Variations on a theme..it can be tough, Security+

Keeping a good pace with the security stuff. I think I might have it done sooner than expected at this rate. Depending on how testing goes. I started studying this material at the start of last year and I guess made more headway than I realized. There are still somethings that escape me such as code samples that ask what kind of an attack it is. Like this first question!

 photo 3_zpsw8lye5ki.png

I’m not sure what DEP is but hopefully it will provide some information as none of the other stuff is really helpful as to why it would be vulnerable. I guess in this case it isn’t a code sample but a set of information that didn’t come from a scanner.

DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) have proven themselves to be important and effective countermeasures against the types of exploits that we see in the wild today. Of course, any useful mitigation technology will attract scrutiny, and over the past year there has been an increasing amount of research and discussion on the subject of bypassing DEP and ASL Source

Data Execution Prevention does make sense as something you would want to have running on a web server so that clears that up. I feel like I should have been aware of that by now haha

 photo 5_zpsncbm8tpe.png

Theses types of questions are particularly tricky when they don’t ask what they do but what technology they work with. I think its a natural assumption that over time you develop a sense of that but at first its quite an overwhelming data set to dig through that many variables. I think its fair to say that there doesn’t really need to be further research beyond notating that SAML tokenizes passwords for authentication. I mean, for me. That may not be your case but I find it unlikely that your reading this blog for research haha

 photo 4_zpslqcp2n7t.png

You know, this is where non proprietary stuff gets tricky. With MSFT things its fairly reasonable to assume you can find and article with specific information. In this case it gets a little trickier.

However, with this one it seems pretty clear that you would want to block IP traffic however notating the subnet in the rule kind of throws me off. At this time I’m not sure why that is and ill probably check with a friend that works specifically with networking stuff.

 photo 1_zpsbe61sq1p.png

Maybe this is a better example of the specific tech thing. Again, not really any point in looking up every feature of every one of these and listing them out however it is worth taking it in one bit at a time in knowing that a symmetric algorithm uses a stream cipher.

 photo 3_zpsqhq2ocmp.png

First of all, pay attention to type-os because I through that said ‘remove’ and second of all even if it did 636 is correct and why would you remove LDAP if you where using LDAP?

 photo 4_zpswytkjekm.png

I didn’t even take a stab at this because I know nothing of the types of certificates there are. I guess a good place to start would be defining that.

  • .pfx certificate –
  • .cer certificate
  • .der certificate
  • .crt certificate

Lol well, this is a nightmare and to be honest, rightfully so. This is some deep magic putting into the hands of the general internet may not be a good idea and I feel like learning about this would be a good idea and maybe I can find a book. For now, im accepting the answer at face value.

 photo 1_zpsm1jjkqms.png

Wow, not a lot of information here however its safe to assume they are sending email To better protect sensitive/personal information and to comply with federal regulations, AES / PHEAA is encrypting email containing protected personal information

 photo 5_zpsgrzo7c76.png

Yeah, radius federation still requires authentication to a domain though. I mean, not wrong but its not just going to magically authenticate. My answer was not correct either though haha

 photo 2_zpsmgxdguyd.png

Yeah, I didn’t really think about that but honestly looking back a CRL makes way more sense than a recovery agent.

Well, that’s it for today. Thats about half the questions from this set of 100 that I went through. As I said, studying is going pretty good. The road blocks are obvious.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: