Term
| Describe three traits of Stream Cipher. |
|
Definition
1. Uses Symmetric Encryption
2. It is fast
3. Ciphertext is the same size as the original text. |
|
|
Term
| Describe three traits of Block Cipher. |
|
Definition
1. ECB (Electronic Code Book)
2. CBC (Cipher Block Chaining)
3. Block Encryption |
|
|
Term
| What does HIDS stand for and what is its purpose? |
|
Definition
| A Host Intrusion Detection System (HIDS) is an Intrusion Detection System (IDS) technology that monitors a host on a network to determine whether that host has been attacked by a hacker. |
|
|
Term
| What is a Production Honeypot? |
|
Definition
| It is a comptuer system that is designed to divert hackers from network resources. |
|
|
Term
| What is a Research Honeypot? |
|
Definition
| It is a computer system designed to enable researchers to study the methods that hackers use to infiltrate a computer network or computer system. |
|
|
Term
|
Definition
| A Log File Monitor (LFM) is an Intrusion Detection System (IDS) technology that reads log files to determine whether a network is undergoing a hacker attack. |
|
|
Term
|
Definition
| Microsoft Terminal Services |
|
|
Term
| What is an agent that copies itself when it runs? |
|
Definition
|
|
Term
|
Definition
| Virtual Network Computer is an open-source application that enables users to remotely control computers. |
|
|
Term
|
Definition
A Denial of Service attack that takes advantage of the TCP "three way handshake" protocol. A SYN is a type of TCP packet sent to initiate a connection with a listening TCP port.
A SYN flood occurs when one or more listening TCP ports are sent large numbers of SYN packets. |
|
|
Term
| What is the best way to protect a subnet? |
|
Definition
| Policy based access lists on routers. |
|
|
Term
| How does a "buffer overflow" occur? |
|
Definition
| This occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. The extra data can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. |
|
|
Term
| What is needed for all evidence? |
|
Definition
| The chain of custody must be preserved. |
|
|
Term
| What three things must be done for a proven chain of custody to occur? |
|
Definition
1. The evidence is accounted for at all times.
2. The passage of evidence from one party to the next is fully documented.
3. The passage of evidence from one location to the next is fully documented. |
|
|
Term
| What is a Teardrop attack? |
|
Definition
This targets a vulnerability in the way fragmented IP packets are re-assembled.
In this attack, packet fragments are deliberately fabricated with overlapping offset fields, causing the host to hang or crash when it tries to re-assemble them. |
|
|
Term
|
Definition
| The process of accumilating data regarding a specific network environment, usually for the purpose of finding ways to intrude into the environment. It can reveal system vulnerabilities and improve the ease with which they can be exploited. |
|
|
Term
|
Definition
| Microsoft Base Security Analyzer (MBSA) provides a streamlined method of identifying common security misconfigurations. |
|
|
Term
| An administrator notices that an e-mail server is currently relaying e-mail (including spam) for an e-mail server reqeusting relaying. Upon further investigation the administrator notices the existance of /ect/mailrelay domains. What modifications shoul |
|
Definition
| Delete the S entry in the relay domains file and restart the e-mail process. |
|
|
Term
|
Definition
| The process of putting one packet inside another, usually encapsulating ordinary (non-secure) IP packets inside of encrypted (secure) IP packets. |
|
|
Term
| How does a hacker best find out what services are running on a device? |
|
Definition
|
|
Term
| What is the name for the patterns that intrusion dectection systems look for? |
|
Definition
|
|
Term
| How can you prevent IP spoofing? |
|
Definition
| Have your DNS do reverse lookup's. |
|
|
Term
| What is the most granular form of access control? |
|
Definition
| ACL's (Access Control Lists) |
|
|
Term
| What changes in the configuration should you make after the install of a new OS? |
|
Definition
| Rename the admin and guest accounts. |
|
|
Term
| What is the type of secure connection between a company's main office and branch that occursover a public network? |
|
Definition
|
|
Term
| What is the best way to protect users passwords? |
|
Definition
|
|
Term
| What are the three programming components of WAP (Wireless Application Protocol)? |
|
Definition
Origin Server
Gateway
Client |
|
|
Term
What are the dangers of a malformed MIME (Multipurpose Internet Mail Extensions)?
List four. |
|
Definition
1. It can create a backdoor.
2. It can contain a virus.
3. It can cause an unauthroized disclosure of private information.
4. It can cause an e-mail server to crash. |
|
|
Term
|
Definition
| Malicious code installed on a server that e-mails keystrokes to the author and deletes the systems logs at backup. |
|
|
Term
| What is able to distribute itself without the hosts files? |
|
Definition
|
|
Term
| Digital signatures can be used for what purpose? |
|
Definition
|
|
Term
| What is the weakest link of security? |
|
Definition
|
|
Term
| What must occur in order for logging to be effective? |
|
Definition
| You must review the logs regularly. |
|
|
Term
|
Definition
Access Control
Authentication
Auditing |
|
|
Term
|
Definition
Confidentiality
Integrity
Availability |
|
|
Term
|
Definition
| A policy, software component, or hardware component that is used to grant or deny access to a resource. |
|
|
Term
|
Definition
| The process used to verify that a machine or user attempting access to the networks or resources is, in fact, the entity being presented. |
|
|
Term
|
Definition
| The process of tracking events, errors, access, and authentication attempts on a system. |
|
|
Term
| What was originally designed to decrease broadcast traffic and to be beneficial in copmromising sniffers? |
|
Definition
|
|
Term
| What may be needed when a stored key and a password are not strong enough authentication? |
|
Definition
| multifactor authentication |
|
|
Term
| An FTP server is usually located where on the network? |
|
Definition
|
|
Term
| What are the four major components of ISAKMP (Internet Security Association and Key Management Protocol)? |
|
Definition
Authentication of peers
Threat management
Security Association creation and management
Cryptographic key establishment and management |
|
|
Term
| What privledges does Active X use? |
|
Definition
| Those of the current user. |
|
|
Term
| What kind of attacks are hashed passwords vulnerable to? |
|
Definition
| Dictionary or brute force attacks. |
|
|
Term
| What is the definition of a Honeypot? |
|
Definition
| A decoy to attact and collect information on intruders. |
|
|
Term
| What is the first process to resume when returning to the original site, following a disaster? |
|
Definition
| The least critical process. |
|
|
Term
| Documenting change levels and revisions is most useful for what? |
|
Definition
|
|
Term
| Controlling access to IS (information system) networks is neccessary to preserve what three things? |
|
Definition
CIA
Confidentiatlity
Integrity
Availability |
|
|
Term
| What is the name of the collection of information that includes login, file access, and whether it was attempted, legitimate, or unauthorized? |
|
Definition
|
|
Term
| What are three vulnerabilities of FTP (File Transfer Protocol)? |
|
Definition
Clear text passwords
Anonymous logins
Possible collection/distribution points for unlicensed software |
|
|
Term
| What is true when comparing a virus to a hoax? |
|
Definition
| A hoax does just as much damage as a real virus. |
|
|
Term
| What is the greates benefit to S/MIME (Secure Multipurpose Internet Mail Extensions)? |
|
Definition
| Encrypting and signing e-mail. |
|
|
Term
| What is privledge escalation? |
|
Definition
| An attack where a user exploits a bug in an application to gain access to resources which would normally have been protected from an appplication or user. The result is that the application performs actions with a higher security context than intended by the application developer or administrator. |
|
|
Term
| Which access control is based on the responsibility the user has in an organization? |
|
Definition
| RBAC (Role-based access control) |
|
|
Term
| What are the four layers of WAP (Wireless Application Protocol)? |
|
Definition
Wireless Application Environment (WAE)
Wireless Session Layer (WSL)
Wireless Transport Layer Security (WTLS)
Wireless Transport Layer (WTP) |
|
|
Term
|
Definition
| The use of a software application in conjunction with a modem to penetrate the modem-based systems of an organization by continually dialing in. |
|
|
Term
| What results in DNS resolving the wrong IP and causing misdirection? |
|
Definition
|
|
Term
| What is the purpose of a Certificate Policy? |
|
Definition
| It determines what information a digital certificate will contain. |
|
|
Term
|
Definition
| Policies and procedures intended to reduce the likelihood of damage or injury. |
|
|
Term
|
Definition
| Wireless Transport Layer Security (WTLS) is the security layer of WAP (Wireless Application Protocol). |
|
|
Term
|
Definition
| The inability to deny that they performed an action on a block of data. |
|
|
Term
|
Definition
| It protects email with PK and encryption. |
|
|
Term
|
Definition
| When a machine sends a ping (echo request) to several machines disguising itself as another machine in the source field of the echo request. The machines reply back to the incorrect source and flood the machinewith ping requests it never asked for. |
|
|
Term
| Define "seperation of duties". |
|
Definition
| Requires that for particular sets of transactions, no single individual be allowed to execute all transactions within the set. |
|
|
Term
| What is a "Ping of Death" attack? |
|
Definition
| A denial of service (DOS) attack caused by an attacker deliberately sending an IP packet larger than 65,536 bytes allowed by the IP protocol. |
|
|
Term
|
Definition
| GOST is a Russian private key encryption standard that uses a 256-bit encryption key. GOST was developed asa counter to the Data Encyrption Standard (DES). |
|
|
Term
|
Definition
| A private encyrption standard that is used in Pretty Good Pivacy (PHP). |
|
|
Term
| What is IDEA (International Data Encyrption Algorithm)? |
|
Definition
| A private key encryption standard that was developed in Switzerland. IDEA is used in PGP and uses 128-bit encryption keys. |
|
|
Term
|
Definition
| A private key encryption standard that was developed at the Massachusetts Institute of Technology (MIT). RC5 supports varialbe length encryption keys. |
|
|
Term
| What is a POP (Point of Presence)? |
|
Definition
| The equipment in a telephone company central office (CO) that connects an ISP to the digital communications network. |
|
|
Term
|
Definition
| The network media that connects a customer to a telephone company central office. |
|
|
Term
| What is a digital signature? |
|
Definition
| An encrypted checksum that is sent with a file that can be used to verify if a file was changed during transit. |
|
|
Term
| What is an SIV (System Integrity Verifier)? |
|
Definition
| It is an IDS (Intrusion Detection System) that examines critical system files for modifications. |
|
|
Term
| In a PKI (Public Key Infastructure) what is is the device that can be used to sign certificates known as? |
|
Definition
|
|
Term
|
Definition
| A public key that has been verified and is trusted to sign digital certificates. |
|
|
Term
| In a PKI (Public Key Infastructure) what is the definition of an issuer? |
|
Definition
| An entity that signs certificates provided by a subject. |
|
|
Term
| In a PKI (Public Key Infastructure) what is the definition of a relying partner or a verifier? |
|
Definition
| An entity that verifies a certificate chain. |
|
|
Term
| In a PKI (Public Key Infastructure) what is the definition of a target? |
|
Definition
|
|
Term
| What is the 3 byte MAC prefix for Cisco NICS? |
|
Definition
|
|
Term
| What does the AS (Authentication Service) do in Kerberos 5? |
|
Definition
| Authenticates users and providers with a Ticket Granting Ticket (TGT). |
|
|
