15 Security questions I had to research

Its Wednesday, currently, it may not be by the time this is done. In fact I’m almost certain that it will be after midnight. I would be shocked If I got all this done in 55 mins. Any way, what did you guys think and about The Shadow and Tom Waits. Super cool stuff right. Totally some thing that like Jack White would be into right lol. Anyway. Moving forward. The Deftones are pretty cool. Man, they sure have been a band for a while. Did you guys ever hear that White Pony album. Here, Ill hum a few bars from one of the tracks:

For some reason, that weirdly reminds me of my last relationship. Wow, was that too personal. Ultimately, I feel like I would be cheating my self if i didnt get slightly personal lol

Hey you guys see that new Slipknot? Damn that shit is hard.

Anyway… I guess we could get into some actual work and learning instead of being generic and attmepting to sk8 to prove we are cool

 photo 1_zpsquikonw9.png

You know, this is uha, as previously noted these can be tricky so lets go through the definitions.

  • SHA1 – typically rendered as a hexadecimal number, 40 digits long. It was designed by the United States National Security Agency, and is a U.S. Federal Information Processing Standard
  • RIPEMD -a family of cryptographic hash functions developed in 1992 (the original RIPEMD) and 1996 (other variants). There are five functions in the family: RIPEMD, RIPEMD-128, RIPEMD-160, RIPEMD-256, and RIPEMD-320, of which RIPEMD-160 is the most common.
  • The original RIPEMD, as well as RIPEMD-128, is not considered secure because 128-bit result is too small and also (for the original RIPEMD) because of design weaknesses. The 256- and 320-bit versions of RIPEMD provide the same level of security as RIPEMD-128 and RIPEMD-160, respectively; they are designed for applications where the security level is sufficient but longer hash result is necessary.
  • While RIPEMD functions are less popular than SHA-1 and SHA-2, they are used, among others, in Bitcoin and other cryptocurrencies based on Bitcoin.
  • MD5 – it has been found to suffer from extensive vulnerabilities
  • DES -Data Encryption Standard is a symmetric-key algorithm for the encryption of digital data. Although its short key length of 56 bits—criticized from the beginning—makes it too insecure for most current applications, it has been highly influential in the advancement of modern cryptography

Lots of options but per wikipedia MD5 is terrible.

 photo 4_zpsetjwjykr.png

I can’t figure this one out are they saying the traffic is dropping at the 192.168 address? There are some things going on here that I’m not clear on. Honestly I would have to run a tracert to figure this out. The internet isnt going to be helpful and I have no idea what the hell kind of information that is.

 photo 2_zpsjbigwwrt.png

I got this right but it was kind of an obvious guess but I have no idea what an AAA system and I wanted to figure out what that is refers to Authentication, Authorization and Accounting. It is used to refer to a family of protocols that mediate network access. Two network protocols providing this functionality are particularly popular: the RADIUS protocol, and its newer Diameter counterpart.

Well, I guess I didnt really need to know that but its good to find out those sorts of things I suppose?

 photo 5_zpselrr8tfr.png

I’m not sure what an IGAP packet is or where its getting that. Its clear that its sending a packed and that there is an issue with it though. IGMP is an integral part of IP multicast. so I think its safe to assume its a multicast packet but the other part of this is IGAP packets are part of IGMP which is the indicator that its not a TCP.

Wow, I can actually figure out some of this stuff and maybe I’ll get a cert out of this. Awesome haha, only tie will tell.

 photo 3_zpseqzk8d4m.png

LOL, I totally forgot what these are and took a guess again. Humm, I just put on this show about people using computers and its some how more helpful in my level of focus than watching other shows haha

  • ROI – Return on investment
  • ARO – Annualized Rate of Occurrence
  • ALE – Annualized loss expectancy
  • MTBF – Mean time between failures
  • MTTF – Mean time to failure
  • TCO – Total cost of ownership

Single Loss Expectancy The Dollar Amount of what it would cost to replace the device if it malfunctioned or was lost, damaged or stolen. SLE x ARO = ALE ALE = Annual Loss Expectancy in dollars ARO = Annual Rate of Occurrence

 photo 4_zpsvfzvp3eb.png

Clearly I got this one totally wrong. I’m not sure what CSRF is and apparently how XSS works. Personally, I think of it like pivoting which may be wrong. It seems like you have to be authenticated to something though dosent it? Or atleast connected.

Anyway, lets get a look at what CSFR is , also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf[1]) or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts.[2] There are many ways in which a malicious website can transmit such commands; specially-crafted image tags, hidden forms, and JavaScript XMLHttpRequests, for example, can all work without the user’s interaction or even knowledge. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user’s browser. So its basically the same thing but it does use a trusted connection. Honestly, that makes it cut and dry but I’m still confused about running java on a web app your not connected to? You know, this type of specific terminology gets really hazy, every time. There are specific ideas that people have behind it but as already noted in another question there isn’t much point to nailing down brass tacks on this if it works and its loosely within a idea. The crazy thing is that music genres work the same way.

 photo 2_zps19rqjsxp.png

lol what the hell is this and why would use a single tier solution that’s completely internal. I can understand having a DC that replicates but having one internal point failure seems less than ideal.

 photo 3_zpsnju1crdr.png

Input validation on an FTP site would amount to fuzzing which is not what they are talking about. It says transferring or transport protection. Not generic breaking and entering haha but ok though. I mean, your not fooling me with this FTP site shit its a storage server.

 photo 1_zps7krr5bp4.png

I think I got this wrong because I don’t know what IAM is so I guess I should figure out what that is Identity management, also known as identity and access management, is a framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and Data Management.

There is no information about radius that I can find quickly so I’m just going with it.

 photo 5_zpsaqgo7zsz.png

I should have known this one but any way, here is a link on EAP-TLS certs

 photo 4_zpscquesslj.png

I actually looked this one up at the time and as previously noted MD5 is not great and AES was the correct answer.

 photo 1_zps1askmep8.png

This is so crazy, it selects a color and then mixes the two colors and that’s the key. Interesting, Diffie-Hellman key exchange

lol sick

 photo 2_zpsh7yzompe.png

This isn’t wrong but both of these are right given that there are thousands or hundreds of thousands of companies that manufacture IoT devices proving that they are all falling under one umbrella is kind of tough…

 photo 3_zpsxmpsxfuw.png

I’m not really sure why I put this here given that I got it right but there are a lot of factors and I feel its cut and dry.

 photo 5_zpsi5apfcc6.png

This one seems opinion based changing the length would also be a good idea. That was my first answer.

