Security+ part 3…

Trying to get 15 questions into this post. Hopefully I can get that done. Will have to possibly take a few breaks in between doing that much work. Anyway, lets get into this. Trying to get this certification done quick lol. Oh I called CompTIA today and got alot of clarification on their recert process. Its not as bad as it seems. You just have to basically either do research or get a new, usually harder cert. I can handle that. I mean, my next 3-4 are booked up which should take about a year half to two years. Through that process at the end of two years I will have basically a break for about 2 years before I have to start stressing again to get my stuff renewed. I was really hoping the whole thing that was explained of get one, 3 years, the next one add 3 years and so on but but it only extends it from the date you get the cert so like if you get something in december then get a harder one in april then it only extends it to three years from april instead of being close to like a 6 year cert. However a server MCSA will renew a Network+ so thats cool. I like getting those. Man, what a lifestyle. Anyway, lets get into some questions.

photo saml_zpsmqausyvm.png

I think im confused by what they mean when they say ‘web domain’ I mean honestly that could be any database. Are they saying it has to be housed on the webserver? Regardless lets look up what these things are. I mean, I mostly know but to be honest it seems good to be very clear on exact definitions.

  • TACACS+ – (Terminal Access Controller Access Control System) is an older authentication protocol common to UNIX networks that allows a remote access server to forward a user’s logon password to an authentication server to determine whether access can be allowed to a given system.
  • RADIUS – a networking protocol, operating on port 1812[1] that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service. RADIUS is a client/server protocol that runs in the application layer, and can use either TCP or UDP as transport. Network access servers, the gateways that control access to a network, usually contain a RADIUS client component that communicates with the RADIUS server.[4] RADIUS is often the back-end of choice for 802.1X authentication as well.[5]
  • Kerberos – Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner
  • SAML – Security Assertion Markup Language (SAML, pronounced SAM-el) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.

Yep, its honestly pretty cut and dry. It uses XML and is for web SSO and I honestly was unaware of what it was. Kerberos confuses me slightly but the tickets are based on a time stamp so it is extremely secure. However with SAML I’m wondering where they store logins and passwords.

photo box types_zpsjjdwvpzt.png

I got this question right but I did want to go over the definitions for the various ‘box colors’ just to be clear.

  • Black box – refers to a method where an ethical hacker has no knowledge of the system being attacked
  • Gray box – technique where the hacker has to use limited information to identify the strengths and weaknesses of a target’s security network.
  • White box – a method of testing the application at the level of the source code. These test cases are derived through the use of the design techniques mentioned above: control flow testing, data flow testing, branch testing, path testing, statement coverage and decision coverage as well as modified condition/decision coverage. White-box testing is the use of these techniques as guidelines to create an error-free environment by examining any fragile code.
photo scp_zps7qbnnm8u.png

Again, not clear on the definitions of these technologies for use as file transfer.

  • HTTPS – uses an easy and secure connection to their managed file transfer (MFT) platform to support browser-based transfers without having to install a web server. MFT is primarily a file transfer server, not a web server.
  • LDAPS – open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.[1] Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network
  • SCP – (linux but can install on windows) (secure copy) is a command-line utility that allows you to securely copy files and directories between two locations. With scp , you can copy a file or directory: From your local system to a remote system using SSH.
  • SNMPv3 – Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically support SNMP include cable modems, routers, switches, servers, workstations, printers, and more. Used for network monitoring.

I still think HTTPS fits the bill however I may be missing something here.

photo sam certificate_zpszcfyyfv4.png

I got this right but I wanted to go over SAM name as it pertains to a certificate. Subject Alternative Name field lets you specify additional host names (sites, IP addresses, common names, etc.) to be protected by a single SSL Certificate, such as a Multi-Domain (SAN) or Extend Validation Multi-Domain Certificate. So generally it extends to sub domains is how I’m understanding it.

photo automated defense_zpsjzpttrtz.png

Yep, going to need to hit those definitions.

  • NIPS – network-based intrusion prevention system (NIPS) is a system used to monitor a network as well as protect the confidentiality, integrity, and availability of a network. Its main functions include protecting the network from threats, such as denial of service (DoS) and unauthorized usage.
  • HIDS – A host-based intrusion detection system (HIDS) is an intrusion detection system that is capable of monitoring and analyzing the internals of a computing system as well as the network packets on its network interfaces, similar to the way a network-based intrusion detection system (NIDS) operates.
  • Web proxy – a proxy server is a server application or appliance that acts as an intermediary for requests from clients seeking resources from servers that provide those resources./li>
  • Elastic load balancer – I think we covered this one
  • NAC – Network access control, or NAC, solutions support network visibility and access management through policy enforcement on devices and users of corporate networks.

Kind of a toss up on the NIPS or HIDS based on what I’m understanding. NIPS it is!

photo forensecs preservation_zpsdm0edzms.png
photo forensecs preservation pt 2_zpsvdccaaam.png

The weighting process on this is a bit confusing for me on this one. There is the definition below and to be honest i’m well aware of what’s involved in forensics but rabbit holes aside, it does seem like there should be some basic ideas on this.

