ITN262 MIDTERM 2.0
How default settings (default permit or deny by default) affect an access matrix? Select all that apply.
-If we implement deny by default, a smaller matrix can describe all access rights. -If we implement default permit, the matrix must list all subject and object rights to be complete.
Which of the following are true about a one-time pad? Select all that apply.
-Is theoretically impossible to crack -Uses a random stream of bits for its key stream
Apple's OS-X implements a "padlock" control on critical system settings. A user must provide administrative login credentials in order to unlock the lock and access the settings. Which of the following are true? Select all that apply.
-It applies Least Privilege by limiting the effects of an approved administrative operation. -It is similar to Windows UAC because it unlocks a single function or application. -It allows a non-administrative user with proper rights to perform an administrative action.
Alice is using a system that uses very simple file and directory access rights. The system doesn't have directory-specific access rights. Instead, it uses simple read and write permissions to restrict what users can do to a directory. Alice has read-only access to the "project" directory. Select which of the following operations Alice can perform on that directory.
-List files in the directory -Seek files in that directory -Read files in the directory for which she has "read" access
Bob has set up three user IDs on his computer. Match his login with what happens when he creates a file. Files belong to "Superbob" Files belong to "Suitemates" Files belong to "Bob"
-Logged in as "Superbob" -Logged in as "Suitemates" -Logged in as "Bob"
The following is a list of properties of "macro" viruses. Select all that are typical.
-Macro viruses could be distributed by infected word processing documents -Macro viruses use scripting languages. -Macro viruses rely on an interpreter program to execute.
We are trying to protect a household computer. We have implemented password-based authentication to protect sensitive data. Which levels of attacker motivation can this authentication typically protect against in this situation? Select all that apply.
-No motivation -Stealth motivation -Scant motivation
Which of the following software can encrypt individual files? Select all that apply.
-PGP -PKZIP -Windows built-in encryption
Which of the following are the primary file-access rights in Unix? Select all that apply.
-Read -Write -Execute
Users with which of the following can both read and write files in the folder? Select all that apply.
-Read/write rights -Owner rights
Users with the right to read files in the folder have which of the following? Select all that apply.
-Reader rights -Owner rights -Read/write rights
Kevin wants to attack Bob's computing resources. He is motivated at the "stealth" level. Which of the following attacks might Bob face? Select all that apply.
-Search for written copies of Bob's passwords -Borrow Bob's one-time password token
The steps below describe how to use an encryption program. Arrange the steps in their proper order. 1 2 3 4
-Select the file to encrypt. -Provide the key to encrypt the file. -The program encrypts the file and saves the encrypted copy. -The program erases the plaintext version of the file and erases the key from RAM.
Here is a list of features of various authentication tokens. Indicate all that are true for one-time password tokens.
-Some tokens use a built-in clock to generate nonces. -The token contains a base secret. -Some tokens use a built-in counter to generate nonces.
Which of the following would be considered insider threats?
-Suite/room/housemates and family -Maintenance crew -Administrators -Embezzlers
A CPU implements "execute" access on RAM. We have restricted the control sections to "execute" access, while allowing full access to data sections. Which of the following are thus allowed? Select all that apply.
-The CPU can store bytes in data sections while executing the instruction. -The CPU can retrieve bytes from the control section while executing the instruction. -The CPU can retrieve bytes from data sections while executing the instruction.
The phrases below describe types of attacks on information. Match the type of attack with its description. Physical theft: Denial of service (DoS): Subversion: Masquerade: Disclosure: Forgery:
-The computing resource itself is removed -The use of computing data or resources is lost temporarily or permanently, without damage to the physical hardware -A program is modified to operate on behave of a threat agent -A person takes on the identity of another when using a computer -Data that should be kept confidential is disclosed -Someone composes a bogus message and sends it to a computer
Typical retail businesses expect a _____ rate of loss due to theft, damages, and other causes.
3 percent
Section 7.3 notes that in 1997, using DESCHALL, a desktop computer could crack 1 million keys per second. If we apply Moore's Law to estimate the improvement in cracking speed, how many million keys per second could we crack 6 years later?
4 million
We need to create a three-factor authentication system. The system already uses a USB device that is unlocked with the user's fingerprint. Which of the following can we add to implement three separate factors?
A PIN entered via a built-in PIN pad
What is "SuperBob," a Windows user described in Section 4.1.2?
A Windows user that is a member of an administrative group
Bob lives at home during the summer. His little brother, Tom, is fascinated by computers and with everything his big brother does. Tom loves to watch Bob log in to his summer job's remote site and do things. Tom often goes into Bob's room and looks through his things. Given this, which authentication technique—by itself—resists the risk of Tom masquerading as Bob?
A memorized, hard-to-guess password
Which of the following most effectively resists a trial-and-error guessing attack? All sizes are in terms of decimal digits.
A passive authentication token with a 9-digit base secret
We need to create a three-factor authentication system. The system already requires the user's fingerprint and memorized password. Which of the following can we add to implement three separate factors?
A procedure that requires the user's cell phone
Which of the following produces a risk to an asset?
A threat agent and an attack the agent can perform
Which of the following most often forbids people from performing trial-and-error attacks on computer systems?
Acceptable use policies
Which of the following is a list of access rights for each file, where each entry identifies a specific user and contains a list of access rights granted to that user.
Access control list (ACL)
Which of the following provides special privileges for managing the system?
Administrative groups
What does authentication do?
Associates an individual with an identity
Which of the following yields a more specific set of attacks tied to our particular threat agents?
Attack matrix
Which of the following describes the effect of the Digital Millennium Copyright Act (DMCA) on the investigation and publication of security flaws in commercial equipment?
It restricts the publication of techniques to reverse-engineer copy protection schemes.
Bob and Alice are typical users who share a computer. Which of the following are true of a user isolation policy? Assume no tailoring takes place. Select all that apply.
Bob can create, read, and modify his own files.
Encryption protects information by presenting which of the following?
Key
Alice has performed a security assessment for Acme Widget. The resulting assessment is treated as confidential and is not shared with Alice's coworkers. Only specific employees are allowed to read it. Which basic security principle does this illustrate?
Least privilege
Which of the following is an example of a rule-based security decision?
Locking a car's ignition
Given the vulnerability disclosure procedure in Section 1.6.2 and the story of Michael Lynn's presentation of a Cisco router vulnerability at Black Hat 2005, which of the following most accurately describes Lynn's action?
Lynn acted ethically because the vulnerability had already been reported and patched, and he did not describe how to exploit the vulnerability.
What is a worm?
Malware
Which threat agent is most often associated with denial of service attacks?
Natural threats
Bob has bought a DVD and a DVD player. He owns both and has complete physical access, inside and out, to the disk and player. Does Bob have unrestricted access to everything the hardware and software contains?
No, because a security boundary inside the DVD player protects its player key from physical access by Bob.
There are three types of tokens; which of the following is not a correct type?
Offensive tokens
The person who owns the folder, who has full rights to read, modify, or delete anything in the folder, has which of the following?
Owner Rights
Impact x Likelihood = ______________
Relative Significance of Risk
Car ignition locks are an example of what type of decision?
Rule-based
Desktop malware may not represent a direct threat to ________- or PLC-based equipment, but practical attacks exist on these systems.
SCADA
Are base secrets the same as credentials?
Some base secrets are also credentials, while others are not.
People who interpret event logs do not like administrators to use privileged accounts with a fixed name, like "root." Which of the following is the best explanation for this?
The 'root' user ID is shared by many people; the event log can't easily tell which user really performed a logged action
An interpreter is a program that interprets the text of a program in a symbolic form and performs the actions specified in the text. The following are examples of interpreters, except:
C++
The security framework that replaced the U.S. DOD Orange Book is called:
Common Criteria.
After encrypting a plaintext file and saving its ciphertext in a new file, what should the file encryption program do next? Select the safest alternative.
The program writes zeroes over every data block in the plaintext file.
The _____________ remains an integral part of manufacturing and distribution of DVDs and DVD players.
DVD-CSS
Briefly explain the difference between deleting a file from a computer's hard disk and overwriting the file. PreviousNext
Deleting a file is no longer there on your hard drive and overwriting a file is basically just being rewritten over the existing file.
An apartment has a large window that is provided in part as an emergency exit in case of a fire. The window is generally left locked, but it may be opened. When analyzing the boundary, is the window considered a wall or a doorway?
Doorway
True or False? A script kiddy is sharing with someone who visits our living or working space, getting physical access to the computer.
False
True or False? A threat agent is a person who did attack our assets, while an attacker might attack an asset.
False
True or False? A vulnerability is a security measure intended to protect an asset.