All right, that’s all for now. I got a new phone yesterday and I might set it up before going to bed to let every thing sync. Who knows, wild adventure. I was waiting till a case I ordered came up but I’m not sure I really want to wait haha

Tom Waits! The Shadow! Incorrect Answers! All this and more!

Alright, about half way through. The first time. As you know it takes me more than one go around and then I seem to pass real sketchy and right on the money like but thats ok. If you can read this put 2 dollars into into my paypal its Nickrbarnes@gmail.com thanks for your contributions. This is independently maintained and its a vital part of my existence so thanks for not reading it future employers. Please contact me via my text message. Thank you. Is this making any sense? I didn’t think so. I haven’t really been too personal lately and theres sometimes a guy, that comes along and does this thing. Some folks call him Bob Dylan other folks call him Tom Waits. Personally, I’m pretty sure hes the drummer for Megadeath but the world may never know without extensive research into the modern principles of why people buy watches with diamonds on them as if accurate time keeping was ever a reason to spend 50k on a watch especially given that literally if you dont have a cell phone what are you even doing. Unless your poor then I will DM you 5 dollars from my cash app for the troubles of insulting your given level of poverty. I live with my aunt for reasons but mostly its on acccount of the cost and convince.

Anyway for all you songsters out there that are not reading this here is song, its about driving a truck but its a ghost truck. You want to talk about shocking and spooky to be honest its too much to even photograph something like that. Did you know if you take a photo of a lockness monster you turn into a rat guy right away and thats not even a good thing at all.

 photo 3_zpsbmjujbf0.png

I’m not really sure what “HA in a web application server” I took at stab at it and wasn’t terribly fora off but lets start with

Ok, Properly designing high-availability (HA) web applications on the Cloud is a difficult task due to the overwhelming number of components and failure scenarios that can arise. In the real world, there is a large variance between deployments because virtually every web application has its own set of requirements.

So that’s pretty clear. You know, I should have figured that one out but I don’t think I did. The ALF for DDOS curbing and a load balancer makes sense. Reverse proxy servers do not

 photo 4_zpsb4bfhlh3.png

You know, upon re-reading the question what they are getting at is that people that work on “the firewall team” can implement vulnerabilities without having to have them approved by management. And you know, Ill be hones t here, that is troublesome. Or even worse, they could break currently working infrastructure.

 photo 5_zps5vyccjql.png

Realizing what rhosts is, I’m not really sure why I picked that one. To be honest, knowing what TTY is and without a long line of syntax I’m not sure that really makes sense either

Humm… is this right? me thinks no..

 photo 1_zpskmlzvr0h.png

This is for sure a coding question that is over my head. I’m not sure of the difference. I can tell you that planning and learning for expected test questions works much better than randomly doing weird shit to be attention seeking though. Wait, that’s not what this was about. What this is about is an abstrcation of a concept that doesnt have a hard definition to begin with. Basically this is some bull shit, you can XSS with Java and Java is not a machine language, as I understand it. To be honest, my answer is correct.

 photo 2_zps4l4w7mcj.png

This one is a little tougher as it was my assumption that 802.1x was done on the router and what they are describing is not on a router. And wow was I wrong

Overview of 802.1x Authentication

802.1x authentication consists of three components:

  • The supplicant, or client, is the device attempting to gain access to the network. You can configure the Arubauser-centric network to support 802.1x authentication for wired users as well as wireless users.
  • The authenticator is the gatekeeper to the network and permits or denies access to the supplicants.
  • The Aruba controller acts as the authenticator, relaying information between the authentication server and supplicant. The EAP type must be consistent between the authentication server and supplicant and is transparent to the controller.

The authentication server provides a database of information required for authentication and informs the authenticator to deny or permit access to the supplicant.

The 802.1x authentication server is typically an EAP-compliant Remote Access Dial-In User Service (RADIUS) server which can authenticate either users (through passwords or certificates) or the client computer.

An example of an 802.1x authentication server is the Internet Authentication Service (IAS) in Windows (seehttp://technet.microsoft.com/en-us/library/cc759077(WS.10).aspx).

Arubauser-centric networks, you can terminate the 802.1x authentication on the controller . The controller passes user authentication to its internal database or to a “backend” non-802.1x server. This feature, also called “AAA FastConnect,” is useful for deployments where an 802.1x EAP-compliant RADIUS server is not available or required for authentication.

So thats pretty straight forward and makes it quite plain that I did not understand 802.1x

 photo 4_zpsrrs5maip.png

This one I just fucked up and its probably a good idea to cover the definitions again

  • Botnet – a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform distributed denial-of-service attack (DDoS attack), steal data, send spam, and allows the attacker to access the device and its connection.
  • Ransomware – type of malware from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them
  • Polymorphic malware – a type of malware that constantly changes its identifiable features in order to evade detection. Many of the common forms of malware can be polymorphic, including viruses, worms, bots, trojans, or keyloggers
  • Armored virus – A type of virus that has been designed to thwart attempts by analysts from examining its code by using various methods to make tracing, disassembling and reverse engineering more difficult. An Armored Virus may also protect itself from antivirus programs, making it more difficult to trace.

Yeah thats for sure describing a botnet.

 photo 2_zpstlwxp2dj.png

This is another one of those questions where I want to say “thats really tough” but honestly a little more basic info should clear this one up… lol and the wikipedia pages for these say nothing about use or computation times. Which is totally fine given that you know some times experience makes things like this more clear and we have to take the answer at face value.

 photo 1_zpsmr68brvx.png

WPA2 does not use TLS being the key factor in this case.

 photo 5_zpssp7cczq2.png

The thing about this is that dropping an OS revision is absolutely an indicator of banner grabbing however i’m not sure if thats client or host and there is a connection attempting to be made here. That said I dont know why the host would drop info on the OS and the PC does appear to be at root which makes the pivot option seem a bit odd without further information but you are on one machine trying to connect to another.

 photo 3_zpsb22ht2n8.png

This was a thing I learned and then remembered PII data is confidential. Note taken.

I had hoped to get 10-15 more questions done tonight but I think that’s all. More to come tomorrow and in the following days. I’m sure your super excited to tune in!

More Security+, shocking!

Still going on Security, obviously, however getting back to the previous posts. I found some networking stuff that I thought was helpful. I went through several videos and this one, while long, is a really good baseline. I’m still slightly confused as to why they set up subnets when defining the IP but I’m sure eventually I’ll catch on to how that’s possibly transmitted with the packet.

So if you want some network info thats a good spot to start, for the uha firewall situation. Anyway, still unclear about the subnet? Is that indicating any thing in that range? I think that’s a safe assumption.

