SY0-401 pt1

suttonjs2's version from 2016-05-05 15:55

Symmetric Ciphers

Question Answer
DES56 effective bits in a 64 bit key (8 bits used for parity), operates on 64 bit blocks. Brute force attacks, replaced by AES.
Triple DES168 bit key - block. 3x stronger than DES, but 3x slower than DES, for banking and financial it's powerful enough for them to use
AES(based on Rinjael) 128 bits - block - Key sizes, 128, 192, 256. Replaced DES.
AES256256 bit key - block.
IDEA128 bit key, 64 bit blocks, speed similar to DES, used in PGP.
BlowfishA public domain block cipher (non patented), 64 bit blocks, variable length keys 1 - 448 bit keys, it's quick. Specifically designed for 32 bit machines.
TwofishSimilar to Blowfish (public domain, not patented) block cipher, uses 128 bit blocks, key sizes up to 256 bits.
RC4Stream cipher basis for SSL and WEP! Developed by Ron Rivest of RSA Security. RC4 uses key sizes between 40-128 bits (variable). Known vulnerabilities, not recommended for new products.
CAST40-128 bits - block, fast and efficient.
SkipjackNSA. Clipper chip.

Asymmetric Ciphers

Question Answer
Diffie-HelmanBasis for public key systems, vulnerable to man in middle attacks, key agreement.
RSARivest, Shamir, Aldimar - one of most well known public key ciphers, it is used for encryption and digital signatures - vulnerable to man in the middle attacks and bruce force attacks, used for shorter messages, based on finding the prime factors of very large integers to obtain public & private key pairs. Used for the SSL/TLS key exchange.
Elliptic Curve (EC)Provides functionality similar to RSA, such an encryption and digital signatures, for small devices like smart phones, Cell phones, PDA's and other wireless devices, uses less computing power, less resources, given the mathematical computation, large finite fields, keys can be shorter than RSA (complex math, no known shortcuts).
ElGameltransmitting digital signatures and key exchanges. The Digital Signature Algorithm is based on El Gamel, cyclic group, with PGP and GNU privacy guard.
DSADigital Signature Algorithm - this is used for digitally signing communications, not for general purpose encryption.

Other Ciphers

Question Answer
OTPOne Time Pad - when implemented correctly considered theoretically impossible to compromise. Pad is generated from random values and uses a mathematic function called an exlusive-OR (XOR) to encrypt plain text message into ciphertext. For very high security areas a cipher combining the plaintext message with a key of equal length. The key is never reused and is kept secret. (short messages).
Quantum CryptographyAn extremely advanced technique to protect key distribution through light based quantum computing. Fiber optic technology. Uses physics instead of math. Photons, light particles.
Simple Key management protocol for Internet Protocols (SKIP)A key management and distribution protocol for secure IP communication, such as IPsec. Uses hybrid encryption to convey session keys that are used to encrypt data in IP packets. Uses a key exchange algorithm (such as Diffie-Hellman) to generate a key-encrypting key that will be used between two parties. A session key is used with a symmetric algorithm to encrypt data.


Question Answer
MD2, MD4 and MD5128 bit hash. MD5 is subject to birthday attack.
SHASHA1 - 160 bit hash result, SHA2 - 256 bit hash result, SHA 512 - 512 bit output.
RIPEMD, RIPEMD-160open consortium, no patents.
Whirlpoolopen consortium, no patents.
LANMANAn older hash method of storing passwords.
NTLMNTLM (NTLMv1, NTLMv2) - a Challenge response authentication protocol for passwords - (Microsoft replaced LANMAN with NTLM - Now Microsoft has pointed to Kerberos as being its preferred authentication protocol).
KHMACUsed to digitally sign packets that are transmitted on Internet Protocol Security (IPsec) connections.
HashingHashing converts a variable-length input into a fixed-length output string called a hash value. If the data has been modified, the hash value will be different from the original value.
Message DigestA message digest is nothing more than text expressed as a single string of digits.
HashA hash is like the digital fingerprint of the document.