False
True or False? A zero-day vulnerability is one that has been reported to the software's vendor and the general public.
False
True or False? An operating system provides six access rights for files.
False
True or False? Application programs are the only executable files on a typical operating system.
False
True or False? Average attack space measures the time until success is certain.
False
True or False? Biometrics and tokens are a good choice for a household environment.
False
True or False? Biometrics are a favored form of authentication, as they are immune to sniffing attacks.
False
True or False? Biometrics have a fault tolerance of 0.
False
True or False? Both Windows and Unix include permission flags in their file security mechanisms.
False
True or False? Entropy refers to the strength of a password system.
False
True or False? In the early 1980s, a rumored macro virus infected Microsoft Word documents. When executed, the virus copied itself to other Word files it could find and also posted the document to the Usenet News system.
False
True or False? Information security architecture often relies on boundaries outside the computer to protect important information or programs from error-prone or malicious programs.
False
True or False? Isolation policy grants read access to other user's files.
False
True or False? Microsoft's built in encryption protects the user's file against a Trojan Horse.
False
True or False? Modus operandi applies only to criminal organizations.
False
True or False? Offline attacks are easily detected.
False
True or False? Owner rights are privileged processes run by the system.
False
True or False? Passive tokens are favored, as they are immune to sniffing attacks.
False
True or False? SHA-1024 is the latest hash algorithm.
False
True or False? Storage state is the information that is being used by an active process to make decisions or to transform the information into another form.
False
True or False? The effort nicknamed DESCHALL used a collection of tens of thousands of computers to crack a DES message by trial and error in 7 months.
False
True or False? The programmer who creates a program has all three rights—read, write, and execute—which yields "RX."
False
True or False? The programmer who creates a program has two rights—read and execute—which yields "RX."
False
True or False? The security process and the Information engineering process find their origin in the concept of Continuous Improvement.
False
True or False? The two primary types of symmetric algorithms are public and cipher.
False
True or False? True randomness is easily achieved with the random function of an application like Excel.
False
True or False? Two factor authentication is using two passwords
False
True or False? USB tokens are weak because if the public key becomes lost or stolen, the private key can be derived from it.
False
True or False? Using a personal computer with full admin rights enables the user to minimize security threats.
False
True or False? Victims can protect themselves against zero-day attacks.
False
True or False? When a system process starts another, the parent process often inherits the child's access rights.
False
True or False? When selecting a password, random collections of letters contain far less entropy than written words.
False
True or False? When we click on a folder icon within a folder on our desktop, we go "up" a level in the directory hierarchy.
False
True or False? When you are biased in selecting a password, you choose your password from the entire search space.
False
True or False? Your fingerprint is a "something you have" factor.
False
True or False?When we look in our directories at the files, we distinguish between three file types: 1. Data files, like a word-processing file containing an essay, a spreadsheet, or a configuration file used by a program or the operating system. 2. Read a directory—this right allows listing of the directory as well as seeking files in it. 3. Executable files that contain application programs or other programs.
False
Section 6.1.2 describes doorknob-rattling attacks. This is most similar to which of the following attacks?
Trial and error
ACL implementation in Microsoft windows provides flexible and sophisticated inheritance. Files and folders automatically inherit changes made to an enclosing folder's access rights.
True
The Enigma was used by the _________ in World War II.
Germans
The law that establishes security measures that must be taken on health-related information is:
HIPAA
True or False? A DVD player handles all key managements.
True
True or False? A strong threat is willing to spend money, but not willing to leave evidence.
True
True or False? A supervisory control and data acquisition (SCADA) device is a computer that controls motors, valves, and other devices in industrial applications.
True
True or False? A vulnerability is a weakness in the boundary that protects the assets from the threat agents.
True
True or False? After encrypting a plaintext file, it should actively erase the plaintext file's context and save the encryption.
True
True or False? All modern computer-based file systems use a hierarchical directory to organize files into groups.
True
True or False? An encryption application program, from a user's point of view, protects a file with a memorized password.
True
True or False? Authentication associates an individual with an identity.
True
True or False? Botnets can (often) perform distributed denial of service (DDoS) attacks in which thousands of individual computers send overwhelming amounts of traffic at a victim's computer.
True
Which of the following types of threat agents is most typically associated with masquerade attacks?
Identity thieves
Which of the following is a formal review of the systems integrity and of the data it maintains regarding the organization's business.
