Term
| PREVENTATIVE Access Controls |
|
Definition
| Detur intrusion or attacks, Example:Seperation of duties |
|
|
Term
|
Definition
| Objects are data applications, systems, networks, and physical space. |
|
|
Term
|
Definition
| The process of validating a subject's identity. |
|
|
Term
| TECHNICAL Access Controls |
|
Definition
| Computer mechanisms that restrict access. Example: Encryption |
|
|
Term
|
Definition
| Restrict or conrol physical access. |
|
|
Term
|
Definition
| Related to things people know, such as mothers maden name. |
|
|
Term
| What kind of password is marryhadalittlelamb? |
|
Definition
|
|
Term
| Which of the following defines the CROSSOVER RATE for evaluating biometric systems? |
|
Definition
| The point where the number of false positives matches the number of false negatives in a biometric systems. |
|
|
Term
| What conditions are disirable when selecting a biomeric system? |
|
Definition
| Low crossever error rate, and a high processing rate |
|
|
Term
|
Definition
| When someone is denied access when they should be allowed access. |
|
|
Term
| What should be done to a user account if the user goes on an extended vacation? |
|
Definition
|
|
Term
|
Definition
| Devices Synchronized to an authentication server |
|
|
Term
| What is a strong password? |
|
Definition
| A strong password should not contain dictionary words or any part of the log in name. They should include upper case letters, numbrtd, snf dymbold. In addition, longer is better. |
|
|
Term
| What kind of access controls should be used implement short term repairs to restore basic functionality after an attack? |
|
Definition
|
|
Term
Which of the following is an example of type 1 authentication?
A. Smart card
B. User name
C. Passphrase
D. Retina scan |
|
Definition
|
|
Term
| You have just configured and set the password policy and set the minumum password age to 10. What will be the effect of this configuration? |
|
Definition
| Users cannot change their password for 10 days. |
|
|
Term
| You implemented account lockout with a clipping level of 4. What will be the effect of this setting? |
|
Definition
| The account will be locked out after 4 incorrect attempts. |
|
|
Term
| What is the best action taken after noticing a user has written their password down? |
|
Definition
| Implement end-user training |
|
|
Term
| What is the best way to dispose of data stored on CD-Rs? |
|
Definition
|
|
Term
| What is the star property of Bell-Padula? |
|
Definition
|
|
Term
| What is the Clark-Wilson model primarily based on? |
|
Definition
| Controlled Intermediary access applications |
|
|
Term
| The brewer-bash model is designed to prevent what? |
|
Definition
|
|
Term
| Which access control model manages rights and permissions based on job descriptions and responsibilities? |
|
Definition
| Mandatory Access Control (MAC) |
|
|
Term
| What does the Mandatory Access Control (MAC) method use to control access? |
|
Definition
|
|
Term
| Discretionary Access Control (DAC) Manages access resources using what primary element or aspect? |
|
Definition
|
|
Term
| DAC (Discretionary Access Control) |
|
Definition
| Uses Identities to control resource access. Users can define access controls to their owned resources. |
|
|
Term
| What kind of access control focuses on assigning privlages based on security clearance and data sensitivity? |
|
Definition
| MAC (Mandatory Access Control) |
|
|
Term
| Which principles is implemented in a mandatory access control model to determine access to an object using classification levels? |
|
Definition
|
|
Term
| NEED TO KNOW is required to access what types of resources? |
|
Definition
| Compartmentalized resources |
|
|
Term
| In what orm of access control enviroment is access controlled by rules rather than by identity? |
|
Definition
| Mandatory Access Control (MAC) |
|
|
Term
| What form of access control is based on job descriptions? |
|
Definition
| Role Based access control (RBAC) |
|
|
Term
| What are two examples of single sign-on authentication solutions? |
|
Definition
|
|
Term
Which of the following is not a characeristic of Keberos?
A. End to end security
B.Symmetric key cryptography
C. Peer to peer relationships
D. Data Encryption Standard |
|
Definition
| C. Peer to peer relationships |
|
|
Term
| What is another term for the type of logon credentials provided by a token device? |
|
Definition
| One-time password motha fucka |
|
|
Term
Which of the following is the strongest form of multi-factor authentication?
A. Two passwords
B. Two-factor authentication
C. A password,a biometric scan, and a token device
D. A password and a biometric scan |
|
Definition
| C. A password, a biometric scan, and a token device |
|
|
Term
|
Definition
| A process by which each party in an online communication verifies the identity of the other party. |
|
|
Term
Which of the following is not a form of biometric?
A. Token device
B. Face recognition
C. Retina scan
D. Finger print |
|
Definition
|
|
Term
| What are two disadvantages of biometrics? |
|
Definition
| When used alone or solely, they are no more secure than a strong password. Also, they have a potential for numerous false rejections |
|
|
Term
| What form of authentication solution employs a hashed form of the user's password that has an assed time stamp as a form of identity? |
|
Definition
|
|
Term
| What is the most important aspect of a biometric device? |
|
Definition
|
|
Term
| What is the strongest biometric factor? |
|
Definition
| A two factor authentication |
|
|
Term
Which of the following is not an example of a single sign-on solution?
A. Scripted access
B. Keberos
C. Directory services
D. Workgroup |
|
Definition
|
|
Term
| Name two advantages single sign on (SSO) provide? |
|
Definition
1. The elimination of multiple user accounts and passwords for an individual.
2. Access to all authhorized resources with a single instance og authentication. |
|
|
Term
A smart card can be used to store all BUT which of the following items?
A. Digital signature
B. Biometric template original
C. Cryptography keys
D. Identifaction codes |
|
Definition
| B. Biometric template original |
|
|
Term
Which teo of the following are requirements to deploy keberos on a network?
A. A centralized database of users and passwords
B. Time Syncronization between devices
C. Blocking of remote connectivity
D. Use of token devices and one-time passwords
E. A directory service |
|
Definition
A. A centralized database of users and passwords
B. Time syncronization between devices |
|
|
Term
Which of the following is NOT an important aspect of password management?
A. Enable account lockout
B. Prevent use of personal information in a password
C.Always store passwords in a secure medium
D. Training users to create complex passwords that use that are easy to remember |
|
Definition
| A. Enable account lockout |
|
|
Term
| In a variation of the brute force attack, an attacker may use a predefined list (dictionary) of commonly used usernames and passwords to gain access to existing user accounts. Which countermeasure best addresses this issue? |
|
Definition
|
|
Term
| What is an example of privlage escalation? |
|
Definition
|
|
Term
Which of the following is the least reliable means to clean or purge media?
A. Overwritting every sector with alternating 1's and 0's
B. OS low-level formatting
C.Drive controller hardware level formatting
D. Degaussing |
|
Definition
|
|
Term
| In a high society enviroment, what is the most important concern when a removable media is no longer needed? |
|
Definition
|
|
Term
| In a high society enviroment, what is the most important concern when a removable media is no longer needed? |
|
Definition
|
|
Term
| What type of cipher changes the POSITION of the characters in a plaintext message? |
|
Definition
|
|
Term
| The Enigma machine, a crptographic tool introduced in 1944 and used in WW2, Encrypted messages by replacing characters for plaintext. What type of cipher does the Enigma machine use? |
|
Definition
|
|
Term
| By definition, which security concept ensures that only authorized parties can access data? |
|
Definition
|
|
Term
| In a cryptographic system, name two properties should initialization vector have? |
|
Definition
|
|
Term
| name two things that are true of triple DES (3DES)? |
|
Definition
| Is used in IPSEC, and it uses a 168-bit-key |
|
|
Term
| What is the is the most frequently used symmetric key stream sipher? |
|
Definition
|
|
Term
Which of the following is NOT true concerning symmetric key cryptograpghy?
A.Before communications begin, both parties must exchange the shared secret key
B.Key management is easy when imlemented on a large scale.
C.Each pair of communicating entities requires a unique shared key
D. The key is not shared with other communication partners
E. Both parties share the same key (which is kept secret) |
|
Definition
| B. Key management is easy when implemented on a large scale. |
|
|
Term
| What form of cryptography is best implemented in hardware? |
|
Definition
|
|
Term
| Name two Advanced Encryption Standard (AES) Symmetric block cipher? |
|
Definition
| AES uses a variable length block and key length (128-,192-, or 256-bit keys) and AES uses the Rijndael block cipher. |
|
|
Term
Which of the following symmetric block ciphers does NOT use a variable block length?
A. Elliptic Curve (EC)
B. International Data Encryption Algorithm (IDEA)
C. Standard (AES)
D. Ron's Cipher v5 (RC5) |
|
Definition
| B. International Data Encryption Algorithm (IDEA) |
|
|
