In a data breach (such as the OPM case) which security characteristic of data has been violated?
Confidentiality
Which of the following about
... [Show More] vulnerabilities and threats is not true?
A vulnerability or a threat, but not both, are required to create risk
Considering the CIA triad and the Parkerian hexad, which of the following is true?
Parkerian is more complete but not as widely known
Which of the following is not true about complex and automatically generated passwords that are unique to each system and are a minimum of 30 characters in length, such as !Hs4(j0qO$&zn1%2SK38cn^!Ks620! ?
Brute force password crackers will break them as quickly as a 4-digit PIN
Which of the following would not be part of a solution in the Polycom case study
Off site backups
Which of the following is true regarding the history of cybersecurity as presented in class and the associated document?
Advances (firewalls, intrusion detection, encryption algorithms, etc.) often followed attacks or apparent weaknesses
What does the concept of defense in depth mean?
Protect your data and systems with tools and techniques from different layers
The primary vulnerability in the Lodz Tram Hack case study was:
Lack of authentication
Which of the following would not be considered a logical (technical) control?
fences
How do we know at what point we can consider our environment to be secure?
Never; perfect security does not exist
If we are using an identity card such as a driver's license as the basis for our authentication scheme, which of the following additions would not represent multifactor authentication?
A birth certificate
What do we call the rate at which we fail to authenticate legitimate users in a biometric system?
False Rejection Rate (FRR)
What do we call the process in which the client authenticates to the server and the server authenticates to the client?
Mutual authentication
Which of the following is not true?
Voice authentication requires speech to text capability
A physical key (like for a door lock) would be described as which type of authentication factor?
something you have
What biometric factor describes how well a characteristic resists change over time?
permanence
If we are using an 4-character password that contains only lowercase English alphabetic characters (26 different characters), how many more possible passwords are there if we use a 5-character password (still only lowercase English alphabetic characters?
11,424,400 more possibilities
In the fake finger video from class, what was the printed circuit board used for?
to etch the fingerprint
What is the difference between verification and authentication of an identity?
Which of the following is not a reason why an identity card alone might not make an ideal method of authentication?
Given a file containing sensitive data and residing in a Linux operating system with some users who should not have access to the data, would setting the file's permissions to rw-rw-rw- cause a potential security issue?
What is the difference between authorization and access control
Authorization specifies what a user can do, and access control enforces what a user can do
Why does access control based on the Media Access Control (MAC) address of the systems on our network not represent strong security?
MAC addresses can be easily spoofed or changed
The Bell-LaPadula and Biba multilevel access control models each have a different primary security focus. Can these two models be used in conjunction?
Yes
What is the difference between Mandatory Access Control (MAC) and Discretionary Access Control (DAC)?
In DAC, the owner of the resource determines access; in MAC, the owner of the resource does not determines access
Which should take place first, authorization or authentication?
Authentication
Which type of access control would be used in the case where we wish to prevent users from logging in to their accounts after business hours?
Attribute Based Access Control
The confused deputy problem can allow unauthorized privilege escalation to take place; how does this happen?
software has greater privilege than the user of the software
What does the Brewer and Nash model protect against?
Conflict of interest
What is the "principal of least privilege"?
Users are only provided the level of access needed for the task
Which if the following is not a reason that accountability is important for security?
prevents weak passwords
When dealing with legal or regulatory issues, why do we need accountability?
to ensure compliance
Which of the following is probably not a useful item to audit for cyber security purposes?
typing speed and accuracy
Finding installed but unlicensed software on systems is primarily a function of:
auditing
What does nonrepudiation mean?
sufficient evidence exists such that a user cannot deny an action
What is one direct benefit of logging?
provides a history of system activities
What impact can good accountability mechanisms have on the admissibility of evidence in court cases?
maintain chain of custody
Which of the following is not true about logging user and program actions on a computer?
What is the difference between vulnerability assessment and penetration testing?
penetration testing is more in depth than vulnerability assessment
What is the difference between authentication and accountability?
authentication proves who you are, and accountability records what you did
What type of cipher is a Caesar cipher?
substitution
Explain how Triple DES (3DES) differs from DES.
3DES encrypts each block 3 times using DES and a different key
Would weak physical security make cryptographic security of data more or less important?
more [Show Less]