Security+ Certification Exam Cram 2 (Exam Cram SYO-101)

packet-filtering firewalls

       OSI Network layer  

packet-level authentication

       IPSec   2nd   3rd   4th   5th  

packet-sniffing

       instant messaging vulnerability   2nd  

       unencrypted authentication

               FTP vulnerability  

packets

       screened host gateways   2nd  

       screened subnet gateways   2nd  

password guessing attacks  

       birthday  

       brute force   2nd  

       Crack tool  

       dictionary  

       John the Ripper tool  

       L0phtCrack tool  

password policies  

Password-Based Cryptography Standard

       PKCS document #5  

password-form authentication  

passwords

       character length/type recommendations  

       secure characteristics of  

       security policy planning  

       strong/weak characteristics   2nd  

PBX telecom systems

       attacks

               protection measures   2nd  

PCAnywhere

       as tool in back door attacks  

PDAs (personal digital assistants)

       security measures  

Personal Information Exchange Syntax Standard

       PKCS document #12  

PGP

       (Pretty Good Privacy)  

       encryption schemes  

       secure email transmission  

physical barriers

       biometric access  

        cameras  

       ceiling intrusion protection  

       electromagnetic shielding  

       frosted/ painted glass  

       lock mechanisms  

physical security

       access control   2nd  

               environment   2nd   3rd   4th   5th   6th   7th   8th   9th   10th  

               facilities   2nd   3rd   4th   5th   6th   7th  

               physical barriers   2nd  

               social engineering   2nd   3rd   4th   5th   6th  

       Domain 5.0 skill set (operational/organizational security)  

       planning overview   2nd  

piggyback intruders

       facility security  

ping flood attack (DoS)  

ping utility

       (Packet Internet Grouper)  

       diagnostic functions  

Ping utility

       port scanning  

PKCS

       #1 (RSA Cryptography Standard)  

       #10 (Certification Request Syntax Standard)  

       #11 (Cryptographic Token Interface Standard)  

       #12 (Personal Information Exchange Syntax Standard)  

       #13 (Elliptic Curve Cryptography Standard)  

       #14 (Pseudo Random Generator)  

       #15 (Cryptographic Token Information Format Standard)  

       #3 (Diffie-Hellman Key Agreement)  

       #5 (Password-Based Cryptography Standard)  

       #6 (Extended-Certificate Syntax Standard)  

       #7 (Cryptographic Message Syntax Standard)  

       #8 (Private Key Information Syntax Standard)  

       (Public Key Cryptography Standards)  

       development by RSA Laboratories  

PKI

       (Public Key Infrastructure)   2nd  

       Certificate Authorities (CAs)  

               certificate policies   2nd  

               Certificate Practive Statements (CPS)   2nd  

               Certificate Revocation List (CRL)   2nd  

               common uses  

               information elements   2nd  

               trust models   2nd   3rd  

                vendors  

       certificate lifecycles   2nd  

       digital certificates

               authentication methods   2nd  

               expiration dates   2nd  

               revocation  

       Domain 4.0 skill set (cryptography basics)  

       keys

               escrow   2nd  

       M of N control  

       X.509 certificates  

plaintext attacks  

planning

       physical security

               overview   2nd  

Planning for PKI  

Point-to-Point Tunneling Protocol,   [See PPTP]

policies

       security

               acceptable use  

               antivirus  

               audit  

                nondisclosure agreements  

               passwords  

               remote access  

               server security  

               wireless networks  

polymorphic viruses  

port scanning

       Ping utility attack signature  

port signatures

       network-based IDS  

ports

       http on TCP port 80  

        numbers

               commonly exploited   2nd  

PPTP

       (Point-to-Point Tunneling Protocol)   2nd  

       VPN remote access   2nd   3rd   4th  

practice questions

       access control   2nd   3rd   4th   5th   6th   7th   8th   9th   10th   11th   12th   13th   14th  