Anyway, lets start into the next set of questions.

Honestly, either of these work and it might be a good idea to do literally any or all of these things however B and D are fairly similar. Anyway, this one is kind of subjective but the thing is I’m kind of wondering what SCADA is exactly. I should probably know this and I’m not too proud to admit that I don’t. SCADA is an acronym for supervisory control and data acquisition, a computer system for gathering and analyzing real time data. SCADA systems are used to monitor and control a plant or equipment in industries such as telecommunications, water and waste control, energy, oil and gas refining and transportation. ok, that’s not that weird that I didn’t what that was and I cant promise that I will remember it 6 months from now when it hasn’t come up again in my normal existence.

 photo The-Moody-Blues_zpsoni9ue2u.jpg

Unrelated but that’s the Moody Blues. yeah,

 photo 4_zps0talojqh.png

To be honest, this is another one that I probably didn’t need to blog but is one of the millions of testable variables on this test. Terminal Access Controller Access-Control System Plus (TACACS+) is a protocol developed by Cisco and released as an open standard beginning in 1993. Although derived from TACACS, TACACS+ is a separate protocol that handles authentication, authorization, and accounting (AAA) services. TACACS+ have largely replaced their predecessors.

This isn’t on the the wiki page so good luck to me with spending hours researching one obscure question for what amounts to a baseline exam.

 photo 2_zpsaqmtes1i.png

Ok this one is legit, BYOD is the only thing I know what it is and I’m betting VDI (virtual desktop infrastructure?)and COPE are bull shit but lets find out.

  • VDI – Virtual desktop infrastructure
  • COPE – Company Owned/Personally Enabled (device)
  • CYOD – Choose Your Own Device

Ok this is kind of some bull shit but but BYOD is for sure not the right answer.

 photo 5_zpslggf37lc.png

I have no idea what an xmas attack is but I thought it sounded cool so lets take a look at these things.

  • MAC Spoofing – MAC spoofing is a technique for changing a factory-assigned Media Access Control (MAC) address of a network interface on a networked device. The MAC address that is hard-coded on a network interface controller (NIC) cannot be changed. However, many drivers allow the MAC address to be changed (use a VM?)
  • Pharming – a cyber attack intended to redirect a website’s traffic to another, fake site. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software.
  • Xmas attack – Christmas Tree Attack is a very well known attack that is designed to send a very specifically crafted TCP packet to a device on the network. This crafting of the packet is one that turns on a bunch of flags. There is some space set up in the TCP header, called flags.
  • ARP poisoning – a technique by which an attacker sends (spoofed) Address Resolution Protocol (ARP) messages onto a local area network. Generally, the aim is to associate the attacker’s MAC address with the IP address of another host, such as the default gateway, causing any traffic meant for that IP address to be sent to the attacker instead.

You know, the question says nothing about MAC authentication so this is kind of a throw away question.

 photo 3_zpssqmpkkis.png

I mean its right but fuck that’s a lot of variables that they are not talking about in the question I.E.

 photo 2_zpsmzjfmn2i.png

I don’t know what NC or pskill does so lets look that up, oh on nc is netcat and the -p is port that its connecting to, man page. haha this is msft, it kills a process.

 photo 5_zpsnyvfxou1.png

Thinking about Extended validation doesn’t make sense but to be honest it was the only one I knew what it was so lets look at the others.

  • Wildcard certificate – a digital certificate that is applied to a domain and all its subdomains. Wildcard notation consists of an asterisk and a period before the domain name. Secure Sockets Layer (SSL) certificates often use wildcards to extend SSL encryption to subdomains.
  • Certificate chaining – A certificate chain is an ordered list of certificates, containing an SSL Certificate and Certificate Authority (CA) Certificates, that enable the receiver to verify that the sender and all CA’s are trustworthy
  • Certificate utilizing the SAN file – lets you specify additional host names (sites, IP addresses, common names, etc.) to be protected by a single SSL Certificate, such as a Multi-Domain (SAN) or Extend Validation Multi-Domain Certificate.

You know, I should have known this and I’ve covered this before.

 photo 3_zps0mwrrxhb.png

I don’t know what any of this shit is haha

  • MOU – memorandum of understanding is a type of agreement between two or more parties ?
  • BPA – No idea, online doesn’t know
  • ITCP – Information Technology Certified Professional ? (unclear)
  • BCP – Business continuity plan

Lol there is really only one viable option here and clearly i just clicked a circle.

 photo 1_zpsh9tyfyh7.png

Yeah, the print command would indicate buffer overflow perl is clearly not java so I should have been able to figure this out out without being a coder haha

 photo 4_zpsbifegcpj.png

What the heck is DHCPOFFER/DHCPACK, MAC spoofing is faking your mac address and I don’t think that would have any thing to do with DHCP but I could be wrong also the question says im right so I’m pretty sure its the first one. Anyway the offer/acknowledge thing is done by a server so that’s kind of crazy

Well, that’s all for today. Tomorrow night I need to try to get through 100 questions again and map out some stuff to learn about

Variations on a theme..it can be tough, Security+

Keeping a good pace with the security stuff. I think I might have it done sooner than expected at this rate. Depending on how testing goes. I started studying this material at the start of last year and I guess made more headway than I realized. There are still somethings that escape me such as code samples that ask what kind of an attack it is. Like this first question!

 photo 3_zpsw8lye5ki.png

I’m not sure what DEP is but hopefully it will provide some information as none of the other stuff is really helpful as to why it would be vulnerable. I guess in this case it isn’t a code sample but a set of information that didn’t come from a scanner.

DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) have proven themselves to be important and effective countermeasures against the types of exploits that we see in the wild today. Of course, any useful mitigation technology will attract scrutiny, and over the past year there has been an increasing amount of research and discussion on the subject of bypassing DEP and ASL Source

Data Execution Prevention does make sense as something you would want to have running on a web server so that clears that up. I feel like I should have been aware of that by now haha

 photo 5_zpsncbm8tpe.png

Theses types of questions are particularly tricky when they don’t ask what they do but what technology they work with. I think its a natural assumption that over time you develop a sense of that but at first its quite an overwhelming data set to dig through that many variables. I think its fair to say that there doesn’t really need to be further research beyond notating that SAML tokenizes passwords for authentication. I mean, for me. That may not be your case but I find it unlikely that your reading this blog for research haha

 photo 4_zpslqcp2n7t.png

You know, this is where non proprietary stuff gets tricky. With MSFT things its fairly reasonable to assume you can find and article with specific information. In this case it gets a little trickier.

However, with this one it seems pretty clear that you would want to block IP traffic however notating the subnet in the rule kind of throws me off. At this time I’m not sure why that is and ill probably check with a friend that works specifically with networking stuff.

 photo 1_zpsbe61sq1p.png

Maybe this is a better example of the specific tech thing. Again, not really any point in looking up every feature of every one of these and listing them out however it is worth taking it in one bit at a time in knowing that a symmetric algorithm uses a stream cipher.

 photo 3_zpsqhq2ocmp.png

First of all, pay attention to type-os because I through that said ‘remove’ and second of all even if it did 636 is correct and why would you remove LDAP if you where using LDAP?

 photo 4_zpswytkjekm.png

I didn’t even take a stab at this because I know nothing of the types of certificates there are. I guess a good place to start would be defining that.

  • .pfx certificate –
  • .cer certificate
  • .der certificate
  • .crt certificate

Lol well, this is a nightmare and to be honest, rightfully so. This is some deep magic putting into the hands of the general internet may not be a good idea and I feel like learning about this would be a good idea and maybe I can find a book. For now, im accepting the answer at face value.

 photo 1_zpsm1jjkqms.png

Wow, not a lot of information here however its safe to assume they are sending email To better protect sensitive/personal information and to comply with federal regulations, AES / PHEAA is encrypting email containing protected personal information

 photo 5_zpsgrzo7c76.png

Yeah, radius federation still requires authentication to a domain though. I mean, not wrong but its not just going to magically authenticate. My answer was not correct either though haha

 photo 2_zpsmgxdguyd.png

Yeah, I didn’t really think about that but honestly looking back a CRL makes way more sense than a recovery agent.

Well, that’s it for today. Thats about half the questions from this set of 100 that I went through. As I said, studying is going pretty good. The road blocks are obvious.

Security+…its similar to the last one, pt. 5

Back again with more…questions. Shocking. I know. Anyway, progress is going good. I’m finding that the portion of material I don’t know is about a quarter of it so honestly, that’s really good news as far as lead time to testing. How will the test go? Who knows. I seem to be hitting right on the money lately and eventually if I keep doing that I’m going to fail. I hope I don’t because these test are expensive and I’m going to end up paying a gym a whole bunch of money to get out of a contract on something that they can provide yet offer as a service and refuse to let me out of the contract. Kind of bull shit but you know, I’m just going to keep showing up and making fun of them and explain the situation to the outlandishly cocky people that work there as if I were completely in the wrong and state the facts haha. Which makes it overwhelmingly obvious that they run a bad business or have no idea what they are doing. Regardless they are stealing money from me.

 photo 2_zpsxlhjtpwz.png

This is tough, I have no idea what someone of this coding stuff is and take my best guess. Lets get some definitions going.

  • Cross-site request forgery – an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated
  • Buffer overflow – Attackers generally use buffer overflows to corrupt the execution stack of a web application. By sending carefully crafted input to a web application, an attacker can cause the web application to execute arbitrary code, possibly taking over the machine. Attackers have managed to identify buffer overflows in a staggering array of products and components.
  • SQL injection – attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system
  • JavaScript data insertion – Cross-site scripting (XSS) is a code injection attack that allows an attacker to execute malicious JavaScript in another user’s browser.
  • Firewall evasion script – This is possible through NMAP

The thing is some of this stuff I still dont know what the code looks like but I have a basic idea. I think I should be able to recognize SQL but I’m unclear on the JAVA for sure, which happens to be the answer in this case. Am I going to have to completely learn JAVA or is there some basic stuff I can do to get a quick idea about what XSS looks like? I’ll have to do some digging but the info on the OWSAP site for now, ill stick with that and see where it gets me.

 photo 4_zpsdxaztb70.png

The thing I don’t understand about this is, why would I dig the workstation I’m on? Why is the workstation a .com I have so many questions. The workstation isn’t a domain.

 photo 1_zpsxzcc1lal.png

Honestly, I’m unclear on why a web application firewall would do this. There isnt any thing in this that clearly indicates what layer its functioning at and the OWASP site isn’t clear either but I guess I can remember that one. Honestly, with the Network+ there where not many questions from the pretest on the actual test so when you see questions like this and the previous one, your kind of just screwed.

 photo 5_zpsynxqugsy.png

Ok, so here’s the thing. Clearly SHA is the right answer as seen here here but how do I learn about all the other types of certificates and what hashing algorithms they use? No clear answer to that but I can promise you this exact question will not be on the test. Maybe the pretest will go over the rest of them.

 photo 3_zps1bhesbzx.png

I’m not sure what open relay is on an email server, An open relay is a Simple Transfer Mail Protocol (SMTP) server that is improperly configured to allow the unauthenticated relay of email. oh so that shits misconfigured and it just sends mail. Got it.

 photo 4_zpsml9dxiij.png

Why TLS is more important than a CRL is unclear to me. I’m going to look into that. lol I guess I should realize that one as TLS is SSLs replacement. Still, seems like a good idea to use a CRL as well. Just saying.

 photo 2_zpsaerdp9ft.png

I don’t know what 3 of these things are so I’m going to look them up.

  • MTBF – (mean time between failures) is a measure of how reliable a hardware product or component is.
  • ALE – Annualized loss expectancy. Used to measure risk with annualized rate of occurrence (ARO) and single loss expectancy (SLE). The ALE identifies the total amount of loss expected for a given risk. The calculation is SLE x ARO = ALE
  • ARO – annualized rate of occurrence

Lol so ARO is factored into ALE but its not a complete answer.

 photo 3_zpsgn5uhxcw.png

I’m very used to AD terms and this is new terminology to get used to these concepts as they seem to come up again and again so I may have covered this before but I’m going to go through it again.

