Information Security- Kahoot
Chapter 2 What Windows Event Id is logged when a user is successfully logon A. 4624 B. 4625 C. 4668 D. 4669
A. 4624
Chapter 2 How is the username and password protected in Kerberos? A. AES encryption B. RSA encryption C. Stream encryption D. Public key encryption
A. AES encryption
Chapter 2 What should one do if the FAR and FRR shown in this diagram does not provide an acceptable perform... A. Adjust the sensitivity of the biometric devices B. Move the CER C. Increase the False rejection D. Increase the False acceptance
A. Adjust the sensitivity of the biometric devices look UP
Chapter 1 The limits on who has access to information. A. Confidentatility B. Availability C. Integrity D. Keep it simple
A. Confidentatility
Chapter 1 The property that information is not disclosed to unauthorized individuals or processes A. Confidentiality B. Integrity C. Availability D. Defense in depth
A. Confidentiality
Chapter 1 A comprehensive strategy of including multiple layers of security within a system A. Defense in Depth B. Think Like an Adversary C. Keep It Simple D. Integrity
A. Defense in Depth
Chapter 1 ________ could potentially be an evil twin of confidentiality A. Disclosure B. Denial of service C. Alteration D. Non-repudiation
A. Disclosure
Chapter 2 Suppose a biometric system is configured to work at the level shown by point B. What problem is likely ... A. False acceptance will be very high. B. False rejection will be very high C. False rejection will be very low D. False acceptance will be very low
A. False acceptance will be very high. Look up on slides
Chapter 1 Suppose a manager of an IoT device requests you to start a product security assessment. What should y... A. Formally request the test in written form B. Ask the manager to give you a month to work on the assessment C. Start the test immediately D. Keep it confidential
A. Formally request the test in written form
Chapter 2 When the system verifies an identity and adds a unique identifier to an identity system, what process ha... A. Identity proofing B. Using Kerberos C. Directory management D. Using oAuth
A. Identity proofing
Chaptere 2 What is the best way to provide accountability for the user of identities? A. Logging B. Authorization C. Digital signatures D. Identification
A. Logging
Chapter 2 Dogs, guards, and fences are all examples of what controls A. Physical B. Non-discretionary C. Rule-based D. Logical
A. Physical
Chapter 2 What type of access controls allow to grant accessed based on a subject's role, A. Role based B. Non-discretionary C. Rule-based D. Discretionary
A. Role based
Chapter 2 Kerberos is an example of what type of system A. Single Sign On B. Federated C. KDC based for Multi-Sign-On D. oAuth
A. Single Sign On
Chapter 1 Which of the following is availability requirement A. Software must support replication and provide load balancing B. Input validation is a mitigation technique C. Code injection can modify the database D. Published software should provide a message digest to validate accuracy
A. Software must support replication and provide load balancing
Chapter 2 In a Kerberos environment, when a user needs to access a network resource, what is sent to the TGS? A. TGS B. TGT C. AS D. SS
A. TGS
Chapter 2. Suppose a biometric system is configured to work at the level shown by point A . To what level is the sen... A. The CER B. The FAR point C. The FRR crossover D. The FRR point
A. The CER Look up CER on slides
Chapter 1 The integrity of information is not related to which of the following A. The extraction of data to share with unauthorized users B. Accidental substitution of data C. Unauthorized manipulation of data D. Intentional substitution of data
A. The extraction of data to share with
Chapter 1 _____ considers the potential actions of the opposing force working against the desired result A. Think Like an Adversary B. Keep It Simple C. Availability D. Defense in depth
A. Think Like an Adversary
Chapter 2 If you are required to login with name, a PIN, a password, and a retina scan, how many distinct types of... A. Two B. Four C. Three D. One
A. Two
Chapter 2 Cognitive question is what type of authentication factor? A. Type I B. Type III C. Type II D. Type IV
A. Type I
Chapter 2 What Windows Event Id is logged when a user is successfully logged off A. 4624 B. 4634 C. 4668 D. 4669
B. 4634
Chapter 1 Which of the following is not an example of confidentiality requirement A. Password and sensitive field should be masked B. Code injection can modify the database C. PII/PHI must be protected against disclosure D. Password at rest must not be stored in clear text
B. Code injection can modify the database
Chapter 1 ______ ensures the secrecy and privacy of data A. Disclosure B. Confidentiality C. Alteration D. Non-repudiation
B. Confidentiality
Chapter 1 ______ refers to the prevention of intentional or unintentional unauthorized disclosure of data A. Disclosure B. Confidentiality C. Alteration D. Non-repudiation
B. Confidentiality
Chapter 1 ________ could potentially be an evil twin of availability A. Disclosure B. Destruction C. Alteration D. Non-repudiation
B. Destruction
