Security+

TCP and UDP ports 137-139 are used for NetBIOS services, whereas 445 is used for Active Directory. TCP 1433 is the default port for Microsoft SQL, indicating that this is probably a Windows server providing SQL services.

Network-enabled printers often provide services via TCP 515 and 9100 and have both nonsecure and secure web-enabled management interfaces on TCP 80 and 443. Web servers, access points, and file servers would not typically provide service on the LPR and LPD ports (515 and 9100).

5. Denial of service — threats that deny service to legitimate users

A post-admission philosophy allows or denies access based on user activity after connection.

The annualized rate of occurrence is the number of times that risk analysts expect a risk to happen in any given year.

Network access control (NAC) systems can be used to authenticate users and then validate their system’s compliance with a security standard before they are allowed to connect to the network.

Water suppresses temperature.

The exposure factor is the percentage of the facility that risk managers expect will be damaged if a risk materializes. It is calculated by dividing the amount of damage by the asset value.

3. Repudiation — threats that cause actions to occur that cannot be denied by a user

2. Tampering — threats that involve the malicious modification of data

1. Spoofing — threats that involve user credentials and authentication, or falsifying legitimate communications

Service packs are collections of many different updates that serve as a major update to an operating system or application.

Active Directory Federation Services (ADFS)

Class D: For flammable metals like magnesium, titanium, and sodium.

Bcrypt is based on Blowfish (the b is a key hint here).

Syslog uses UDP port 514. TCP-based implementations of syslog typically use port 6514.

By default, RADIUS uses UDP and only encrypts passwords.

3. Provide diligent and competent service to principals

2. Act honorably, honestly, justly, responsibly, and legally

Typical syslog severity levels include debug, informational, notice, warning, error, critical, alert, and emergency.

1. Protect society, the common good, necessary public trust and confidence, and the infrastructure

Application logs = software analysis

Credential management systems offer features such as password management, multifactor authentication to retrieve passwords, logging, audit, and password rotation capabilities.

In TLS, both the server and the client first communicate using an ephemeral symmetric session key.

Single Sign-On (SSO) is likely to improve the user experience by eliminating barriers to authentication across multiple systems

A host intrusion prevention system (HIPS) is a security approach that uses third-party software to identify and prevent malicious activities.

Failure audits - record failed security access attempts

Electronic vaulting is a data backup task that is part of disaster recovery, not business continuity, efforts.

Incremental: changes since the last incremental backup.

The courts have applied the hearsay rule to include the concept that attorneys may not introduce logs into evidence unless they are authenticated by the system administrator.

The parol evidence rule states that if two parties enter into a written agreement, that written document is assumed to contain all the terms of the agreement.

If the provisioning system allowed the new hire to sign up for an account on their own, they would have used self-service account provisioning

Errors - indicate a significant problem

If Alex had set up accounts for his new hire on the systems he manages, he would have been using discretionary account provisioning.

Provisioning that occurs through an established workflow, such as through an HR process, is workflow-based account provisioning.

The Encapsulating Security Payload (ESP) protocol provides confidentiality and integrity for packet contents. It encrypts packet payloads and provides limited authentication and protection against replay attacks.

Application-level gateway firewalls proxy traffic for specific applications.

Static packet filtering and circuit-level gateways only filter based on source, destination, and ports.

Capacitance motion detectors monitor the electromagnetic field in a monitored area, sensing disturbances that correspond to motion.

Stateful packet inspection firewalls, also known as dynamic packet filtering firewalls, track the state of a conversation and can allow a response from a remote system based on an internal system being allowed to start the communication.

Christmas Tree Attacks: set all of the possible TCP flags on a packet, thus “lighting it up like a Christmas tree.”

Since it is run with administrative rights, it will provide a better view than normal nmap and Nessus scans. MBSA provides more detailed information about specific patches that are installed.

Teardrop Attack: uses fragmented packets to target a flaw in how the TCP stack on a system handles fragment reassembly. If the attack is successful, the TCP stack fails, resulting in a denial of service.

It can be managed internally or by a third-party and hosted internally or externally.

The Microsoft Baseline Security Analyzer, or MBSA, is a tool provided by Microsoft that can identify installed or missing patches as well as common security misconfigurations.

ISO 27001 provides guidance on implementing an information security management system (ISMS).

Parallel Test: the team actually activates the disaster recovery site for testing, but the primary site remains operational.

Tabletop Exercise: team members come together and walk through a scenario without making any changes to information systems.

