module 22

Question 1

What does ACL stand for?

Answer 1

access control lists

Question 2

What is access control lists?

Answer 2

How users receive rights.

Question 3

Access control or authorization models are generally classed as one of four things. Name them.

Answer 3

1. DAC
2. RBAC
3. MAC
4. Rule-based

Question 4

What does DAC stand for?

Answer 4

Discretionary Access Control

Question 5

What does RBAC stand for?

Answer 5

Role-based Access Control

Question 6

What does MAC stand for?

Answer 6

Mandatory Access Control

Question 7

Access control or authorization models are classified as one of the following (DAC, RBAC, MAC, or Rule-based).

Which is being described below?

This model adds an extra degree of administrative control to the DAC model. Under this model, a set of organization roles are defined and users allocated to those roles. You can see a simple version of this model working in the division of Windows user account types into Administrators and Standard Users.

Answer 7

RBAC

Question 8

Access control or authorization models are classified as one of the following (DAC, RBAC, MAC, or Rule-based).

Which is being described below?

This model stresses the importance of the owner. The owner is originally the creator of the resource, though ownership can be assigned to another user. The owner is granted full control over the resource, meaning that they can modify its ACL to grant rights to others.

Answer 8

DAC

Question 9

Access control or authorization models are classified as one of the following (DAC, RBAC, MAC, or Rule-based).

Which is being described below?

This model can refer to any sort of access control model where access control policies are determined by system-enforced rules rather than system users.

Answer 9

Rule-based

Question 10

Access control or authorization models are classified as one of the following (DAC, RBAC, MAC, or Rule-based).

Which is being described below?

This model is based on the idea of security clearance levels. Rather than defining access control lists on resources, each object and each subject is granted a clearance level, referred to as a label.

Answer 10

MAC

Question 11

What is non-repudiation?

Answer 11

The principle that the user cannot deny having performed some action.

Question 12

Name five mechanisms that can be used to provide non-repudiation.

Answer 12

1. Logging
2. Video
3. Biometrics
4. Signature
5. Receipts

Question 13

There are five mechanisms that can be used to provide non-repudiation. (logging, video, biometrics, signature, and receipts).

Which of the five is being described below?

Issuing this mechanism with respect to some product or service is proof that a user requested that product and that it was delivered in a timely manner.

Answer 13

Receipt

Question 14

There are five mechanisms that can be used to provide non-repudiation. (logging, video, biometrics, signature, and receipts).

Which of the five is being described below?

This mechanism can prove that the user was an author of a document (they cannot deny writing it).

Answer 14

Signature

Question 15

There are five mechanisms that can be used to provide non-repudiation. (logging, video, biometrics, signature, and receipts).

Which of the five is being described below?

Strong authentication can probe that a person was genuinely operating their user account and that an intruder had not hijacked the account.

Answer 15

Biometrics

Question 16

There are five mechanisms that can be used to provide non-repudiation. (logging, video, biometrics, signature, and receipts).

Which of the five is being described below?

Can record who goes in or out of a particular area.

Answer 16

Video.

Question 17

User accounts can be assigned directly to security policies, but if there are a large number of users, this can be difficult to manage. How is this made simpler?

Answer 17

group accounts

Question 18

Widows creates several default accounts. We’re only concerning ourselves with two. What are they?

Answer 18

administrative
standard user

Question 19

Give three examples of a hardware token (“something you have”).

Answer 19

smart card
USB fob
SecureID token

Question 20

What does GPS stand for?

Answer 20

global positioning system

Question 21

What does IPS stand for?

Answer 21

Indoor Positioning System

Question 22

Authentication is the process of ensuring that each account is only operated by its proper user. There are many different authentication technologies. Name four

Answer 22

1. something you know
2. something you have
3. something you are
4. somewhere you are

Question 23

Give an example of something you know.

Answer 23

password

Question 24

Give an example of something you have.

Answer 24

authentication device

Question 25

Give an example of something you are

Answer 25

biometrics

Question 26

Give an example of somewhere you are

Answer 26

GPS authentication or IPS authentication

Question 27

What does SSO stand for?

Answer 27

Single Sign-On

Question 28

What is SSO (Single Sign-On)?

Answer 28

Something you only have to sign into once. An example would be when I sign into Microsoft outlook. I don't have to do it again, just once.

Question 29

The following terminology is used to discuss cryptography: Name three.

Answer 29

Plain Text Cipher Text Cipher

Question 30

What is plain text?

Answer 30

Unencrypted message.

Question 31

What is cipher text?

Answer 31

An encrypted message.

Question 32

What is Cipher?

Answer 32

The process used to encrypt or unencrypt a message.

Question 33

What is symmetric encryption.

Answer 33

A single secret key is used to both encrypt and decrypt data.

Question 34

Symmetric encryption is also referred to as __________ or ___________.

Answer 34

single-key private-key

Question 35

What is the main problem and the main advantage of symmetric encryption.

Answer 35

secure distribution and storage of the key speed

Question 36

What is the principal measure of the security of an encryption cipher?

Answer 36

the size of the key

Question 37

What else might asymmetric encryption be called?

Answer 37

Public Key Cryptography

Question 38

Asymmetric encryption uses a key to encrypt and a second key to decrypt data. What do you call each?

Answer 38

encrypt = public key decrypt = private key

Question 39

A key pair can be used the other way around. If the private key is used to encrypt something, only the public key can then decrypt it. The point is that one type of key cannot reverse the operation it has just performed. There is no answer this is just a note.

Question 40

What is the solution to the problem of authenticating subjects on public networks?

Answer 40

PKI

Question 41

What does PKI stand for?

Answer 41

Public Key Infrastructure.

Question 42

what does CA stand for

Answer 42

Certified Authority

Question 43

What is a hash?

Answer 43

A short representation of data. It converts a variable amount of information and converts it to a fixed length string.

Question 44

What does a cryptographic hash do?

Answer 44

1. A hash is only a portion of data. A cryptographic has allows for recovery of the remaining data. 2. It also ensures that no two pieces of information produces the same hash. 3. It can be used to prove that a message has not been tampered with.

Question 45

What are the three most commonly used cryptographic hash algorithms?

Answer 45

SHA-1 SHA-2 MD5

Question 46

What does SHA-1 stand for?

Answer 46

secure hash algorithm 1

Question 47

What does MD5 stand for?

Answer 47

message digest 5

Question 48

What does VPN stand for?

Answer 48

Virtual Private Network.

Question 49

Password Best Practices

Answer 49

1. 9-12 characters in length 14 characters for administrative users. 2. No simple phrases or words. 3. Don't make it so complex that it has to be written down, or changed often. 4. Do not write down or share your password. 5. Change your password periodically. 6. Do not reuse passwords across different web accounts.