253 Cybersecurity Chapter 1 - 4

What is a message authentication code?

A secret key to generate a small block of data. A cryptographic checksum on data that uses a session key to detect both accidental and intentional modifications of the data.

The most important symmetric algorithms, all of which are block ciphers, are the DES, triple DES, and the __________. A) AES B) DSS C) RSA D) SHA

A) AES

__________ implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance. A) Access control B) Resource control C) System control D) Audit control

A) Access control

__________ is verification that the credentials of a user or other system entity are valid. A) Authentication B) Authorization C) Adequacy D) Audit

A) Authentication

_________ is the granting of a right or permission to a system entity to access a system resource. A) Authorization B) Control C) Monitoring D) Authentication

A) Authorization

A concept that evolved out of requirements for military information security is ______ . A) mandatory access control B) discretionary input C) reliable input D) open and closed policies

A) mandatory access control

A __________ is created by using a secure hash function to generate a hash value for a message and then encrypting the hash code with a private key. A) secret key B) digital signature C) keystream D) one way hash function

B) digital signature

The most common means of human-to-human identification are __________. A) signatures B) facial characteristics C) fingerprints D) retinal patterns

B) facial characteristics

A __________ strategy is one in which the system periodically runs its own password cracker to find guessable passwords. A) proactive password checking B) reactive password checking C) user education D) computer-generated password

B) reactive password checking

A _________ protects against an attack in which one party generates a message for another party to sign. A) digital signature B) strong hash function C) weak hash function D) data authenticator

B) strong hash function

__________ controls access based on comparing security labels with security clearances. A) RBAC B) DAC C) MAC D) MBAC

C) MAC

__________ assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. A) System Integrity B) Availability C) Privacy D) Data Integrity

C) Privacy

________ assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. A) Availability B) Confidentiality C) System Integrity D) Data Integrity

C) System Integrity

A loss of _________ is the unauthorized disclosure of information. A) integrity B) authenticity C) confidentiality D) availability

C) confidentiality

Transmitted data stored locally are referred to as __________ . A) ECC B) ciphertext C) data at rest D) DES

C) data at rest

A(n) _________ is an attempt to learn or make use of information from the system that does not affect system resources. A) outside attack B) active attack C) passive attack D) inside attack

C) passive attack

Recognition by fingerprint, retina, and face are examples of __________. A) token authentication B) dynamic biometrics C) static biometrics D) face recognition

C) static biometrics

The __________ strategy is when users are told the importance of using hard to guess passwords and provided with guidelines for selecting strong passwords. A) proactive password checking B) reactive password checking C) user education D) computer-generated password

C) user education

A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy is a(n) __________. A) countermeasure B) adversary C) vulnerability D) risk

C) vulnerability

Consider a telephone switching system that routes calls through a switching network based on the telephone number requested by the caller. Give examples of confidentiality, integrity, and availability requirements associated with the system and, in each case, indicate the degree of importance of the requirement.

Confidentiality - This is extremely important since offenders can monitor and record user conversations and track their calls. Integrity - This is important because customers expect calls to be routed to the right number accurately. Availability - This is somewhat important because customers should be able to use telephone switching systems whenever they need them.

__________ is the traditional method of implementing access control. A) MBAC B) MAC C) RBAC D) DAC

D) DAC

__________ systems identify features of the hand, including shape, and lengths and widths of fingers. A) Fingerprint B) Palm print C) Signature D) Hand geometry

D) Hand geometry

An assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is a(n) __________. A) asset B) risk C) vulnerability D) attack

D) attack

A __________ is to try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained. A) hash function B) mode of operation C) cryptanalysis D) brute-force attack

D) brute-force attack

A(n) __________ is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that correct action can be taken. A) protocol B) attack C) adversary D) countermeasure

D) countermeasure

Each individual who is to be included in the database of authorized users must first be __________ in the system. A) verified B) identified C) authenticated D) enrolled

D) enrolled

The purpose of a __________ is to produce a "fingerprint" of a file, message, or other block of data. A) digital signature B) secret key C) keystream D) hash function

D) hash function

A ________ level breach of security could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. A) moderate B) low C) normal D) high

D) high

Combined one byte at a time with the plaintext stream using the XOR operation, a __________ is the output of the pseudorandom bit generator. A) digital signature B) secure hash C) message authentication code D) keystream

D) keystream

A __________ is a password guessing program. A) password hash B) password salt C) password biometric D) password cracker

D) password cracker

__________ access control controls access based on the identity of the requestor and on access rules stating what requestors are or are not allowed to do.