OAuth provides the ability to access resources from another service.

Community Cloud: The infrastructure is shared between several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.).

Operational investigations are performed by internal teams to troubleshoot performance or other technical issues. They are not intended to produce evidence for use in court and, therefore, do not have the rigid collection standards of criminal, civil, or regulatory investigations.

Private cloud: used exclusively by a single organization.

The formula for determining the number of encryption keys required by a symmetric algorithm is n*((n − 1)/2). With six users, you will need 6*(5/2), or 15 keys.

Event: any observable occurrence on a system or network.

In reduction analysis, the security professional breaks the system down into five key elements: trust boundaries, data flow paths, input points, privileged operations, and details about security controls.

802.3 is the standard for Ethernet

Both a logical bus and a logical ring can be implemented as a physical star.

The maximum tolerable downtime (MTD) is the longest amount of time that an IT service or component may be unavailable without causing serious damage to the organization.

Security Incident: a violation or imminent threat of violation of security policies and practices.

Identity as a service (IDaaS) provides an identity platform as a third-party service.

Ethernet uses a bus topology. While devices may be physically connected to a switch in a physical topology that looks like a star, systems using Ethernet can all transmit on the bus simultaneously, possibly leading to collisions.

Registration is the process of adding a user to an identity management system.

Type 3 authentication factors are biometric, or “something you are,” rather than knowledge-based.

Out-of-band identity proofing relies on an alternate channel like a phone call or text message.

Mutation testing modifies a program in small ways and then tests that mutant to determine whether it behaves as it should or whether it fails. This technique is used to design and test software tests through mutation.

OSSTMM provides a holistic structured approach to PenTesting. Written in 2000, the open-source document stresses auditing, validation, and verification.

Knowledge-Based: Preset questions such as pet’s name.

NIST 800-12 is an introduction to computer security

Identity Proofing = The process of providing sufficient information (e.g., identity history, credentials, documents) to establish an identity.

Risk = Threat * Vulnerability

Examples of Objects include: o Files o Databases o Computers o Programs o Processes o Devices o Media

Requesting user = subject

Return on Security Investment (ROSI) calculates a new ALE, based on reduction in loss by new security controls. ROSI is: [(ALE – ALEm) – Cost of Solution] / Cost of Solution, where ALE is before controls and ALEm is after controls.

Level 3 = merchant with 20,000 to one million transactions a year.

Applies labels to subjects and objects and allows subjects to access objects when their labels match.

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities

Lattice-based: uses a matrix of classification labels to compartmentalize data.

Palm scans compare the vein patterns in the palm to a database to authenticate a user. Vein patterns are unique, and this method is a better single-factor authentication method than voice pattern recognition, hand geometry, and pulse patterns.

Bastion host = secure log server; most effective way to ensure that logs survive a breach.

Must complete a Report on Compliance (RoC)

Similarly, shadow IT is part of the issue as it occurs when individuals introduce unauthorized hardware or software to a workplace environment.

Service ports: Application service ports allow client software to connect to applications over a network. These should either be disabled or blocked at a firewall if remote access is not required.

SPML is used to exchange user information for SSO.

3. Attacks and exploits

Must have an external auditor perform the assessment by an approved Qualified Security Assessor (QSA).

Configuration drift occurs when malware exploits an undocumented configuration change on a system, which has occurred in this situation.

Common Use: Used in scenarios where two organizations need to share resources but don’t want their trust relationship to extend to other interconnected networks or domains.

System services: Services provide a library of functions for different types of applications. Some services support local features of the OS and installed applications. Unused services should be disabled.

Level 1 = large merchant with over six million transactions a year.

Direction: Mutual trust where A trusts B and B trusts A.

1. Planning and scoping

Common Use: Common in peer-to-peer network relationships, especially within a forest of domains where each domain trusts each other.

Transitivity: If A trusts B, and B trusts C, then A automatically trusts C, and vice versa.

Smartcards typically present a certificate but may have other token capabilities built in.

Direction: Mutual trust, where A trusts B and B trusts A.

ISAC: Information Sharing and Analysis Centers

Transitivity: Trust does not extend beyond the two parties involved. If A trusts B, and B trusts C, A does not trust C.

After attending a security seminar, management inquired about ways to secure directory services. If the company uses Microsoft’s Active Directory, which of the following implementations is the IT team most likely to suggest?