  • Time based – this one seems obvious in that its a time of day restriction to resources
  • Manditory – mandatory access control refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target
  • Rule-based – Rules Based Access Control (RBAC), access is allowed or denied to resource objects based on a set of rules defined by a system administrator, I think this is what im used to. How could an OS with no administration perform this task?
  • Discretionary – In computer security, discretionary access control is a type of access control defined by the Trusted Computer System Evaluation Criteria “as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong, isn’t this the same as role-based? They are technically both user based
 photo 1_zpsqmvui2k0.png

To be honest I think that I picked those since they are directly mentioned in the question. I do struggle with these questions however I’m kind of surprised by the MSCHAP answer. ok, lol, according this the answer is the obvious one answer which seems correct.

 photo 5_zpsrswrlvmi.png

This is one is pretty straight forward and the answer could go either way because trojans do by pass authentication to install root kits essentially and then spread themselves. However, to be clear I’m 100% certain on what a RAT is: Remote Access Trojan (RAT) is a type of malware that allows hackers to monitor and control your computer or network lol so…a backdor.

 photo 3_zpsdstw80os.png

A Faraday cage or Faraday shield is an enclosure used to block electromagnetic fields. A Faraday shield may be formed by a continuous covering of conductive material, or in the case of a Faraday cage, by a mesh of such materials

 photo 5_zpsxei7cyzb.png

I dont really know what these terms are

  • MTBF – (mean time between failures) is a measure of how reliable a hardware product or component is. For most components, the measure is typically in thousands or even tens of thousands of hours between failures (we just did this one)
  • MTTR – Mean time to repair
  • RTO – recovery time objective
  • RPO – recovery point objective

I feel like the wording in the question is a little confusing but I understand what they are getting at and agree with it.

 photo 1_zpsiywfcpd0.png

I had gone through about 100 questions this night and I have no idea why I picked that. Client side has nothing to do with executing a sql injection. input validation is what comes into play.

 photo 2_zps64mq8srn.png

The thing is, I don’t have any clue how data deduplication could have any thing to do with this and to be honest I doubt ill find a solid answer. Data deduplication should, in theory be run, and then done with the number of files reduced.

 photo 4_zpspldzvwqs.png

lol SMPT is clearly wrong, FTPS I would have picked, SCP is what I’m confused on secure copy is a command-line utility that allows you to securely copy files and directories between two locations. and ive seen that before lol

All right, well that’s all for now and now to keep going with these pretest questions. 29% of the way through round 1 haha

Security+ pt 4

All right, first post of the year. Here’s to having goals, making them realistic and following up with them. You know, thinking about naming conventions, is this really the best idea? I mean its the first thing people see. Anyway, I had hoped to finish this cert last year. I started on it but clearly did not get anywhere close to finishing it but I did get the Network+ so I mean its close. I also underestimated this one. Just to be honest I didn’t think it would be the tremendous amount of work that it absolutely is. And should be. However I was not expecting to see 700 questions haha. Initially I was supplied with a fairly small book and a slide deck. I was pretty sure that wasn’t going to cut it. Glad I didn’t try but to be honest I studded that stuff and learned from it so it was not a waste of time.

 photo steganography_zpslxyidbk6.png

I know we covered this at least once before and I mentioned ‘did we talk about this already’ but here we are. Is this James Bond lol? Honestly, I’m not sure what they are talking about, for the reason, of transferring hidden data. Anyway, Steganography.

 photo peap again_zpszgr3qx15.png

This is the stuff that will kill me on the test. I don’t think there is any way around getting a string of these looped together wrong given the margin for definitional argument. Given that, ill try.

  • EAP-TLS – EAP is an authentication framework, not a specific authentication mechanism.[1] It provides some common functions and negotiation of authentication methods called EAP methods. There are currently about 40 different methods defined. Methods defined in IETF RFCs include EAP-MD5, EAP-POTP, EAP-GTC, EAP-TLS, EAP-IKEv2, EAP-SIM, EAP-AKA, and EAP-AKA’. Additionally, a number of vendor-specific methods and new proposals exist. Commonly used modern methods capable of operating in wireless networks include EAP-TLS, EAP-SIM, EAP-AKA, LEAP and EAP-TTLS. Requirements for EAP methods used in wireless LAN authentication are described in RFC 4017. The list of type and packets codes used in EAP is available from the IANA EAP Registry. It also uses certificates.
  • WPS – WPS stands for Wi-Fi Protected Setup. It is a wireless network security standard that tries to make connections between a router and wireless devices faster and easier. WPS works only for wireless networks that use a password that is encrypted with the WPA Personal or WPA2 Personal security protocols
  • PSK – In cryptography, a pre-shared key (PSK) is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used.
  • PEAP – PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a secure TLS tunnel to protect user authentication, and uses server-side public key certificates to authenticate the server. It then creates an encrypted TLS tunnel between the client and the authentication server. In most configurations, the keys for this encryption are transported using the server’s public key. The ensuing exchange of authentication information inside the tunnel to authenticate the client is then encrypted and user credentials are safe from eavesdropping.

Yeah, i was close but PEAP doesn’t use a certificate.

 photo diffie-Hellman_zpsmxzn7j9i.png

Im going to be real honest, I got this right but I’m not really sure why haha

  • RIPEMD – RIPEMD (RIPE Message Digest) is a family of cryptographic hash functions developed in 1992 (the original RIPEMD) and 1996 (other variants). There are five functions in the family: RIPEMD, RIPEMD-128, RIPEMD-160, RIPEMD-256, and RIPEMD-320, of which RIPEMD-160 is the most common.
  • ECDHE – ECDHE stands for Elliptic Curve Diffie-Hellman Ephemeral. We recall that the purpose of Diffie-Hellman is to exchange a secret over an insecure channel; both sides build their own secret key from a value they received from the other participant: this is key exchange
  • Diffie-Hellman – method of securely exchanging cryptographic keys over a public channel and was one of the first public-key protocols as originally conceptualized by Ralph Merkle and named after Whitfield Diffie and Martin Hellman.[1][2] DH is one of the earliest practical examples of public key exchange implemented within the field of cryptography.
  • HTTPS – HyperText Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet.

I guess we should look up that IKE phase thing too, In computing, Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP.[1] IKE uses X.509 certificates for authentication ? either pre-shared or distributed using DNS (preferably with DNSSEC) ? and a Diffie–Hellman key exchange to set up a shared session secret from which cryptographic keys are derived.[2][3] In addition, a security policy for every peer which will connect must be manually maintained.[2]. lol, well there we have it in plain text that it clearly uses that and only that.

 photo missing null check_zpsjghqnybd.png

Honestly, this is a good one as I don’t know what these are. The answer is correct but I’m not a coder by any stretch and at some point feel like I should learn a little bit. Is now the right time to learn this? Unclear


  • Page exception – The exception is normally an object that is thrown at runtime. Exception Handling is the process to handle the runtime errors. There may occur exception any time in your web application. So handling exceptions is a safer side for the web developer.
  • Pointer dereference – The dereference operator or indirection operator, sometimes denoted by “*”, is a unary operator found in C-like languages that include pointer variables. It operates on a pointer variable, and returns an l-value equivalent to the value at the pointer address. This is called “dereferencing” the pointer
  • NullPointerException – In Java, a special null value can be assigned to an object reference. NullPointerException is thrown when an application attempts to use an object reference that has the null value
  • Missing null check – The program can dereference a null-pointer because it does not check the return value of a function that might return null.


 photo smart card kerberos_zpshbos7nac.png

The real kicker here is what I think they are calling ‘mutual authentication’ which in the case of kerberos would occur with ticket creation process. I dont think you can use a smart card with CHAP or LDAP as they are both a little older and basic.

