SBOLC Security Plus Study Guide 100%
Solved By Experts!
Goals of Crypto - ANSWERSConfidentiality (encryption),Integrity
(Hashing),Authentication (Prove yourself), Non-repudiation (can't deny it happened-
digital signatures)
TCP vs UDP - ANSWERSUDP is "best effort" delivery with to nodes on a network. Little
overhead and is often used for streaming audio or video traffic. TCP is reliable one-to-
one connection between two hosts. Uses 3-way handshake (SYN-SYN ACK- ACK)
Network access control (NAC) - ANSWERSgoal is to prevent computers with
suboptimal security from potentially infecting other systems in the network. Enforces
policy.
Quarantine portal - ANSWERSredirects user to a quarantine area where fixes can be
accessed. Usually a web page with hyperlinks to the fixes. Once necessary software is
installed the system is then in compliance.
Captive Portal - ANSWERSCaptures or redirects the users initial traffic because
something more is needed from the user, such as a credit card, or user name and
password.
Identification vs Authentication - ANSWERSIdentification is the claim of who we are.
Authentication is the most critical step in the identification process. It is proving of a
subjects claim to identification. - ANSWERS
Authentication types - ANSWERSSomething you know (password or PIN), Something
you have (smart card, token, or device), Something you are (fingerprints or retinal
pattern), Something you do (keystroke authentication), Somewhere you are (location)
Virus (spam) - ANSWERSreplicates itself on a system. Requires a host to move from
system to system
Worms - ANSWERS(adware) self-contained
Logic bombs - ANSWERS(spyware) Inserted into a system which sets off an action
when specific conditions are met
Trojan Horse - ANSWERS(ransomware) Social engineering. Included as an attachment
or as part of an installation program
, Backdoor - ANSWERSAllows access to a system without having to authenticate
Denial of Service (DOS) attack - ANSWERSsystem/service is unavailable for use
Ping of Death - ANSWERSmassive ping packet to crash server
Teardrop - ANSWERSfragment the packets
Man in middle - ANSWERS(redirection attacks)
Distributed Denial of Service (DDoS) - multiple attackers prevents access to resources
for authorized users - ANSWERS
Smurf -amplification attack (attacker uses router to broadcast attack). ICMP -
ANSWERS
Fraggle - ANSWERSamplification attack. UDP
Security control types - ANSWERSmanagerial, technical, operational
Managerial - ANSWERSpolicies and procedures put into place to define and guide
employees actions in dealing with sensitive info.
Technical - ANSWERSdevices, processes, protocols, and other measures use to
protect the CIA of sensitive info. (technical measures)
Operational define how people in the organization should handle data, software and
hardware. should include environmental and physical security. - ANSWERS
exception handling - ANSWERSensures the code can handle the error conditions
error handling - ANSWERSanticipation, detection and resolution of any errors
OS hardening techniques - ANSWERSprocess of securely configuring the system
against security vulnerabilities
Stream Cipher - ANSWERSusually found in hardware. Data encrypted bit by bit.
Example is RC4. Fast
Block Cipher - ANSWERSfound in software. Applied to block data (64 contiguous bits)
at once as a group. Very slow but more secure than Stream
Confidentiality goal - ANSWERSrandom ppl cant see your messages, only the intended
receiver
Integrity goal - ANSWERSmessage sent has not been changed
Solved By Experts!
Goals of Crypto - ANSWERSConfidentiality (encryption),Integrity
(Hashing),Authentication (Prove yourself), Non-repudiation (can't deny it happened-
digital signatures)
TCP vs UDP - ANSWERSUDP is "best effort" delivery with to nodes on a network. Little
overhead and is often used for streaming audio or video traffic. TCP is reliable one-to-
one connection between two hosts. Uses 3-way handshake (SYN-SYN ACK- ACK)
Network access control (NAC) - ANSWERSgoal is to prevent computers with
suboptimal security from potentially infecting other systems in the network. Enforces
policy.
Quarantine portal - ANSWERSredirects user to a quarantine area where fixes can be
accessed. Usually a web page with hyperlinks to the fixes. Once necessary software is
installed the system is then in compliance.
Captive Portal - ANSWERSCaptures or redirects the users initial traffic because
something more is needed from the user, such as a credit card, or user name and
password.
Identification vs Authentication - ANSWERSIdentification is the claim of who we are.
Authentication is the most critical step in the identification process. It is proving of a
subjects claim to identification. - ANSWERS
Authentication types - ANSWERSSomething you know (password or PIN), Something
you have (smart card, token, or device), Something you are (fingerprints or retinal
pattern), Something you do (keystroke authentication), Somewhere you are (location)
Virus (spam) - ANSWERSreplicates itself on a system. Requires a host to move from
system to system
Worms - ANSWERS(adware) self-contained
Logic bombs - ANSWERS(spyware) Inserted into a system which sets off an action
when specific conditions are met
Trojan Horse - ANSWERS(ransomware) Social engineering. Included as an attachment
or as part of an installation program
, Backdoor - ANSWERSAllows access to a system without having to authenticate
Denial of Service (DOS) attack - ANSWERSsystem/service is unavailable for use
Ping of Death - ANSWERSmassive ping packet to crash server
Teardrop - ANSWERSfragment the packets
Man in middle - ANSWERS(redirection attacks)
Distributed Denial of Service (DDoS) - multiple attackers prevents access to resources
for authorized users - ANSWERS
Smurf -amplification attack (attacker uses router to broadcast attack). ICMP -
ANSWERS
Fraggle - ANSWERSamplification attack. UDP
Security control types - ANSWERSmanagerial, technical, operational
Managerial - ANSWERSpolicies and procedures put into place to define and guide
employees actions in dealing with sensitive info.
Technical - ANSWERSdevices, processes, protocols, and other measures use to
protect the CIA of sensitive info. (technical measures)
Operational define how people in the organization should handle data, software and
hardware. should include environmental and physical security. - ANSWERS
exception handling - ANSWERSensures the code can handle the error conditions
error handling - ANSWERSanticipation, detection and resolution of any errors
OS hardening techniques - ANSWERSprocess of securely configuring the system
against security vulnerabilities
Stream Cipher - ANSWERSusually found in hardware. Data encrypted bit by bit.
Example is RC4. Fast
Block Cipher - ANSWERSfound in software. Applied to block data (64 contiguous bits)
at once as a group. Very slow but more secure than Stream
Confidentiality goal - ANSWERSrandom ppl cant see your messages, only the intended
receiver
Integrity goal - ANSWERSmessage sent has not been changed