Information systems audit
Which of the following is an example of security theater?
Installing a fake video camera
True or False? By the late 1980s, some virus writers were inclined toward destruction. The Jerusalem virus, which appeared in 1987 in the city of Jerusalem, contained a "destructive payload" that would delete all executable files on the system on Friday the 13th, starting in 1988.
True
True or False? Credit reports are a treasured target among identity thieves.
True
True or False? Dictionary attacks differ from trial and error attacks because dictionary attacks focus on likely passwords.
True
True or False? Directories (folders) tie together files in different parts of the hard drive.
True
True or False? Edward Hebern developed a rotor machine, also called the Enigma.
True
True or False? Every executable file begins with a "file header" that describes the structure and format of the program.
True
True or False? File access rights may include create, read, update, and delete.
True
True or False? Hacktivists are threat agents who are usually a loosely organized source of widespread attacks.
True
True or False? If the "root" user accesses a file, the system grants full access.
True
True or False? In a default permit, everything is allowed except sites on the prohibited list.
True
True or False? In requirement-based security, we identify and prioritize our security needs in a risk assessment process.
True
True or False? Keyloggers can be hardware or software based.
True
True or False? Low-hanging fruit refers to the easiest targets in an attack.
True
True or False? Mac OS-X allows you to add ACL entries for groups as well as users.
True
True or False? Many users think of files as living in file folders instead of directories.
True
True or False? Microsoft Windows Professional editions include an encryption feature.
True
True or False? Modern operating systems protect files according to user identity.
True
True or False? Never choose a password with a strong personal association.
True
True or False? Once we have filled in the attack likelihoods and impacts, we compute the significance by multiplying these values together.
True
True or False? PCI DSS is a set of standards, not a law, that applies to merchants who handle customer credit card information.
True
True or False? Part of the unique identifier for every file on a hard drive, which includes the list of directories from the root to that file, is called the directory path.
True
True or False? People can be threat agents in some cases, but trustworthy in others.
True
True or False? Regarding access permissions in Windows, the owner of a shared folder may read, modify, and delete other user's files.
True
True or False? Security Category RMF begins with a high-level estimate of the impact caused by cyber security failures.
True
True or False? Sharing on a computer system includes two main types of policies: global and tailored.
True
True or False? Some operating systems provide ways of temporarily granting administrative to people logged in to regular accounts.
True
True or False? Some systems provide very specific rights for managing directories, while others provide minimal rights, like read, write, and seek.
True
True or False? The Advanced Encryption Standard (AES) is stronger than the Data Encryption Standard (DES).
True
True or False? The computer keeps record of what it does, and those set of files are called the event log or the audit trail.
True
True or False? The one-way hash is a cryptographic function.
True
True or False? The term "security theater" refers to security measures intended to make potential victims feel safe and secure without regard to their effectiveness.
True
True or False? The window of vulnerability is the period of time during which a system is unprotected from an exploit.
True
True or False? To analyze a risk, we review it against the threat agents behind the risk.
True
True or False? We call scripts macros, especially when we embed them in other documents.
True
True or False? When an attacker is attacking a password system, the average attack space estimates the number of guesses required before success is likely.
True
True or False? When the fault tolerance goes up, so do the false positives.
True
True or False? Windows does not deny an access right by omitting it, but it allows you to explicitly deny a right.
True
Biometric scanners are often connected by ________; this poses a security risk, as sniffed credentials can be fed down this line.
USB
An apartment has a large window, which is covered with metal bars to prevent people from going through the window. When analyzing the apartment's boundary, is the window considered a wall or a doorway?
Wall
The product that creates financial-fraud botnets using Zbot malware and is offered for sale on the black market is:
ZeuS
The Enigma was:
a rotor machine
An attempt by a threat agent to exploit assets without permission is referred to as:
an attack
CIA properties do not include:
authentication
Risk Management Framework is a way to assess _______________ risks when developing large-scale computer systems.
cybersecurity
Gilbert Vernam's bit combination operation for encrypting digital teletype transfer is now referred to as:
exclusive or (xor)
The main purpose of a software patch is to:
fix a bug in a program
__________ define a user group, which serves as another set of users for whom we specify access rights.
group rights
A zero-day exploit:
has no software patch.
An extreme threat is _________ motivated and is _________ to leave evidence.
highly; willing
When disclosing a security vulnerability in a system or software, the manufacturer should avoid:
including enough detail to allow an attacker to exploit the vulnerability.
