC4? What are the two main types of firewalls? How does an application level firewall handle different protocols? What happens if an application-level protocol doesn't have a proxy program for a given protocol? What limitation do application-level firewalls create for proprietary software? Which is faster, application-level or networklevel firewalls? What are the two types of network-level firewalls? What might be indicated by packets from an internal machine with an external source address in the header? What is the DSS? Does DSS use symmetric or asymmetric keys? What is PEM? What does PGP use in place of a CA? What type of encryption is Kerberos? What is X.509 used for? What are tokens also known as? What type of network is extremely vulnerable to public-key encryption similar to S/MIME A "web of trust". symmetric digital certificates One-time passwords wireless Provides for non-repudiation of messages. Proposed by NIST. asymmetric Privacy Enhanced Mail updates must be downloaded frequently to be accurate No. S-HTTP is designed to send individual messages securely, SSL sets up a secure connection between two computers key distribution SIMPLE Confidentiality, Integrity, Availability Authentication, Authorization(Access Control), Accounting(Auditing) an SMTP relay that does not restrict access to authenticated users A cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher. RC4 Rivest application-level and network-level With a proxy program for each protocol the protocol can't pass through the firewall "proprietary software often uses proprietary protocols, which often can't pass the firewall" network-level firewalls packet filters and stateful packet inspection machine is being used in a DoS/DDoS attack Digital Signature Standard

Man in the Middle attacks? What is smurfing? What port does the chargen exploit use? What port does echo use? What ports does FTP use? What port does FTP use for data? What port does SSH use? What port does Telnet use? What port does SMTP use? What port does TACACS use? What ports does DNS use? What port does POP3 use? What port does SNMP use? What port does HTTPS use? What port does RADIUS use? What does 802.1x do? What is TACACS? What advantage does TACACS+ have over TACACS? What protocol is replacing PPTP? What two protocols were combined to form L2TP? What are the two main components of L2TP? What three utilities comprise SSH? What type of encryption does SSH use? What two services are provided by IPSec? What encryption does S/MIME use? Who developed PGP? What is PGP primarily used for? What type of encryption does PGP use? What two algorithm options exist for PGP? Are SSL sessions stateful or stateless? What two strengths does SSL come in? What is TLS? What type of encryption does SSL use? What two layers does TLS consist of? Are SSL and TLS compatible? What is HTTPS? What kind of encryption does HTTPS use? What is Authenticode? What language is normally used to write CGI scripts? What is DEN? TLS Handshake Protocol No. HTTP over SSL 40-bit RC4 A method of signing ActiveX controls. Perl Directory Enabled Networking Encapsulating Security Payload (ESP) RSA Phillip R. Zimmerman email encryption public key - asymetric RSA and Diffie-Hellman stateful 40-bit and 128-bit Transport-Layer Security- a successor to SSL RSA - PKI - public-key TLS Record Protocol "broadcasting echo requests with a falsified source address, overwhelming the owner of the address" TCP 19 port 7 ports 20 and 21 port 20 port 22 port 23 port 25 port 49 TCP and UDP 53 port 110 port 161 TCP 443 port 1812 Provides an authentication framework for wired and wireless networks. Terminal Access Controller Access Control System multi-factor authentication L2TP Microsoft's PPTP and Cisco's L2F L2TP Access Controller (LAC) and L2TP Network Server (LNS) SSH, Slogon, SCP RSA publickey Authentication Header (AH)

What model is DEN based on? What security problem does FTP have? What does S/FTP use for encryption?

A specification for how to store network information in a central location. Common Information Model (CIM) Authentication is sent in clear text. SSL Wireless Application Environment (WAE) Wireless Session Layer (WSL)

What are the four WAP layers? Wireless Transport Layer Security (WTLS) Wireless Transport Layer (WTL) Wireless Markup Language What is WML? What OS do most PBX's use? What is hashing? Used to create pages for WAP UNIX It is a reproducible method of turning some kind of data into a (relatively) small number that may serve as a digital "fingerprint" of the data. Heirarchical Trust Bridge Trust Mesh Trust Hybrid Trust multiple parties must be present before access to the token is granted Yes. No. Diffie-Hellman 40-bit DES algorithm port-based, MAC-based, protocol-based implicit, based on MAC address

What four trust models do PKI's fall into? What is unique about the Mesh Trust model of PKI? Does PPTP require IP connectivity? Does L2TP require IP connectivity? What does IPSec use for authentication and key exchange? What does IPSec use for encryption? What three methods are used to determine VLAN membership on the local switch? What two methods are used to determine VLAN membership on a remote switch?