IPsec Modes

Question Answer
Host-to-GatewayThe VPN gateway requires the use of IPsec for all remote clients. The remote clients use IPsec to connect to the VPN gateway. IPsec is not used for any communication between the VPN gateway and the internal hosts on behalf of the remote clients. Only the traffic over the Internet uses IPsec.
Host-to-HostEach host must deploy IPsec. This mode would require that any internal hosts that communicate with the VPN clients would need to deploy IPsec.
Gateway-to-GatewayThe gateways at each end of the connection provide IPsec functionality. The individual hosts do not. For this reason, the VPN is transparent to the users. This deployment best works when a branch office or partner company needs access to your network.

Glossary - A

Question Answer
access control entry (ACE)An entry within the access control list that specifies an auditing entry or an access permission for a security principle, such as a specific user, or for a group of users, on an object.
access control list (ACL)A list of security permissions or audit settings for an object.
access permissionsAccess permissions are types of access to an object within an operating system. Windows includes a number of access permissions, including read, execute, and modify.
accountAn account, or user account, provides access to the network. It contains the information enabling a person to use the network, including user name and logon specifications, password, and rights to directories and resources.
account lockoutA feature that locks out an account after a certain number of unsuccessful logon attempts (three bad attempts are a common choice). Typically, a locked account can no longer be used until the administrator unlocks it. This helps prevent hackers from breaking into accounts.
account policiesA set of rules for password usage and account lockout.
account restrictionsDetermine when and how a user gains access to the network.
ACESee access control entry.
acknowledgment (ACK)A packet of information sent from the recipient computer to the sending computer for the purpose of verifying that a transmission has been received. An unsuccessful transmission will generate a negative acknowledgment (NACK).
Active DirectoryA Microsoft Windows directory service holding network accounts, groups, and group policy objects.
active hubA hub device used in a star topology to regenerate the signal and distribute data to each node connected to the hub. Unlike a passive hub, the active hub requires electricity. See also hub and passive hub.
active partitionIndicates which bootable partition is booted when the system is powered on.
adapterThe term used for a card that is inserted into the system to provide functionality, such as a network adapter, which provides connectivity to the network.
address resolutionThe process of finding the address of a host using another address form. For example, when the IP address is used, it must be resolved to the MAC address.
Address Resolution Protocol (ARP)Used to determine a host’s MAC address from its IP address. To accomplish this feat, ARP sends out a broadcast message (an ARP request packet that contains the IP address of the system it is trying to find). All systems on the local network detect the broadcast message, and the system that owns the IP address for which ARP is looking replies by sending its physical address to the originating system in an ARP reply packet. The physical/IP address combo is then stored in the ARP cache of the originating system for future use. See also Media Access Control.
administrator accountThe account used to administer the settings on a Windows server and network. This account is created during installation and has unlimited access to the server. Care must be taken when logged on to a server as an administrator, because administrator access rights include the capability to shut down the server and erase critical data.
Advanced Research Project Agency Network (ARPANET)Funded as a research project by the Department of Defense, ARPANET was created to enable networks to communicate with each other and to provide redundancy in case of war. The first internetwork, ARPANET, was the precursor to the Internet.
American Standard Code for Information Interchange (ASCII)A representation of standard alphabetic and other keyboard characters in a computer-readable, binary format.
analog modemAnalog modems are used to connect to a remote network via a standard telephone (PSTN) line. Although there are many different types and makes of modems, they can be categorized into three areas: single external, single internal, and multiline rack- mounted.
application layerThe OSI layer that provides a consistent way for an application to make a network request. Examples of application-layer protocols are HTTP, SMTP, and FTP.
application serverA server that runs a networking application, such as an e-mail or a database server. Application servers typically have a client that makes a connection to the application server from the user’s desktop.
archivingA process that enables you to move old files off the file server to free up disk space for new files. If the old files are needed later, they can be unarchived and retrieved. Archived data can be saved to CD, DVD, or tape.
array controllerThe best way to incorporate disk mirroring is at the hardware level with what is known as an array controller. An array controller is an interface card that connects to both drives in a RAID solution.
attachment unit interface (AUI)Enables a network card to be used with multiple types of media. The AUI connector is a female 15-pin D connector that looks very much like a joystick port. Also called a DIX (Digital-Intel-Xerox) connector.
attributesCharacteristics of a file. A file can be designated with different file system attributes or file system characteristics, such as read-only, system, hidden, and archive.
authenticationProving your identity to the system so that you may access resources.
authentication factorRepresents the method you use to authenticate to the system— something you know, something you have, or something you are.

