All of the following are considered a logical (technical) control?
encryption, passwords, firewalls, intrusion detection systems
What does the
... [Show More] concept of defense in depth mean?
Protect your data and systems with tools and techniques from different layers
All of the following about vulnerabilities and threats are true?
Vulnerability is a weakness that may be exploited by a threat, Threat is an actor that may exploit a vulnerability, Vulnerabilities and threats combine to create risk
All of the following are solutions in the Polycom case study?
Code review, Traffic encryption, Firewall rules
All of the following are true about complex and automatically generated passwords that are unique to each system and are a minimum of 30 characters in length, such as !Hs4(j0qO$&zn1%2SK38cn^!Ks620! ?
They may cause users to write the password down, For most users, they are difficult to remember, For most users, they make system access less convenient than user-chosen passwords
Which of the following is true regarding the history of cybersecurity as presented in class and the associated document?
Advances (firewalls, intrusion detection, encryption algorithms, etc.) often followed attacks or apparent weaknesses
How do we know at what point we can consider our environment to be secure?
Never; perfect security does not exist
Considering the CIA triad and the Parkerian hexad, which of the following is true?
Parkerian is more complete but not as widely known
In a data breach (such as the OPM case) which security characteristic of data has been violated?
Confidentiality
The primary vulnerability in the Lodz Tram Hack case study was:
Lack of authentication
In the fake finger video from class, what was the printed circuit board used for?
to etch the fingerprint
What do we call the process in which the client authenticates to the server and the server authenticates to the client?
Mutual authentication
What do we call the rate at which we fail to authenticate legitimate users in a biometric system?
False Rejection Rate (FRR)
A physical key (like for a door lock) would be described as which type of authentication factor?
something you have
If we are using an identity card such as a driver's license as the basis for our authentication scheme, all of the following additions would represent multifactor authentication?
A fingerprint, A voice print, A PIN (personal identification number)
If we are using an 4-character password that contains only lowercase English alphabetic characters (26 different characters), how many more possible passwords are there if we use a 5-character password (still only lowercase English alphabetic characters?
11,424,400 more possibilities
All of the following are true?
Fingerprints have features such as bifurcations, islands, and crossovers, The human iris is unique to an individual, Facial recognition may be used for authentication
What is the difference between verification and authentication of an identity?
verification is a weaker confirmation of identity than authentication
What biometric factor describes how well a characteristic resists change over time?
permanence
Why does access control based on the Media Access Control (MAC) address of the systems on our network not represent strong security?
MAC addresses can be easily spoofed or changed
Which type of access control would be used in the case where we wish to prevent users from logging in to their accounts after business hours?
Attribute Based Access Control
What is the difference between authorization and access control
Authorization specifies what a user can do, and access control enforces what a user can do
What does the Brewer and Nash model protect against?
Conflict of interest
Which should take place first, authorization or authentication?
Authentication
What is the difference between Mandatory Access Control (MAC) and Discretionary Access Control (DAC)?
In DAC, the owner of the resource determines access; in MAC, the owner of the resource does not determines access
Given a file containing sensitive data and residing in a Linux operating system with some users who should not have access to the data, would setting the file's permissions to rw-rw-rw- cause a potential security issue?
yes, because other users can read and modify the file
The confused deputy problem can allow unauthorized privilege escalation to take place; how does this happen?
software has greater privilege than the user of the software
The Bell-LaPadula and Biba multilevel access control models each have a different primary security focus. Can these two models be used in conjunction?
yes [Show Less]