Chapter 1 Assurance that information is accurate and trustworthy A. Confidentiality B. Integrity C. Availability D. Defense in depth
B. Integrity
Chapter 1 Checksums, Message Digests, Hashes... A. Confidentiality B. Integrity C. Availability D. Defense in depth
B. Integrity
Chapter 2 The X.500 standards cover what type of important identity systems? A. RADIUS B. Kerberos C. Diameter D. oAuth
B. Kerberos
Chapter 2 Which Authentication Protocol is used on Windows Active Directory? A. RADIUS B. Kerberos C. Diameter D. oAuth
B. Kerberos
Chapter 2 Questions like "What is your your elementary school name?" are examples of what type of identity proo... A. Dynamic knowledge-based authentication B. Knowledge-based authentication C. A Type 2 authentication factor D. A Type 3 authentication factor
B. Knowledge-based authentication
Chapter 2 Files, databases, computers, programs, processes, devices, and media are all examples of what? A. Subjects B. Objects C. Users D. File stores
B. Objects
Chapter 2 What type of access control is typically used by firewalls? A. Discretionary access controls B. Rule-based access controls C. Non-Discretionary access controls D. Role-based access controls
B. Rule-based access controls
Chapter 1 Kali couldn't figure out how Ubuntu gained unauthorized access , since he has little IT experience. This ... A. Reverse Engineering attack B. Shoulder surfing attack C. Brute-force attack D. Key-logger attack
B. Shoulder surfing attack
Chapter 2 Voice pattern recognition is what type of authentication factor? A. Type I B. Type III C. Type II D. Type IV
B. Type III
Chapter 2 Suppose you are building a banking website. You need proof of the identity of the users. How should yo... A. Require users to create unique questions that only they will know B. Use questions pulledfrom their credit report C. Call the user on their registered phone number D. Require new users to bring their driver's license in person to the bank
B. Use questions pulledfrom their credit report
Chapter 2 Which one of the following is often used for identification purposes and is not suitable for use as an auth... A. Password B. Username C. Token D. Ticket
B. Username
Chapter 2 When might an organization using biometrics choose to allow a higher FRR instead of a higher FAR? A. When the CER of the system is not known B. When security is more important than usability C. When false rejection is not a concern due to data quality D. When the CER of the system is very high
B. When security is more important than usability
Chapter 2 What Windows EVent Id is logged when Kerberos authentication ticket (TGT) was requested A. 4624 B. 4625 C. 4668 D. 4669
C. 4668
Chapter 2 A customer who used fingerprint to access bank account is logged in another account. What type of err... A. A Type 1 error B. A Type 3 error C. A Type 2 error D. Unknown error
C. A Type 2 error
Chapter 2 What access control model that focuses on subjects and identifies the objects that each subject can access? A. TAn access control list B. An implicit denial list C. A capability table D. A rights management matrix
C. A capability table
Chapter 2 Suppose you recover a file containing hashed passwords . What type of attack is most likely to succeed a... A. A brute force attack B. A pass-the-hash attack C. A rainbow table attack D. A salt recovery attack
C. A rainbow table attack
Chapter 1 ________ could potentially be an evil twin of integrity A. Disclosure B. Denial of service C. Alteration D. Non-repudiation
C. Alteration
Chapter 2 A table that includes assigned privileges, objects, and subjects to manage access control for the system. A. An access control list B. A subject/object rights management system C. An access control matrix D. A capability table
C. An access control matrix
Chapter 1 A security concept that verifies and validates identity information that is supplied. A. Think Like an Adversary B. Keep It Simple C. Authentication D. Defense in depth
C. Authentication
Chapter 2 When you input a user ID and password, you are performing what important identity and access mana... A. Authorization B. Validation C. Authentication D. Login
C. Authentication
Chapter 2 Which of the following is not a common threat to access control mechanisms? A. Brute-Force attack B. Phishing C. Authorization attack D. Rainbow table attack
C. Authorization attack
Chapter 1 Information is accessible to authorized persons. A. Confidentiality B. Integrity C. Availability D. Defense in depth
C. Availability
Chapter 2 What does the following image possibly indicate ***image who tf knows**** A. Kerberos Authenticatioj B. Password login C. Brute force attack D. Pass the hash attack
C. Brute force attack
Chapter 1 Availability can best be achieved using A. Hashing B.Encryption C. Clustering D. Non-repudiation
C. Clustering
Chapter 1 The property that information is not disclosed unless they have been authorized to access the information A.Defense in Depth B. Think Like an Adversary C. Confidentiality D. Integrity
C. Confidentiality
Chapter 1 Controlling access to information systems and associated network is necessary for the preservation of th... A. Integrity and Availability B. Identification and Confidentiality C. Confidentiality, Integrity, and Availability D. Confidentiality and Integrity
