MSIS Exam 2

______ is a general access control method that uses capabilities in the form of tokens to pass right around.

Posix

If your computer starts having a bunch of weird problems but you can't seem to repeat any one issue regularly it might be your _________. You shouldn't have tried to be cheap on this part.

Power Supply

is volatile memory on your computer. Upgrading your computer by getting more of this is a good idea.

RAM

__________ access control, permissions are aggregated in roles that are assigned to users or groups

RBAC, role based

is memory that is built on the motherboard. It was originally not changeable but now you can "flash" it, like when upgrading the BIOS.

ROM

Can be applied to both copyrights and patents

Apache 2.0 License

______ is our belief that an operating system is implemented in a way that enforces our security policy.

Assurance

The first set of instructions that your computer uses is the ________

BIOS

Restricts use of contributor names for endorsement of a derived work

BSD License

______ register sets the lower memory location.

Base

is the brains of the computer. It's about the size of a saltine cracker (though really it is the size of a fingernail and all the rest of that space is used for other things)

CPU

Computer code that is turned into machine code all at once is said to be

Compiled

More for design work than code development

Creative Commons (CC) License

______ testing is ethical hacking, where a team is hired to try and break the network perimeter of a business.

Pen, Penetration

Optical media, like a CD or DVD, don't actually store bits on the disk but rather uses_______ in a slightly complicated way that can be translated to bits.

Pits and lands

With ___________ access control users can give and remove access to their objects at will.

Discretionary

file structure is older, uses large clusters and cannot hold a single file larger than 2GB.

FAT, FAT32

A hardware or software boundary in computer memory is called a ____________.

Fence

A ________ was essentially a big list matching users and rights with objects

File Directory

System memory space that could not be changed was usually enforced with a hardware _____ fence.

Fixe

________ uses mathematical models to test the security properties of a security model.

Formal verification

____________ in trusted software means that the software behaves as we expect.

Functional Correctness

Cannot use with paid and proprietary software

GNU GPL

are made of fast spinning platters and hold data magnetically.

Hard Drives

level languages like Python, Perl, Java, SQL are very human readable but require extra work to get them in shape for the CPU to understand. This can introduce vulnerabilties.

High

___________ in trusted software means that the integrity of the data is not damaged even if the software is given bad or unauthorized commands

Integrity Enforcement

Code that is turned into machine code one line at a time is

Interpreted

_____ is a simple acronym that supports the concept of economy of mechanism in trusted system design.

KISS

__________ uses capabilites called Tickets to grant permissions, like a carnival.

Kerberos

was an early 90s hacker collective and one of the first hackerspaces.

L0pht Heavy Industries

The older password hash that was heavily compromised by Microsoft was the ________ hash. It was compromised by uppercasing, truncation, splitting and static code use.

LM, LM Hash

Allows the concurrent use of paid of propriety software with its code.

Lesser GNU GPL (LGPL)

______ file structure is smaller, newer and more efficient. I used shot glasses as an analogy for these clusters.

NTFS

The current hash method for computers is the ________ hash, which is 32 bytes long.

NTLM

With _________, both memory and programs are broken into equal size pieces.

Pagin

Allow new or changed data values to be accepted by a program unchecked

incomplete mediation

The core set of things that a CPU can do is known as the

instruction set

scan uses ultraviolet light for eye authentication and is clone-proof.

iris

As a user authentication source, a thumbprint is something a user

is

the ________ is all the possible combinations for a password given any constraints

key space

As a user authentication source, a PIN number is something a user

knows

The rules about how you and others can use a particular piece of open-source software are included in the

license

The lowest possible programming language is ________ code

machine

The person responsible for looking after the integrity of an open source project's code is called the

maintainer

With ___________ access control a central authority decides who accesses what.

mandatory

is the first thing accessed on a drive and it points to the operating system

master boot record

In older mainframes the ________ was a program that actively kept the users' programs separate.

monitor

is the main part of a computer. It has the ports sticking out the back, manages data flow, and holds the CPU, RAM, video card and other important pieces.

motherboard

authentication is when you use a combination of authentication methods, like your ATM card and your PIN.

multifactor

Software code that adds or changes functionality is called a

patch

is a small amount of code added to a program to fix a known problem.

patch

Closely following someone into a restricted access area is called

piggybacking

ith variable memory fencing the ___________ is used to move all the memory location references by a constant amount in response to a moved fence.

relocation factor

scan uses the pattern of blood vessels in the eye and requires that the scan be done at close range.

retinal

Putting a random string in front of a password prior to hashing it is called ________ the password.

salting

Watching someone enter a code like at an ATM is called

shoulder surfing

The current code that makes up a program but still needs to be compiled or interpreted is called

source code

Altering the order of CPU instructions so as to execute a bad instruction

stack overflow

space is simply the space you haven't used on your hard drive.

unallocated

Incorporating a change or patch into original source code is called

upstreaming

Allowing user input to directly change commands sent to a database

SQL injection

Windows stores passwords on the computer in the

Security Accounts Manager

The ________ is the collection of code that checks access to protected objects in an operating system

Security Kernel

With program _________, the pieces are named and code is referenced by the name and an offset from the top of the code block. This was innovative because it separated physical memory from logical memory.

Segmentation

space is unused space remaining in clusters. Data can be hidden here and old data can be found here.

Slack

drives have no moving parts and make digital forensics more difficult.

Solid state, SSD

______________ is an old memory protection approach that gave permission to each word of memory

Tagged Architecture

The most common form of character encoding on the internet is

UTF8

_______ group protection includes groups for User, Group and World.

Unix

is the act of verifying a claimed identity, like using a PIN or password.

User Authentication

__________ is the act of making sure that software is built to specification. This includes implementation checks to ensure the software works once installed.

Validation

System memory space that can be changed - typically with software - used to be done with a _____ fence.

Variable

______ group protection includes groups for Admin, Power User, User and Guest.

Windows

__________ language is the lowest programming language that uses any kind of human-readable words.

assembly

Authentication methods that rely on the physical characteristics of a user are called

biometrics

A departure from the original open source code that may later be included is called a software

branch

Trying every single possible password combination is a

brute force

Commiting more data to memory than has been allotted

buffer overflow

In 1992 the US revised the book on creating levels of trust for opearting systems in varying environments. This revision is now commonly known as the ____________

common criteria

management ensures that muliple users can change data at the same time without conflicts arising from simultaneous transactions.

concurrency

is someone who has made new code or code changes that are accepted into the original source code.

contributor

Using a list of words to guess a password is called a

dictionary attack

Digging through the trash looking for passwords and other confidential information is called

dumpster diving

The popular open source motto regarding code changes is "Upstream ________"

early and often

is a mistake made - intentionally or purposefully - by humans that results in a problem with a computer program.

error

is when a computer program ceases working properly.

failure

a ________ is a problem in program code or design that can lead to a system breakdown but hasn't yet.

fault

active _______ means that a program should watch for errors so that it fails gracefully if needed.

fault detection

allows the program to continue working in the event of a failure of some of the parts

fault tolerance

A permanent split from an open source code development path is called a

fork

As a user authentication source, a password token phone app is something a user

has

The standard code page developed from telegraphic codes is

ASCII

______________ list relies on having each object carry its own list of rights per object or user

Access Control

Shortest and least restrictive license listed here

MIT License