Term Test 2 Flashcards Preview

Intro to Computer Security Final > Term Test 2 > Flashcards

Flashcards in Term Test 2 Deck (76):
1

Which of the following is the most important aspect of security?
A. Physical security
B. Intrusion detection
C. Logical security
D. Awareness training

A. Physical Security

2

What method can be used to map out the needs of an organization for a new facility?
A. Log file audit
B. Crtical path analysis
C. Risk analysis
D. Inventory

B. Critical path analysis

3

What infrastructure component is often located in the same position across multiple floors in order to provide a convenient means of linking floor-based netowrks together?
A. Server room
B. Wiring closet
C. Datacenter
D. Media cabinets

B. Wiring closet

4

What is the most common form of perimeter security devices or mechanisms?
A. Security guards
B. Fences
C. CCTV
D. Lighting

D. Lighting

5

What is the most common cause of failure for water-based fire suppression system?
A. Whater shortage
B. People
C. Ionization detectors
D. Placement of detectors in drop ceilings

B. People

6

Accountability requires all of the following items except one. Which item is not required for accountability?
A. Identification
B. Authentication
C. Audting
D. Authorization

D. Authorization

7

Which of the following is an example of a Type 2 authentication factor?
A. Something you have
B. Something you are
C. Something you do
D. Something you know

A. Something you have

8

Your organization issues devices to employees. These devices generate one-teim passwords every 60 seconds. A server hosted within th eorganization knows what this password is at any given time. What type of device is this?
A. Synchronous token
B. Asynchronous token
C. Smartcard
D. Common access card

A. Synchronous token

9

A biometric system has falsely rejected a valid user, indicating that the user is not recognized. What type of error is this?
A. Type 1 error
B. Type 2 error
C. Crossover error rate
D. Equal error rate

A. Type 1 error

10

What is the primary purpose of Kerberos?
A. Confidentiality
B. Integrity
C. Authentication
D. Accountability

C. Authentication

11

Which of the following authentication, authorization, and accounting (AAA) protocols is based on RADIUS and supports Mobile IP and Voice over IP?
A. Distributed access control
B. Diameter
C. TACACS+
D. TACACS

B. Diameter

12

What is the most common and inexpensive form of physical access control device?
A. Lightning
B. Security guard
C. Key locks
D. Fences

C. Key locks

13

Which of the following is not a typical type of alarm that can be triggered for physical security?
A. Preventive
B. Deterrent
C. Repellant
D. Notification

A. Preventive

14

What is the most important goal of all security solutions?
A. Prevention of disclosure
B. Maintaining integrity
C. Human safety
D. Sustaining availability

C. Human safety

15

What is the ideal humidity range for a computer room?
A. 20-40 percent
B. 40-60 percent
C. 60-75 percent
D. 80-95 percent

B. 40-60 percent

16

Which of the following is typically not a culprit in causing damage to computer equipment in the event of a fire and a triggered suppression?
A. Heat
B. Suppression medium
C. Smoke
D. Light

D. Light

17

Which cryptographic algorithm forms the basis of the El Gamal cryptosystem?
A. RSA
B. Diffie-Hellman
C. 3DES
D. IDEA

B. Diffie-Hellman

18

If Richard wants to send an encrypted message to Sue using a public key cryptosystem, which key does he use to encrypt the message?
A. Richard's public key
B. Richard's private key
C. Sue's public key
D. Sue's private key

C. Sue's public key

19

If a 2,0480bit plaintext message were encrypted with the El Gamal public key cryptosystem, how long would the resulting cipher text message be?
A. 1,024 bits
B. 2048 bits
C. 4,096 bits
D. 8,192 bits

C. 4,096 bits

20

Acme Widgets currently uses a 1,024-bit RSA encryption standard companywide. The company plans to convert from RSA to an elliptic curve cryptosystem. If it wants to maintain the same cryptographic strength, what ECC key length should it use?
A. 160 bits
B. 512 bits
C. 1,024 bits
D. 2,048 bits

A. 160 bits

21

John wants to produce a message digest of a 2, 048-byte message he plans to send to Mary. If he uses the SHA-1 hashing algorithm, what size will the message digest for this particular message be?
A. 160 bits
B. 512 bits
C. 1,024 bits
D. 2, 048 bits