       attacks   2nd   3rd   4th   5th   6th   7th  

       audit policies  

       Chapter 8 (cryptography)   2nd   3rd   4th   5th   6th   7th   8th   9th   10th  

       communication security   2nd   3rd   4th   5th   6th   7th   8th  

       cryptography   2nd   3rd   4th   5th   6th   7th   8th   9th  

       forensics  

       infrastructure security   2nd   3rd   4th   5th   6th   7th  

       intrusion detection   2nd   3rd   4th   5th   6th  

       logs  

       online vulnerabilities   2nd   3rd   4th   5th   6th   7th   8th   9th  

       organizational security   2nd   3rd   4th   5th   6th   7th   8th   9th  

       risk assessment  

       security baselines   2nd   3rd  

       security policies  

        user education  

       vulnerabilities  

practice resources

       Cram Session Web site  

       ExamCram.com Web site  

       MeasureUp Web site  

       PrepLogic Web site  

       Transcender Web site  

PrepLogic  

       contacting  

PrepLogic Exam Competency Score  

PrepLogic Practice Tests  

       exam simulation interface  

       Examination Score Report  

       Flash Remove mode

               starting  

       Flash Review mode  

                buttons  

               options  

       Practice Test mode

               Enable Item Review Button  

               Enable Show Answer Button  

               Randomize Choices  

               starting  

                studying in  

       Practive test mode  

       PrepLogic Exam Competency Score  

       question quality  

       removing from your computer  

       reviewing exams  

       software requirements  

       study modes  

PrepLogic Practice Tests, Preview Edition  

PrepLogic Web site

       exam practice resources  

Pretty Good Privacy (PGP)   2nd   3rd  

preventing

       attacks  

               back door methods   2nd  

               brute force types  

               malicious code   2nd  

               war-dialing (modems)   2nd  

print servers  

       services

               hardening measures   2nd  

privacy issues

       security policy planning  

private IP addresses

       Automatic Private IP Addressing (APIPA)  

private IP addressing

       network address translation (NAT)

               classes   2nd  

Private Key Information Syntax Standard

       PKCS document #8  

private keys

       storage of

               hardware versus software   2nd  

privileges

       access control

               auditing   2nd  

               single sign-on (SSO)   2nd  

       access controls

               centralized versus decentralized management   2nd  

                group -based  

               role-based  

               user-based  

       Domain 5.0 skill set (operational/organizational security)  

profiling

       CGI script vulnerability  

protocols

       Certificate Enrollment Protocol (CEP)  

       Certificate Management Protocol (CMP)  

       Common Criteria Technology Security Evaluation  

       Domain 4.0 skill set (cryptography basics)  

       Federal Information Processing Standard (FIPS)  

       Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)  

       Internet Protocol Security (IPSec)  

       Internet Security Association and Key Management Protocol (ISAKMP)  

       ISO 17799  

       ISO 17799 (Code of Practice for Information Security)   2nd   3rd  

       Pretty Good Privacy (PGP)  

       required

               determining   2nd  

       routers

               Border Gateway Protocol (IGRP)  

               Enhanced Interior Gateway Routing Protocol (EIGRP)  

               Exterior Gateway Protocol (EGP)  

               Interior Gateway Routing Protocol (IGRP)  

               Open Shortest Path First (OSPF)  

               Routing Information Protocol (RIP)  

       Secure Multipurpose Internet Mail Extensions (S/MIME)  

       Secure Sockets Layer (SSL)  

       servers

               removing  

       Transport Layer Security (TLS)  

       unnecessary

               disabling   2nd  

       vulnerabilities

               LDAP  

               SSL   2nd  

               TLS   2nd  

       Wired Equivalent Privacy (WEP)  

       Wireless Transport Layer Security (WTLS)  

       XML Key Management Specification (XKMS)  

proxy service firewalls

       application-level gateway  

        circuit-level gateway  

Pseudo Random Generator

       PKCS document #14  

public key algorithms   [See also asymmetric algorithms]

Public Key Cryptography Standards,   [See PKCS]

public key encryption

       digital certificates

               authentication   2nd  

Public Key Infrastructure,   [See PKI]2nd   [See PKI]

public keys

       storage of

               hardware versus software   2nd