...
...
...
...
Explain SFTP
SFTP or Secure FTP uses SSH to harden FTP. Uses SSH TCP Port 22.
What is the difference between Recovery Time Objective and Recovery Point objective?
Recovery Time Objective is the the target for how long it takes to get a system back online while Recovery Point Objective is how far back the recovery needs to go (Example: Server backups contain can go back 1 month).
What are the two purposes of a proxy?
Filtering and monitoring. Filter out websites or content and monitor the traffic to and from these destinations.
Explain a Web Security Gateway
A web security gateway is a device (usually a firewall) that can look at Application level information like HTTP information to identify attacks.
Define NAC
NAC or Network Admission Control is a service or system that validates certain components on a client computer (like AV, OS version, etc) before allowing them to connect to network resources.
Define ARO.
ARO or Annualized Rate of Occurence is the likelihood of an event to occur.
Define SLE
Single Loss Expectancy or SLE is the monetary loss of a single event.
Define ALE
Annual Loss Expectancy = ARO x SLE. Allows you to budget for and estimate the cost of loss.
What Port/Protocol runs TFTP.
UDP 69.
What protocol/port runs FTP?
UDP 21
What protocol number is ICMP?
1
What is the protocol number for TCP?
6
What is the protocol number for UDP?
17
Why is WEP a weak security solution?
It uses a very weak initialization vector packet (24-bit) that is easy to guess.
What is a pre-shared key?
A pre-shared key is typically a static password that can be easily shared or stolen.
What form of wireless security uses a RADIUS.
WPA-Enterprise and WPA2-Enterprise.
What does PEAP stand for and what security mechanisms does it use?
Protected Extensible Access Protocol and it uses a combination of digital certificates and transport layer security.
What is EAP?
EAP or Extensible Authentication Protocol is a security framework, but is not by itself a security mechanism. Usually in the form of PEAP, LEAP or EAP-TLS.
What does EAP-TLS imply the use of?
Client-Side Digital Certificates.
Define Risk.
Risk is the possibility of a threat exploiting a vulnerability that results in loss.
What is risk mitigation?
Risk Mitigation, also known as a countermeasure is some task or element that reduces risk.
Name the three controls used to mitigate risk and provide examples.
1. Technical Control: Firewalls, Anti-Virus, Port Security.
2. Management Controls: Training, Planning, Policies.
3. Operational Controls: Change Management / Incident Management.
What is Single Loss Expectancy?
Single Loss Expectancy or SLE is the cost of a single loss event.
What is Annualized Rate of Occurrence?
Annualized Rate of Occurrence or ARO is how often an SLE occurs for a specific item.
What is Annual Loss Expectancy?
Annual Loss Expectancy or ALE is the SLE * ARO.
Explain the difference between MTBF MTTF and MTBR.
Mean Time Before Failure is the average time between failures and is seen as reliability. Meantime to Failure is the time before something fails, but is typically associated with an item that can't be repaired. Mean Time to Restore is the amount of time i
What are the vital tasks when dealing with business partners?
Weigh the Risks / Benefits, prepare an on-boarding / off-boarding process and draft inter-operability agreements.
List these items in descending order of volatility:
1.) Swap Files, HDD, RAM
1.) RAM
2.) Swap Files
3.) HDD
What is a chain of custody?
A chain of custody is a well documented process of evidence collection and handling in the event of a security breach or other event. This is vital in court proceedings.
What does SPR stand for in the context of incident response?
Stimulus, Pause and Response
What is mandatory access control?
Mandatory Access Control or MAC is the system that is used to provide access to confidential information. Think security clearances.
Explain the difference between Differential and Incremental backups.
Incremental backups only backup what has changed since the previous backup. Differential backups backup everything since the last full backup. Incremental backups require less resources to backup, but more to restore. Differential backups require more res
What makes rootkits so dangerous?
Root kits have System Level Access allowing them to run before application level security can start, making them very hard to detect.
Explain a Logic Bomb
A logic bomb is a form of malicious code, (usually an inside job) that causes something malicious to happen at a certain trigger.
Explain Polymorphic Malware.
Polymorphic Malware changes it's ports, filenames and any other information to try and prevent detection or identification.
Explain what an armored virus is.
An armored virus is specifically designed to prevent identification or examination of it's source code.
Explain Man-in-the-Middle attacks.