Layer 4 load balancers handle user sessions with session affinity. When a client establishes a session, it stays with the node that first accepted the request. An application-layer load balancer uses persistence to keep a client connected to a session. Persistence typically works by setting a cookie

Configuring the security log to record key indicators and then reviewing the logs for suspicious activity is usage auditing.

Security Information and Event Management (SIEM): o Correlates individual events or data points (observables) into a meaningful indicator of risk, or Indicator of Compromise (IOC) o Correlation is the principal factor distinguishing it from basic log management

Sensitivity is already accounted for in CER charts.

Where FAR = FRR

The ability to create a secure key pair of the required strength using the chosen cipher is key generation.

A non-transparent proxy configuration means that the client must be configured with the proxy server address and port number to use it.

If performance is not accceptable, assess other biometric systems to compare them.

Type 2 Error: False positive

EAP-FAST = EAP with Flexible Authentication via Secure Tunneling

Type 1 Error: False negative

Transparent: A transparent proxy must be implemented on a switch, router, or other inline network appliance.

If a host is detected, a port scan will be performed for the first 1000 ports on each IP in the scope.

-PR: Send ARP requests to a target for a response. Not usually blocked by firewalls like a ping scan.

In a self-encrypting drive (SED), the drive controller, rather than the operating system (OS), controls cryptographic functions.

A digital signature is created

Uses symmetric encryption, whereas PKI uses asymmetric.

An SYN flood attack works by withholding clients’ ACK packets during TCP’s three-way handshakes that can increase the server session queues and prevent other legitimate clients from connecting. The server will continue to send SYN/ACK packets because there is no acknowledgment and will not timeout u

Default Behavior: Ping and send a TCP ACK packet to ports 80 and 443 to determine whether a host is present.

Sender encrypts their message digest with their private key

Brute Force Attack: Attacker attempts every possible combination in the output space in order to match a captured hash and guess the password.

Service Level Agreement (SLA): a contractual agreement setting out the detailed terms or expectations under which a service is provided.

Authentication factors verify an account holder’s credentials, while authentication attributes are either non-unique or cannot independently authenticate a user’s credentials.

Service-Oriented Architecture (SOA) can build services from other services, while an implementation of microservices develops, tests, and deploys microservices independently.

Technical: I.E. > permissions restricting a user account; endpoint security software

o Logs allows an administrator to tune firewall rulesets, remove or block suspect hosts and processes from the network, or deploy additional security controls to mitigate any identified threats

Network-Based Intrusion Detection System (NIDS):

Management Plane: used to monitor traffic conditions and network status. SDN can be used to manage compatible physical appliances, but also virtual switches, routers, and firewalls.

SSH = Secure Shell

Administrative: I.E. > user training

Compared to a differential backup, both full backups and incremental backups clear the archive attribute.

Hypervisors manage the virtual machine environment and facilitate interaction with the computer hardware and network. The computer component is the platform that hosts the virtual environment. Multiple computers may also be networked together.

Layer 2 Tunneling Protocol/Internet Protocol Security (L2TP/IPSEC) = supports many platforms

Includes all files changed since the last full backup

Control Plane: makes decisions about how traffic should be prioritized, secured, and switched. A software-defined networking (SDN) application can be used to define policy decisions.

Deals with electrical impulses or optical pulses, sent as bits to convey data.

o ACL only allows the minimum amount of traffic required for the operation of valid network services and no more

o Operates at OSI layer 3

Implemented primarily by people rather than systems.

Operational: Controls for the human element.

o Software application running on a single host

o Can analyze the HTTP headers to identify code that matches a pattern

Authentication Service = Responsible for authenticating user logon requests.

KDC = Component of Kerberos that authenticates users and issues tickets (tokens).

Clients request services from application servers, which both rely on an intermediary - a Key Distribution Center (KDC) - to vouch for their identity.

o Provides confidentiality and/or authentication and integrity

WPA3: o SAE (Simultaneous Authentication of Equals) o Enhanced Open - enables encryption for the open authentication method o GCMP (AES Galois Counter Mode Protocol) o Management protection frames -mandates use of these to protect against key recovery attacks

WPA2: o AES-128 - Replaces RC4 o CCMP (Cipher Block Chaining Message Authentication Code Protocol) - Replaces TKIP o Designed to make replay attacks harder

The process of removing a header (and possibly a footer) from the data received from a previous layer in the OSI model is known as de-encapsulation.

Success audits - record successful security accesses

Discretionary access control (DAC) allows object owners to make decisions.