explicit, where the first switch adds a tag Why is detecting statistical anomolies a good don't have to understand the root cause of the anomolies approach to intrusion detection? What is the top priority in computer forensics? document each step taken What type of access control do most commercial DAC OS's use? CHAP challenges a system to verify identity. CHAP doesnt use a user ID/password mechanism. Instead, the initiator sends a logon request from the client to the server. The server sends a challenge back to the client. The challenge is encrypted and then How does CHAP work? sent back to the server. The server compares the value from the client and, if the information matches, grants authorization. If the response fails, the session fails, and the request phase starts over. Is PPTP usually implemented through hardware software or software? Is L2TP usually implemented through hardware Hardware or software? What is compulsory tunneling? situation where VPN server chooses the endpoint of a communication What advantage does compulsory tunneling allows VPN connections to be concentrated over fewer high-capacity lines provide? What port does L2TP use? UDP 1701

Transport, where only the data is encrypted. What are the two encryption modes for IPSec?

Tunneling, where the entire packet is encrypted. What protocol does IPSec use to exchange keys? Internet Key Exchange (IKE) What is key escrow? Administration of a private key by a trusted third party. What advantage does TACACS+ have over better security RADIUS? What advantage does RADIUS have over better vendor support and implementation TACACS+? What makes non-repudiation a stronger version non-repudiation comes from a third party of authentication? Non-repudiation has been compared to what realusing a public notary world version of authentication? The Teardrop attack involved sending IP fragments with overlapping payloads to the What is a teardrop attack? target machine. A bug in the TCP/IP fragmentation re-assembly code caused the fragments to be improperly handled, crashing the operating system as a result What is an AUP? Acceptable Use Policy From what does RSA derive its strength? the difficulty of factoring large numbers Rivest What three people were involved in the creation Shamir of RSA? Adleman Is RSA a public or private key system? public-key What is the standard key length for DES? 56 bits What is the standard key length for IDEA? 128 bits What is the standard key length for 3DES? 168 bits How are RSA and DES used together? RSA is used to encrypt the key for transmission, DES is used for message encryption What kind of encryption does AES use? Symetric and uses the Rijndael algorithm International Data Encryption Algorithm What is IDEA? A 128-bit private-key encryption system. What are the two most popular hashing routines MD5 and SHA-1 in use today? What size is an MD5 hash? 128 bits What is MD5 designed for? digital signatures Observing the timer value in the TCP stack OS Fingerprinting makes what possible? Acquire What are the three A's in computer forensics? Authenticate Analyze What is the first step in risk analysis? Identifying Assets What type of network is CHAP primarily used PPP on? What are the seven stages in a certificate life certificate enrollment, distribution, validation, revocation, renewal, destruction, cycle? auditing What security advantage do managed hubs they can detect physical configuration changes and report them provide over other hubs? On switches, the ability to map the input and output of one or more ports to a single What is port mirroring? port. What does an attacker need to conduct ARP physical connectivity to a local segment cache poisoning? What security hole does RIPv1 pose? RIPv1 does not allow router passwords What are the five main services provided by packet filtering, application filtering, proxy server, circuit-level, stateful inspection

firewalls? Which of the five router services do e-mail gateways provide? What OSI layer do stateful firewalls reside at? What are the three types of NAT? What security weakness does SPAP have? How do the RADIUS client and server avoid sending their shared secret across the network? In MAC, what is read-up? In MAC, of read-up, read-down, write-up, and write-down which two are legal? Which two are illegal?" Do hashing algorithms protect files from unauthorized viewing? What is an SIV?

application filtering network layer static dynamic overloading does not protect against remote server impersonation shared secret is hashed and hash is sent The ability of users in lower security categories to read information in higher categories legal: read-down, write-up illegal- read-up, write-down No, hashing only verifies that files have not been changed. System Integrity Verifier

