Like this CertiGuide? Get it in PDF format!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 1:  General Security Concepts (Domain 1.0; 30%)

Previous Topic/Section
Getting Ready for Chapter 1 - Questions
Previous Page
Pages in Current Topic/Section
1
Next Page
1.0  General Security Concepts
Next Topic/Section

Getting Ready for Chapter 1 - Answers

1. Bell La-Padula features:

A. DAC

B. Quack

C. MAC

D. All choices are correct

Explanation: MAC (Mandatory Access Control)

“Division (B): Mandatory Protection The notion of a TCB that preserves the integrity of sensitivity labels and uses them to enforce a set of mandatory access control rules is a major requirement in this division. Systems in this division must carry the sensitivity labels with major data structures in the system.”35

DAC or Discretionary Access Control is, by definition, optional. The reference to Bell La-Padula is derived from a white paper published in November 1973 by David Ellott Bell and L. J. LaPadula titled Secure Computer Systems: A mathematical Model. This mathematical discourse is the basis for DoD Class B Trusted Computer systems.

 

2. Kerberos features

A. Scalability for large environments

B. Authentication over untrustworthy networks

C. Asymmetric encryption

D. Creates three session keys

Explanation: Kerberos is an authentication system created by MIT to allow for the exchange of private information on an untrusted network.36 Kerberos uses symmetric encryption and the Authentication Server (AS) creates two temporary session keys37.

 

3. CHAP:

A. Uses a three-way handshake

B. Encrypts the process using RC4

C. Repeats the challenge at random intervals

D. Is stronger than Kerberos

Explanation: The Challenge-Handshake Authentication Protocol uses a three way handshake that is repeated on a random basis38.Generally speaking39, Kerberos is more secure than CHAP. Note that both Kerberos40 and CHAP41 have issues.

 

4. All SmartCards utilize:

A. Biometrics

B. SecureID Tokens

C. Certificates

D. All choices are correct

Explanation: Basic smart cards have a limited storage capacity (around 16k). A Certificate Authority issues a certificate to the owner of the smart card, which is stored on the card itself. When authentication is required, the user presents the physical smart card (by placing it in a card reader), and supplies a PIN number. The PIN “unlocks” the card, and allows the certificates stored on it to be retrieved and checked for authenticity. A biometric option for reading the fingerprint of the owner is an option not a requirement42. Similarly, some SmartCards involve the use of SecureID tokens, but this is also optional.

 

5. A SYN DoS attack operates by:

A. Sending repeated TCP SYNACK packets

B. Sending repeated UDP SYNACK packets

C. Sending repeated TCP SYN packets

D. Sending repeated UDP SYN packets

Explanation: Since TCP uses a 'virtual circuit', the circuit must be set up at the beginning of the conversation. UDP does not require a conversation setup, so no UDP choice is correct. The SYN attack occurs by sending SYN requests, rather than by responding to them43. This is a function of the design of the protocol. The normal TCP circuit request involves a three-way handshake: the source system sending the initial SYN request, the target system replying to that SYN with a SYNACK, and then the source system replying to the target with another ACK. When the target system receives a SYN, it sends its SYNACK and keeps the request open for X time, waiting for the final ACK. If the ACK is not received, the request stays open, consuming resources on the target system. If repeated SYN’s are sent, and not completed with ACK’s, this could exhaust the target system’s resources and cause it to be unable to accept additional network connections.


 __________________

35. DoD 5200.28-STD

36. http://www.webopedia.com/TERM/K/Kerberos.html

37. http://www.contrib.andrew.cmu.edu/~shadow/kerberos.html#general

38. http://whatis.techtarget.com/definition/0,,sid9_gci213847,00.html

39. http://www.ecse.rpi.edu/Homepages/shivkuma/teaching/ sp2001/ip2001-Lecture15

40. http://www.netscapeworld.com/nl/win_unix/08222002/

41. http://stealth.7350.org/chap.pdf

42. http://www.linuxnet.com/cardsec.html

43. http://www.niksula.cs.hut.fi/~dforsber/synflood/result.html

Previous Topic/Section
Getting Ready for Chapter 1 - Questions
Previous Page
Pages in Current Topic/Section
1
Next Page
1.0  General Security Concepts
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.