All subjects/objects have a label.

Compartmentalized: Where there is no relationship between each domain.

Dynamic knowledge-based authentication relies on facts or data that the user already knows that can be used to create questions they can answer on an as-needed basis (for example, a previous address, or a school they attended).

Subject claiming an identity.

Federation: where one domain trusts users from another domain.

Common Use: Ideal for isolated or temporary trust situations, like granting a specific domain or organization access to resources without extending that trust further.

With SASL, the client and server negotiate which supported authentication mechanism to use, such as Kerberos. The STARTTLS (transport layer security (TLS) as part of SASL) command mandates encryption (sealing) and message integrity (signing). Microsoft’s Active Directory (AD) prefers this LDAP.

Online Certificate Status Protocol (OCSP): Validates the status of specific digital certificates.

Offline Attack: Attacker obtains a database of password hashes for later use.

Symmetric Ciphers: Assures confidentiality, well-suited to bulk encrypting large amounts of data.

Sender’s public key used to decrypt the message digest

For systems running in System High mode, the user must have a valid security clearance for all information processed by the system, access approval for all information processed by the system, and a valid need to know for some, but not necessarily all, information processed by the system.

Procedures are formal, mandatory documents that provide detailed, step-by-step actions required from individuals performing a task.

The Service Organizations Control audit program includes business continuity controls in a SOC 2, but not SOC 1, audit.

The project scope and planning phase includes four actions: a structured analysis of the organization, the creation of a BCP team, an assessment of available resources, and an analysis of the legal and regulatory landscape.

The Grandfather/Father/Son, Tower of Hanoi, and Six Cartridge Weekly schemes are all different approaches to rotating backup media that balance reuse of media with data retention concerns.

6. Elevation of privilege — threats that provide higher privileges to unauthorized users

The annualized loss expectancy is calculated by multiplying the single loss expectancy (SLE) by the annualized rate of occurrence (ARO).

WEP uses an initialization vector that is too small and does not change.

Halon and carbon dioxide remove the oxygen supply from a fire.

4. Information disclosure — threats that involve exposure of data to unauthorized individuals

Soda acid and other dry powder extinguishers work to remove the fuel supply.

The Remediation phase of incident handling focuses on conducting a root-cause analysis to identify the factors contributing to an incident and implementing new security controls, as needed.

The DES modes of operation are:

Resource-based access controls match permissions to resources like a storage volume. Resource-based access controls are becoming increasingly common in cloud-based infrastructure as a service environments.

In a platform as a service solution, the customer supplies application code that the vendor then executes on its own infrastructure.

This can provide a powerful tool when multiple networks need to appear to be part of the same network such as between distinct physical buildings or sites.

Symmetric algorithms are thought to be resistant to future quantum attacks

Diffie-Hellman is a protocol for key exchange.

AES and 3DES are both replacements for DES

Class C: For electrical equipment fires.

XTACACS is an earlier version

Virtual extensible local area networks (VXLANs) allow virtual layer 2 networks to be created overlaid on top of layer 3 networks.

Class A: For ordinary combustibles like wood, paper, and cloth.

It is a Cisco proprietary protocol with added features beyond what RADIUS provides, meaning it is commonly used on Cisco networks.

TACACS+ is the most modern version of TACACS, the Terminal Access Controller Access-Control System.

Unfortunately, the RADIUS protocol only supports the weak MD5 hash function.

4G networks encrypt traffic between the cellular device and the base station but do not provide encryption after that point.

Single sign-on would help if all of the systems had the same sensitivity levels, but different credentials are normally required for higher-sensitivity systems.

Increases security by decreasing the likelihood that users will write down their passwords.

Network intrusion detection systems (NIDS)

In an electronic vaulting approach, automated technology moves database backups from the primary database server to a remote site on a scheduled basis, typically daily.

Transport mode does not encrypt the header of the packet.

The Authentication Header provides authentication, integrity, and nonrepudiation for IPsec connections.

Differential: all files since the last full backup.

The hearsay rule says that a witness cannot testify about what someone else told them, except under specific exceptions.

Capability tables list subjects and what objects they can access.

If there was a central, software-driven process, rather than HR forms, it would have been automated account provisioning.

The best evidence rule states that copies of documents may not be submitted into evidence if the originals are available.

An access control matrix is a table that lists objects, subjects, and their privileges. Access control lists focus on objects and which subjects can access them.