Discretionary

Depending on the details of the overall authentication system, the registration authority issues some sort of electronic credential to the subscriber.

False

External devices such as firewalls cannot provide access control services.

False

Like the MAC, a hash function also takes a secret key as input.

False

Public-key algorithms are based on simple operations on bit patterns.

False

Security labels indicate which system entities are eligible to access certain resources.

False

The "A" in the CIA triad stands for "authenticity".

False

The authentication function determines who is trusted for a given purpose.

False

The purpose of the DSS algorithm is to enable two users to securely reach agreement about a shared secret that can be used as a secret key for subsequent symmetric encryption of messages.

False

Threats are attacks carried out.

False

User authentication is a procedure that allows communicating parties to verify that the contents of a received message have not been altered and that the source is authentic.

False

A good technique for choosing a password is to use the first letter of each word of a phrase.

True

An auditing function monitors and keeps a record of user accesses to system resources.

True

An important element in many computer security services and applications is the use of cryptographic algorithms.

True

Availability assures that systems works promptly and service is not denied to authorized users.

True

Computer security is protection of the integrity, availability, and confidentiality of information system resources.

True

Data integrity assures that information and programs are changed only in a specified and authorized manner.

True

Identification is the means of establishing the validity of a claimed identity provided by a user.

True

The more critical a component or service, the higher the level of availability required.

True

The principal objectives of computer security are to prevent unauthorized users from gaining access to resources, to prevent legitimate users from accessing resources in an unauthorized manner, and to enable legitimate users to access resources in an authorized manner.

True

The strength of a hash function against brute-force attacks depends solely on the length of the hash code produced by the algorithm.

True

User authentication is the basis for most types of access control and for user accountability.

True

Replay, masquerade, modification of messages, and denial of service are example of _________ attacks.

active

There are three key elements to an ABAC model: attributes which are defined for entities in a configuration; a policy model, which defines the ABAC policies; and the __________ model, which applies to policies that enforce access control.

architecture

A(n) _________ is a threat that is carried out and, if successful, leads to an undesirable violation of security, or threat consequence.

attack

An independent review and examination of system records and activities in order to test for adequacy of system controls, to ensure compliance with established policy and operational procedures, to detect breaches in security, and to recommend any indicated changes in control, policy and procedures is a(n) __________.

audit

A loss of _________ is the disruption of access to or use of information or an information system.

availability

A __________ authentication system attempts to authenticate an individual based on his or her unique physical characteristics.

biometric

A __________ processes the plaintext input in fixed-size blocks and produces a block of ciphertext of equal size for each plaintext block

block cipher

A(n) _________ is any means taken to deal with a security attack.

countermeasure

The assets of a computer system can be categorized as hardware, software, communication lines and networks, and _________.

data

A __________ attack attempts to disable a user authentication service by flooding the service with numerous authentication attempts.

denial of service

A __________ access control scheme is one in which an entity may be granted access rights that permit the entity, by its own volition, to enable another entity to access some resource.

discretionary

Voice pattern, handwriting characteristics, and typing rhythm are examples of __________ biometrics

dynamic

The simplest approach to multiple block encryption is known as __________ mode, in which plaintext is handled b bits at a time and each block of plaintext is encrypted using the same key.

electronic codebook

Access control is the central element of computer security.

True

Many users choose a password that is too short or too easy to guess.

True

Public-key cryptography is asymmetric.

True

Reliable input is an access control requirement.

True

Some form of protocol is needed for public-key distribution.

True

User authentication is the fundamental building block and the primary line of defense.

True

Role hierarchies make use of the concept of __________ to enable one role to implicitly include access rights associated with a subordinate role.

inheritance

A host generated random number is often called a __________.

nonce

Release of message contents and traffic analysis are two types of _________ attacks.

passive

A __________ dictates that a user can only be assigned to a particular role if it is already assigned to some other specified role and can be used to structure the implementation of the least privilege concept.

prerequisite

The __________ is a pair of keys that have been selected so that if one is used for encryption, the other is used for decryption.

public and private key

A __________ is a separate file from the user IDs where hashed passwords are kept.

shadow password file

A __________ processes the input elements continuously, producing output one element at a time.

stream cipher

Objects that a user possesses for the purpose of user authentication are called ______

tokens

The two criteria used to validate that a sequence of numbers is random are independence and _________ .

uniform distribution