A. 160 bits

22

What is system accreditation?
A. Formal acceptance of a stated system configuration
B. A functional evaluation of the manufacturer's goals for each hardware and software component to meet integration standards
C. Acceptance of test results that prove the computer system enforces the security policy
D. The process to specify secure communication between machines

A. Formal acceptance of a stated system configuration

23

What is a closed system?
A. A system designed around final, or closed, standards
B. A system that includes industry standards
C. A proprietary system that uses unpublished protocols
D. Any machine that does not run Windows

C. A proprietary system that uses unpublished protocols

24

What is a security control?
A. A security component that stores attributes that describe an object
B. A document that lists all data classification types
C. A list of valid access rules
D. A mechanism that limits access to an object

D. A mechanism that limits access to an object

25

What is a trusted computing base (TCB)?
A. Hists on you network that support secure transmissions
B. The operating system kernel and device drivers
C. The combination of hardware, software, and controls that work together to enforce a security policy
D. The software and controls that certify a security policy

C. The combination of hardware, software, and controls that work together to enforce a security policy

26

What part of the TCB concept validates access to every resource prior to granting the requested access?
A. TCB partition
B. Trusted library
C. Reference monitor
D. Security kernel

C. Reference monitor

27

Many PC operating systems provide functionality that enables them to support the simultaneous execution of multiple applications on a single-processor systems. What term is used to describe this capability?
A. Multiprogramming
B. Multithreading
C. Multitasking
D. Multiprocessing

C. Multitasking

28

What technology provides an organization with the best control over BYOD equipment?
A. Application whitelisting
B. Mobile device management
C. Removable storage
D. Geotagging

B. Mobile device management

29

Which of the following is true related to a subject?
A. A subject is always a user account.
B. The subject is always the entity that provides or hosts the information or data.
C. The subject is always the entity that receives information about or data from an object.
D. A single entity can never change roles between subject and object.

C. The subject is always the entity that receives information about or data from an object.

30

Which of the following types of access control uses fences, security policies, security awareness training, and antivirus software to stop an unwanted or unauthorized activity from occurring?
A. Preventive
B. Detective.
C. Corrective
D. Authoritative

A. Preventive

31

Which of the following best expresses the primary goal when controlling access to assets?
A. Preserve confidentiality, integrity, and availability of systems and data.
B. Ensure that only valid objects can authenticate on a system.
C. Prevent unauthorized access to subjects.
D. Ensure that all subjects are authenticated.

A. Preserve confidentiality, integrity, and availability of systems and data

32

A user logs in with a login ID and a password. What is the purpose of the login ID?
A. authentication
B. Authorization
C. Accountability
D. Identification

D. Identification

33

You have three applications running on a single-core single-processor system that supports multitasking. One of those applications is a word processing program that is managing two threads simultaneously. The other two applications are using only one thread of execution. How many applications threads are running on the processor at any given time?
A. One
B. Two
C. Three
D. Four

A. One

34

What is a security risk of an embedded system that is not commonly found in a standard PC?
A. Software flaws
B. Access to the Internet
C. Control of a mechanism in the physical world
D. Power loss

C. Control of a mechanism in the physical world

35

What type of memory chip allows the end user to write information to the memory only one time and then preserves that information indefinitely without the possibility of erasure?
A. ROM
B. PROM
C. EPROM
D. EEPROM

B. PROM

36

Which type of memory chip can be erased only when it is removed from the computer and exposed to a special type of ultra violet light?
A. ROM
B. PROM
C. EPROM
D. EEPROM

C. EPROM

37

Which one of the following types of memory might retain information after being removed from a computer and, therefore, present a security risk?
A. Static RAM
B. Dynamic RAM
C. Secondary memory
D. Real memory

C. Secondary memory

38

Which security models are built on a state machine model?
A. Bell-LaPadula and Take-Grant
B. Biba and Clark-Wilson
C. Clark-Wilson and Bell-LaPadula
D. Bell-LaPadula and Biba

A. Bell-LaPadula and Biba

39

Which security model addresses data confidentiality?
A. Bell-LaPadula
B. Biba
C. Clark-Wilson
D. Brewer and Nash

A. Bell-LaPadula

40

What is the implied meaning of the simple property of Biba?
A. Write down
B. Read up
C. No write up
D. No read down

B. Read up

41

What is the best definition of a security model?
A. A security model states policies an organization must follow.
B. A security model provides a framework to implement a security policy.
C. A security model is a technical evaluation of each part of a computer system to assess its concordance with security standards.
D. A security model is the process of formal acceptance of a certified configuration.

