StudyDroid: FlashCards on the web, and in your hand!

What is CIA? (in Security+ context)

Confidentiality Integrity Availability

Define.(in Security+ context) Confidentiality

Information should only be accessible by the intended recipients

Define.(in Security+ context) Integrity

Information is not accidentally or maliciously altered or destroyed. Arrive as Sent.

Define.(in Security+ context) Availability

Information and communication services will be ready for use by authorized recipients.

What are the 3 steps of Access Control Process?

Identification Authentication Authorization

What are 3 types of Access Control

Mandatory Access Control / Discretionary Access Control / Role-Based Access Control

What is port 80?

HTTP (web) Hypertext Transfer Protocol

What is port 443?

SSL (web) Secure Socket Layer

What is the port for FTP Data?

Port 20

What is the port for FTP Control?

Port 21

What is the port for TFTP?

Port 69

What is port 25?

SMTP (e-mail) Send Mail Transfer Protocol

What is Kerberos.(in Security+ context)

A trusted

What is Biometrics?

Authentication protocol Based off of unique biological

What is the most common authentication system?

Username and Password.

What is CHAP?

Challenge handshake Authentication Protocol (uses a three-way handshake to prevent replay attacks)

What is Social Engineering?

People manipulating other people to gain access or information about systems.

What is Birthday Attack?

Probability of two different messages using the same hash function that produces a common message digest.

What is Man-in-the-Middle attack?

Intercepting messages and forwarding modified versions of the original message.

What is SYN attack?

Attacker exploits the buffer space during a TCP session handshake by not responding with a FIN.

What is Teardrop attack?

Confuse target packet reordering by modifying the length and fragment offset in IP packets.

What is Smurf Attack?

Uses a combo of IP spoofing and ICMP to saturate a target network with traffic.

What is Spoofing?

Hiding the true address information in packets

What is Brute Force Attack?

Trying every possible key combonation.

What is Dictionary Attack?

Type of brute force that uses common words as key combonations.

What is Replay Attack?

Use a network capture to show a username and password.

What is a self-contained computer program that replicates itself or smaller parts of itself?

A Worm

What is a program that hides and pretends to be a benign application until called on to perform a certain task?

A Trojan Horse

What is a computer program capable of attaching itself to disks or files and replicating itself without user knowledge or prevention?

A Virus

What is the 2 modes of IPSec?

Transport Mode & Tunneling Mode

What is PPP?

Point-to-point protocol that Replaced RAS & utilizes a direct connection from a client to WAN over TCP/IP.

What is PPTP?

Point-to-point tunneling protocol

What is L2TP?

Layer 2 Tunneling Protocol

Which of the following uses IPSec? PPTP or L2TP

L2TP uses IPSec. PPTP only works over IP.

What is VPN?

A virtual private network that operates over a public network and allows remote hosts to dial into a network.

Name 2 protocols that can be used for VPN.

PPTP and L2TP

Name 2 protocols that make up IPSec.

Authentication header and Encapsulating Security Protocol/Payload.

What is ESP?(in Security+ context)

Encapsulating Security Protocol/Payload provide actual encryption services (used in IPSec/VPNs)

What is AH?(in Security+ context)

Authentication Header responsible for authenticity and integrity of information (used in IPSec/VPNs)

What are the 3 Types of Access Control Factors?

Type I: passwords & pin numbers; Type II: physical keys

What is a system in which a central administrator or administration dictates all of the access to information in a network or system?

Mandatory Access Control

What is a system in which the owners of files(through his own discretion) actually determine who gets access to the information?

Discretionary Access Control

What is a system in which the roles of users determine their access to files?

Role-Based Access Control

What type of authentication uses more than one factor to authenticate a user?

Multifactor authentication

What port does LDAP use?

Port 389

What is Cryptography?(in Security+ context)

The science of hiding the meaning of a message useing services and protocols that require complex calculations.

What are 4 goals of Cryptography?

Data Confidentiality

What is Cryptanalysis?(in Security+ context)

The act of breaking the cipher or attempting to understand the cipher text

What is a Firewall?

Any hardware or software designed to prevent unwanted network traffic. (selectively filtering communications)

What allows or denys traffic on the basis of packet headers of IP

UDP



Front		Back
What is CIA? (in Security+ context)		Confidentiality Integrity Availability
Define.(in Security+ context) Confidentiality		Information should only be accessible by the intended recipients
Define.(in Security+ context) Integrity		Information is not accidentally or maliciously altered or destroyed. Arrive as Sent.
Define.(in Security+ context) Availability		Information and communication services will be ready for use by authorized recipients.
What are the 3 steps of Access Control Process?		Identification Authentication Authorization
What are 3 types of Access Control		Mandatory Access Control / Discretionary Access Control / Role-Based Access Control
What is port 80?		HTTP (web) Hypertext Transfer Protocol
What is port 443?		SSL (web) Secure Socket Layer
What is the port for FTP Data?		Port 20
What is the port for FTP Control?		Port 21
What is the port for TFTP?		Port 69
What is port 25?		SMTP (e-mail) Send Mail Transfer Protocol
What is Kerberos.(in Security+ context)		A trusted
What is Biometrics?		Authentication protocol Based off of unique biological
What is the most common authentication system?		Username and Password.
What is CHAP?		Challenge handshake Authentication Protocol (uses a three-way handshake to prevent replay attacks)
What is Social Engineering?		People manipulating other people to gain access or information about systems.
What is Birthday Attack?		Probability of two different messages using the same hash function that produces a common message digest.
What is Man-in-the-Middle attack?		Intercepting messages and forwarding modified versions of the original message.
What is SYN attack?		Attacker exploits the buffer space during a TCP session handshake by not responding with a FIN.
What is Teardrop attack?		Confuse target packet reordering by modifying the length and fragment offset in IP packets.
What is Smurf Attack?		Uses a combo of IP spoofing and ICMP to saturate a target network with traffic.
What is Spoofing?		Hiding the true address information in packets
What is Brute Force Attack?		Trying every possible key combonation.
What is Dictionary Attack?		Type of brute force that uses common words as key combonations.
What is Replay Attack?		Use a network capture to show a username and password.
What is a self-contained computer program that replicates itself or smaller parts of itself?		A Worm
What is a program that hides and pretends to be a benign application until called on to perform a certain task?		A Trojan Horse
What is a computer program capable of attaching itself to disks or files and replicating itself without user knowledge or prevention?		A Virus
What is the 2 modes of IPSec?		Transport Mode & Tunneling Mode
What is PPP?		Point-to-point protocol that Replaced RAS & utilizes a direct connection from a client to WAN over TCP/IP.
What is PPTP?		Point-to-point tunneling protocol
What is L2TP?		Layer 2 Tunneling Protocol
Which of the following uses IPSec? PPTP or L2TP		L2TP uses IPSec. PPTP only works over IP.
What is VPN?		A virtual private network that operates over a public network and allows remote hosts to dial into a network.
Name 2 protocols that can be used for VPN.		PPTP and L2TP
Name 2 protocols that make up IPSec.		Authentication header and Encapsulating Security Protocol/Payload.
What is ESP?(in Security+ context)		Encapsulating Security Protocol/Payload provide actual encryption services (used in IPSec/VPNs)
What is AH?(in Security+ context)		Authentication Header responsible for authenticity and integrity of information (used in IPSec/VPNs)
What are the 3 Types of Access Control Factors?		Type I: passwords & pin numbers; Type II: physical keys
What is a system in which a central administrator or administration dictates all of the access to information in a network or system?		Mandatory Access Control
What is a system in which the owners of files(through his own discretion) actually determine who gets access to the information?		Discretionary Access Control
What is a system in which the roles of users determine their access to files?		Role-Based Access Control
What type of authentication uses more than one factor to authenticate a user?		Multifactor authentication
What port does LDAP use?		Port 389
What is Cryptography?(in Security+ context)		The science of hiding the meaning of a message useing services and protocols that require complex calculations.
What are 4 goals of Cryptography?		Data Confidentiality
What is Cryptanalysis?(in Security+ context)		The act of breaking the cipher or attempting to understand the cipher text
What is a Firewall?		Any hardware or software designed to prevent unwanted network traffic. (selectively filtering communications)
What allows or denys traffic on the basis of packet headers of IP		UDP



	x of y cards	Next >\|