1. What is STP?
    spanning tree protocol
  2. What is TLS?
    Transport Layer Security
  3. What is EFS?
    The Encrypting File System (EFS) on Microsoft Windows is a file system filter that provides file system-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer
  4. What is EAP?
    Extensible Authentication Protocol, or EAP, is an authentication framework frequently used in wireless networks and Point-to-Point connections. The WPA and WPA2 standard has adopted five EAP types as its official authentication mechanisms
  5. What is NAC?
    network access control
  6. What is TKIP?
    temporal key integrity protocol, an encryption key generation/management scheme used by 802.11i
  7. What is NIST?
    National institute of standards technology. They do work in such topics as secret and public key cryptographic techniques
  8. What is RBAC?
    role based access control, where network objects allow access only to users assigned to specific roles
  9. What is TACACS?
    terminal access controller access control system is an authentication protocol that accepts login requests and authenticates credentials
  10. What is TTP?
    trusted third party
  11. What is NPS?
    network policy server, on Windows Server 2008
  12. What is MAC?
    media access control. Objects are assigned security labels of different levels, to determine if a particular user is permitted to access the object
  13. What is SNMP?
    simple network management protocol which is vulnerable because it uses clear text
  14. What is blue snarfing?
    gaining access to unauthorized information on a wireless device
  15. What is SAFER?
    secure and fast encryption routine
  16. What is SLE?
    Single Loss Expectancy
  17. Botnets do their command and control through ___.
  18. To determine if specific network traffic is an actual attack, you use ___.
    a protocol analyzer
  19. Why is malware that uses virtualization difficult to detect?
    because it might be running at a more privileged level than the AV software
  20. How do you push out additional security hot fixes?
    patch management
  21. How many authentication factors are in a physical token, PIN, and password?
  22. Does a CRL contain public or private keys?
  23. What’s the most important consideration when executing a disaster recovery plan?
    safety and welfare of personnel
  24. What should you check besides account reports, when doing a user account review?
    employment verification
  25. What’s the best way to get insight into the websites employees are visiting?
    proxy server
  26. How can you determine which services are running on a server, without logging on to the machine?
    use a port scanner
  27. What kind of documentation describes how tasks or job functions should be conducted?
  28. Name a secure wireless transmission algorithm.
    TKIP-- temporal key integrity protocol, an encryption key generation/management scheme used by 802.11i
  29. To avoid the overhead of using a VPN, just use ___ instead
  30. Does the ‘hypervisor’ or the “virtual supervisor” manage virtual instances on a virtual machine?
  31. What does Kerberos use to issue tickets: A “ticket granting system” or a “key distribution center”?
    key distribution center
  32. What is susceptible to “frequency analysis”, if used incorrectly?
    transposition ciphers
  33. Restricting access to files based on the identity of the user or group, is an example of ___.
  34. The critical piece of encrypted communication that must be kept secret is ___.
    the salt value
  35. When using PKI, you use ___ to encrypt your signature.
    private key
  36. Another name for a photograph on a computer is a ___.
  37. You get pop ups saying you have a virus, and offering a program to remove it. This is an example of ___.
  38. To minimize collusion among staff, use ___.
    job rotation
  39. What is a “false rejection”?
    where a biometric system identifies legitimate users as being unauthorized
  40. A security audit of group policy can show you ___.
    that unnecessary services are blocked on workstations
  41. The difference between a worm and a virus is ___.
    the virus spreads from file to file by attaching itself. A worm does not attach itself to another file
  42. Why is an ATM card better than a photo ID for logging onto a computer?
    because an ATM card is machine readable
  43. A ___ attack requires you to sniff the network
    man in the middle
  44. What is MAC flooding?
    a technique to compromise the integrity of network switches
  45. What is a downside of virtualization technology?
    if there’s an attack, it could disrupt multiple servers
  46. What is virtualization?
    allowing multiple OS’s to run on one computer simultaneously
  47. What is it about RAID that increases availability?
  48. What could someone use, to capture HTTP requests and send back a spoofed page?
    TCP/IP hijacking
  49. Providing a restricted environment for executing code is a security trait of ___.
    a virtual machine
  50. Where are IPSec connection parameters stored?
    in the security association database
Card Set