Quiz 5 Information Security Fundamentals
Alan is evaluating different biometric systems and is concerned that users might not want to subject themselves to retinal scans due to privacy concerns. Which characteristic of a biometric system is he considering?
Acceptability
DIAMETER is a research and development project funded by the European Commission.
False
Passphrases are less secure than passwords.
False
User-based permission levels limit a person to executing certain functions and often enforces mutual exclusivity
False: Task-based
What is an XML-based open standard for exchanging authentication and authorization information and is commonly used for web applications?
Security Assertion Markup Language (SAML)
Content-dependent access control requires the access control mechanism to look at the data to decide who should get to see it.
True
The ___________ is the central part of a computing environment's hardware, software, and firmware that enforces access control.
security kernel
Ed wants to make sure that his system is designed in a manner that allows tracing actions to an individual. Which phase of access control is Ed concerned about?
Accountability
Monitoring activity in the workplace includes which of the following?
All of these could be monitored.
During which phase of the access control process does the system answer the question,"What can the requestor access?"
Authorization
Which security model does NOT protect the integrity of information?
Bell-LaPadula
Which type of password attack attempts all possible combinations of a password in an attempt to guess the correct value?
Brute-force attack
Which characteristic of a biometric system measures the system's accuracy using a balance of different error types?
Crossover error rate (CER)
Gary would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. Which model fits that scenario?
Discretionary access control (DAC)
The number of failed logon attempts that trigger an account action is called an audit logon event.
False
What is a single sign-on (SSO) approach that relies upon the use of key distribution centers (KDCs) and ticket-granting servers (TGSs)?
Kerberos
Which of the following is an example of a hardware security control?
MAC filtering
Which type of authentication includes smart cards?
Ownership
Which one of the following is NOT an advantage of biometric systems?
Physical characteristics may change.
Charles has obtained a user/password database and will attempt to crack the passwords. The passwords are hashed (encrypted). Charles has a huge list of precomputed hashes to compare to the encrypted passwords to see if he gets any matches. This password cracking technique utilizes:
Rainbow Tables
Which of the following does NOT offer authentication, authorization, and accounting (AAA) services?
Redundant Array of Independent Disks (RAID)
Tomahawk Industries develops weapons control systems for the military. The company designed a system that requires two different officers to enter their access codes before allowing the system to engage. Which principle of security is this following?
Separation of duties
Which one of the following is an example of two-factor authentication?
Smart card and personal identification number (PIN)
Which one of the following principles is NOT a component of the Biba integrity model?
Subjects cannot read objects that have a lower integrity level.
A Chinese wall security policy defines a barrier and develops a set of rules that makes sure no subject gets to objects on the other side of the wall
True
An example of a threat to access control is in a peer-to-peer (P2P) arrangement in which users share their My Documents folder with each other by accident.
True
Single sign-on (SSO) can provide for stronger passwords because with only one password to remember, users are generally willing to use stronger passwords.
True
Temporal isolation is often used in combination with role based access control.
True
Which one of the following is NOT a commonly accepted best practice for password security?
Use at least six alphanumeric characters..
Which one of the following is an example of a logical (as opposed to physical) access control?
Password
Which one of the following is an example of a logical access control?
Password