It does match with this perfectly though so I’m good with it.

photo mdm software_zpscpqurtdo.png

This seems like a question of definition too.

  • Virtual desktop infrastructure – defined as the hosting of desktop environments on a central server
  • WS-security and geo-fencing – Geofencing is a service that triggers an action when a device enters a set location, message-level standard that is based on securing SOAP messages through XML digital signature, confidentiality through XML encryption, and credential propagation through security tokens
  • A hardware security module (HSM) – a physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing
  • RFID tagging system – type of tracking system that uses smart barcodes in order to identify items. RFID is short for “radio frequency identification,” and as such, RFID tags utilize radio frequency technology. … An RFID tag may also be called an RFID chip< /li>
  • MDM software – Mobile device management (MDM) is a type of security software used by an IT department to monitor, manage and secure employees’ mobile devices that are deployed across multiple mobile service providers and across multiple mobile operating systems being used in the organization.
  • Security Requirements Traceabiity Matric (SRTM) – s a document that maps and traces user requirement with test cases. It captures all requirements proposed by the client and requirement traceability in a single document, delivered at the conclusion of the Software devlopement life cycle

I guess MDM is the only thing that makes sense. I was thinking HSM also offered identification but that appears to be untrue.

photo website ports_zpsrgz9qpj4.png

This is the stuff that really gets me as it gets super confusing. At least for me. DNS uses TCP Port 53 for zone transfers, for maintaining coherence between the DNS database and the server. The UDP protocol is used when a client sends a query to the DNS server. The TCP protocol should not be used for queries as it gives a lot of information, which is useful to attackers. Honestly, not super clear on why a zone transfer port would be helpful in this case but ok.

photo cell phone encryption_zpscqkdkww8.png

No idea what type of encryption you would use on a cell phone so lets define these things.

  • Elliptic curve – a plane algebraic curve defined by an equation of the form. which is non-singular; that is, the curve has no cusps or self-intersections
  • one-time pad – an encryption technique that cannot be cracked, but requires the use of a one-time pre-shared key the same size as, or longer than, the message being sent.
  • 3des – a cryptographic cipher. It is a symmetric key block cipher, meaning that the same key is used to encrypt and decrypt data in fixed-length groups of bits called blocks
  • AES-256 – The Advanced Encryption Standard, also known by its original name Rijndael, is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology in 2001

You know, out of the choices AES for sure makes the most sense.

photo access control types_zpsqklvkfiz.png

I’m not sure which of these uses data classification labels and to be honest, it must be that mandatory is the only one. I highly doubt that its worth learning more than that.

photo wireless auth_zpsw8nmjzcm.png

This is another type of question that worries me as you need to know every single thing about every type of encryption. Clearly the answer is PEAP for the authentication of the device to the auth server and then passing the user name and password. Thats a very specific scenario based on how it works which leads me to believe that I basically need to know every thing about every auth type. I’m not going to stress too much about encryption because to be honest there are so many ways to encrypt things and to be honest they all seem kind of the same.

photo active-passive configuration_zpsixcncw2e.png

Honestly, I have no idea what active/passive configuration is referring to so I guess we should start there. Appears to have something to do with fail over clustering which makes sense with availability per this

photo war chalking_zpsfabvwlyc.png

What the fuck is war chalking? Honestly, I didn’t even think that was real. Warchalking is the drawing of symbols in public places to advertise an open Wi-Fi network. Inspired by hobo symbols, the warchalking marks were conceived by a group of friends in June 2002 and publicised by Matt Jones who designed the set of icons and produced a downloadable document containing them. lol, ok well now I know.

photo ecrypted email_zpszfmny0ds.png

Yeah, ok. I totally fucked this one up. Lots to learn here, apparently. Why I picked steganography, I have no clue. ok so lets do a little reading. Ok, reading done and I appear to have added in ’email’ however so far I’ve learned nothing. However, this page is helpful but it doesn’t say any thing about message integrity. I guess that’s what we are going with.

photo non-repudation_zpswurl3llh.png

Well, in the previous question I learned that it means that it absolutely came from the source that it says it came from due to the use of encryption keys so thats really all I need to know about this one.

photo CASB_zpsgm3dttym.png

Some times, in my opinion, the ideas surrounding cloud services get a little confusing. This seems like platform as a service to me but maybe that doesnt offer ‘back end environmental controls’. Seriously fucking, docker, azure. Done. cloud access security broker (CASB) is an on-premises or cloud-based security policy enforcement point that is placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as cloud-based resources are accessed. THIS QUESTION SAYS NOTHING ABOUT SECURITY BUT OK.

Ok, I have 5 more questions to do out of the first lot of 100 to get through every thing I had questions about and I may get to that tonight or I may not. Either way, obviously just starting on this but making really good progress. I think I kind of took it slow with Network+ but I did pass on the first try, luckily. Anyway, reached my initial goal of 15 questions on this post

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

Website Powered by WordPress.com.

Up ↑

%d bloggers like this: