[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] DAC (Discretionary Access Control) basis for access control lists (ACLs) DAT (Digital Audio Tape) data encryption benefits access control 2nd authentication confidentiality 2nd integrity 2nd 3rd 4th 5th 6th integrity\" XE \"integrity;encryption benefits\" nonrepudiation 2nd 3rd retention and storage documentation 2nd 3rd data aggregation Data Encryption Standard (DES) symmetric key algorithm data repositories services hardening measures DDoS attacks (distributed denial of service) filter protection zombie machines decentralized access control management 2nd decentralized key management 2nd declassification removable media discard method declassifying data deflection response (IDSs) degaussing data removable media discard method denial of service attacks, [See DoS attacks] DES (Data Encryption Standard) SSH utility destroying data digital certificates destruction removable media discard method detection response (IDSs) device diagnostic tools IPConfig utility Netstat utility Nslookup utility ping utility Telnet utility traceroute utility tracert utility devices diagnostics tools SNMP statistics 2nd Domain 3.0 skill set (infrastructure security) 2nd exam practice questions 2nd 3rd 4th 5th 6th 7th firewalls example packet-filtering proxy service 2nd stateful-inspection IDSs host-based 2nd network-based 2nd mobile security measures modems gradual replacement of primary users war-dialing attacks 2nd PBX telecom systems (Private Branch Exchange) 2nd Remote Access Service (RAS) 2nd routers Border Gateway Protocol (BGP) Enhanced Interior Gateway Routing Protocol (EIGRP) Exterior Gateway Protocol (EGP) Interior Gateway Routing Protocol (IGRP) Open Shortest Path first (OSPF) OSI Network layer Routing Information Protocol (RIP) servers attack vulnerabilities switches frame filtering loop prevention MAC addresses OSI Data Link layer VPNs advantages/disdvantages tunneling implementation wireless IEEE 802.11 standards war-chalking war-driving Wired Equivalent Privacy (WEP) workstations vulnerabilities 2nd 3rd DHCP servers services hardening measures diagnostic tools (devices) SNMP agents 2nd managed node 2nd network management station 2nd diagnostics tools (devices) IPConfig utility Netstat utility Nslookup utility ping utility Telnet utility traceroute utility tracert utility dial-up authentication RADIUS 2nd 3rd 4th TACACS 2nd 3rd TACACS+ 2nd dial-up service testing vulnerability scanning dictionary attacks (password guessing) differential backups disaster recovery differential backups (tapes) Diffie-Hellman Key Agreement PKCS document #3 Diffie-Hellman Key Exchange asymmetric key algorithm Digital Audio Tape (DAT) digital certificates Certificate Autthority (CA) common uses destruction of example expiration dates 2nd function of information elements 2nd lifecycles certificate policies 2nd Certificate Practice Statement (CPS) 2nd management centralized versus decentralized 2nd Online Certificate Status Protocol (OCSP) public key encryption 2nd recovered key pairs Registration Autthority (RA) renewal of revocation status checking suspension of Digital Linear Tape (DLT) digital signatures 2nd 3rd 4th nonrepudiation directories Domain 2.0 skill set (communication security) disabling nonessential services access control measures 2nd disaster recovery backup data handling 2nd storage of 2nd backup plans 2nd copy backups differential backups full backups incremental backups restoration procedures 2nd 3rd strategy selection 2nd business continuity plans clustering facilities fault tolerance network connectivity Domain 5.0 skill set (operational/organizational security) plan elements 2nd security policy elements acceptable use compliance disposal/destruction due care human resources incident response password management privacy risk assessment separation of duties Discretionary Access Control (DAC) Discretionary Access Control, [See DAC] disposing data declassification degaussing destruction overwriting sanitization distributed denial of service attacks, [See DDoS attacks] DLT (Digital Linear Tape) DMZs (demilitarized zones) 2nd screened subnet gateways 2nd security configuration 2nd DNS servers services hardening measures documentation architectural 2nd change 2nd 3rd 4th data classification 2nd retentional and disposal policies Domain 5.0 skill set (operational/organizational security) logs security policies acceptable use antivirus audit nondisclosure agreements passwords remote access server security wireless networks Domain 1.0 skill set (general security concepts) access control attacks auditing authentication malicious code social engineering weighted scoring average Domain 2.0 skill set (communication security) directories file transfers remote access Web data transmission weighted scoring average wireless networks Domain 3.0 skill set (infrastructure security) devices 2nd intrusion detection media security baselines 2nd security topologies weighted scoring average Domain 4.0 skill set (cryptography basics) algorithms certificate lifecycles 2nd key management 2nd PKI standards/protocols weighted scoring average Domain 5.0 skill set (operational/organizational security) business continuity disaster recovery documentation education forensics physical security privilege management risk identification security policies 2nd weighted scoring average DoS attacks (denial of service) Boink Bonk Fraggle Land LDAP vulnerability ping flood Smurf SYN flood Teardrop due care practices security policy planning |