An encrypted message.
An unencrypted message.
The algorithm used to encrypt and/or decrypt.
Encryption that uses a single, shared key.
Encryption that you encrypt with a public key, but decrypt with a private key.
When you're exchanging a key within the network, what is this called?.
Temporary keys that change often are called what?.
Block ciphers: Used in symmetric encryption Used in asymmetric encription.
What kind of encryption is this?
• Encryption is done one bit or byte at a time
• High speed, low hardware complexity
• The starting state should never be the same twice
• Key is often combined with an initialization vector (IV).
Impossible to convert back to the original string of characters. Hashing Encryption.
Security measure where you convert the text back to the original. Hashing Encryption.
Hashes would be used in securing what?.
What is this?
• A trusted third-party holds the keys
• Allows for recovery of encrypted data.
A message that is embedded in something else, often in an image.
Stream cipher. Used with asymmetric encryption Used with symmetric encryption.
What kind of encryption is this?
• It's asymmetric and needs large integers composed of two or more large prime factors
• Smaller storage and transmission requirements
• Compact - uses complex math to make short keys very strong
• Perfect for mobile devices.
Gives assurances your session keys will not be compromised even if the private key of the server is compromised. By generating a unique session key for every session a user initiates, even the compromise of a single session key will not affect any data other than that exchanged in the specific session protected by that particular key. Perfect Forward Secrecy Quantum cryptography Elliptic curve cryptography Steganography.
Matt, a security analyst, needs to implement encryption for company data and also prevent theft of company data. Where and how should Matt meet this requirement? Matt should implement access control lists and turn on EFS. Matt should implement DLP and encrypt the company database. Matt should install Truecrypt and encrypt the company server. Matt should install TPMs and encrypt the company database.
Which of the following assets is MOST likely considered for DLP? Application server content USB mass storage devices Reverse proxy Print server.
A security technician wishes to gather and analyze all Web traffic during a particular time period. Which of the following represents the BEST approach to gathering the required data? Configure a VPN concentrator to log all traffic destined for ports 80 and 443. Configure a proxy server to log all traffic destined for ports 80 and 443. Configure a switch to log all traffic destined for ports 80 and 443. Configure a NIDS to log all traffic destined for ports 80 and 443.
The incident response team has received the following email message.
Subject: Copyright infringement
A copyright infringement alert was triggered by IP address 220.127.116.11 at 09: 50: 01 GMT.
After reviewing the following web logs for IP 18.104.22.168, the team is unable to correlate and identify the incident.
09: 45: 33 22.214.171.124 http: //remote.site.com/login.asp?user=john
09: 50: 22 126.96.36.199 http: //remote.site.com/logout.asp?user=anne
10: 50: 01 188.8.131.52 http: //remote.site.com/access.asp?file=movie.mov
11: 02: 45 184.108.40.206 http: //remote.site.com/download.asp?movie.mov=ok
Which of the following is the MOST likely reason why the incident response team is unable to identify and correlate the incident? The logs are corrupt and no longer forensically sound. Traffic logs for the incident are unavailable. Chain of custody was not properly maintained. Incident time offsets were not accounted for.
Which of the following is the MOST important step for preserving evidence during forensic procedures? Involve law enforcement Chain of custody Record the time of the incident Report within one hour of discovery.
The security officer is preparing a read-only USB stick with a document of important personal phone numbers, vendor contacts, an MD5 program, and other tools to provide to employees. At which of the following points in an incident should the officer instruct employees to use this information? Business Impact Analysis First Responder Damage and Loss Control Contingency Planning.
Ann a technician received a spear-phishing email asking her to update her personal information by clicking the link within the body of the email. Which of the following type of training would prevent Ann and other employees from becoming victims to such attacks? User Awareness Acceptable Use Policy Personal Identifiable Information Information Sharing.
Which of these is PII? Date of birth. First and last name. Phone number. Employer name.
Used in conjunction, which of the following are PII? (Select TWO). Marital status Favorite movie Pet’s name Birthday Full name.
Several employees submit the same phishing email to the administrator. The administrator finds that the links in the email are not being blocked by the company’s security device. Which of the following might the administrator do in the short term to prevent the emails from being received? Configure an ACL Implement a URL filter Add the domain to a block list Enable TLS on the mail server.
A security researcher wants to reverse engineer an executable file to determine if it is malicious. The file was found on an underused server and appears to contain a zero-day exploit. Which of the following can the researcher do to determine if the file is malicious in nature? TCP/IP socket design review Executable code review OS Baseline comparison Software architecture review.
Pete, the system administrator, has blocked users from accessing social media web sites. In addition to protecting company information from being accidentally leaked, which additional security benefit does this provide? No competition with the company’s official social presence Protection against malware introduced by banner ads Increased user productivity based upon fewer distractions Elimination of risks caused by unauthorized P2P file sharing.
Which of the following is an attack vector that can cause extensive physical damage to a datacenter without physical access? CCTV system access Dial-up access Changing environmental controls Ping of death.
Which of the following should be connected to the fire alarm system in order to help prevent the spread of a fire in a server room without data loss to assist in an FM-200 deployment? Water base sprinkler system Electrical HVAC Video surveillance.