B. A security model provides a framework to implement a security policy.

42

Which Bell-LaPadula property keeps lower-level subjects from accessing objects with a higher security level?
A. (star) Security Property
B. No write up property
C. No read up property
D. No read down property

C. No read up property

43

What encryption technique does a WPA use to protect wireless communications?
A. TKIP
B. DES
C. 3DES
D. AES

A. TKIP

44

Richard wants to digitally sign a message he's sending to Sue so that Sue can be sure the message came from him without modification while in transit. Which key should he use to encrypt the message digest?
A. Richard's public key
B. Richard's private key
C. Sue's public key
D. Sue's private key

B. Richard's private key

45

Which International Telecommunications Union (ITU) standard governs the creation and endorsement of digital certificates for secure electronic commmunication?
A. X.500
B. X.509
C. X.900
D. X.905

B. X.509

46

What type of cryptographic attack rendered Double DES (2DES) no more effective than the standard DES encryption?
A. Birthday attack
B. Chosen siphertext attack
C. Meet-in-the-middle attack
D. Man-in-the-middle attack

C. Meet-in-the-middle attack

47

What is the major disadvantage of using certificate revocation lists?
A. Key management
B. Latency
C. Record keeping
D. Vulnerability to brute-force attacks

B. Latency

48

What is the most effective means of reducing the risk of losing data on a mobile device, such as a notebook computer?
A. Defining a strong logon password
B. Minimizing sensitive data stored on the mobile device
C. Using a cable lock
D. Encrypting the hard drive

B. Minimizing sensitive data stored on the mobile device

49

Which one of the following storage devices is most likely to require encryption technology in order to maintain data security in a networked environment/
A. Hard disk
B. Backup tape
C. Removable drive
D. RAM

C. Removable drives

50

What type of electrical component serve as the primary building block for dynamic RAM chips?
A. Capacitor
B. Resistor
C. Flip-flop
D. Transistor

A. Capacitor

51

The most commonly overlooked aspect of mobile phone eavesdropping is related to which of the following?
A. Storage device encryption
B. Screen locks
C. Overhearing conversations
D. Wireless networking

C. Overhearing conversations

52

What type of memory device is usually used to contain a computer's motherboard BIOS?
A. PROM
B. EEPROM
C. ROM
D. EPROM

B. EEPROM

53

What security principle helps prevent users from accessing memory spaces assigned to applications being run by other users?
A. Separation of privilege
B. Layering
C. Process isolation
D. Least privilege

C. Process isolation

54

Which security principle mandates that only a minimum number of operating system processes should run in supervisory mode?
A. Abstraction
B. Layering
C. Data hiding
D. Least privilege

D. Least privilege

55

Which security principle takes the concept of process isolation and implements it using physical controls?
A. Hardware segmentation
B. Data hiding
C. Layering
D. Abstraction

A. Hardware segmentation

56

What is system certification?
A. Formal acceptance of a stated system configuration
B. A technical evaluation of each part of a computer system to assess its compliance with security standards
C. A functional evaluation of the manufacturer's goals for each hardware and software component to meet integration standards
D. A manufacturer's certificate stating that all components were installed and configured correctly

B. A technical evaluation of each part of a computer system to assess its compliance with security standards

57

What type of memory is directly available to the CPU and is often part of the CPU?
A. RAM
B. ROM
C. Register memory
D. Virtual memeory

C. Register memory

58

At what voltage level can static electricity cause destruction of data stored on hard drives?
A. 4, 000
B. 17, 000
C. 40
D. 1, 500

D. 1, 500

59

What type of access controls are hardware or software mechanisms used to manage access to resources and systems, and provide protection for those resources and systems?
A. Administrative
B. Logical/techincal
C. Physical
D. Preventive

B. Logical/technical

60

Which of the following best identifies the benefit of a passphrase?
A. It is short.
B. It is easy to remember.
C. It includes a single set of characters.
D. It is easy to crack.