The average attack space estimates the number of guesses required before success is ________.
likely
The term _________ was used in operating systems research to describe the access rights a particular subject or process had for a particular object or resource.
objects
An algorithm is a type of:
procedure
In a hierarchical file system directory, the topmost directory is called the:
root
A security decision, such as locking your vehicle when not in use, is an example of:
rule-based security
In a password system, the total number of possible passwords is called the:
search space.
We draft the __________ requirements to address the risks we identified.
security
The directory access right that allows a user to search for a name in a file's path, but not examine the directory as a whole, is called:
seek
A primary use of event logs is to:
serve as an audit trail
By default ,most systems only record the most ______ events.
significant
The following are fundamental strategies for authenticating people on computer systems, except:
something you make.
A(n) __________ cipher is an algorithm that generates the _____________ stream, a hard-to-predict sequence of binary.
stream; key
General security access controls refer to objects, rights, and:
subjects
An encryption algorithm that uses the same key for both encryption and decryption is:
symmetric.
Both forms of the RMF illustrate a(n) _______ engineering process as a way to plan, design, and build a complicated system.
systems
A security analyst is performing a security assessment. The analyst should not:
take actions to mitigate a serious risk
The character that separates directories in a Windows directory path is:
the back slash (\)
A __________ is someone who is motivated to attack our assets.
threat agent
The information state associated with data in motion is:
transmission
The type of cipher that rearranges the text of a message is called:
transposition
An authentication system that requires the user to provide two different passwords and a fingerprint scan is an example of:
two-factor authentication
Supervisory control and data acquisition (SCADA) devices are most often associated with:
utilities
Using a Caesar cipher that shifts letters three places, so that A becomes D, decode this phrase: zhoo grqh.
well done
A person skilled in attacking computer systems, who uses those skills as a security expert to help protect systems, is a:
white-hat hacker
What does AUP stand for?
Acceptable Use Policy
An attack that blocks access to a system by other users is called:
denial of service.
Which of the following are the CIA properties?
-Confidentiality -Integrity -Availability
True or False? A compiler is a program that "interprets" the text of our program one word at a time.
False
Select the controls from the list below that can implement a tailored access policy.
-Control of user group-based access rights -Access control lists
Which of the following are threat agents?
-Cracker -Phone phreak -Script kiddy -Black-hat hacker
A risk assessment involves which of the following?
-Identifying risks -Prioritizing risks
Which of the following are features of a Trojan? Select all that apply.
-Computer software performs an unexpected action. -The operator does not detect misbehavior by the computer software. -Computer software performs a malicious action.
The phrases below describe cryptanalysis techniques. Match the technique with its description. Known Plaintext Chosen Plaintext Known Ciphertext
- analyst has both plaintext & ciphertext - analyst can select plaintexts to be encrypted with targets secret key and has access to ciphertext - analyst works with ciphertext only
Sections 7.4.1 and 7.4.2 compare built-in file encryption to application-based file encryption. When we compare key handling in the two approaches, which of the following statements are true about application-based encryption? Select all that apply.
-A harder-to-guess key increases the work factor for a trial-and-error attack. -An attacker could intercept the key by sniffing keystrokes. -The user can be locked out of the encrypted file by losing the key.
Which decryption procedure requires two inputs? Select all that apply.
-A key -Ciphertext
Why do event logs record both normal and abnormal activities? Select all that apply.
-An activity may look normal when it occurs and abnormal when analyzed in context with other activities -Normal activities help track side effects of abnormal activities
Which of the following authentication techniques are vulnerable to sniffing attacks that replay the sniffed credential? Select all that apply.
-Biometric readers -Passwords -Passive tokens
Bob and Alice are typical users who share a computer. The computer has an isolation policy, but Bob and Alice have implemented a tailored policy for shared reading. Which of the following are true? Select all that apply.
-Bob can create, read, and modify his own files. -Bob and Alice can read particular files that others can't read.
Bob and Alice are typical users who share a computer. Which of the following are true of a file sharing policy? Assume no tailoring takes place. Select all that apply.
-Bob can create, read, and modify his own files. -Bob can read Alice's files.
Bob and Alice are typical users who share a computer. The computer has a file sharing policy, but Bob and Alice have implemented a tailored policy for shared updating. Which of the following are true?