A man-in-the-middle attack is an active interception of data on a network. The attacker can inject code in either direction. This can be facilitated by ARP poisoning, spoofing, etc.
What is a Smurf Attack?
A Smurf attack is a ping syn/ack flood attack by sending ping requests to broadcast addresses.
Define Replay attack.
A replay attack is the capture of packets and the attempted replay of the packets to gain access to a network resource.
What is SPIM?
Spam via instant messenger.
Explain whaling.
Whaling is a form of phishing targeted at high-level executives.
What do XSS, SQL Injection, LDAP Injection and XML Injection all have in common?
They can all be prevented/mitigated by input validation.
What is a directory traversal attack?
A directory traversal attack is an injection of directory code to try and navigate to a specific directory / file on a computer.
Explain 802.1X
802.1X is port security which requires authentication via a RADIUS server to have traffic permitted on the network.
Explain the difference between Bluejacking and Bluesnarfing.
Bluejacking is the pushing of content to a device while Bluesnarfing is the stealing of content via Bluetooth technology.
Explain Buffer Overflow
Buffer overflow is typically a vulnerability taken advantage of by an attacker in computer code.
Explain the difference between MAC limiting and MAC Filtering.
MAC limiting is a security mechanism that prevents the switch from learning more than a specific amount of MAC addresses from a single port. MAC Filtering only allows specofi
What is the difference between Vulnerability Scanning and Penetration testing.
Vulnerability testing is a passive look at possible parts of the network / system that are vulnerable to attack. Penetration testing is actively attempting to exploit those weaknesses.
What is Banner Grabbing.
Banner grabbing is the collection of information when port scanning or fuzzing to gain information such as software version.
Explain the difference between a white-box, back-box and grey-box.
White-box is full knowledge or access to OS versions, patch levels etc when penetration testing. A black box would be no knowledge or information on the target system and grey-box would be some information.
Explain Fuzzing.
Fuzzing is the attempt to find a vulnerabilty by sending obscure code / commands to a device.
Explain XSRF
XSRF or Cross-Site Reference Forgery is the injection of specific commands into a URL that sends the victim to an already trusted secure site but runs a malicious command. Clicking on a link that automatically uses your bank to transfer funds in a single
Name a couple concerns that come into play with BYOD.
1. Data Ownership
2. Patch Management
3. On-Boarding / Off-Boarding
4. Support Ownership
Explain the difference between IDS, IPS, HIDS and HIPS
IDS and HIDS are both intrusion detection systems. One being a host based, while the other is network based. IPS and HIPS are both intrusion prevention systems.
Explain the difference between a TPM and a HSM.
A TPM or Trusted Platform Module is a hardware chip that deals with security key management while a HSM or Hardware Security Module is a device (usually installed into a firewall) that performs cryptographic functions.
Explain RADIUS vs. DIAMETER vs TACACS+
RADIUS, DIAMETER and TACACS+ are all authentication protocols. RADIUS uses ports UDP 1812,1813,1645 and 1646. TACACS+ is the Cisco proprietary version of AAA. It runs on TCP port 49. DIAMETER is an enhancement to RADIUS and adds the additional EAP (Extens
Explain the difference between Kerberos and LDAP
Kerberos is a Microsoft SSO technoloy that runs on port 88 and uses symmetrical encryption and a ticketing system to grant access to resources. LDAP or Lightweight Directory Access Protocol is used by Active Directory to communicate authentication informa
Explain SAML
SAML or Security Assertion Markup Language is another form of authentication and the best example is when you buy a plane flight, by relationship you are granted access to cars, hotels, etc. SAML works the same way for resource access.
Explain requirements for true Multi-Factor Authentication
True multi-factor authentication requires methods from at least 2 of the 3 following categories:
1. Has: FOB, Keycard
2. Is: Biometrics
3. Knows: Password, Pin,
Explain the difference between a Type 1 Error and Type 2 error when it comes to MFA.
A type 1 error is when an authorized user is not given access. (Also known as false recognition rate). A type 2 error is when an unauthorized user is granted access. (Also known as false acceptance rate).
Explain HOTP / TOTP
HOTP or Hash-Based One-Time Password is a password that changes every time you login. TOTP or Time-Based One-Time Password is a password that changes every interval of time (IE every 1 minute). Think mobile authenticator.
