What are the seven (7) types of Internet Protocol (IP) Vulnerabilities?
1. Man-in-the-middle attack (MITM)
2. Session hijacking (type of 1)
3. IP address spoofing (type of 1)
4. DoS attack
5. DDos attacks (Distributed Denial of Service)
6. Smurf attack (type of DDoS)
7. Resource Exhaustion attacks
What are the two aspect of the impact of cryptography on security investigation?
1. Attacker can attack the Algorithms
2. Attacker using cryptography to hide their attacks
Provide two methods that can be used to detect SSL/TLS encrypted command-and-control traffic.
1. To perform TLS/SSL decryption and inspection.
2. To perform traffic analysis using NetFlow to detect anomalous TLS/SSL flows.
What are the elements of Cryptography?
Confidentiality
Data Integrity
Origin Authentication
Non-Repudiation
What is Cryptanalysis?
Cryptanalysis is the practice of breaking codes to obtain the meaning of encrypted data
What are the types of Ciphers?
Substitution ciphers
Polyalphabetic ciphers
transposition cipher
one-time pad
Which cipher "Substitute one letter for another"?
D) Substitution Ciphers
Which cipher "Based on substitution using multiple substitution alphabets"?
C) Polyalphabetic cipher
Which cipher "Rearrange or permutate letters"?
A) Transposition cipher
Which cipher "a stream cipher applying XOR operation to plaintext with a random key"?
A) One-time pad
Which elements of cryptography has the following definition "Ensuring that only authorized parties can read a message"?
C) Confidentiality
Which elements of cryptography has the following definition "Ensuring that any changes to data in transit will be detected and rejected"?
D) Data integrity
Which element of cryptographic has the following definition "Ensuring that any messages received were actually sent from the perceived origin"?
B) Origin authentication
Which element of the cryptography has the following definition"Ensuring that the original source of a secured message cannot deny having produced the message"?
D) Non-repudiation
Which of the ciphers is vulnerable to the "frequency analysis"?
C) substitution cipher
Which cipher is also know as permutation?
transposition cipher.
Which cipher is also known as the vernam cipher?
one-time pad cipher
What was the main purpose for using the Hash algorithms?
D) Data integrity
What does HMAC means?
Hash Message Authentication Code
What is the length of the message digest for the following algorithms?
MD5
SHA-1
MD5 - 128-bit
SHA-1 - 160-bit
What is collision-resistant?
Collision-resistant means that two messages with the same hash are very unlikely to occur.
HMAC algorithm is used for data integrity by which Protocol?
IPSec
What is encryption?
Encryption is the process of disguising a message in such a way as to hide its original contents.
Encryption is used to guarantee which process?
c) Data security
B)
What is an avalanche effect?
Changing only a few bits of the plaintext message causes its ciphertext to change completely.
What are the two classes of encryption algorithms?
Symmetric encryption algorithm: Uses the same key to encrypt and decrypt data
Asymmetric encryption algorithm: Uses different keys to encrypt and decrypt data
After encryption has been applied to a message, what is the message identified as?
B)
Which attack uses the statistical analysis?
B)
Which encryption algorithm is fastest on hardware and is harder to crack?
D)
Which encrytion algorithm is a stream cipher and is wel known for securing web traffic using SSL/TLS?
D)
Which type of encrytion is known as a secret-key encryption?
Symmetric encryption
Asymmetric encryption is also known as?
public key encryption
The typical length of an symmetric encryption secret key?
40 - 256 bits
The typical key length of an asymmetric encryption agorithm?
512-4096 bits
Which of the following is an example of a Asymmetric encryption algorithm?
B)
Asymmetric keys are used more with which two senarios?
Digital signature
key exchange
Which protocol uses asymmetric encryption to secure communication?
C)
Which one of the following parts of the Diffie-Hellman calculation is an arbitrary item that is agreed upon by both parties before any mathematical calculations?
C)
Which Diffie Hellman Group associated size is not correct?
D)
Note: DH Group 5: 1536 bits
What is different about the ephemeral Diffie-Hellman?
With ephemeral Diffie-Hellman, a temporary private key is generated for every DH key exchange, and thus the same private key is never used twice.
What does the acronym IKE means?
Internet Key Exchange
Which protocol is used by IKE?
B)
What does SPA and SSA means in the Cisco IOS image?
(1) S - software is digitally signed
(2) P - production or S - special image
(3) A - specify key version A was used sign image
Which three services do Digital signatures provide?
PKCS #12: Personal Information Exchange Syntax Standard
PKCS #13: Elliptic Curve Cryptography Standard
PKCS #15: Cryptographic Token Information Format Standard
List the current digital identity certificates structure for the X.509 version 3:
Version
Serial number
Algorithm ID
Issuer
Validity
Not before
Not after
Subject
Subject public key info
Public key algorithm
Subject public key
Issuer unique identifier (optional)
Subject unique identifier (optional)
Extensions (optional)
Certificate signature algorithm
Certificate signature
What are two methods used to validate the certificate revocation?
CRL (Certificate Revocation List)
OCSP (Online Certificate Status Protocol)
Which two items must be apart of the Certificate Signing Request?
1. Subject public key information
2. Subject identity information
RFC 5246 for TLS version 1.2 defines what mandatory cipher suites that must be implemented by all TLS-compliant applications?
TLS_RSA_WITH_AES_128_CBC_SHA
(including RSA for authentication and key exchange, AES for confidentiality (encryption), and SHA for integrity (Hashed Message Authentication Code))
In order to scale and support future protocols, What RFC is defined by TLS 1.2 and maintained by the IANA.
Cipher Suite Registry in RFC 2434
What is the DNS Record hat resolved a hostname to an IPv4 address?
A Record
Which DNS Record maps an domain name to a list of mail servers for that domain?
MX record
Which DNS record maps hostname to IPv6 addresses?
AAAA Record
Which DNS Record that maps IP address to hostname?
PTR Record
Which DNS record identifies the names of servers for a zone?
NS Record
Which well-known ports does DNS listens on?
TCP 53 and UDP 53
What is the gTLD name servers?
generic Top Level Domain name server
Who is the DNS resolver?
It is the client
Which scripting language is server-side?
(C)
What does a MTA do in a mail server?
MTA stands for Mail Terminal Agent which is an email gateway responsible for transfer emails between computers.
What are the three parts of an SMTP conversation?
Envelope, Header and Body
Which of the following is not a command of the SMTP protocol?
(D)
What are the server response codes to the SMTP client for temporary failure?
(B)
Which of the following is not a password attack methods?
(D)
Malware uses DNS in what three (3) ways?
- to gain CnC
- To exfiltrate data
- To redirect the victim's traffic
DNS open resolvers are vulnerable to which type of malicious activites?
-DNS cache poisoning attacks
-DNS amplification and reflection attacks
-DNS resource utilization attacks
Name two ways to mitigate against DNS amplification attacks?
1. upstream providers filter packets entering their networks from downstream customers.
2. Configure DNS servers to rate limit DNS queries.
What are the three (3) DNS techniques used attack clients?
Fast Flux
Double IP Flux
Domain Generation Algorithm (DGA)
What are the two prevalent threats to the security of web applications?
XSS (Cross-site scripting)
CSRF (Cross-site Request Forgery)
Name two types of XSS attacks?
Stored (persistent)
Reflected (non-persistent)
List two ways to prevent XSS attacks?
-deploy a service such as Cisco OpenDNS
-deploy a web proxy security solution
-deploy IPS solution
-educate end users
What is the order of parameters of a file/folder in a linux system?
-rwxr-x---
File type, user permission, group permission and then other permission
What are the three components that makes up a linux system?
User space, kernel, hardware
Which command can be used to go to the home directory from any path?
(D)
Which parameter allows you to return to the parent directory?
(a) ~
(b) /
(c) ..
(d) .
..
Put in order the Linux boot sequence?
(a) hardware checks (POST)
(b) Device bus discovery
(c) device discovery
(d) kernel sub-system initializes
(e) root file system mounts
(f) start user processes
What are the two type of methods that Linux uses to control the boot process?
(a) System V init
(b) Systemd
(c) vmlinuz
(d) BIOS
(e) UEFA
A,B
Which two commands can be Used to view the system processes?
ps
top
Which command show Linux io statistics?
iostat
Which commands shows Linux?
Vmstat
What are the three (3) phases of Attack CONTINUUM?
Before, During and After
What does the BEFORE phase of the Attack Continuum entails?
Control, enforce and harden
What does the DURING phase of the Attack Continuum entails?
Detect, Block, Defend
What does the AFTER phase of the Attack Continuum entails?
Scope, Contain, Remediate
Which mechanism is not apart of the BEFORE attack continuum?
G)
Which mechanism is not apart of the During Attack continuum?
B)
Which mechanism is not apart of the After Attack Continuum?
A)
Which statement is true of Authentication in AAA?
A)
Which statement is true of Authorization in AAA?
C)
Which statement is true of Accounting in AAA?
B)
What are the advantages of IAM over AAA?
B)
What is the difference between the stateful and stateless Firewall appliances?
C)
At what layer of the OSI model does a Network Tap operates?
C)
Which approach is not used by IPS to perform security controls and counter measures?
B)
True or False: An IPS operating in promiscious mode is operating as an IDS?
True
Which technique can be used to evade the IPS?
a) traffic fragmentationb) substitutes the payload datac) unicode representationd) Character-case changinge) encrypting trafficf) tunnelling over DNS and HTTPe) TCP checksum
Snort Rules are consist of which two types?
Rule header and rule body
What are the following header rules breakdown for SNORT?
alert tcp $EXTERNAL_NET ANY -> $HTTP_SERVERS $HTTP_PORTS
Which of the following body rules syntax for SNORT is not supported?
A)
Which area of security is not covered by the VPN technology?
A)
Which statements are true about VPNs?
D) and c)
What are the seven incoming mail processing that an ESA performs?
a) Reputation filters
b) Message filters
c) Antispam
d) Antivirus
e) Advanced Malware protection
f) Content Filters
g) Outbreak Filters
What are the seven outgoing mail processing that an ESA performs?
b) Message filters
c) Antispam
d) Antivirus (AV)
e) Advanced Malware protection (AMP)
f) Content Filters
g) Outbreak Filters
h) Data Loss Prevention (DLP)
What are firewalls connected to the internet referred to as?
Internet Edge Firewall
Network-based firewalls provide key features that are used for perimeter security such as?
NAT
ACL
Application inspection
What are the process used to allow or block traffic using a firewall?
* Simple packet-filtering techniques
■ Application proxies
■ Network address translation
■ Stateful inspection firewalls
■ Next-generation context-aware firewalls
What is another name for the ACLs controlling traffic to the security appliance?
controlled
plane ACLs
Name the Five (5) types of ACLs supported by Cisco ASA?
■ Standard ACLs
■ Extended ACLs
■ IPv6 ACLs
■ EtherType ACLs
■ Webtype ACLs
They are used to identify packets based on their destination IP addresses.
■ Standard ACLs
classify packets based on the following
attributes:
■ Source and destination IP addresses
■ Layer 3 protocols
■ Source and/or destination TCP and UDP ports
■ Destination ICMP type for ICMP packets
Extended ACLs
ACL allows security appliance administrators to restrict traffic coming through the SSL VPN tunnels.
Webtype ACLs
ACLs can be used to filter IP and non-IP-based traffic by checking the Ethernet type code field in the Layer 2 header.
EtherType ACLs
Which firewall inspect additional Layer 3 and Layer 4 fields such as sequence numbers, TCP control flags, and TCP acknowledgment (ACK) fields.
stateful firewalls
What are the HA features provided by the Cisco ASA?