-Bob can create, read, and modify his own files. -Bob can read typical files that Alice creates. -Bob and Alice can share particular files (read and write) that others can't read.
Which of the following are considered "objects" in an access matrix? Select all that apply.
-Bob's word processing file -The file containing the word processing program -A device driver buffer
Which of the following are often used to "monetize" a botnet, either directly for the operator or through selling the botnet services to others? Select all that apply.
-Collect money for selling bogus anti-virus software. -Enable masquerades on bank websites to withdraw cash. -Deliver spam email.
Below is a list of different access right settings. We want to implement shared update of certain files between Bob and Alice, but with no one else. Which of the following settings achieve this? Select all that apply.
-Use Windows basic file sharing and make Bob and Alice co-owners of the files. -Put Bob and Alice is a user group, and give the group RWX access to the shared files.
Bob and Kevin are both using crypto to communicate with other people. Bob doesn't want Kevin eavesdropping on his messages, and vice versa. They each need to choose algorithms and keys. Which of the following choices will protect one from eavesdropping by the other? Select all that apply.
-Use different algorithms and different keys. -Use the same algorithm and different keys.
Which of the following are considered "subjects" in an access matrix? Select all that apply.
-User "bob" -The word processing program while it executes -A device driver while it is running.
In a password system, increasing the work factor results in which of the following? Select all that apply.
-increases the length of the password -increases the size of the character set from which users choose passwords
AES was introduced in what year?
2002
If we combine "10101" with "01011" using Exclusive Or, which result do we get?
11110
Moore's Law observed that computing power doubled every:
18 months
DES was unveiled in what year?
1975
Cyber vulnerabilities became a public issue in the __________ as new internet users struggled to understand the technology's risks.
1990s
Section 1.6.2 outlines a procedure for disclosing security vulnerabilities in a commercial device or product. Assume that we have discovered a vulnerability in a commercial product. The vendor has not acknowledged our initial vulnerability report or communicated with us in any other way. They have not announced the vulnerability to the public. We wish to warn the public of the vulnerability as soon as is ethically defensible. Given the procedure in Section 1.6.2, which of the following is the best course of action?
After 30 days, announce that the vulnerability exists, and describe how to reduce a system's risk of attack through that vulnerability.
An example of a capability-based system is:
All of these are correct
Unix implements three file-access rights (read, write, and execute/search) for which identities?
All of these are correct.
What are the risks of logging into a system routing as "root" or some other administrative identity?
All of these are correct.
We are estimating the impact of an individual attack. Which of the following has the greatest estimated impact?
An attack with a $100 loss that could happen once a week
Polish cryptanalysts developed strategies to attack the rotor machine ciphers in the 1930s. Cryptanalysts from other Allied countries improved on these techniques at what location?
Blechley, United Kingdom
Which cipher replaces A with D and B with E?
Caesar
Unix users have several commands. Which of the following commands is short for the command "Change group"?
Chgrp
Which of the following is a person who has learned specific attacks on computer systems and can use those specific attacks?
Cracker
Passed in 2002, __________ requires U.S. government agencies to implement agency-wide information security programs.
FISMA (Federal Information Security Management Act)
In 1988, researcher Fred Cohen performed a series of studies in which he constructed programs that replicated themselves. He used the term computer infection to describe them.
False
What is the principle behind Microsoft's operating systems using a UAC (user account control)?
Provide temporary admin privileges
Alice transmits a message to Bob using a stream cipher. During transmission, an error causes a single bit in the ciphertext to change. How does this affect the decrypted message?
The decrypted message contains a 1-bit error in the same location.
We have a drive that contains several old files and directories that we wish to delete. We delete everything at once by doing a "quick format" of the drive. Which of the following data areas on the drive will be affected? Select all that apply.
The drive's root directory
The video stored on DVDs is encrypted. Where do we get the key to decrypt the DVD when we play it?
The key is stored in the player.
Anonymous is an example of what kind of agent?
Threat
A security database that contains entries for users and their access rights for a specific file or folder is a(n):
access control list (ACL).
Encryption transfers readable plaintext into _____________ using secret information called a(n) ________.
ciphertext; key
In Windows 10, the basic file-sharing permission level that grants users the right to read, modify, or delete a file they don't own is:
co-owner
Permission flags used in Unix to protect folders are called:
directories.
Two mechanisms to apply initial access rights are
default rights and inherit rights