Explain PAP vs CHAP vs MSCHAPv2
PAP or Password Authentication Protocol is an antiquated protocol that communicates passwords in plain text and should not be used. CHAP or Challenge Handshake Authentication Protocol is an encrypted version of PAP. MSCHAPv2 is a Microsoft enhancement to
Explain RBAC / DAC / MAC
RBAC or Role-Based Access Control is a controls method that provides permissions based on roles (like Microsoft AD). DAC or Discretionary Access Control is left up to the discretion of the user (IE Windows Share). MAC or Mandatory Access Control labels al
Explain the 4 main steps of Asymmetric Encrypted communications.
1. Sender encrypts data with receiver's public key.
2. Sender sends encrypted data to receiver.
3. Receiver uses receiver private key to unencrypt the data.
4. Receiver reads the data
Explain a digital signature.
A digital signature is a small piece of data encrypted with a public key to prove identity.
Explain the difference between Block and Stream encryption
Block encryption encrypts data in 64-bit block chunks while stream is a bit-for-bit encryption
Explain Elliptical Curve Cryptography vs Ephemeral Key
Elliptical Curve uses a short key which requires lower CPU overhead while ephemeral changes the key every packet which increases security and overhead.
What are the two most popular hashing algorithms and their bit lengths?
SHA and MD5. MD5 is 128-bit, SHA can be 160, 256 or 512 bit.
What are the primary block encryption standards?
AES > 3DES > DES
Explain Diffie Helman
Diffie Helman is the process used to generate sessions keys for symmetrical session encryption. The DH process itself is asymmetric however.
Explain RC-4
RC-4 is stream cipher encryption meaning it encrypts bit for bit. It has a bad rap from being used in WEP, but is still used today for SSL / TLS connections.
Explain PGP / GPG
PGP or Pretty Good Privacy is the encryption mechanism that encrypts the senders data with the receiver's public key.
Explain DHE and ECDHE
Diffie Helman Ephemeral uses ephemeral key encryption while Ellipitical Curve Diffie Helman Encrytion uses lower cost elliptical curve. Both use DH to establish the connection.
Provide a short summary on how SSL / TLS / HTTPS sessions work.
1.) Sender generates a public / private key pair.
2.)Sender submits certificate to CA for digital signature.
3.) CA verifies certificate and digitally signs the cert.
4.) Sender sends public key to receiver.
5.) Receiver verifies sender by verifying certi
What is the purpose of key stretching?
Key Stretching is used to enhance weak passwords by using HMAC, Salts, BCrypt, PBKF2, etc.
Describe the difference between a CRL and OCSP.
CRL or Certificate Revocation List is a published list of revoked certificates from a CA. OCSP or Online Certificate Status Protocol on the other hand is a service that allows the querying of a single certificate.
What items are typically included on an X.509 Digital Certificate?
1. Version
2. Serial number
3. Hash
4. Encryption Algorithm
5. Issuer
6. Digital Signature
7. Time Range
What is the significance of a Recovery Agent?
A recovery agent is a vital element created by a CA to decrypt data in the event the private key is lost.
Provide as many examples as possible of layered security.
1. HIDS
2. ACLS
3. 802.1x Port Security
4. Data Loss Prevention
5. IDS
6. Software Firewall
7. AD / Kerberos
Explain the difference between Doxing and Daisy Chaining.
Doxing is the searching/publishing of PII with malicious intent while daisy chaining is gaining access to additional systems by piggybacking on the access on the current machine.
What RADIUS implementation was created to deal with VoIP?
DIAMETER
What is exposure factor?
Exposure factor is the expected loss percentage when an event occurs. For example if a virus hit a system and 5 out of 100 computers before it was prevented, the EF would be 5%. EF is used to calculate Single Loss Expectancy.
Explain the difference between an Omni and Yagi antenna.
Omni is multi-directional and the radiation pattern is like a donut. Yagi is directional with high gain and narrow radiation.
Explain the difference between a sector and dipole antenna.
A sector antenna is directional with a circle measured in degrees of arc. A Dipole antenna is the simplest antenna and has donut shaped radiation.
What is HMAC and what does it ensure?
Hash based message authentication code and it ensures message integrity. Used to prevent eavesdropping.
Explain CER
CER or Cross Over Error rate is the point where the FAR meets the FRR. CER measures the accuracy of biometrics systems. The lower the CER, the better.
Explain NTLM
NTLM or New Technology LAN Manager is a suite of protocols that are used to provide authentication, integrity and confidentiality for Windows systems. V1 should never be used because it uses a now-cracked MD4 algorithm. Version 2 uses HMAC-MD5.
Explain LDAP
LDAP or Lightweight Directory Access Protocol is the protocol Active Directory is built upon. LDAP is based on the X.500 standard. When you see DC=Nuggetlab, DC=COM, think LDAP.
Name the 3 elements of SAML and what security measures it provides.
Identity Provider, Service Provider and principal (User). SAML provides identity and authentication, but not authorization.
Explain Shibboleth.
Shibboleth is a cheap, open source Federated Identity service that can be easily customized..
Explain oAuth
oAuth or Open Authentication Standard is used to provide secure access to third-party sites. An example would be using your paypal account to purchase something on a vendor website.
Explain OpenIDConnect.
OpenIDConnect works with OAuth to allow clients to verify identity without managing credentials. Think of using your Facebook login for third party sites.
What type of control is least privilege?
Least privilege is a technical control.
Explain the difference between VM Escape and VM Sprawl.
VM escape is an attack where a hacker can escape a VM onto the hos system. VM Sprawl is the tendency of VMs to quickly get out of control and managed incorrectly causing security threats.
Explain the significance of subjects and objects in relation to access control.
Subjects are users or groups trying to access an object while objects are files, folders, printers, etc that are acessed by the subject.
Explain ABAC
ABAC or Attribute Based Access Control is the concept of tagging data with an attribute and then providing users access based on the attributes they are attached to.
Explain SRTP.
SRTP or Secure Real Time Protocol is a secure protocol used for VoIP communications.
Explain FTP and its Ports.
FTP or file transfer protocol is an antiquated file transfer method that runs on TCP ports 20/21
Explain TFTP
TFTP or Trivial File Transfer Protocol uses UDP 69.
Explain SSH
SSH or Secure Shell is used for secure network connections. Predecessor of Telnet. SSH runs on TCP 22.
Explain SSL
SSL or Secure Socket Layer is a transport protocol that runs on port 443. SSL has been cracked and should no longer be used. TLS is the new SSL.
Explain TLS
TLS or Transport Layer Security is the new version of SSL. TLS can use the STARTTLS command to upgrade to an encrypted connection on the same port.
Explain IPSec
IPSec or IPSecurity is typically a suite of protocols that provides encrypted connections. IPSec uses two IKE phases to establish communications over UDP 500.
Explain the difference between AH and ESP.
Authentication Header (Protocol 50) adds an authentication mechanism for the hosts before exchanging data, while Encapsulated Security Payload (Protocol 51) encapsulates the whole IPSec packet. ESP includes AH.
Explain FTPS
FTP-S is FTP + TLS and can be used on TCP 989 and 990 or STARTTLS with 20/21.
Explain SMTP
SMTP or Simple Mail Transport Protocol transfers messages between mail servers and uses TCP 25, 465 with SSL and 587 with TLS. STARTTLS is recommended.
Explain POP3
POP3 or Post Office Protocol transfers messages from email servers to clients on TCP 110 with STARTTLS. Without TLS, POP3 uses TCP 995.
Explain IMAPv4
IMAP stores email messages in folders like GMail. IMAP uses TCP 143, 993 for SSL, but it is recommended to use STARTTLS on 143.
Explain LDAPS
LDAPS or LDAP -TLS uses TCP port 636.
What does the dig command do?
dig is the Linux equivalent of nslookup.
What is the common port range?
0-1023
What is the registered port range?
1024-49,151
What is the private / dynamic port range?
49,152-65,535
What is the difference between a bridge and a router?
A bridge can be used in place of a router in some situations but is a L2 device and makes forwarding decisions based on MAC addresses.
What is a non-transparent proxy?
A non-transparent proxy modifies or filters requests. They are often used to filter out websites deemed unnecessary by organizations.
What port(s) does SNMPv3 use?
UDP 161/162
Explain PEAP
PEAP or Protected EAP is EAP +TLS and requires a server-side certificate.
Explain EAP TTLS
EAP TTLS or EAP + Tunnelled TLS is an extension of EAP that allows systems to use older versions of authentication such as PAP. Requires server-side certificates.
Explain EAP-TLS
EAP TLS is one of the most secure and widely used versions of EAP. It requires both server-side and client-side certificates.
Explain a dissociation attack.