Category 3 UTP: 10 Mbps

Wave pattern motion detectors transmit ultrasonic or microwave signals into the monitor area, watching for changes in the returned signals bouncing off objects.

When forensic evidence or information is produced for a civil case, it is called eDiscovery.

ISO 9000 covers quality management

ISO 27701 covers privacy

ISO 27002 is an international standard focused on information security

Full Interruption Test: the team takes down the primary site and confirms that the disaster recovery site is capable of handling regular operations. The full interruption test is the most thorough test but also the most disruptive.

Logging: the best way to provide accountability for the use of identities.

Checklist Review: the least disruptive type of disaster recovery test. Team members each review the contents of their disaster recovery checklists on their own and suggest any necessary changes.

Ex. AWS, Google Cloud, Microsoft Azure

OpenID is a widely supported standard that allows a user to use a single account to log into multiple sites, and Google accounts are frequently used with OpenID.

In the public cloud computing model, the vendor builds a single platform that is shared among many different customers.

SLE = Single Loss Expectancy

The recovery point objective (RPO) identifies the maximum amount of data, measured in time, that may be lost during a recovery effort.

XACML is used to describe access controls.

The recovery time objective (RTO) is the amount of time expected to return an IT service or component to operation after a failure.

Adverse Event: any event with negative consequences.

Firewalls typically use Rule-Based Access Controls (RBAC).

Allowing individual administrators to make choices about the objects they control provides scalability and flexibility.

802.15.1 was the original Bluetooth IEEE standard.

Attribute-based access control (ABAC) allows specifying details about subjects, objects, and access, allowing granular control.

802.1x provides port-based authentication and can be used with technologies like EAP, the Extensible Authentication Protocol.

Hybrid: Where both hierarchy and compartments are used.

Hierarchical: Each domain is ordered and related to other domains above and below it.

800-86 is the “Guide to Integrating Forensic Techniques into Incident Response.”

Smoke testing focuses on simple problems with impact on critical functionality

800-34 covers contingency planning

Nonregression testing checks to see whether a change has had the effect it was supposed to

The Open Web Application Security Project (OWASP) is an organization aimed at increasing awareness of web security and provides a framework for testing during each phase of the software development process.

NVD = National Vuln DB

Decentralized access control empowers people closer to the resources to control access but does not provide consistent control.

Access control lists (ACLs) are object-focused rather than subject-focused.

Regression testing, which is a type of functional or unit testing, tests to ensure that changes have not introduced new issues.

Level 4 = small merchant with under 20,000 transactions a year.

Capability Table: an access control model that focuses on subjects and identifies the objects that each subject can access.

Can either have an external auditor or submit a self-test that proves they are taking active steps to secure the infrastructure.

The ISSAF contains a list of 14 documents that relate to PenTesting, such as guidelines on business continuity and disaster recovery along with legal and regulatory compliance.

Level 2 = merchant with one to six million transactions a year.

Group Policy provides the ability to monitor and apply settings in a security baseline.

4. Reporting and communication

Penetration Testing Execution Standard (PTES) = Provides a comprehensive overview of the proper structure of a complete PenTest. Some of the sections include details on topics such as pre-engagement interactions, threat modeling, vulnerability analysis, exploitation, and reporting.

XACML is used for access control policy markup.

Transitivity: Trust does not extend to third parties. If A trusts B, and B trusts C, neither A nor C trusts each other.

2. Information gathering and vulnerability scanning

Layer 4 vs. Layer 7 load balancers:

Security Assertion Markup Language (SAML) is the best choice for providing authentication and authorization information, particularly for browser-based SSO.

Network interfaces: Interfaces provide a connection to the network. Some machines may have more than one interface. If any of these interfaces are not required, they should be explicitly disabled rather than simply left unused.

Static tokens are physical devices that can contain credentials and include smart cards and memory cards.

Asynchronous tokens typically require a challenge to be entered on the token to allow it to calculate a response, which the server compares to the response it expects.

Synchronous: soft tokens, such as Google Authenticator, use a time-based algorithm that generates a constantly changing series of codes.

After news of a breach at a competitor, IT at a manufacturer looks to harden server systems. Which system properties should IT disable if they are not in use?

Network Behavior and Anomaly Detection (NBAD): o Uses heuristics to generate a statistical model of baseline normal traffic

Direction: A trusts B, but B doesn’t trust A.

Security Orchestration, Automation, and Response (SOAR): o Solution to the problem of the volume of alerts overwhelming analysts’ ability to respond

Extended Validation (EV): Proves domain ownership and legal identity.

