Security+ part 2

I guess I could do 10 sides in this one. Was trying to get 30 done tonight but not sure if I will get that far. I guess we will see haha. There is a ton of information to get through so this may take a while. 700 pretest questions, wow

 photo AES_zps1yvjszid.png

Honestly, encryption types are what will get me on this exam if I dont really nail them down. There are so many its a little overwhelming but lets start with defining these and maybe the reason why the answer is what it is will be clear.

  • DES – The Data Encryption Standard is a symmetric-key algorithm for the encryption of electronic data. Although its short key length is of 56 bits, criticized from the beginning, makes it too insecure for most current applications
  • AES – AES has been adopted by the U.S. government and is now used worldwide. It supersedes the Data Encryption Standard (DES),[7] which was published in 1977. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data.
  • MD5 – MD5 message-digest algorithm is a widely used hash function producing a 128-bit hash value. Although MD5 was initially designed to be used as a cryptographic hash function, it has been found to suffer from extensive vulnerabilities. It can still be used as a checksum to verify data integrity, but only against unintentional corruption. It remains suitable for other non-cryptographic purposes, for example for determining the partition for a particular key in a partitioned database.[3]
  • WEP – Wired Equivalent Privacy (WEP) is a security protocol, specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11b, that is designed to provide a wireless local area network (WLAN) with a level of security and privacy comparable to what is usually expected of a wired LAN.

Again, it smees like I would use WEP but according to this AES is better as WEP is volenerable however it does say ‘most likely’.

 photo data access_zps0oykcw5m.png

Role based access is such an odd thing because it depends on the type of server the info is on. If its on a Windows Server the access is little different but lets go through what these are because to be honest I dont know shit about file access controls on any thing but windows servers

  • MAC – Mandatory Access Control (MAC) is the strictest of all levels of control. The design of MAC was defined, and is primarily used by the government.
  • DAC – Discretionary Access Control (DAC) allows each user to control access to their own data
  • RBAC – Role Based Access Control AKA Non discretionary Access Control, takes more of a real world approach to structuring access control. Access under RBAC is based on a user’s job function within the organization to which the computer system belongs
  • ABAC – Attribute-based access control, also known as policy-based access control, defines an access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together

Honestly, this is similar conceptually and I kind of understand it rather than taking a blind guess.

 photo steganograghy_zpsexh6izms.png

There are two steganography questions on here and I understand it conceptually but man, unclear, unclear. Anyway, I’m assuming visually it appears the same and they now suspect that there is data in the image? I mean, after understanding steganography I’m not sure what else they could be talking about.

 photo esp integrity_zpsv4piwytm.png

For starters, I’m not sure what IPSec that provides ESP with integrity protection is. So that could be a good place to start

ESP = An Encapsulating Security Payload (ESP) is a protocol within the IPSec for providing authentication, integrity and confidentially of network packets data/payload in IPv4 and IPv6 networks. ESP provides message/payload encryption and the authentication of a payload and its origin within the IPSec protocol suite

That sounds like it has integrity protection. The thing is, some how this protocol is a question?? Man this is confusing. Anyway, lets go through these answers.

  • HMAC – Cryptography, an HMAC (sometimes expanded as either keyed-hash message authentication code or hash-based message authentication code) is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key
  • PCBC – Plaintext Cipher Block Chaining
  • CBC – Cipher block chaining (CBC) is a mode of operation for a block cipher (one in which a sequence of bits are encrypted as a single unit or block with a cipher key applied to the entire block). Cipher block chaining uses what is known as an initialization vector (IV) of a certain length.
  • GCM – Galois/Counter Mode (GCM) is a mode of operation for symmetric-key cryptographic block ciphers widely adopted thanks to its performance.
  • CFB – Cipher Feedback (CFB) mode, a close relative of CBC, makes a block cipher into a self-synchronizing stream cipher. Operation is very similar; in particular, CFB decryption is almost identical to CBC encryption performed in reverse:

So this is a bunch of weird block chain stuff and one cryptography answer that im assuming is the second part of the ESP solution? That’s what I’m going with.

 photo load balancer_zpscfclvuzk.png

I know about load balancers but the types of load balancers I’m not super sure on. I guess we can go through those.

  • Round-robin – rotates servers by directing traffic to the first available server and then moves that server to the bottom of the queue. Most useful when servers are of equal specification and there are not many persistent connections.
  • weighted – This method uses the response information from a server health check to determine the server that is responding fastest at a particular time. The next server access request is then sent to that server. This ensures that any servers that are under heavy load, and which will respond more slowly, are not sent new requests. This allows the load to even out on the available server pool over time.
  • Least connection – Directs traffic to the server with the fewest active connections. Most useful when there are a large number of persistent connections in the traffic unevenly distributed between the servers.
  • Locality-based – Weight assignments across different zones and geographical locations is by using explicit weights supplied via EDS in the Locality Endpoints message. This approach is mutually exclusive with zone aware routing, since in the case of locality aware LB, we rely on the management server to provide the locality weighting, rather than the Envoy-side heuristics used in zone aware routing.

That last one, that is the answer seems a little bit extra but it does say that they could be in different areas so I guess I can see that. It also took a long time to find a definition for it even though it seems obvious which would indicate its not used much. This is a bull shit question. Typically a load balancer serves a set s machines sitting in one physical location. This starts to get into some really complicated stuff because if you are serving from the data center thats where the load balancer is, why not use those?

Anyway, thats all for now. I got about 1/3 of the amount of research done that I was hoping to get done tonight but that’s ok. My brain is tired and I couldn’t make it to 10 in questions in this post. Ill get back on it tomorrow and hopefully get another 1/3 or so done.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Website Powered by

Up ↑

%d bloggers like this: