Information Technology /Security+ (SY0-701): Lesson 11: Enhance Application Security Capabilities Part 1
Security+ (SY0-701): Lesson 11: Enhance Application Security Capabilities Part 1
This deck covers key concepts and protocols related to enhancing application security, including email security, secure file transfers, and directory access protocols.
List 3 modern email security protocols
DomainKeys Identified Mail - DKIM
Sender Policy Framework - SPF
Domain-based Message Authentication, Reporting & Conformance - DMARC
Tap or swipe ↕ to flip
Swipe ←→Navigate
SSpeak
FFocus
1/40
Key Terms
Term
Definition
List 3 modern email security protocols
DomainKeys Identified Mail - DKIM
Sender Policy Framework - SPF
Domain-based Message Authentication, Reportin...
List two traditional email security protocols
SMTPS
IMAPS
What protocols are used for secure file transfers?
SFTP (SSH File Transfer Protocol) or FTPS (File Transfer Protocol Secure)
What protocol is used for secure directory access?
LDAPS
What protocol is used for secure DNS queries?
DNSSEC
Describe the formal process an organization would go through to implement a secure protocol
Assessing risks, reviewing policies, and evaluating the security features of different protocols.
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
List 3 modern email security protocols |
|
List two traditional email security protocols |
|
What protocols are used for secure file transfers? | SFTP (SSH File Transfer Protocol) or FTPS (File Transfer Protocol Secure) |
What protocol is used for secure directory access? | LDAPS |
What protocol is used for secure DNS queries? | DNSSEC |
Describe the formal process an organization would go through to implement a secure protocol | Assessing risks, reviewing policies, and evaluating the security features of different protocols. |
What are two transport methods? | TCP and UDP |
Define ‘Transport Layer Security (TLS)’ | Uses certificates for authentication and encryption to protect web communications and other application protocols. |
What is the purpose of installing a certificate on a client computer? | For VPNs and enterprise networks that require mutual authentication. |
What improvement was added to TLS 1.3 | Removing the ability to perform downgrade attacks by preventing the use of unsecure features and algorithms from previous versions; Handshake protocol has less messages to speed up connections. |
Define a ‘Cipher suite’ | Lists of cryptographic algorithms that a server and client both support and can use to negotiate a secure connection. |
Define ‘hash key derivation function’ | Deriving a key suitable for use as input to an encryption algorithm; A password, a salt, and a cost factor as inputs then generate a password hash. |
How do client and server agree upon a cipher suite in TLS 1.3? | The client sends a hello message stating the versions of TLS and cipher suites that it can support; The server responds with a cipher suite and version that both it and the client can support as well as its certificate. |
How does a client adjust to a servers cipher suite? | After accepting the servers public key certificate, it uses the Change Cipher Spec command to start using the agreed symmetric cipher and key. |
What ports does LDAP use? | Port 389 |
Define a ‘simple bind’ authentication in the LDAP protocol | The client authenticates with its distinguished name (DN) and password, but these are passed as plaintext. |
Define ‘Simple Authentication and Security Layer (SASL)’ authentication in the LDAP protocol | Preferred mechanism for Microsoft’s AD implementation of LDAP; The client and server negotiate the use of a supported authentication mechanism, such as Kerberos. |
Define ‘LDAP Secure (LDAPS)’ | Implementing LDAP using SSL/TLS encryption; The server is installed with a digital certificate, which it uses to set up a secure tunnel for the user credential exchange. |
What port does LDAP Secure (LDAPS) use? | Port 636 |
Where should port 636 and 389 be enabled to secure LDAP? | LDAP port should be blocked by a firewall from access over the public interface. |
Define ‘Simple Network Management Protocol (SNMP)’ | Application protocol used for monitoring and managing network devices. |
What port(s) does Simple Network Management Protocol (SNMP) use? | UDP ports 161 and 162 by default. |
What are the two components of Simple Network Management Protocol (SNMP)? | SNMP monitor and SNMP agent |
Define a ‘SNMP agent’ | A process (software or firmware) running on a switch, router, server, or other SNMP-compatible network device. |
What is the function of an SNMP agent? | Agent maintains a database called a management information base (MIB) that holds statistics relating to the activity of the device. |
Define an 'SNMP trap function' | The agent informs the management system of a notable event after reaching an established threshold. |
What port does the SNMP monitor use to query data from an SNMP agent? | UDP port 161 |
What port are SNMP traps communicated over? | UDP port 162 |
What is best practice in securing an SNMP community name? | Use difficult to guess names, and never leave it to blank or default; Do not transport the community name over a network. |
What is the most secure version of SNMP? | SNMPv3 |
What are security improvements to SNMPv3? | Instead of community names, the agents are configured with a list of usernames and access permissions. |
Define the authentication process in SNMPv3 | SNMP messages are signed with a hash of the user's passphrase. The agent can verify the signature and authenticate the user using its own record of the passphrase. |
Define 'Secure File Transfer Protocol (SFTP)' | Uses a Secure Shell (SSH) tunnel as an encryption method between client and server to transfer, access, and manage files. |
What port does Secure File Transfer Protocol (SFTP) use? | TCP port 22 |
What are two protocols used to implement FTP over SSL/TLS? |
|
Define the function of Explicit TLS (FTPES) | Uses the AUTH TLS command to upgrade an unsecure connection established over port 21 to a secure one. |
Define the function of Implicit TLS (FTPS) | Negotiates a TLS tunnel before the exchange of any FTP commands over TCP port 990. |
What version of FTP over TLS is preferred when there are firewalls between client and server? | Explicit TLS (FTPES) |
Define 'Simple Mail Transfer Protocol (SMTP)' | Application protocol used to send mail between mail servers on the Internet sent over TCP port 25. |
What port does a client use to submit a message request to a mail server? | TCP port 587 |