|
|||
Front | Back | ||
What is CIA? (in Security+ context)
|
Confidentiality Integrity Availability
| ||
Define.(in Security+ context) Confidentiality
|
Information should only be accessible by the intended recipients
| ||
Define.(in Security+ context) Integrity
|
Information is not accidentally or maliciously altered or destroyed. Arrive as Sent.
| ||
Define.(in Security+ context) Availability
|
Information and communication services will be ready for use by authorized recipients.
| ||
What are the 3 steps of Access Control Process?
|
Identification Authentication Authorization
| ||
What are 3 types of Access Control
|
Mandatory Access Control / Discretionary Access Control / Role-Based Access Control
| ||
What is port 80?
|
HTTP (web) Hypertext Transfer Protocol
| ||
What is port 443?
|
SSL (web) Secure Socket Layer
| ||
What is the port for FTP Data?
|
Port 20
| ||
What is the port for FTP Control?
|
Port 21
| ||
What is the port for TFTP?
|
Port 69
| ||
What is port 25?
|
SMTP (e-mail) Send Mail Transfer Protocol
| ||
What is Kerberos.(in Security+ context)
|
A trusted
| ||
What is Biometrics?
|
Authentication protocol Based off of unique biological
| ||
What is the most common authentication system?
|
Username and Password.
| ||
What is CHAP?
|
Challenge handshake Authentication Protocol (uses a three-way handshake to prevent replay attacks)
| ||
What is Social Engineering?
|
People manipulating other people to gain access or information about systems.
| ||
What is Birthday Attack?
|
Probability of two different messages using the same hash function that produces a common message digest.
| ||
What is Man-in-the-Middle attack?
|
Intercepting messages and forwarding modified versions of the original message.
| ||
What is SYN attack?
|
Attacker exploits the buffer space during a TCP session handshake by not responding with a FIN.
| ||
What is Teardrop attack?
|
Confuse target packet reordering by modifying the length and fragment offset in IP packets.
| ||
What is Smurf Attack?
|
Uses a combo of IP spoofing and ICMP to saturate a target network with traffic.
| ||
What is Spoofing?
|
Hiding the true address information in packets
| ||
What is Brute Force Attack?
|
Trying every possible key combonation.
| ||
What is Dictionary Attack?
|
Type of brute force that uses common words as key combonations.
| ||
What is Replay Attack?
|
Use a network capture to show a username and password.
| ||
What is a self-contained computer program that replicates itself or smaller parts of itself?
|
A Worm
| ||
What is a program that hides and pretends to be a benign application until called on to perform a certain task?
|
A Trojan Horse
| ||
What is a computer program capable of attaching itself to disks or files and replicating itself without user knowledge or prevention?
|
A Virus
| ||
What is the 2 modes of IPSec?
|
Transport Mode & Tunneling Mode
| ||
What is PPP?
|
Point-to-point protocol that Replaced RAS & utilizes a direct connection from a client to WAN over TCP/IP.
| ||
What is PPTP?
|
Point-to-point tunneling protocol
| ||
What is L2TP?
|
Layer 2 Tunneling Protocol
| ||
Which of the following uses IPSec? PPTP or L2TP
|
L2TP uses IPSec. PPTP only works over IP.
| ||
What is VPN?
|
A virtual private network that operates over a public network and allows remote hosts to dial into a network.
| ||
Name 2 protocols that can be used for VPN.
|
PPTP and L2TP
| ||
Name 2 protocols that make up IPSec.
|
Authentication header and Encapsulating Security Protocol/Payload.
| ||
What is ESP?(in Security+ context)
|
Encapsulating Security Protocol/Payload provide actual encryption services (used in IPSec/VPNs)
| ||
What is AH?(in Security+ context)
|
Authentication Header responsible for authenticity and integrity of information (used in IPSec/VPNs)
| ||
What are the 3 Types of Access Control Factors?
|
Type I: passwords & pin numbers; Type II: physical keys
| ||
What is a system in which a central administrator or administration dictates all of the access to information in a network or system?
|
Mandatory Access Control
| ||
What is a system in which the owners of files(through his own discretion) actually determine who gets access to the information?
|
Discretionary Access Control
| ||
What is a system in which the roles of users determine their access to files?
|
Role-Based Access Control
| ||
What type of authentication uses more than one factor to authenticate a user?
|
Multifactor authentication
| ||
What port does LDAP use?
|
Port 389
| ||
What is Cryptography?(in Security+ context)
|
The science of hiding the meaning of a message useing services and protocols that require complex calculations.
| ||
What are 4 goals of Cryptography?
|
Data Confidentiality
| ||
What is Cryptanalysis?(in Security+ context)
|
The act of breaking the cipher or attempting to understand the cipher text
| ||
What is a Firewall?
|
Any hardware or software designed to prevent unwanted network traffic. (selectively filtering communications)
| ||
What allows or denys traffic on the basis of packet headers of IP
|
UDP
| ||
x of y cards | Next >| |