All right, I think that’s all for tonight folks. Tomorrow I’m off but being that ill be up all night I’m sure I’ll be going through test prep questions. Hopefully I can get 150 done over ‘the weekend’ which would put me at 250/700 for the first go around. wow, this thing is an absolute bugger.

Security+ part 3…

Trying to get 15 questions into this post. Hopefully I can get that done. Will have to possibly take a few breaks in between doing that much work. Anyway, lets get into this. Trying to get this certification done quick lol. Oh I called CompTIA today and got alot of clarification on their recert process. Its not as bad as it seems. You just have to basically either do research or get a new, usually harder cert. I can handle that. I mean, my next 3-4 are booked up which should take about a year half to two years. Through that process at the end of two years I will have basically a break for about 2 years before I have to start stressing again to get my stuff renewed. I was really hoping the whole thing that was explained of get one, 3 years, the next one add 3 years and so on but but it only extends it from the date you get the cert so like if you get something in december then get a harder one in april then it only extends it to three years from april instead of being close to like a 6 year cert. However a server MCSA will renew a Network+ so thats cool. I like getting those. Man, what a lifestyle. Anyway, lets get into some questions.

 photo saml_zpsmqausyvm.png

I think im confused by what they mean when they say ‘web domain’ I mean honestly that could be any database. Are they saying it has to be housed on the webserver? Regardless lets look up what these things are. I mean, I mostly know but to be honest it seems good to be very clear on exact definitions.

  • TACACS+ – (Terminal Access Controller Access Control System) is an older authentication protocol common to UNIX networks that allows a remote access server to forward a user’s logon password to an authentication server to determine whether access can be allowed to a given system.
  • RADIUS – a networking protocol, operating on port 1812[1] that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service. RADIUS is a client/server protocol that runs in the application layer, and can use either TCP or UDP as transport. Network access servers, the gateways that control access to a network, usually contain a RADIUS client component that communicates with the RADIUS server.[4] RADIUS is often the back-end of choice for 802.1X authentication as well.[5]
  • Kerberos – Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner
  • SAML – Security Assertion Markup Language (SAML, pronounced SAM-el) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.

Yep, its honestly pretty cut and dry. It uses XML and is for web SSO and I honestly was unaware of what it was. Kerberos confuses me slightly but the tickets are based on a time stamp so it is extremely secure. However with SAML I’m wondering where they store logins and passwords.

 photo box types_zpsjjdwvpzt.png

I got this question right but I did want to go over the definitions for the various ‘box colors’ just to be clear.

  • Black box – refers to a method where an ethical hacker has no knowledge of the system being attacked
  • Gray box – technique where the hacker has to use limited information to identify the strengths and weaknesses of a target’s security network.
  • White box – a method of testing the application at the level of the source code. These test cases are derived through the use of the design techniques mentioned above: control flow testing, data flow testing, branch testing, path testing, statement coverage and decision coverage as well as modified condition/decision coverage. White-box testing is the use of these techniques as guidelines to create an error-free environment by examining any fragile code.
 photo scp_zps7qbnnm8u.png

Again, not clear on the definitions of these technologies for use as file transfer.

  • HTTPS – uses an easy and secure connection to their managed file transfer (MFT) platform to support browser-based transfers without having to install a web server. MFT is primarily a file transfer server, not a web server.
  • LDAPS – open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.[1] Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network
  • SCP – (linux but can install on windows) (secure copy) is a command-line utility that allows you to securely copy files and directories between two locations. With scp , you can copy a file or directory: From your local system to a remote system using SSH.
  • SNMPv3 – Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically support SNMP include cable modems, routers, switches, servers, workstations, printers, and more. Used for network monitoring.

I still think HTTPS fits the bill however I may be missing something here.

 photo sam certificate_zpszcfyyfv4.png

I got this right but I wanted to go over SAM name as it pertains to a certificate. Subject Alternative Name field lets you specify additional host names (sites, IP addresses, common names, etc.) to be protected by a single SSL Certificate, such as a Multi-Domain (SAN) or Extend Validation Multi-Domain Certificate. So generally it extends to sub domains is how I’m understanding it.

 photo automated defense_zpsjzpttrtz.png

Yep, going to need to hit those definitions.

  • NIPS – network-based intrusion prevention system (NIPS) is a system used to monitor a network as well as protect the confidentiality, integrity, and availability of a network. Its main functions include protecting the network from threats, such as denial of service (DoS) and unauthorized usage.
  • HIDS – A host-based intrusion detection system (HIDS) is an intrusion detection system that is capable of monitoring and analyzing the internals of a computing system as well as the network packets on its network interfaces, similar to the way a network-based intrusion detection system (NIDS) operates.
  • Web proxy – a proxy server is a server application or appliance that acts as an intermediary for requests from clients seeking resources from servers that provide those resources./li>
  • Elastic load balancer – I think we covered this one
  • NAC – Network access control, or NAC, solutions support network visibility and access management through policy enforcement on devices and users of corporate networks.

Kind of a toss up on the NIPS or HIDS based on what I’m understanding. NIPS it is!

 photo forensecs preservation_zpsdm0edzms.png
 photo forensecs preservation pt 2_zpsvdccaaam.png

The weighting process on this is a bit confusing for me on this one. There is the definition below and to be honest i’m well aware of what’s involved in forensics but rabbit holes aside, it does seem like there should be some basic ideas on this.

It does match with this perfectly though so I’m good with it.

 photo mdm software_zpscpqurtdo.png

This seems like a question of definition too.