Common Use: Often used in hierarchical structures, like in a domain environment where a parent domain trusts a child domain.

Transitivity: If A trusts B, and B trusts C, then A automatically trusts C.

Direction: A trusts B; B doesn’t necessarily trust A.

Protected Access Credential (PAC) instead of a certificate.

Having a web server certificate with a fully qualified domain name (FQDN) that does not match the Common Name (CN) with the Subject field will cause trust error messages to site visitors.

Intercepting: An intercepting proxy is configured to intercept client traffic without the client having to be reconfigured.

The extension attributes of a V3 certificate.

FRR = False Rejection Rate

FAR = False Acceptance Rate

Some techniques, such as HTTP Public Key Pinning (HPKP) have been deprecated.

CER = Crossover Error Rate

EAP-­TLS uses certificate-based authentication.

-sA: Sends a TCP ACK which reveals firewall rulesets, which ports are filtered, and if a firewall is stateful or not.

Timing: o -T0 and -T1: Very slow, evade IDS and network defenses o -T4: Fast, stable speed, conduct efficient network maintenance

Pinning: Ensure when a client inspects the certificate presented by a server or a code-signed application, it is inspecting the proper certificate.

-sn: Focuses on discovery only, showing which hosts respond to probes.

-A: Fingerprinting that reveals the OS type, service versions, and includes a traceroute.

An engineer configures a proxy to control access to online content for all users in an organization. Which proxy type does the engineer implement by using an inline network appliance?

-F: Fast scan of 100 ports.

Hybrid Attack: Attacker uses a combination of dictionary and brute-force attacks to obtain a password.

With session affinity, when a client establishes a session, it remains with the node that first accepted its request, while an application-layer load balancer uses persistence to keep a client connected by setting up a cookie.

FTP has no encryption. FTPS adds transport layer security (TLS), and SFTP is an entirely different protocol based on the network protocol SSH (secure shell).

Nondisclosure Agreement (NDA): provides a legal basis for protecting information assets. NDAs are used between companies and employees, between companies and contractors, and between two companies.

RDP = Remote Desktop Protocol

o Will NOT block the traffic during an attack

o Training and tuning are complex, which results in high false positive and false negative rates, especially during initial deployment

o Can identify and log hosts and applications and detect attack signatures and other indicators of attack

Physical: I.E. > security locks inserted into USB ports

Data Plane: handles the actual switching and routing of traffic and imposition of security access controls. Decisions made in the control plane are implemented on the data plane.

Hypervisors are the Virtual Machine Monitor (VMM) and guest operating systems are the Virtual Machines (VM) found within the virtual platform.

Only includes files changed since the last incremental backup

Deterrent: Discourages from attempted access, whether physical or logical.

Physical: Restrict access, i.e. with a door lock.

Secure Socket Tunneling Protocol (SSTP) = native Windows VPN solution

Preventative: Eliminate/reduce likelihood of an attack.

Dynamic ARP inspection: mitigates ARP poisoning. Relies upon DHCP snooping being enabled.

Managerial: Oversight of a system.

o Uses proxies for each service it filters

BPDU (Bridge Protocol Data Unit) Guard: Shuts a port down when a STP BPDU is received.

Technical: Hardware/software of an organization.

Usually configured on an edge port, which means the port should not receive any STP (Spanning Tree Protocol) BPDUs.

o Stateless

PortFast: Cisco technique that puts a switch interface into forwarding mode immediately; skips the learning and listening states.

o A stand-alone hardware firewall that performs the function of a firewall only

o Monitors all traffic passing into and out of a network segment

o The other core protocol of IPsec

o One of the two core protocols of IPsec

MAC Security: o DHCP snooping guards against MAC spoofing. o DAI guards against invalid MAC addresses.

WPA3 Personal Authentication o Also referred to as Password Authenticated Key Exchange (PAKE)

WPA2 PSK = Pre-Shared Key Authentication o Uses a passphrase to generate the key that is used to encrypt communications o Also referred to as group authentication because a group of users share the same secret

TKIP = Temporal Key Integrity Protocol A mechanism used in WPA 1 to improve the security of wireless encryption mechanisms, compared to the flawed WEP standard.

With regard to digital certificates, which of the following defines key usage for a certificate’s public key?

Interconnection Security Agreements (ISA): used for integrating systems. Any federal agency interconnecting its IT system to a third party must create an ISA to govern the relationship.