An attacker spoofs a wireless clien't's MAC address and then sends a termination packet to the access point to boot the device from the network.
Explain IPSec AH and it's protocol number.
IPSec AH uses digital signatures to allow both hosts to authenticate with each other before establishing communications. (Protocol 51).
Explain IPSec ESP and it's protocol number.
IPSec ESP or Encapsulating Security Payload encapsulates the whole IP packet and encrypts it. ESP includes IPSec AH and is protocol 50.
Explain NAC.
NAC or Network Access Control typically requires an agent to be installed on a host machine and verifies certain security requirements before being allowed to access the network.
Explain PAP.
PAP or password authentication protocol sends passwords in plain text and should not be used.
Explain CHAP
CHAP or Challenge Handshake Authentication Protocol is an enhancement to PAP where a server challenges a client to provide the correction security information.
Explain MSCHAP
MSCHAP is the Microsoft enhancement of CHAP and encrypts the password.
Explain MSCHAPv2
MSCHAPv2 provides enhancements to MSCHAP including the ability to change passwords during authentication.
Explain TACACS+
TACACS+ is the Cisco proprietary version of RADIUS. TACACS+ is popular due to its compatibility with Kerberos.
Explain Diameter
Diameter adds multiple enhancements to RADIUS and is often used for VoIP authentication.
Explain IPSec Tunnel Mode
IPSec Tunnel mode encrypts the entire packet as it travels on the private IP network.
Explain IPSec Transport Mode
Transport mode encrypts the payload only and is commonly used in private networks, but not VPN connections.
What does the command chroot do?
chroot is a Linux command meaning change root, which in effect can create a sandbox for testing.
Explain Secure Boot
Secure boot checks the signatures of key files needed for system boot. If the files have been altered, secure boot will prevent a system from starting up. The report of approved digital signatures is stored on the TPM chip.
Explain Attestation.
Attestation is similar to secure boot in that it checks the integrity of boot files, however it performs the verification on a remote system.
Explain ANT
ANT is a proprietary wireless communication technology used primarily by wearable devices.
Explain Database Column Encryption
Database column encryption encrypts the individual columns in database and is one of the strongest forms of security for DBs.
Explain Pharming
Pharming is the modification of a local hosts file in an attempt to direct a victim to a malicious website.
Explain the difference between nmap, tcpdumb and netcat
nmap is a sophisticated linux port / network scanner, tcpdump is a protocol analyzer like Wireshart and netcat is a remote administration tool but can be used for banner grabbing.
What elements of CIA does cryptography provide?
Confidentiality and Integrity
What does portion of CIA does Digital Signatures provide?
Digital signatures provide Authentication and Non-Repudiation
Explain MD5
MD5 is a hashing algorithm that uses 128-bit key length and was cracked, but is still widely used for verifying integrity.
Explain SHA and it's different iterations.
SHA or Secure Hashing Algorithm is a widely used hashing algorithm:
SHA0 --> Deprecated / Unused
SHA1--> 160-Bit length hashing algorithm similar to MD5
SHA2--> 256, 512, 224 & 384-Bit Key lengths. SHA2 resolved weaknesses found in SHA1
SHA3 --> Alternati
Define HMAC
HMAC or Hash-Based Message Authentication Code is a hashing algorithm that uses a shared secret to strengthen security. HMAC is used in HMAC-MD5 or HMAC-SHA1 flavors. The shared secret calculates a portion of the hash. IPSec and TLS both use a form of HMA
Explain RIPEMD
RIPEMD or Race Integrity Primitive Evaluation Message Digest is a less used hashing algorithm that uses 128, 160, 256 and 320 bit kets.
Define Key-Stretching
Key Stretching is the strengthening of password hashes by using salts and other methods.
What is BCrypt?
BCrypt is a key-stretching technique based on the Blowfish Cipher. It salts and hashes the passworkd multiple times.
Explain PBKDF2
PBKDF2 is a key stretching technique that salts with at least 64-bits and uses a pseudo random function like HMAC. WPA2, iOS and Cisco systems use PBKDF2 up to 1,000,000 times to secure passwords.
What is an IV?
An Initialization Vector is the starting value for a Crypto Algorithm. It is a fixed-size and uses a pseudo random process to create encryption keys.
What is Nonce
A number used once, typically with cryptography.
Define XOR
XOR is a boolean calculation that calculates two inputs and outputs either true(1) or false (0).