C. Confidentiality, Integrity, and Availability
Chapter 1 The use of strong authentication, the encryption of PII at rest, and the encryption of data across networ... A. Data Integrity B. Data Availability C. Defense in Depth D. Non-repudiation
C. Defense in Depth
Chapter 1 Suppose you found a remote code execution vulnerability in a POS & made it public. What type of discl... A. Partial disclosure B. Think Like an Adversary C. Full disclosure D. Responsible disclosure
C. Full disclosure
Chapter 1 Validates whether the information is in its intended state. A. Confidentiality B. Availability C. Integrity D. Keep it simple
C. Integrity
Chapter 1 A security concept that addresses the deniability of actions taken by the software or the user. A. Think Like an Adversary B. Keep It Simple C. Non-repudiation D. Defense in depth
C. Non-repudiation
Chapter 1 A confidential number used as an authentication factor to verify a user's identity is called A. Password B. Ticket C. PIN D. User ID
C. PIN
Chapter 1 Confidentiality is used to A. Protect from destruction B. Protect from modification C. Protect from disclosure D. Protect from non-repudiation
C. Protect from disclosure
Chapter 2 Which pair of the following factors are key for user acceptance of biometric identification systems? A. The FAR B. The FRR C. The throughput rate and the time required to enroll D. The CER and the ERR
C. The throughput rate and the time required to enroll
Chapter 2 A smart card is an example of what type of authentication factor? A. Type I B. Type IV C. Type II D. Type III
C. Type II
Chapter 2 What Windows EVent Id is logged when A Kerberos service ticket was requested A. 4624 B. 4625 C. 4668 D. 4669
D. 4669
Chapter 1 Multiple layers of security controls are put into place within a system to protect information A. Confidentiality B. Integrity C. Availability D. Defense in Depth
D. Defense in Depth
Chapter 1 A security design principle that ensures that no single point of complete compromise exists A. Confidentiality B. Integrity C. Availability D. Defense in depth
D. Defense in depth
Chapter 2 What type of access controls allow the owner of a file to grant other users access to it using an access co... A. Role based 1 B. Non-discretionary C. Rule-based D. Discretionary
D. Discretionary
Chapter 2 When you sets the permissions shown in the following image , what type of access control model are you... A. Non-discretionary access control B. Rule-based access control C. Mandatory access control D. Discretionary access control
D. Discretionary access control Look up Discretionary access control on slides
Chapter 1 What is called the act of a user professing an identity to a system in the form of log-on Id? A. Authentication B. Availability C. Confidentiality D. Identification
D. Identification
Chapter 1 The property that information has not been modified or destroyed in an unauthorized manner A. Defense in Depth B. Think Like an Adversary C. Confidentiality D. Integrity
D. Integrity
Chapter 2 Which of the following is not a weakness in Kerberos? A. The KDC is a single point of failure. B. Authentication information is not encrypted. C. Compromise of the KDC would allow attackers to impersonate any user. D. It is susceptible to password guessing.
D. It is susceptible to password guessing.
Chapter 2 What tasks must the client perform before it can use the TGT? A. It must install the TGT and decrypt the symmetric key. B. It must send a valid response using the symmetric key to the KDC C. It must decrypt the TGT and the symmetric key D. It must generate a hash of the TGT and decrypt the symmetric key.
D. It must generate a hash of the TGT and decrypt the symmetric key.
Chapter 2 Which of the following is a ticket-based authentication protocol designed to provide secure communicati... A. RADIUS B. OAuth C. SAML D. Kerberos
D. Kerberos
Chapter 1 All are ways in which confidentiality could be compromised except one A. Sniffing B. Hacking C. Shoulder surfing D. Non-repudiation
D. Non-repudiation
Chapter 2 Callback to a home phone number is an example of what type of factor? A. Type 1 B. Type 3 C. Type 2 D. Somewhere you are
D. Somewhere you are
Chapter 1 Which of the following is not an example of integrity requirement A. Input validation should be enforced in forms B. SQL Code injection should not be permitted to prevent modification C. Subjects should be prevented from modifying data unless explicitly allowed D. TLS must be used for transmitting sensitive information
D. TLS must be used for transmitting sensitive information
Chapter 1 Modeling a threat (attacker) can be considered as A. Availability B. Integrity C. Confidentiality D. Think like an adversary
D. Think like an adversary
Chapter 1 Red team mindset... A. Confidentiality B. Integrity C. Availability D.Think Like an Adversary
D.Think Like an Adversary
Chapter 1 A combination of security controls, the impact from the failure of any single control can be reduced if n... A.Defense in Depth B.Availability C.Integrity D. Keep it simple
Defense in Depth
