ITN 262 Final Exam Review

Session Layer
OSI layer that handles a set of transport connections used for a particular purpose.
Data Link Layer
OSI layer that manages the structure and content of data carried by the physical layer.
Presentation Layer
OSI layer that reformats host data to meet network-wide standards and vice versa.
Physical Layer
OSI layer that includes the physical wiring and signaling between nodes.
Application Layer
OSI layer that provides a specific service to the user on a host computer, such as email.
Transport Layer
OSI layer that associates packets with specific application processes in end-point hosts and ensures reliability.
Network Layer
OSI layer that manages intranetwork routing of packets.
Six Steps of the NIST Risk Management Framework
1) Categorize information systems. 2) Select security controls. 3) Implement security controls. 4) Assess security controls. 5) Authorize information systems. 6) Monitor security controls.
SSL Handshake Protocol
A combination of shared secret hashing and an RSA-protected key exchange. The client and the server exchange randomly generated nonces, then the client uses the server’s public key to transmit a randomly generated secret value. Each one then uses the exchanged data to generate a set of shared secret keys to use.
3 Major DNS Vulnerabilities
1) Cache poisoning: A resolver receives a bogus response to a DNS query. All subsequent queries receive the wrong information and redirect connections to the wrong IP address. 2) Denial-of-service attack on major DNS servers: Attackers try to disable part or all DNS service in parts of the Internet by attacking major DNS servers. 3) DOS attack using a shared resolver: An attacker transmits numerous bogus DNS queries to the shared resolver.
Steps DNS Domain Name Resolver Software takes to look up a Domain Name
1) The software retrieves the domain name of interest. 2) The software looks up the domain name in the host’s cache. Each host keeps a cache of previous domain name queries. 3) If the name isn’t in the cache, the host sends a query across the network to its assigned DNS server. 4) The software saves the answer in the cache in case the same query recurs, and it returns the answer to the caller.
3-Way Handshake
The client sends a packet with the SYN flag set to a server. The server responds with a packet that has the SYN and ACK flags set. The client sends a packet with the ACK flag set back to the server.
Briefly explain the purpose of a routing table and identify the protocol that populates the table.
The internet layer of every protocol stack contains a routing table that chooses a network and/or MAC address for outgoing packets. Most hosts rely on the Address Resolution Protocol to fill in the routing table with addresses on its subnet. Packets destined for other IP addresses go to a default router.
List five types of authentication vulnerabilities that apply to tokens.
1) Cloning or borrowing the credential. 2) Sniffing the credential. 3) Trial and error guessing. 4) Denial of service. 5) Retrieving a copy of the computer’s database for authenticating tokens
Identify the five general steps of a security risk assessment.
1) Identify assets. 2) Identify threat agents and attacks. 3) Estimate the likelihood of attacks. 4) Estimate the impact of attacks. 5) Calculate the relative significance of attacks.
Briefly explain the two types of authentication vulnerabilities that most often occur with biometrics.
An attacker can clone or borrow the credential, such as cloning fingerprints, faces, and even irises to fool biometric readers. An attacker can also sniff the credential if the biometric reader is connected to the protected system through a cable, such as a USB connection. The attacker could install a sniffer and later transmit the sniffed credential down the same USB connection.
Subject
General security access controls refer to objects, rights, and _______.
Root
To resolve a domain name on the Internet, the DNS resolver first contacts the ____ DNS server.
Separation of Duty
The principle that deals with dividing up a task so that it requires two or more people in order to reduce risk is referred to as __________ __ ____.
Transport Layer Security (TLS)
Secure Sockets Layer (SSL) has been replaced by _________ _____ ________.
Processing
Data may exist in three different states known as information states. They are: the storage state, the transmission state, and the __________ state.
Nonrepudiation
Digital signatures are often used to provide ______________.
Entropy
When discussing Key Strength, a longer secret with a larger choice of characters is said to have greater _______.
Transposition
The type of cipher that rearranges the text of a message is called _____________.
Rootkit
A software that hides on a computer and provides a back door for an attacker.
NIST SP 800-37
Publication that establishes 6-step risk management framework
Network Address Translation
Encapsulating Security Payload (ESP) does not work with _______ _______ ___________.
Unintended Data Emanations
TEMPEST is a code word assigned by the NSA to __________ ____ __________.
Risk-Assessment Process
OCTAVE is a ____-__________ _______.
CCM Mode
To provide both encryption and integrity protection, WPA2 uses AES encryption with ___ ____.
Public-Key Certificates
Off-line authentication relies on ______-___ ____________.
Utilities
Supervisory control and data acquisition (SCADA) devices are most often associated with _________.
Take actions to mitigate a serious risk
A security analyst is performing a security assessment. The analyst should NOT:
ipconfig /all
To see a list of MAC addresses on a Windows-based network, issue the ________/___ command:
Internet Key Exchange (IKE)
The protocol that establishes security associations (SAs) between a pair of hosts is the:
PCI-DSS Requirements
A qualified security assessor (QSA) performs audits to check adherence to:
assign security responsibility to appropriate officials in the agency
The Federal Information Security Management Act (FISMA) requires U.S. executive branch agencies to:
An Attack
An attempt by a threat agent to exploit assets without permission is referred to as:
Virtual Private Networking
The principal application of IPsec is:
the corresponding IP address
Issuing the nslookup command along with a domain name displays:
Number of Addresses
Packet filtering looks at any packet header and filters on these values except:
Wi-Fi Protected Access version 2 (WPA2)
The latest protocol that effectively protects 802.11 wireless traffic across a LAN is:
No Broadcasting
A disadvantage of a point-to-point network is:
Broadcasting
A disadvantage of a star network is:
Request To Send (RTS) message
In a wireless transmission, a host first sends a:
No Routing
An advantage of a bus network is:
Address-Based Size Limits
A disadvantage of a tree network is:
Security through Obscurity
Hiding an object, such as a diary, to prevent others from finding it is an example of:
Congestion
A disadvantage of a mesh network is:
both participants in the exchange must have a public/private key pair
Using the Diffie-Hellman algorithm:
cannot be produced by a procedure
For data to be cryptographically random, it:
secret key
To use symmetric cryptography, the sender and receiver must share a:
Botnets
A keystroke logger is often associated with:
Common Criteria
The security framework that replaced the U.S. DOD Orange Book is called:
Dynamic Inheritance
The condition in which files automatically take on the same permissions as the folder in which they reside is called:
Access Control List (ACL)
A security database that contains entries for users and their access rights for files and folders is an:
Software Patch
A zero-day exploit has no:
True
When internet technology connects two networks with separate link layers together, each individual network is called a subnet. True or False
False
SSL works on top of IPsec and applies security to an orderly stream of bytes moving between a client and server. True or False
False
Two users can construct a shared secret by sharing Diffie-Hellman private keys. True or False
False
When handling an analog signal, the electronic circuits can self-correct minor errors. True or False
True
An effective line of defense against social engineering is authentication. True or False
False
RADIUS uses tickets encrypted with secret keys and an authentication server to provide authentication. True or False
False
Regarding TCP connections, a three-way handshake that doesn’t complete because the client fails to send the final ACK to the server results in a closed connection. True or False
False
A digital signature uses symmetric keys to sign or verify digital data. True or False
True
A frame is a single data packet on an Ethernet network. True or False