Which of the following is not true about complex and automatically generated passwords that are unique to each system and are a minimum of 30 characters
... [Show More] in length, such as !Hs4(j0qO$&zn1%2SK38cn^!Ks620! ?
A) They may cause users to write the password down
B) Brute force password crackers will break them as quickly as a 4-digit PIN
C) For most users, they are difficult to remember
D) For most users, they make system access less convenient than user-chosen passwords
B) Brute force password crackers will break them as quickly as a 4-digit PIN
What does the concept of defense in depth mean?
A) Protect your data and systems with tools and techniques from different layers
B) Use every available tool at a particular layer to protect you data and systems
C) Encrypt your data multiple times
D) Hide your data and systems deep underground
A) Protect your data and systems with tools and techniques from different layers
Which of the following would not be considered a logical (technical) control?
A) encryption
B) fences
C) passwords
D) firewalls
E) intrusion detection systems
B) fences
In a data breach (such as the OPM case) which security characteristic of data has been violated?
A) Integrity
B) Availability
C) Authenticity
D) Confidentiality
D) Confidentiality
Which of the following is true regarding the history of cybersecurity as presented in class and the associated document?
A) No actual data was exposed nor harm done in any of the events
B) Advances (firewalls, intrusion detection, encryption algorithms, etc.) often followed attacks or apparent weaknesses
C) All of the events were perpetrated by non-US governments against the US government
D) None of the attack perpetrators were caught or identified
B) Advances (firewalls, intrusion detection, encryption algorithms, etc.) often followed attacks or apparent weaknesses
How do we know at what point we can consider our environment to be secure?
A) When we spend 10% of our organization's annual budget
B) Never; perfect security does not exist
C) When we follow industry best practices
D) If we make it 10 years without a reported incident
B) Never; perfect security does not exist
Considering the CIA triad and the Parkerian hexad, which of the following is true?
A) Confidentiality, integrity, and availability are only in the CIA triad
B) Parkerian is more complete but not as widely known
C) They both have six key elements
D) They both have three key elements
B) Parkerian is more complete but not as widely known
The primary vulnerability in the Lodz Tram Hack case study was:
A) Lack of train speed control
B) Lack of authentication
C) Interference from the surrounding environment
D) Over use of encryption
B) Lack of authentication
Which of the following would not be part of a solution in the Polycom case study?
A) Code review
B) Off site backups
C) Traffic encryption
D) Firewall rules
B) Off site backups
Which of the following about vulnerabilities and threats is not true?
A) Threat is an actor that may exploit a vulnerability
B) Vulnerabilities and threats combine to create risk
C) Vulnerability is a weakness that may be exploited by a threat
D) A vulnerability or a threat, but not both, are required to create risk
D) A vulnerability or a threat, but not both, are required to create risk
Which of the following is not a reason why an identity card alone might not make an ideal method of authentication?
A) subject to change
B) may be duplicated
C) issued by the government
D) may be spoofed
C) issued by the government
What is the difference between verification and authentication of an identity?
A) authentication is a weaker confirmation of identity than verification
B) verification is a weaker confirmation of identity than authentication
C) authentication always includes a biometric mechanism
D) nothing - they mean the same thing
B) verification is a weaker confirmation of identity than authentication
A physical key (like for a door lock) would be described as which type of authentication factor?
A) something you made
B) something you bought
C) something you stole
D) something you have
D) something you have
What biometric factor describes how well a characteristic resists change over time?
A) permanence
B) uniqueness
C) universality
D) circumvention
A) permanence
If we are using an identity card such as a driver's license as the basis for our authentication scheme, which of the following additions would not represent multifactor authentication?
A) A voice print
B) A PIN (personal identification number)
C) A birth certificate
D) A fingerprint
C) A birth certificate
What do we call the process in which the client authenticates to the server and the server authenticates to the client?
A) Mutual authentication
B) Biometric authentication
C) Verification
D) Single Sign On
A) Mutual authentication
What do we call the rate at which we fail to authenticate legitimate users in a biometric system?
A) True Acceptance Rate (TAR)
B) False Rejection Rate (FRR)
C) True Rejection Rate (TRR)
D) False Acceptance Rate (FAR)
B) False Rejection Rate (FRR)
If we are using an 4-character password that contains only lowercase English alphabetic characters (26 different characters), how many more possible passwords are there if we use a 5-character password (still only lowercase English alphabetic characters?
A) 11,424,400 more possibilities
B) same number of possibilities because still using lowercase English alphabetic characters
C) 456,976 more possibilities
D) 26 more possibilities
A) 11,424,400 more possibilities
Which of the following is not true?
A) Fingerprints have features such as bifurcations, islands, and crossovers
B) The human iris is unique to an individual
C) Facial recognition may be used for authentication
D) Voice authentication requires speech to text capability
NOT C) Facial recognition may be used for authentication
In the fake finger video from class, what was the printed circuit board used for?
A) to write code that simulated the fingerprint
B) to etch the fingerprint
C) to build a circuit to bypass the phone's authentication program
D) to capture a fingerprint from a camera application
B
Given a file containing sensitive data and residing in a Linux operating system with some users who should not have access to the data, would setting the file's permissions to rw-rw-rw- cause a potential security issue?
A) no, because other users cannot modify the file
B) yes, because all users have full permissions for the file
C) no, because no users can execute the file
D) yes, because other users can read and modify the file
D) yes, because other users can read and modify the file
Which should take place first, authorization or authentication?
A) It does not matter
B) Authentication
C) Authorization
D) They should happen concurrently
B) Authentication [Show Less]