  • Virtual desktop infrastructure – defined as the hosting of desktop environments on a central server
  • WS-security and geo-fencing – Geofencing is a service that triggers an action when a device enters a set location, message-level standard that is based on securing SOAP messages through XML digital signature, confidentiality through XML encryption, and credential propagation through security tokens
  • A hardware security module (HSM) – a physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing
  • RFID tagging system – type of tracking system that uses smart barcodes in order to identify items. RFID is short for “radio frequency identification,” and as such, RFID tags utilize radio frequency technology. … An RFID tag may also be called an RFID chip< /li>
  • MDM software – Mobile device management (MDM) is a type of security software used by an IT department to monitor, manage and secure employees’ mobile devices that are deployed across multiple mobile service providers and across multiple mobile operating systems being used in the organization.
  • Security Requirements Traceabiity Matric (SRTM) – s a document that maps and traces user requirement with test cases. It captures all requirements proposed by the client and requirement traceability in a single document, delivered at the conclusion of the Software devlopement life cycle

I guess MDM is the only thing that makes sense. I was thinking HSM also offered identification but that appears to be untrue.

 photo website ports_zpsrgz9qpj4.png

This is the stuff that really gets me as it gets super confusing. At least for me. DNS uses TCP Port 53 for zone transfers, for maintaining coherence between the DNS database and the server. The UDP protocol is used when a client sends a query to the DNS server. The TCP protocol should not be used for queries as it gives a lot of information, which is useful to attackers. Honestly, not super clear on why a zone transfer port would be helpful in this case but ok.

 photo cell phone encryption_zpscqkdkww8.png

No idea what type of encryption you would use on a cell phone so lets define these things.

  • Elliptic curve – a plane algebraic curve defined by an equation of the form. which is non-singular; that is, the curve has no cusps or self-intersections
  • one-time pad – an encryption technique that cannot be cracked, but requires the use of a one-time pre-shared key the same size as, or longer than, the message being sent.
  • 3des – a cryptographic cipher. It is a symmetric key block cipher, meaning that the same key is used to encrypt and decrypt data in fixed-length groups of bits called blocks
  • AES-256 – The Advanced Encryption Standard, also known by its original name Rijndael, is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology in 2001

You know, out of the choices AES for sure makes the most sense.

 photo access control types_zpsqklvkfiz.png

I’m not sure which of these uses data classification labels and to be honest, it must be that mandatory is the only one. I highly doubt that its worth learning more than that.

 photo wireless auth_zpsw8nmjzcm.png

This is another type of question that worries me as you need to know every single thing about every type of encryption. Clearly the answer is PEAP for the authentication of the device to the auth server and then passing the user name and password. Thats a very specific scenario based on how it works which leads me to believe that I basically need to know every thing about every auth type. I’m not going to stress too much about encryption because to be honest there are so many ways to encrypt things and to be honest they all seem kind of the same.

 photo active-passive configuration_zpsixcncw2e.png

Honestly, I have no idea what active/passive configuration is referring to so I guess we should start there. Appears to have something to do with fail over clustering which makes sense with availability per this

 photo war chalking_zpsfabvwlyc.png

What the fuck is war chalking? Honestly, I didn’t even think that was real. Warchalking is the drawing of symbols in public places to advertise an open Wi-Fi network. Inspired by hobo symbols, the warchalking marks were conceived by a group of friends in June 2002 and publicised by Matt Jones who designed the set of icons and produced a downloadable document containing them. lol, ok well now I know.

 photo ecrypted email_zpszfmny0ds.png

Yeah, ok. I totally fucked this one up. Lots to learn here, apparently. Why I picked steganography, I have no clue. ok so lets do a little reading. Ok, reading done and I appear to have added in ’email’ however so far I’ve learned nothing. However, this page is helpful but it doesn’t say any thing about message integrity. I guess that’s what we are going with.

 photo non-repudation_zpswurl3llh.png

Well, in the previous question I learned that it means that it absolutely came from the source that it says it came from due to the use of encryption keys so thats really all I need to know about this one.

 photo CASB_zpsgm3dttym.png

Some times, in my opinion, the ideas surrounding cloud services get a little confusing. This seems like platform as a service to me but maybe that doesnt offer ‘back end environmental controls’. Seriously fucking, docker, azure. Done. cloud access security broker (CASB) is an on-premises or cloud-based security policy enforcement point that is placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as cloud-based resources are accessed. THIS QUESTION SAYS NOTHING ABOUT SECURITY BUT OK.

Ok, I have 5 more questions to do out of the first lot of 100 to get through every thing I had questions about and I may get to that tonight or I may not. Either way, obviously just starting on this but making really good progress. I think I kind of took it slow with Network+ but I did pass on the first try, luckily. Anyway, reached my initial goal of 15 questions on this post

Security+ part 2

I guess I could do 10 sides in this one. Was trying to get 30 done tonight but not sure if I will get that far. I guess we will see haha. There is a ton of information to get through so this may take a while. 700 pretest questions, wow

 photo AES_zps1yvjszid.png

Honestly, encryption types are what will get me on this exam if I dont really nail them down. There are so many its a little overwhelming but lets start with defining these and maybe the reason why the answer is what it is will be clear.

  • DES – The Data Encryption Standard is a symmetric-key algorithm for the encryption of electronic data. Although its short key length is of 56 bits, criticized from the beginning, makes it too insecure for most current applications
  • AES – AES has been adopted by the U.S. government and is now used worldwide. It supersedes the Data Encryption Standard (DES),[7] which was published in 1977. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data.
  • MD5 – MD5 message-digest algorithm is a widely used hash function producing a 128-bit hash value. Although MD5 was initially designed to be used as a cryptographic hash function, it has been found to suffer from extensive vulnerabilities. It can still be used as a checksum to verify data integrity, but only against unintentional corruption. It remains suitable for other non-cryptographic purposes, for example for determining the partition for a particular key in a partitioned database.[3]
  • WEP – Wired Equivalent Privacy (WEP) is a security protocol, specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11b, that is designed to provide a wireless local area network (WLAN) with a level of security and privacy comparable to what is usually expected of a wired LAN.

Again, it smees like I would use WEP but according to this AES is better as WEP is volenerable however it does say ‘most likely’.

 photo data access_zps0oykcw5m.png

Role based access is such an odd thing because it depends on the type of server the info is on. If its on a Windows Server the access is little different but lets go through what these are because to be honest I dont know shit about file access controls on any thing but windows servers

  • MAC – Mandatory Access Control (MAC) is the strictest of all levels of control. The design of MAC was defined, and is primarily used by the government.
  • DAC – Discretionary Access Control (DAC) allows each user to control access to their own data
  • RBAC – Role Based Access Control AKA Non discretionary Access Control, takes more of a real world approach to structuring access control. Access under RBAC is based on a user’s job function within the organization to which the computer system belongs
  • ABAC – Attribute-based access control, also known as policy-based access control, defines an access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together

Honestly, this is similar conceptually and I kind of understand it rather than taking a blind guess.

 photo steganograghy_zpsexh6izms.png

There are two steganography questions on here and I understand it conceptually but man, unclear, unclear. Anyway, I’m assuming visually it appears the same and they now suspect that there is data in the image? I mean, after understanding steganography I’m not sure what else they could be talking about.

 photo esp integrity_zpsv4piwytm.png

For starters, I’m not sure what IPSec that provides ESP with integrity protection is. So that could be a good place to start

ESP = An Encapsulating Security Payload (ESP) is a protocol within the IPSec for providing authentication, integrity and confidentially of network packets data/payload in IPv4 and IPv6 networks. ESP provides message/payload encryption and the authentication of a payload and its origin within the IPSec protocol suite

That sounds like it has integrity protection. The thing is, some how this protocol is a question?? Man this is confusing. Anyway, lets go through these answers.