IDS that monitors critical system files for modification Why are VLAN's considered broadcast domains? all hosts on the VLAN can broadcast to all other hosts on the VLAN What language are most new smart card Java applications written in? A bastion host is a computer on a network that provides a single entrance and exit What is a bastion host? point to the Internet from the internal network and vice versa. What type of IDS will likely detect a potential Network-based IDS because it runs in real-time. attack first and why? What drawback do heuristic-based IDS's have? higher rate of false positives What are the six steps to incident response? Preparation, Identification, Containment, Eradication, Recovery, Follow-Up What are most fire extinguishers loaded with? FE-36 What is FE-13 used for? It is the preferred alternative to Halon 1301. What is the maximum length of a valid IP 64K datagram? What is the RFC-recommended size of an IP 576 bytes datagram? It is a communications protocol used to manage the membership of Internet Protocol What is IGMP used for? multicast groups or simply mulicasting. data from Application layer is segmented into datagrams that source and destination What is bytestream? computers will support What two pieces of information comprise a source IP address and source port socket? "At the Network Interface layer, what is the packet of information placed on the wire known a frame as?" What TCP/IP layer do man-in-the-middle attacks internet layer take place at? What IP layers do DoS attacks occur at? any layer What IP layer do SYN floods occur at? transport layer Which hashing algorithm is more secure, MD5 or SHA-1 SHA-1? What is the key length for Blowfish? variable length

How are digital signatures implemented? How are asymmetric algorithms used for authentication? "In a bridge CA architecture, what is the CA that connects to a bridge CA called?" Who defines a certificate's life cycle? At what OSI layer (and above) must networked computers share a common protocol? What security hole does SPAP have? What protocol does RADIUS use? What protocol does TACACS+ use? What sort of devices normally use TACACS? What limitation does IPSec have? What does IPSec require to be scaleable? What are the three major components of SSH? What do BSS and ESS stand for? What does ESS offer that BSS does not? What are the two parts of a Key Distribution Center?

a hash is created and encrypted with the creator's private key Authenticator sends a random number (nonce) to receiver, who encrypts it with their private key a principal CA The issuing CA. data link and above remote server can be impersonated UDP TCP network infrastructure devices only supports unicast transmissions a PKI Transport Layer protocol SSH-TRANS) User authentication protocol (SSH-USERAUTH) connection protocol (SSH-CONN) Basic Service Set and Extended Service Set the ability to roam between AP's An authentication server (AS) and a ticket-granting server (TGS)

What are the three major classification levels with Top Secret, Confidential, Unclassified MAC? What does echo do? responds to packets on UDP port 7 What does chargen do? Responds to packets on UDP port 19 with random characters. Running scans against other computers through a vulnerable FTP What is an FTP bounce? server. What version of BIND allows for mutual BINDv9 authentication? What ports are commonly used for NetBIOS "TCP/UDP 137, 138, 139" names and sessions? What ports do DHCP and BOOTP/Bootstrap TCP/UDP ports 67 servers use? What port does NNTP use? TCP/UDP 119 What port does LDAP use? TCP/UDP port 389 What port does LDAPS use? TCP/UDP port 636 Why can hand geometry only be used for Hand geometry is not unique. verification, rather than identification? What advantages do hand geometry scans have They are faster, cleaner, and less invasive. over fingerprint scans? What are the advantages and disadvantages of most reliable but most invasive retinal scanning? What disadvantage does speech recognition have? Easier to spoof than other biometric techniques. What are QIC tapes primarily used for? Backing up standalone computers. What are DAT drives primarily used for? basic network backups What three tape types offer high capacity and "8mm, DLT, and LTO" rapid data transfer? How does a host respond to a TCP connect scann open: SYN-ACK, closed: RST if the scanned port is open? Closed?

What can be done to reduce the effects of halfopen attacks? How does a host respond to a FIN packet if the scanned port is open, closed? How does an XMAS scan work? What TCP sequence number does an XMAS scan use? What are two characteristics of a null scan? What is a TCP ACK scan used for? What is a window scan? What are the two basic types of DoS attacks? What three basic router/firewall measures will reduce the effects of a DoS attack? What is source routing? How is source routing used by attackers? How can source routing be defended against? What two methods do IDS's use to detect and analyze attacks? What advantage does LEAP have over EAP? What protocol does 802.1x use for authentication? How does an 802.1x authenticator handle authentication traffic?

reduce the time a port waits for a response open: packet discarded closed: RST a variety of TCP packets are sent to elicit a response 0 TCP sequence number set to 0 and no TCP flags set. determining if a port is filtered by a firewall OS fingerprint by finding the hosts default TCP window size. flaw exploitation attacks and flooding attacks egress filtering ingress filtering disabling IP-directed broadcasting Sender defines hops a packet must travel through used to route packets around security devices routers can be configured to discard source-routed packets Misuse detection and anomoly detection. LEAP allows for mutual authentication EAP Passes it to a RADIUS server for authentication Elliptical Curve Cryptography

What is ECC?