Glossary - B

Question Answer
back doorA method a hacker uses to gain access to an unauthorized system. This back door may be available due to a vulnerability in the system or as a result of a previous attack.
Back OrificeA back door application.
backboneThe main cable that interconnects networks.
backupThe process of saving files to a separate location, usually an offline storage location, such as tape.
backup setA backup set is a group of files, directories, or disks selected for a single backup operation.
bandwidthThe amount of data that the media can transfer. Bandwidth is usually measured in bits per second (bps).
baselineA snapshot of your system or network under normal operating conditions that is used as a yardstick to measure future abnormalities.
binary representationAny value represented with just zeros and ones.
bindingThe linking of network components on different levels to enable communication between those components. For example, binding a protocol to a network adapter allows the network adapter to communicate with that protocol.
bit orderThe order in which computers transmit binary numbers across a network. Computers can start at either end of a binary number when transmitting it across a network.
boot partitionThe boot partition in Windows is the partition containing the operating system files.
bootupThe process a computer executes when powered up. Bootup includes the files that initialize the hardware and the starting of the operating system.
bottleneckA bottleneck is a point of congestion in the system that causes the system to perform inadequately.
bridgeAn OSI layer-2 hardware device that connects two LAN segments of either the same or different topologies. Bridges look at the destination and source MAC addresses of a network packet and decide whether to pass that packet on to the LAN segment. A bridge can be used to filter out traffic for a local subnet and prevent it from being passed on to an unnecessary LAN segment.
British Naval Connector (BNC)Also known as a barrel connector, the connector type used in 10Base2 (Thin Ethernet) networks to connect two cable segments, creating a longer segment. The BNC connector is used to connect IEEE 802.3 10Base2 coaxial cable to a hub. It looks like a connector you would plug into your television.
broadcastA packet that is sent to all systems on a network.
broadcast domainA group of systems that can receive one another’s broadcast messages.
broadcast stormOccurs when there are so many broadcast packets on the network that the capacity of the network bandwidth approaches or reaches saturation.
browser(1) An application that uses HTTP to access URLs and to download and display web pages (documents that are usually written in HTML). (2) A computer that maintains a centralized list of network servers.
buffer overflowOccurs when the length of the input data is longer than the length processor buffers can handle. Caused when input data is not verified for appropriate length at the time of input. Buffer overflow and boundary condition errors are examples of input validation errors.
buffer spaceA reserved portion of RAM that provides room for the storage of incoming and outgoing data.
bulk encryption keySee secret key cryptography.
Business Partners Agreement (BPA)An agreement between two companies that ensures that both parties implement the appropriate security measures. This type of agreement is particularly important when the two partners exchange data that could harm the companies' reputations if the data was accessed by an attacker.
byte orderThe order in which computers transmit larger binary numbers, consisting of two or more bytes, across a network. Computers can start at either end of a group of bytes when transmitting it across a network. See also bit order.


SY0-401 pt1
SY0-401 pt2
SY0-401 pt3
SY0-401 pt4
SY0-401 pt5
SY0-401 pt6
SY0-401 pt7
SY0-401 pt8