  • HMAC – Cryptography, an HMAC (sometimes expanded as either keyed-hash message authentication code or hash-based message authentication code) is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key
  • PCBC – Plaintext Cipher Block Chaining
  • CBC – Cipher block chaining (CBC) is a mode of operation for a block cipher (one in which a sequence of bits are encrypted as a single unit or block with a cipher key applied to the entire block). Cipher block chaining uses what is known as an initialization vector (IV) of a certain length.
  • GCM – Galois/Counter Mode (GCM) is a mode of operation for symmetric-key cryptographic block ciphers widely adopted thanks to its performance.
  • CFB – Cipher Feedback (CFB) mode, a close relative of CBC, makes a block cipher into a self-synchronizing stream cipher. Operation is very similar; in particular, CFB decryption is almost identical to CBC encryption performed in reverse:

So this is a bunch of weird block chain stuff and one cryptography answer that im assuming is the second part of the ESP solution? That’s what I’m going with.

 photo load balancer_zpscfclvuzk.png

I know about load balancers but the types of load balancers I’m not super sure on. I guess we can go through those.

  • Round-robin – rotates servers by directing traffic to the first available server and then moves that server to the bottom of the queue. Most useful when servers are of equal specification and there are not many persistent connections.
  • weighted – This method uses the response information from a server health check to determine the server that is responding fastest at a particular time. The next server access request is then sent to that server. This ensures that any servers that are under heavy load, and which will respond more slowly, are not sent new requests. This allows the load to even out on the available server pool over time.
  • Least connection – Directs traffic to the server with the fewest active connections. Most useful when there are a large number of persistent connections in the traffic unevenly distributed between the servers.
  • Locality-based – Weight assignments across different zones and geographical locations is by using explicit weights supplied via EDS in the Locality Endpoints message. This approach is mutually exclusive with zone aware routing, since in the case of locality aware LB, we rely on the management server to provide the locality weighting, rather than the Envoy-side heuristics used in zone aware routing.

That last one, that is the answer seems a little bit extra but it does say that they could be in different areas so I guess I can see that. It also took a long time to find a definition for it even though it seems obvious which would indicate its not used much. This is a bull shit question. Typically a load balancer serves a set s machines sitting in one physical location. This starts to get into some really complicated stuff because if you are serving from the data center thats where the load balancer is, why not use those?

Anyway, thats all for now. I got about 1/3 of the amount of research done that I was hoping to get done tonight but that’s ok. My brain is tired and I couldn’t make it to 10 in questions in this post. Ill get back on it tomorrow and hopefully get another 1/3 or so done.

Security+ part 1

I’ve passed my Network+ test, finally. On the first try though. I suppose that I could have worked a little faster but whatever, I got it done. Moving on to Security+. I went through the first 100 of about 700 test prep (wow…) questions last night and found that, so far, I’m not terribly off base with what I need to know but I did find about 30 questions that I wanted to research a little more so lets get into that!

I knew the answer here and to be honest I cant exactly explain why other than ‘it didn’t look like the other ones’ and the get and change portions set off some flags. Anyway, lets define the other stuff in the post

  • Command injection – Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. In this attack, the attacker-supplied operating system commands are usually executed with the privileges of the vulnerable application. Command injection attacks are possible largely due to insufficient input validation.
  • Password attack – An attack in which repetitive attempts are made to duplicate a valid logon or password sequence.
  • Buffer overflow – causes some of that data to leak out into other buffers, which can corrupt or overwrite whatever data they were holding.
  • Cross-site scripting – a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

So a get process command sent to a Linux box is for sure an example of command injection.

This question, I got wrong, but the point being I honestly don’t really know how that string of things fits together. Which is ironic, given that the answer is that who ever implemented the solution didn’t know how to make all those things work together either. Lets start with defining those things

  • TLS – Transport Layer Security (TLS), and its now-deprecated predecessor, Secure Sockets Layer (SSL),[1] are cryptographic protocols designed to provide communications security over a computer network.[2] Several versions of the protocols find widespread use in applications such as web browsing, email, instant messaging, and voice over IP (VoIP). Websites can use TLS to secure all communications between their servers and web browsers.
  • AES-GCM-256 – The cipher AES-256 is used among other places in SSL/TLS across the Internet. It’s considered among the top ciphers. In theory it’s not crackable since the combinations of keys are massive. Although NSA has categorized this in Suite B, they have also recommended using higher than 128-bit keys for encryption
  • SHA-384 – SHA-256 and SHA-512 are novel hash functions computed with 32-bit and 64-bit words, respectively. They use different shift amounts and additive constants, but their structures are otherwise virtually identical, differing only in the number of rounds. SHA-224 and SHA-384 are truncated versions of SHA-256 and SHA-512 respectively.
  • ECDSA -a cryptographic algorithm used by Bitcoin to ensure that funds can only be spent by their rightful owners.

The unauthenticated encryption method is kind of a mystery to me. Do they mean its lacking a PKI or like its not an ‘official’ encryption standard. Regardless, D does make more sense.

This is also confusing, why wouldn’t you run nmap on the IP range? Is that not considered a vulnerability assessment? To me it seems like the same thing but ok, Grey-box pentest and its grey box since we have IP addresses.

I have no idea what PGP has to do with secure email and to be honest, I doubt the internet is going to help me with this one but lets find out!

Welp, that was easy, PGP

Personally, I find this a bit odd but given that I was genuinely uneducated on the last question, this could be the case here too. As to where to find these definitions, who knows but lets see what we can do.

Honestly, all I’m finding are generic psychological answers that I’m not sure are super helpful given that ‘social proof’ means that you simply re state what someone else said to you.

That’s all for now! I tried a new way of posting as Photobucket isn’t cooperating tonight. Normally I dump images into Photobucket, edit the post in an HTML editor and then copy and paste the code into WordPress but im currently giving their block editor a go and putting the images directly onto the site.

Blog at WordPress.com.

Up ↑