What standard is LDAP based on? Who developed SSL? What three protocols are routinely layered over TLS? What two types of certificates does S/MIME use? What is the "hidden node" problem? What does WEP stand for? In a 128-bit WEP key, how long is the actual secret key?

A public-key cryptographic method which generates smaller, faster, and more secure keys. Used more with wireless cell devices. X500 Netscape IMAP, POP3, and SMTP PKCS #7 certificates for message content and X.509v3 for source authentication When a wireless client cannot see the network due to interference. Wired Equivalent Privacy 104 bits The first 24 bits are used for the Initialization Vector (IV) TCP 20 TCP 21 TCP 22 TCP 23 TCP 25 UDP 53 TCP 53 UDP 67

FTP data port FTP control port SSH port? Telnet SMTP port? DNS lookup port? DNS zone transfer port? Bootstrap protocol server, DHCP server What port does Bootstrap/bootp and DHCP clients UDP 68 use? TFTP port? UDP 69

HTTP port? Kerberos port? POPv2 POPv3 port? Sun RPC port? What Port is Network Time Protocol (NTP)? PKCS #3 NetBIOS name service NetBIOS datagram service NetBIOS session service IMAP port? SNMP port? SNMP Trap What port does LDAP use? TLS/SSL port? Microsoft DS (NetBIOS service) port? IKE UNIX Syslog port? L2TP port? PPTP port? Sun NFS port? Microsoft Terminal Services port? PCAnywhere data port? PCAnywhere status port? ICMP protocol # TCP protocol # UDP protocol # Generic Routing Encapsulation (GRE) protocol # What is Generic Routing Encapsulation (GRE) used in? Authentication Header (AH) protocol # Encapsulating Security Payload (ESP) protocol # At what OSI layers do gateways function at? What layer provides network access for applications? What layer provides flow control? What OSI layer establishes the availability of other computers on the network? What OSI layer determines if sufficient resources exist for communication to occur between two computers? What layer does SMTP function at? What OSI layer does FTP function at? What OSI layer does SNMP function at? What layer does Telnet function at? What layer does Appletalk function at? What layer performs protocol conversion? What layer performs encryption?

TCP 80 TCP 88 TCP 109 TCP 110 111 TCP/UDP 123 Diffie-Hellman Key Agreement Standard TCP/UDP 137 UDP 138 TCP 139 TCP 143 UDP 161 UDP 162 TCP 389 TCP 443 TCP/UDP 445 Internet Security Association and Key Management Protocol UDP 514 UDP 1701 TCP 1723 TCP 2049 TCP 3389 TCP 5631 UDP 5632 1 6 17 47 PPTP connections 51 50 Transport layer and above. the Application layer Application layer Application layer Application layer the Application layer Application layer Application layer Application layer Application layer Presentation layer Presentation layer

What OSI layer performs compression? What layer synchronizes computers involved in a communication? What OSI layer handles connection establishment, data transfer, and connection release? What layer does NetBIOS function at? What layer repackages messages into smaller formats? What layer provides error-free delivery and error handling functions? What layers does NetBEUI function at? What layer does TCP function at? What OSI layer does SPX function at? What layers does NWLink function at? What layer handles logical addressing? What layer handles routing? What layer handles traffic management? What OSI layer does IP function at? What layer does IPX function at? What devices function at the Network layer? What layer packages raw bits into frames? What is the purpose of packaging raw bits into frames? What OS layer includes a Cyclical Redundancy Check (CRC)? What are the two sublayers of the Data Link layer? What does the LLC sublayer use to create links for the MAC sublayer? What devices function at the Data Link layer? What devices function at the Physical layer? How many bits are in a MAC address? What protocol is used to map MAC addresses to IP addresses? Kerberos is a _________ authentication and _________ sign-on solution. What is a realm? How many steps are there to kerberos authentication? CHAP was developed as a secure alternative to what? How many steps are there to CHAP Authentication? Smurf and Fraggle attacks are conisdered what types of attacks? What type of packets does a smurf attack use? What type of packets does a Fraggle attack use? What is a Land attack?

