Security+ Study

Description

Study questions for COMPTIA Security+
Angela Lipford
Flashcards by Angela Lipford, updated more than 1 year ago
Angela Lipford
Created by Angela Lipford almost 7 years ago
7
0
1 2 3 4 5 (0)

Resource summary

Question Answer
Which X.509 cert cannot contain private keys and uses Base 64 format for encoding? .P7B - MS OS and JAVA Tomcat Supports .P7B
....BEGIN CERTIFICATE; END CERTIFICATE PEM format is the most common used certificate; cert and private key in separate files
Alternate to .CRT (Microsoft) CER (UNIX and Unix-like)
First Step in obtaining a certificate Certificate Signing Request (CSR)
Benefit of Online Status Protocol (OSCP) It checks checks validate at the server level
Secures many domains Subject Alternative Name
Key Escrow Stores keys for future use
Primary Advantage of the Certificate Authority (CA) If the CA is compromised, only certificates issued by that CA and its children are compromised
Certificate Chaining To trust a certificate, the entity must trust each and every other certificate in the chain
Purpose of a salt? To remove effectiveness of rainbow table - precomputed hash values that are pre-matched to plaintext password
Data in use is unencrypted when? Data goes from at rest to in use
Disadvantage to very strong key lengths Take more time to generate
Primary hurdle in securing low-power devices via cryptographic means ? Cryptography is power - and CPU - intensive
Finding plaintext messages that produce hash values of a message is what type of attack Collusion
First Successful algorithm for public key encryption and considered to be highly secure if sufficiently long keys is? Rivest-Shamir-Adleman (RSA)
Diffie-Hellman (DH) is A technique for secure key exchange; DHE - DH variant using ephemeral keys; Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) - DH variant using elliptic curve and ephemeral keys
Higher number DH groups have? More secure keys and require more processing overhead; Once at group 19 elliptic curve starts
Exclusive oring (XORing) is used to Obfuscate malicious code
What password salting mechanism does Blowfish use? Bcrypt
Rotate by 13 places (ROT13) mostly used for? Teaching cryptographic concepts
Digital Signature Algorithm (DSA) is used to provide digital secures for messages - authentication and integrity
PBKDF2 is used for key stretching
What cipher mode applies what Oring techniques to first plaintext block? Cipher Block Chaining
How does Electronic Cook Book cipher encrypt blocks With the same key;
Counter Mode (CTM) encryption mode of operation where a counter value is used in place of an initialization vector (IV)
Galois/Counter Mode (GCM) encryption mode of operation that adds authentication to the standard encryption services of a cipher mode.
Which hash function was developed by the open academic community? RACE Integrity Primitives Evaluation Message Digest (RIPEMD); not particularly secure
Which hashing algorithm is characterized by a 128-bit message digest but is considered to be weak and has since become a deprecated algorithm? MD5
Captive Portals? Webpage that is displayed to newly connected users before granting access to resources; using seen in public Wi-Fi
What replaced TKIP to make WPA2 more secure? Counter-Mode/CBC-Mac Protocol (CCMP)
Port security protocol 802.1X
What replaced Lightwieght Extensible Authentication Protocol (LEAP)? EAP-FAST
Which authentication mechanism requires certificates? EAP-TLS (client side)
Which authentication mechanism dos not requires certificates? EAP-TTLS; LEAP;EAP-FAST
Protected Extensible Authentication Protocol (PEAP) is not technically an Extensible Authentication Protocol (EAP) method. What exactly is it? It is a Secure Sockets Layer/Transport Layer Security (SSL/TLS) encapsulated EAP.
Why is using WPA and TKIP a poor choice for secure wireless access points? TKIP packets can be encrypted
Pre-shared key (PSK) is a part of what authentication method WPA2-Personal
Wireless client authentication method for corporate wireless network? WPA2-Enterprise
Wildcard certificates secure multiple subdomains
Subject Alternative Names secure multiple domains
A certificate signing request (CSR) is used to create a certificate. What is the third party service used to receive the corresponding certificate The certificate authority (CA)
To fully prove ownship of a domiain need to have? Extended validation certificate
Certificate Pinning? minimizes man-in-middle attacks; associates the certificate with the web server
Weak validation of domain ownership? Domain validation certificate - only proves a claim of ownership through a variety of methods, such as by emailing the contact in the domain's Whois records.
What component makes website data secure for users The certificate
What must a system administrator initially do to set up a root certificate? Self-sign the certificate
What is the best method for securing communications for users to server systems? User certs secure communications from user to servers
Computer certificates protect? Secure communications between server systems
What certificate format is often used interchangeably with .P12 .PFX
Which certificate uses only the distinguished encoding rules format? .DER
What do we call subordinate certificates that increase security because they are not created from the root certificate? Intermediate certificates
An American company wants to sell its apps to users in the European Union. What must a developer do to validate their apps as legitimate to those users? Use a code signing certificate
Show full summary Hide full summary

0 comments

There are no comments, be the first and leave one below:

Similar

2.1 Business Influences and Associated Security Risks
DJ Perrone
Types of Attacks
River L.
Information Security: Chapter 2
marcb176
Data-centric Security
Michael Mihalik
Threats
marnus.db
Information Security FULL WORK
Luis Mauricio Falla Guiulfo
Maths Revision
Asmaa Ali
PHR SPHR Labor Union Terminology
Sandra Reed
FUNCTIONALIST ROLE OF EDUCATION
ashiana121
Animal Farm CONTEXT
Lydia Richards2113