Save
Busy. Please wait.
Log in with Clever
or
show password
Forgot Password?
Don't have an account?  Sign up 
Sign up using Clever
or
Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account. Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
focusNode
Didn't know it?
click below
 
Knew it?
click below
Don't Know
Remaining cards (0)
Know
0:00
edit
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

Emerging Issues Mid

Emerging Issues Midterm

QuestionAnswer
The SysAdmin,Audit,Network, Security (SANS) Institute offers training and IT security certifications through ___ GIAC
ISC^2 CISSP
The ___ certification is designationed by the Institute for Security and Open Methodologies... OPST
The ___ disseminates research documents on computer and network security worldwide at no cost. SANS Institute
The ___ layer is concerned with controlling the flow of data, sequencing packets... Transport
The ___ layer is concerned with physically moving electrons across a medium. Network
The ___ layer is where applications and protocols, such as HTTP... Application
The ___ layer uses IP addresses to route packets. Internet
Microsoft RPC port 135
NetBIOS port 139
NNTP port 119
POP3 port 110
SMTP port 25
The ___ tool can generate a report that can show an attacker how a Web site is structured... Paros
___ is a Web tool used to gather IP and domain information. Available in UNIX and Windows SamSpade
___ is a tool used to gather IP and domain information Whois
___ is a tool used to perform DNS zone transfers Dig
___ is a tool used to read/write data to ports over a network Netcat
Closed ports respond to a ___ XMAS scan
In an ACK scan, if the attacked port returns an RST packet.... unfiltered
The ___ relies on the OS of the attacked computer... connect scan
The ___ tool enables you to craft IP packet Hping
The ___ tool written for Phrack magazine Nmap
Unicron scan optimizes ___ ... UDP
The ___ tool can ping multiple IP addresses simultaneously Fping
___ is a protocol packet analyzer Tcpdump
___ is a reasonably priced commercial port scanner with a GUI interface. AW Security Port Scanner
___ is currently the standard port-scanning tool.... Nmap
___ was developed to assist security testers in.... Unicornscan
2 Main Testing methods Black Box / White Box
Collecting information on a company network i.e. Paros, e-mail, cookies Footprinting
4 Social engineering methods Shoulder Surfing, dumpster diving, piggy backing, phishing
Finding services used by a host to find vulnerabilities Port Scanning
What can be done to prevent a Smurf attack? Deny ICMP packets
How are SQL injections performed? When code is faulty.
How to realize digital signature with hash algorithm and public key algorithm To generate the digital signature, the sender should first generate a hash value of the message. Then the sender should sign the hash value with his private key. To verify the digital signature, the receiver should first decrypt the digital signature wit
Please explain how to do a direct and indirect DOS attack. Explain what is reflected DOS attack with example Direct DoS attack: attacker floods SYN packets directly from attacker's computer. Indirect DoS attack: attacker IP address is spoofed to hinder tracing of source.
How to reduce the DOS attack Black holing Validate the SYN rate limiting
Please explain what is ARP poisoning. And how to prevent it IP address to MAC address storage information is manipulated to reroute network traffic. It can be used for the man in the middle attack. Prevention: Static ARP table, Limit the local access
What protocol you can use to achieve workgroup switch authentication. What method you can use for wireless access authentication EAP or Radius WEP and WPA
What is AAA and explain correspondingly i. Authentication: who you are ii. Authorization: what you can do iii. Auditing: recording what people do
What are the four authentication credentials and explain that with examples? i. What you know (e.g., a password) ii. What you have (e.g., an access card) iii. What you are, or (e.g., your fingerprint) iv. What you do (e.g., speaking a passphrase)
Please list at least four main types of Biometric Scanning and list the four main aspects related to Biometric Performance Fingerprint Hand geometry Retina scan Iris scan Enrollment 2 minutes Through put 10 subject FAR % people are identified /verified as matches to template but not be FRR % of people who should be identified or verified as matches to a template but are not
what is least privilege in the authorization? a. Initially give people only the permissions a person absolutely needs to do his or her job
Please list the three access control(authorization) model DAC, MAC, RBAC
If there are too much log information, what you need to do for the configuration. Could you example to explain that. Setting up the clipping level. For example, I only log the activity that users fail for three times.
What is firewall A firewall is a system that prevents unauthorized access to or from a private network. It can be implemented as both hardware and software.
Please list the three main types of firewall types; explain what that is, and their advantage and limitation. -static: filters by header info [it is fast however they are unable to stop many types of attack] -stateful: check the state of the packet for allowing or denying of the traffic [it is low cost, fast however does not guarantee safety against application
Please explain what IDS is and what IPS is -Intrusion Detection System: Looks for suspicious traffic, sends an alarm message if attack appears serious; does not drop data - Intrusion Prevention System: use ids filtering mechanisms to prevent certain traffic similar to firewall
Please list the five main components in unified threat management: -stateful inspection firewall -Antivirus filtering (application proxy firewall) -VPN -DOS protection -NAT
Please list the four main kinds of firewall architecture: -single router -main border -DMZ -internal
Created by: ITSec_guy
Popular Computers sets

 

 



Voices

Use these flashcards to help memorize information. Look at the large card and try to recall what is on the other side. Then click the card to flip it. If you knew the answer, click the green Know box. Otherwise, click the red Don't know box.

When you've placed seven or more cards in the Don't know box, click "retry" to try those cards again.

If you've accidentally put the card in the wrong box, just click on the card to take it out of the box.

You can also use your keyboard to move the cards as follows:

If you are logged in to your account, this website will remember which cards you know and don't know so that they are in the same box the next time you log in.

When you need a break, try one of the other activities listed below the flashcards like Matching, Snowman, or Hungry Bug. Although it may feel like you're playing a game, your brain is still making more connections with the information to help you out.

To see how well you know the information, try the Quiz or Test activity.

Pass complete!
"Know" box contains:
Time elapsed:
Retries:
restart all cards