B. It is easy to remember

61

Scenario: An administrator has been working within an organization for over 10 years. He has moved between different IT divisions within the company and has retained privileges from each of the jobs that he's had during his tenure. Recently, supervisors admonished him for making unauthorized changes to systems. He one again made an unauthorized change that resulted in an unexpected outage and management decided to terminate his employment at the company. He came back to work the following day to clean out his desk and belongings, and during this time he installed malicious script that was scheduled to run as a logic bomb on the first day of the following month. The script will change administrator passwords, delete files, and shut down over 100 servers in the datacenter.

Which of the following basic principles was violated during the administrator's employment?
A. Implicit deny
B. Loss of availability
C. Defensive privileges
D. Least privilege

D. Least pivilege

62

Scenario: An administrator has been working within an organization for over 10 years. He has moved between different IT divisions within the company and has retained privileges from each of the jobs that he's had during his tenure. Recently, supervisors admonished him for making unauthorized changes to systems. He one again made an unauthorized change that resulted in an unexpected outage and management decided to terminate his employment at the company. He came back to work the following day to clean out his desk and belongings, and during this time he installed malicious script that was scheduled to run as a logic bomb on the first day of the following month. The script will change administrator passwords, delete files, and shut down over 100 servers in the datacenter.

What could have discovered problems with this user's account while he was employed?
A. Policy requiring strong authentication
B. Multifactor authentication
C. Logging
D. Account review

D. Account review

63

Which of the following tools can be used to improve the effectiveness of a brute-force password cracking attack?
A. Rainbow tables
B. Hierarchical screening
C. TKIP
D. Random enhancement

A. Rainbow tables

64

Which of the following links would be protected by WPA encryption?
A. Firewall to firewall
B. Router to firewall
C. Client to wireless access point
D. Wireless access point to router

C. Client to wireless access point

65

Mary recently read about a new hacking group that is using advanced tools to break into the database server of organizations running public websites. In risk management language, how would she describe this group of hackers?
A. Standard
B. Threat
C. Risk
D. Vulnerability

B. Threat

66

Ben is planning to deploy a new firewall on his organization's network. What category of control does the firewall fit into?
A. Administrative
B. Corrective
C. Preventive
D. Detective

C. Preventive

67

You are using symmetric encryption to protect data stored on a hard drive that will be shipped across the country. What key(s) are involved in the protection of this information?
A. Public and private keys
B. Shared secret
C. Public key
D. Private key

B. Shared secret

68

Renee recently received a digital certificate from a trusted certificate authority. What key does it contain?
A. CA's private key
B. Renee's private key
C. CA's public key
D. Renee's public key

D. Renee's public key

69

Bob receives a message from Alice that she sent using an asymmetric cryptography algorithm. What key should he use to decrypt the message?
A. Bob's private key
B. Alice's public key
C. Bob's public key
D. Alice's private key

A. Bob's private key

70

Jason received a message from Bob and would like to be able to prove to a third party that Bob actually sent the message. Which principle of cryptography is Jason attempting to enforce?
A. Authntication
B. Confidentiality
C. Non-repudiation
D. Integrity

C. Non-repudiation

71

In the Bell-Lapadula model, what property says that a subject may not read information at a higher security level than they possess?
A. Simple security rule
B. *-security rule
C. *-integrity rule
D. Simple integrity rule

A. Simple security rule

72

Which one of the following authentication techniques is considered the most invasive of user privacy?
A. Facial recognition
B. Fingerprint
C. Voiceprint
D. Retinal scan

D. Retinal scan

73

Richard is attempting to access a secure system. He provides his username and password and then submits to a biometric scan, which he passes. he then attempts to open a door but receives the message "Access Denied." At what stage of the access control process did he fail?
A. Authorization
B. Idemnification
C. Identification
D. Authentication

A. Authorization

74

Which one of the following is an example of multifactor authentication?
A. Fingerprint and voice recognition.
B. Username and password
C. Password and security questions
D. Access card and PIN

D. Access card and PIN

75

Toby is attempting to log in to a secure system. He provides his username at the prompt and then is asked to provide a password. What stage of the access control process is taking place at that moment?
A. Identification
B. Authorization
C. Authentication
D. Indemnification

C. Authentication

76

Explain a hash function and its basic requirements.

Hash function are unique algorithms that take a given message and produce a unique output value based on the input. The 5 basic hash function requirements are:
1. input can be of any length
2. output is a fixed length
3. the hash function is easy to compute for a given input
4. the hash function is one-way
5. the hash function is collision free (no duplicate outputs)