Your CEO has met with the CEO of another company, and
they have agreed to work together to develop a new service.
Authentication and identity management will be connected
across the two organizations.
Given the sensitivity of the development project,
user authentication and authorization will use a centralized
server running the best available trusted third-party service.
Users will receive identity and service tokens
from a unified authentication and authorization service,
which requires that system clocks be synchronized
across the organizations.
Applications will be limited to those written with the
API of that service.
What do you need?
Last week, Susan, a staff member in the Human Resources
department, did a Google search and clicked on
one of the links on the first page of results.
That took her to a strange page.
She went back, realized she had misspelled her search,
corrected that, and found what she needed.
Today she logged on to her bank site from work and
noticed some mysterious transfers from her account to
a bank in Eastern Europe.
What has happened?
Management has decided that they want wireless security,
but they don't have the resources to do key management
and maintain certificates.
What should they use?
Charlie, a network engineer, has been directed to set up
network security that will require a device to authenticate
itself onto the network and verify that patching and
anti-virus signatures are updated, before allowing the
user to try to authentication.
What should Charlie use?
The content management group is considering the use of
DNS Round Robin technology.
What benefit could this provide?
- Load balancing
- Transparent proxying
- Risk mitigating
News reports tell of a major DDoS against a famous company.
You receive a letter from your ISP saying that your home
computer is sending malicious Linux-sourced traffic.
But you don't own a Linux computer, in fact you don't
own any computer.
Your home electronics are limited to a smart TV
with a Blu-ray player and a DVR.
What has happened?
- Nothing, your ISP is wrong
Liz is a security analyst for the IT department of a large
university with a correspondingly large number of users.
She has been investigating a sophisticated
privilege escalation attack.
She has determined that the attacker used an ordinary
user account with a rather large user ID number.
The attack changed that to a very low user ID number,
associated with a highly privileged system account.
Which of these did the attack utilize?
- Improper account configuration
- Memory leak
- Buffer overflow
- Integer overflow
- Race condition
Management has decided to use geo-fencing to restrict
mobile device operation to company premises.
Which technology should you select?
Users are reporting that they can't access the financial
department's secure web page.
The following command output is observed.
What is wrong?
$ netstat -an Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 0 10.138.0.3.22 18.104.22.168.50966 ESTABLISHED tcp4 0 0 127.0.0.1.9000 127.0.0.1.37632 TIME_WAIT tcp4 0 0 127.0.0.1.11628 127.0.0.1.9000 TIME_WAIT tcp4 0 0 127.0.0.1.12042 127.0.0.1.9000 TIME_WAIT tcp4 0 0 10.138.0.3.80 22.214.171.124.46944 TIME_WAIT tcp4 0 0 10.138.0.3.80 126.96.36.199.15234 TIME_WAIT tcp4 0 0 10.138.0.3.80 188.8.131.52.50598 ESTABLISHED tcp4 0 0 10.138.0.3.80 184.108.40.206.55989 ESTABLISHED tcp4 0 0 10.138.0.3.80 220.127.116.11.55987 ESTABLISHED tcp4 0 0 10.138.0.3.80 18.104.22.168.55988 TIME_WAIT tcp4 0 0 10.138.0.3.80 22.214.171.124.55986 TIME_WAIT tcp4 0 0 *.80 *.* LISTEN tcp4 0 0 127.0.0.1.9000 *.* LISTEN tcp4 0 0 *.22 *.* LISTEN tcp4 0 0 127.0.0.1.25 *.* LISTEN udp4 0 0 127.0.0.1.123 *.* udp4 0 0 10.138.0.3.123 *.* udp4 0 0 *.123 *.* udp4 0 0 *.514 *.*
- The web server is down
- The server is up but its web service isn't running
- The certificate is expired
- The certificate has been revoked
- HTTPS isn't enabled
- A firewall is blocking connections
Your company operates in multiple geographic regions and
countries, requiring regulatory compliance with multiple
sets of laws.
The regulations vary, but all focus on protecting
Management has decided to use technology that protects
sensitive data through the difficulty of calculating
certain attributes of elliptical shapes.
The mathematics would allow you to quantify the degree
What do you need to investigate?
Jenny can unlock her work mobile phone by drawing a pattern
on the screen with her finger.
This mode of authentication verifies:
- Something you know
- Something you have
- Something you are
- Something you do
- Somewhere you are
Dmitri's company wants to establish SSO.
The initial analysis concluded that they need a system
that handles both authentication and authorization with tokens.
Dmitri has concluded that the protocol used by Facebook and
LinkedIn is the most promising.
He is favoring:
Which of these can you put in a boot script to
nmap -sS -sV -T5 192.168.12.72
arp -s 00:13:3B;12:6f:aa 192.168.12.72
tcpdump -i eth0 host 192.168.12.72 or ether host 00:13:3b:12:6f:aa
The company's software development, customer service,
and order processing
operations are based at three separate facilities.
Top management has determined that if there were a
massive outage at the sales site, the customer service
facility would best be able to assist sales operations.
Which of these are they advocating?
- Tabletop exercises
- Walk-through exercises
- Alternate processing sites
- Alternate business practices
Charlotte is in charge of VPN access to the data analysis
She has read that it is helpful to pad a secret with a
short text value before encrypting it.
What concept is she considering?
Answers to initial quiz