1. A ___ scan is nonpenetrating
  2. Another word for profiling is ___.
    foot printing
  3. What is OVAL?
    open vulnerability and assessment language
  4. What port is RDP?
  5. What port is SNMP?
  6. What are NMUs?
    network monitoring utilities
  7. What is NIPS?
    network intrusion detection systems
  8. What is an IRP?
    incidence response policy
  9. How can you prevent cross-site scripting attacks?
    disable HTML code in input fields
  10. If a cookie is captured, what might they get?
    personal information
  11. You can only trust a certificate if ___.
    you trust the CA that issued it, and you can only trust that CA if you trust the CA above it on the chain
  12. A certificate is also ___.
    a way to distribute the holders public key
  13. A ___ called a certificate authority issues certificates and the associated public/private key pairs.
  14. The CA is responsible for setting up the ___.
    (trust model)
  15. What is a key escrow agent?
    a third party that maintains a backup of private keys
  16. Digital signatures are covered by which PKCSs?
  17. Certificate requests are covered by which PKCSs?
  18. Why do you need to install the CA certification chain?
    to add the root CA as a trusted root
  19. With digital certificates, you have to balance ___ versus ___.
    length of private keys versus how long before requiring renewal
  20. SSL is a stateful security protocol that combines ___ with ___.
    certificates for authentication with RSA public key encryption
  21. A vulnerability scan is ___.
  22. If a user dies, go to the key escrow and fetch his data, before you do what?
    (before you revoke his certificate)
  23. What is a CRL?
    certificate revocation list
  24. What is an alternative to key backup?
    key escrow
  25. In a key escrow scheme, what is it called when only a certain number of agents are required to recover a key?
    M of N control
  26. What is due care?
    a policy that describes how individuals should use and maintain company-issued hardware and software
  27. What is “due process”?
    it refers to the idea that laws and enforcement must be fair, respectful, and consistent not necessarily based on law
  28. How do you test motion detectors?
    walk testing
  29. If someone baits you leaving a CD in a restroom, it is probably a ___.
    policy violation test
  30. What is a BCP?
    business continuity plan
  31. What is a DRP?
    disaster recovery plan
  32. What are SLAs?
    service level agreements
  33. A backup is considered most secure, when it is stored ___ and ___.
    offline and offsite
  34. What is the difference between a differential backup and an incremental backup?
    the IB clears the archive bits
  35. What is the difference between a DRP and BCP?
    the BCP focuses on keeping the most critical components of a business running after a disaster
  36. Is WPA a security implementation?
  37. What is OMA?
    open mobile alliance
  38. What does CTI do?
    computer telephony integration allow phone, email, fax and web to work together
  39. What is tunneling?
    a data transport technique that lets a data packet from one protocol to be transferred across a network inside the frame or packet of another protocol. So data from one network type can travel through another network type
  40. NPS is an implementation of ___.
  41. ___ is an implementation of RADIUS.
  42. What is NPS?
    network policy server, on Windows Server 2008
  43. What is the ISAKMP port number?
  44. What is the L2TP port number?
  45. What is the PPTP port number?
  46. What is CHAP?
    challenge handshake authentication protocol
  47. Buffer overflow attacks can target everything except ___.
  48. Which kind of Active-X controls are often considered to be more trustworthy?
  49. Java has their own protected area of memory called the ___.
  50. What does the Java bite code verifier do?
    Performs a formatting test to determine if the applet originated from a trustworthy source
Card Set