Keeping a good pace with the security stuff. I think I might have it done sooner than expected at this rate. Depending on how testing goes. I started studying this material at the start of last year and I guess made more headway than I realized. There are still somethings that escape me such as code samples that ask what kind of an attack it is. Like this first question!
I’m not sure what DEP is but hopefully it will provide some information as none of the other stuff is really helpful as to why it would be vulnerable. I guess in this case it isn’t a code sample but a set of information that didn’t come from a scanner.
DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) have proven themselves to be important and effective countermeasures against the types of exploits that we see in the wild today. Of course, any useful mitigation technology will attract scrutiny, and over the past year there has been an increasing amount of research and discussion on the subject of bypassing DEP and ASL Source
Data Execution Prevention does make sense as something you would want to have running on a web server so that clears that up. I feel like I should have been aware of that by now haha
Theses types of questions are particularly tricky when they don’t ask what they do but what technology they work with. I think its a natural assumption that over time you develop a sense of that but at first its quite an overwhelming data set to dig through that many variables. I think its fair to say that there doesn’t really need to be further research beyond notating that SAML tokenizes passwords for authentication. I mean, for me. That may not be your case but I find it unlikely that your reading this blog for research haha
You know, this is where non proprietary stuff gets tricky. With MSFT things its fairly reasonable to assume you can find and article with specific information. In this case it gets a little trickier.
However, with this one it seems pretty clear that you would want to block IP traffic however notating the subnet in the rule kind of throws me off. At this time I’m not sure why that is and ill probably check with a friend that works specifically with networking stuff.
Maybe this is a better example of the specific tech thing. Again, not really any point in looking up every feature of every one of these and listing them out however it is worth taking it in one bit at a time in knowing that a symmetric algorithm uses a stream cipher.
First of all, pay attention to type-os because I through that said ‘remove’ and second of all even if it did 636 is correct and why would you remove LDAP if you where using LDAP?
I didn’t even take a stab at this because I know nothing of the types of certificates there are. I guess a good place to start would be defining that.
- .pfx certificate –
- .cer certificate
- .der certificate
- .crt certificate
Lol well, this is a nightmare and to be honest, rightfully so. This is some deep magic putting into the hands of the general internet may not be a good idea and I feel like learning about this would be a good idea and maybe I can find a book. For now, im accepting the answer at face value.
Wow, not a lot of information here however its safe to assume they are sending email To better protect sensitive/personal information and to comply with federal regulations, AES / PHEAA is encrypting email containing protected personal information
Yeah, radius federation still requires authentication to a domain though. I mean, not wrong but its not just going to magically authenticate. My answer was not correct either though haha
Yeah, I didn’t really think about that but honestly looking back a CRL makes way more sense than a recovery agent.
Well, that’s it for today. Thats about half the questions from this set of 100 that I went through. As I said, studying is going pretty good. The road blocks are obvious.
xAFTERHOURSx 
Leave a Reply