SANS SEC 301 STUDY EXAM GUIDE UPDATED QUESTIONS
AND ANSWERS GRADED A+
✔✔A sequence of operations that ensure protection of data. Used with a
communications protocol, it provides secure delivery of data between two parties. The
term generally refers to a suite of components that work in tandem (see below). For
example, the 802.11i standard provides these functions for wireless LANs.
For the Web, SSL is widely used to provide authentication and encryption in order to
send sensitive data such as credit card numbers to a vendor. Following are the primary
components of a security protocol. See cryptography, information security, HTTPS,
SSL, PCT and IPsec.
Access Control
Authenticates user identity. Authorizes access to specific resources based on
permissions level and policies. See access control and authentication.
Encryption Algorithm
The cryptographic cipher combined with various methods for encrypting the text. See
encryption algorithm.
Key Management
Create, distribute and maintain t - ✔✔security protocol
✔✔The management of admission to system and network resources. It grants
authenticated users access to specific resources based on company policies and the
permission level assigned to the user or user group. Access control often includes
authentication, which proves the identity of the user or client machine attempting to log
in. See network access control, authentication, access control list and information
security. - ✔✔access control
✔✔An umbrella term for managing access to a network. Network access control (NAC)
authenticates users logging into the network and determines what they can see and do.
It also examines the health of the user's computer or mobile device (the endpoints).
Network access control can be implemented with multiple software components or via
an integrated package, the latter typically more specialized in one of the functions rather
than all of them. See authentication, access control, endpoint security and network
access server. - ✔✔network access control
✔✔(1) An umbrella term for security in the user's machine (client machine).
(2) Diagnosing the status of a user's computer or mobile device when it connects to the
network. Also called, "network access protection" (NAP), the security software is
deployed in both the client and server side. It determines if the operating system, Web
browser and other applications are up-to-date. It also checks the status of the antivirus,
,firewall and other security components. If a device is deemed non-compliant, it is either
updated, or access to the network is declined. See network access control, lock down
and vSentry. - ✔✔endpoint security
✔✔An endpoint security architecture from Bromium (www.bromium.com), introduced in
2012. Residing in the user's machine, and based on the Xen virtual machine software,
vSentry creates a micro virtual machine (micro-VM) for each user task such as opening
an e-mail attachment or Web page.
Throughout the day, hundreds of micro-VMs may be created in real time, and like
traditional VMs, each micro-VM is an isolated entity. Suspicious activity is blocked within
the micro-VM, and when the task is completed, it is dissolved. If a virus does manage to
activate, it cannot cross over and infect other applications or processes in the computer.
In addition, Bromium's Live Attack Visualization & Analysis (LAVA) reports malicious
activity so that the organization's security can be tightened. See endpoint security and
virtual machine. - ✔✔vSentry
✔✔(1) The name given to various programming language interpreters. See Java Virtual
Machine and Python.
(2) One instance of an operating system along with one or more applications running in
an isolated partition within the computer. It enables different operating systems to run in
the same computer at the same time.
Virtual machines (VMs) are also widely used to run multiple instances of the same
operating system, each running the same set or a different set of applications. The
separate VM instances prevent applications from interfering with each other. If one app
crashes, it does not affect the programs in the other VMs. This approach differs from a
dual-boot or multiboot environment, in which the user has to choose only one OS at
startup (see dual-boot). All virtual machines in the same computer run simultaneously.
VMs Are Like Machines Within the Machine
Each virtual machine functions as if it owned the entire - ✔✔virtual machine
✔✔A device used in network access control. It stores the usernames and passwords
that identify the clients logging in, or it may hold the algorithms for token access (see
authentication token). For access to specific network resources, the server may itself
store user permissions and company policies or provide access to directories that
contain the information.
RADIUS is the most widely used protocol for authentication servers. TACACS+ is a
Cisco-developed product that has also been popular. The authentication server may be
a stand-alone system or software that resides in an Ethernet switch, wireless access
point (AP) or network access server (NAS). See AAA server, RADIUS and 802.1x. -
✔✔authentication server
, ✔✔An IEEE standard for network access control. Used predominantly in Wi-Fi wireless
networks, 802.1X keeps the network port disconnected until authentication is
completed. Depending on the results, the port is either made available to the user, or
the user is denied access to the network.
Supplicant - Authenticator - Server
The client desiring access to a network is called the "supplicant." The device that
provides the network port to the client is the "authenticator." In a wireless network, the
authenticator is in the access point (AP). In a dial-up network, the authenticator is in the
network access server (NAS). The device that contains usernames and passwords and
authorizes the user is the "authentication server." In small networks, the authentication
server can be located in the same unit as the authenticator.
EAP Over LAN (EAPOL)
802.1X uses the Extensible Authentication Protocol (EAP) for passing authenticatio -
✔✔802.1X
✔✔The combination of authentication server and authenticator, which may be separate
devices or both reside in the same unit such as an access point or network access
server. The authentication server contains a database of user names, passwords and
policies, and the authenticator physically allows or blocks access. See 802.1X. -
✔✔authentication system
✔✔In an authentication system, supplicant refers to the client machine that wants to
gain access to the network. See 802.1x. - ✔✔supplicant
✔✔The device in an authentication system that physically allows or blocks access to the
network. It is typically an access point in a wireless system or a network access server
(NAS) in a dial-up system. See 802.1X and authentication. - ✔✔authenticator
✔✔In cryptography, it is the creation, distribution and maintenance of a secret key. It
determines how secret keys are generated and made available to both parties; for
example, public key systems are widely used for such an exchange. If session keys are
used, key management is responsible for generating them and determining when they
should be renewed. See QKD, elliptic curve cryptography, Diffie-Hellman, cryptography,
session key and security protocol. - ✔✔key management
✔✔A temporary key used to encrypt data for only the current session. The use of
session keys keeps the secret keys even more secret because they are not used
directly to encrypt the data. The secret keys are used to derive the session keys using
various methods that combine random numbers from either the client or server or both.
See key management and security protocol. - ✔✔session key
AND ANSWERS GRADED A+
✔✔A sequence of operations that ensure protection of data. Used with a
communications protocol, it provides secure delivery of data between two parties. The
term generally refers to a suite of components that work in tandem (see below). For
example, the 802.11i standard provides these functions for wireless LANs.
For the Web, SSL is widely used to provide authentication and encryption in order to
send sensitive data such as credit card numbers to a vendor. Following are the primary
components of a security protocol. See cryptography, information security, HTTPS,
SSL, PCT and IPsec.
Access Control
Authenticates user identity. Authorizes access to specific resources based on
permissions level and policies. See access control and authentication.
Encryption Algorithm
The cryptographic cipher combined with various methods for encrypting the text. See
encryption algorithm.
Key Management
Create, distribute and maintain t - ✔✔security protocol
✔✔The management of admission to system and network resources. It grants
authenticated users access to specific resources based on company policies and the
permission level assigned to the user or user group. Access control often includes
authentication, which proves the identity of the user or client machine attempting to log
in. See network access control, authentication, access control list and information
security. - ✔✔access control
✔✔An umbrella term for managing access to a network. Network access control (NAC)
authenticates users logging into the network and determines what they can see and do.
It also examines the health of the user's computer or mobile device (the endpoints).
Network access control can be implemented with multiple software components or via
an integrated package, the latter typically more specialized in one of the functions rather
than all of them. See authentication, access control, endpoint security and network
access server. - ✔✔network access control
✔✔(1) An umbrella term for security in the user's machine (client machine).
(2) Diagnosing the status of a user's computer or mobile device when it connects to the
network. Also called, "network access protection" (NAP), the security software is
deployed in both the client and server side. It determines if the operating system, Web
browser and other applications are up-to-date. It also checks the status of the antivirus,
,firewall and other security components. If a device is deemed non-compliant, it is either
updated, or access to the network is declined. See network access control, lock down
and vSentry. - ✔✔endpoint security
✔✔An endpoint security architecture from Bromium (www.bromium.com), introduced in
2012. Residing in the user's machine, and based on the Xen virtual machine software,
vSentry creates a micro virtual machine (micro-VM) for each user task such as opening
an e-mail attachment or Web page.
Throughout the day, hundreds of micro-VMs may be created in real time, and like
traditional VMs, each micro-VM is an isolated entity. Suspicious activity is blocked within
the micro-VM, and when the task is completed, it is dissolved. If a virus does manage to
activate, it cannot cross over and infect other applications or processes in the computer.
In addition, Bromium's Live Attack Visualization & Analysis (LAVA) reports malicious
activity so that the organization's security can be tightened. See endpoint security and
virtual machine. - ✔✔vSentry
✔✔(1) The name given to various programming language interpreters. See Java Virtual
Machine and Python.
(2) One instance of an operating system along with one or more applications running in
an isolated partition within the computer. It enables different operating systems to run in
the same computer at the same time.
Virtual machines (VMs) are also widely used to run multiple instances of the same
operating system, each running the same set or a different set of applications. The
separate VM instances prevent applications from interfering with each other. If one app
crashes, it does not affect the programs in the other VMs. This approach differs from a
dual-boot or multiboot environment, in which the user has to choose only one OS at
startup (see dual-boot). All virtual machines in the same computer run simultaneously.
VMs Are Like Machines Within the Machine
Each virtual machine functions as if it owned the entire - ✔✔virtual machine
✔✔A device used in network access control. It stores the usernames and passwords
that identify the clients logging in, or it may hold the algorithms for token access (see
authentication token). For access to specific network resources, the server may itself
store user permissions and company policies or provide access to directories that
contain the information.
RADIUS is the most widely used protocol for authentication servers. TACACS+ is a
Cisco-developed product that has also been popular. The authentication server may be
a stand-alone system or software that resides in an Ethernet switch, wireless access
point (AP) or network access server (NAS). See AAA server, RADIUS and 802.1x. -
✔✔authentication server
, ✔✔An IEEE standard for network access control. Used predominantly in Wi-Fi wireless
networks, 802.1X keeps the network port disconnected until authentication is
completed. Depending on the results, the port is either made available to the user, or
the user is denied access to the network.
Supplicant - Authenticator - Server
The client desiring access to a network is called the "supplicant." The device that
provides the network port to the client is the "authenticator." In a wireless network, the
authenticator is in the access point (AP). In a dial-up network, the authenticator is in the
network access server (NAS). The device that contains usernames and passwords and
authorizes the user is the "authentication server." In small networks, the authentication
server can be located in the same unit as the authenticator.
EAP Over LAN (EAPOL)
802.1X uses the Extensible Authentication Protocol (EAP) for passing authenticatio -
✔✔802.1X
✔✔The combination of authentication server and authenticator, which may be separate
devices or both reside in the same unit such as an access point or network access
server. The authentication server contains a database of user names, passwords and
policies, and the authenticator physically allows or blocks access. See 802.1X. -
✔✔authentication system
✔✔In an authentication system, supplicant refers to the client machine that wants to
gain access to the network. See 802.1x. - ✔✔supplicant
✔✔The device in an authentication system that physically allows or blocks access to the
network. It is typically an access point in a wireless system or a network access server
(NAS) in a dial-up system. See 802.1X and authentication. - ✔✔authenticator
✔✔In cryptography, it is the creation, distribution and maintenance of a secret key. It
determines how secret keys are generated and made available to both parties; for
example, public key systems are widely used for such an exchange. If session keys are
used, key management is responsible for generating them and determining when they
should be renewed. See QKD, elliptic curve cryptography, Diffie-Hellman, cryptography,
session key and security protocol. - ✔✔key management
✔✔A temporary key used to encrypt data for only the current session. The use of
session keys keeps the secret keys even more secret because they are not used
directly to encrypt the data. The secret keys are used to derive the session keys using
various methods that combine random numbers from either the client or server or both.
See key management and security protocol. - ✔✔session key