Presentation layer Session layer Session layer Session layer Transport layer

Transport layer the Transport and Network layers Transport layer Transport layer the Transport and Network layers the Network layer Network layer Network layer Network layer the Network layer routers Data Link layer they are transmittable across a network Data Link layer the Logical Link Control (LLC) and the MAC sublayers Destination Service Access Points and Source Service Access Points switches, bridges, and brouters multiplexers and repeaters 48 bits ARP Third Party, Single A realm is the network protected under a single Kerberos implementation. 9 PAP (Password Authentication Protocol) 7 DRDoS Distributed Reflective Denial of Service ICMP echo reply UDP packets directed to port 7 (echo port) or 19 (chargen port) Numerous SYN packets are sent to the victim with source and destination

What is a Ping Flood? What is the Ping of Death attack? What is the Bonk Attack? What is the Boink attack? What method of access control is best suited for environments with a high rate of employee turnover? What is the strongest form of authentication? What is the strongest form of password? Name three VPN protocols. Name three types of remote access that RADIUS can be used with. RADIUS is known as a _________ server.

addresses spoofed as the victims address. The victim is confused because its unable to respond to a packet it sent to itself that it has no record of sending. This often results in a freeze or crash. The attacker sends numerous ping echo requests to a victim. The victim responds with the echo. If enough inbound and outbound packets are transmitted, no legitimate traffic will be able to use the communication link. The attacker sends oversized ping packets to the victim; the victim doesnt know how to handle invalid packets, and it freezes or crashes. The attacker sends a corrupt UDP packet to DNS port 53. This type of attack may cause Windows systems to crash. The same as Bonk, but the corrupt UDP packets are sent to numerous ports. The result may cause a Windows system to crash. RBAC Multi-Factor One-Time use PPTP, L2TP, IPSec dial-up, VPN, terminal services In fact any type of remote access can be used with RADIUS. AAA Authentication, authorization(or access control), auditing symmetric

What type of cryptogrophy does IPSec use? What technology can be used to add an additional layer of protection between a directory servicesRADIUS based network and remote clients? What technology uses a six-step handshake process to establish a secured session between a SSL web serer and a web client? By monitoring within a session between an internal trusted host and an external untrusted host. This monitoring occurs at the Session layer (layer 5) A circuit level firewall filters traffic by monitoring of the OSI model. This type of firewall ensures that the packets involved in what? establishing and maintaining the circuit (a virtual circuit or session) are valid and used in the proper manner. What are the three basic divisions of hashing, symmetric cryptography, and asymmetric cryptography cryptography? What bit value is SHA-1? 160-bit value What bit values does MD2-5 use? 128-bit values What is the block size of AES? Variable What is the key size for AES? 128, 192, and 256 Name the common symmetric cryptography AES, 3DES, DES, IDEA, Blowfish, Twofish, Rivest Cipher (RC5), Carlisle solutions. Adams/Stafford Tavares (CAST-128) Rivest Shamir Adleman (RSA), Diffie-Hellman, Error Correcting Code Name the common asymmetric solutions. (ECC), and El Gamal From a private corporate perspective what is the Centralized most secure key management solution? This is the percentage of asset value loss that would occur if a risk was Exposure Factor (EF) realized (for example, if an attack took place). This is the potential dollar-value loss from a single risk realization incident. Single Loss Expectancy (SLE) Its calculated by multiplying the EF by the asset value. Annualized Rate of Occurrence (ARO) This number is the statistical probability that a specific risk may be realized

Annual Loss Expectancy (ALE) PKCS#11 Encryption is applicable to all of the OSI model layers except? Which method of authentication must be used in IPSec if the communications mode is gatewaygateway, host-gateway? What type of firewall can be used to track connectionless protocols such as UDP and RPC? Asymmetric cryptography is based on the work of who? What is a class A fire extinguisher used for? What is a class B fire extinguisher used for? What is a class C fire extinguisher used for? What is a class D fire extinguisher used for? What is a class K fire extinguisher used for? Symmetric (private) key cryptography when compared to public (asymmetric) cryptography is how many times faster? Within the key management lifecycle, what occurs when the CA creates a certificate signed by its own digital certificate? What is another term for Thinnet? A network hub functions on which layer of the OSI model? The bell-lapadula model is primarily concerned with protecting? What is the basis of DAC?

a certain number of times in a year. Its obtained from a risk assessment company or an insurance company. This is the potential dollar value loss per year per risk. Its calculation by multiplying the SLE by the ARO An API, designed to be platform independent, defining a generic interface to cryptographic tokens, such as Hardware Security Modules and smart cards. Physical ESP Stateful Inspection Diffie-Hellman Ordinary combustibles Flammable liquids Energized electrical equipment Combustible metals Cooking oils 1,000 to 10,000 times faster.

Certification 10Base2 Physical Confidentiality Access Control Lists

ACLs What are the three access methods used by RBAC? task-based, lattice-based & role-based Is mutual authentication mandatory or optional in optional Kerberos? OSPF Open Shortest Path First