Explain the difference between confusion and diffusion.
Confusion means that cipher text is much different than the coinciding plain text. Diffusion is the significant difference in cipher text when a small change is made in plain text.
Explain the difference between a block and stream cipher.
A block cipher typically encrypts blocks of data (usually 64 or 128 bits) at a time. A stream cipher encrypts data bit by bit.
Explain ECB.
ECB or Electronic Code Book is a deprecated cipher mode that uses the same encryption key for each block.
Explain CBC
CBC or Cipher Block Chaining uses lV for randomization for the first block and then combines the following blocks using XOR calculations.
Explain CTM
CTM or Counter Mode is a type of cipher mode that is widely used and respected. It uses the same IV for each each block, but different keys for each block.
Define GCM
GCM or Galios / Counter-Mode is a commonly used cipher mode that combines Counter Mode with hashing techniques. It is efficient and high performance.
List the different iterations of AES and it's block size.
AES-128, AES-192 and AES-256. AES uses 128-bit block sizes.
Explain DES
DES uses 64-bit blocks and a small key. DES is deprecated.
Explain 3DES
3DES is DES x 3. It uses 64-bit blocks with 56, 112 and 168 bit keys.
Explain RC4
RC4 was a prevalent stream cipher that was the recommended encryption type for SSL/TLS. RC4 was replaced by AES.
Define Blowfish
Blowfish is a symmetric cipher and encrypts data in 64-bit blocks and 32-448-bit keys.
Explain Twofish
Twofish uses 128-bit blocks and 128, 192 or 256 bit keys.
Define RSA
RSA is an encryption method widely used on the internet / email. It uses static keys.
Explain S/MIME.
S/MIME is the most popular signing / encryption protocol for email. It uses both RSA & AES and requires PKI to function.
What is a cognitive password?
A cognitive password is one that is answered usually in the form of a question. What high-school did you attend? (example).
Explain a misuse-detection based IDS.
It is the same as a signature based IDS and requires regular updates to stay current..
What protocols provide SSO?
Kerberos, SESAME and Active Directory.
What is SESAME?
SESAME is a single sign on technology that works almost exactly like Kerberos.
What is a side-channel attack.
Typically an attack on the physical implementation of encryption or security vs the algorithm itself. Can include collecting power consumption information, radiation, etc. Having highly resilient algorithms can help mitigate side-channel attacks.
What is Treason?
Treason or subversion is an attempt to destroy an authorized governing body.
What is privilege escalation?
Gaining access to files you should not have permission to on a valid account.
What is PRNG?
Pseduo Random Number Generation is a cryptographic technique used by symmetric algorithms.
What provides authentication in a Kerberos environment?
Authentication Service (AS)
What is piggybacking?
Piggybacking is the same thing as tailgating except the person with the credentials knows the attacker is present.
What is a two-phase commit?
A two-phase commit ensures that an entire transaction occurs to maintain integrity. If not, the whole process is cancelled.
Explain IDEA
IDEA uses 128-Bit Keys to encrypt 64-bit blocks of data.
What is the default extension for an exported Windows Server certificate?
DER
How many rounds of computation does DES / 3DES use?
16 / 48
What algorithm is used for digital signatures for the US government and was developed by the NSA?
DSA
What encryption standard is used for the Clipper Chip?
SkipJack
Explain a PFX certificate
PFX is used by Microsoft and contains both encrypted public and private keys. It is the extension for a Microsoft Server X.509 cert.
What size keys can 3DES use?
56, 112 and 168-bit.
What type of certificates are used to hold private keys and what format are they?
PFX and P12B (CER-Based)
What type of certificates are used to provide public keys and what format are they?
P7B (DER-Based)
What are PEM Certificates?
PEM Certificates are typically used for web-servers and are typically used in Unix/Linux environments. DER is the parent format. DER certs can be converted into PEM.
What is an OID?
An OID is an object identifier which is an optional extension for X.509 certificates. It can include information such as a certificate owner.
What type of certificate includes the hostname or IP address associated with the cert?
SAN or Subject Alternative Name certificate.
What certificate support the storage of public and private keys?
.PFX and .P12
Which certificate extensions are base-64 encoded X.509 Certs?
.cer and .crt
Which certificate extensions are used to store cert chains?
.p7b or .p7r
What is the primary purpose of the .PEM extension?
PEM is converted from a .pfx or .p12 extension for Unix / Linux