CHAPTER 6 QUIZ INFOSEC
True or False? An authentication, authorization, and accounting (AAA) server, such as Remote Authentication Dial-In User Service (RADIUS), is a type of decentralized access control.
False
True or False? Authentication by characteristics/biometrics is based on something you have, such as a smart card, a key, a badge, or either a synchronous or asynchronous token.
False
True or False? In mandatory access control (MAC), access rules are closely managed by the security administrator and not by the system owner or ordinary users for their own files.
False
True or False? Passphrases are less secure than passwords.
False
True or False? The four central components of access control are users, resources, actions, and features.
False
True or False? The number of failed logon attempts that trigger an account action is called an audit logon event.
False
True or False? Voice pattern biometrics are accurate for authentication because voices cannot easily be replicated by computer software. You Answered True
False
Anya is a cybersecurity engineer for a high-secrecy government installation. She is configuring biometric security that will either admit or deny entry using facial recognition software. Biometric devices have error rates and certain types of accuracy errors that are more easily tolerated depending on need. In this circumstance, which error rate is she likely to allow to be relatively high?
False rejection rate (FRR)
Devaki is evaluating different biometric systems. She understands that users might not want to subject themselves to retinal scans due to privacy concerns. Which concern of a biometric system is she considering?
Acceptability
Jackson is a cybercriminal. He is attempting to keep groups of a company's high-level users from accessing their work network accounts by abusing a policy designed to protect employee accounts. Jackson attempts to log in to their work accounts repeatedly using false passwords. What security method is he taking advantage of?
Account lockout policies
Which type of authentication includes smart cards?
Ownership
Tomahawk Industries develops weapons control systems for the military. The company designed a system that requires two different officers to enter their access codes before allowing the system to engage. Which principle of security is this following?
Separation of duties
What is an example of two-factor authentication (2FA)?
Smart card and personal identification number (PIN)
Which of the following principles is not a component of the Biba integrity model?
Subjects cannot change objects that have a lower integrity level.
True or False? A degausser creates a magnetic field that erases data from magnetic storage media
True
True or False? Authentication by action is based on something you do, such as typing.
True
True or False? Authentication by knowledge is based on something the user knows, such as a password, passphrase, or personal identification number (PIN).
True
True or False? Common methods used to identify a user to a system include username, smart card, and biometrics.
True
True or False? Content-dependent access control requires the access control mechanism to look at the data to decide who should get to see it
True
True or False? If a company informs employees that email sent over the company's network is monitored, the employees can no longer claim to have an expectation of privacy.
True
True or False? Log files are one way to prove accountability on a system or network.
True
True or False? Physically disabled users might have difficulty with biometric system accessibility, specifically with performance-based biometrics.
True
True or False? Single sign-on (SSO) can provide for greater security because with only one password to remember, users are generally willing to use stronger passwords.
True
Wen is a network engineer. For several months, he has been designing a system of controls to allow and restrict access to network assets based on various methods and information. He is currently configuring the authentication method. What does this method do?
Verifies that requestors are who they claim to be
Which of the following is the point at which two error rates of a biometric system are equal and is the measure of the system's accuracy expressed as a percentage?
Crossover error rate (CER)
True or False? A smart card is an example of a logical access control.
False
Keisha is a network administrator. She wants a cloud-based service that will allow her to load operating systems on virtual machines and manage them as if they were local servers. What service is Keisha looking for?
Infrastructure as a Service (IaaS)
What is a single sign-on (SSO) approach that relies upon the use of key distribution centers (KDCs) and ticket-granting servers (TGSs)?
Kerberos
What is an example of a logical access control?
Password
An automatic teller machine (ATM) uses a form of constrained user interface to limit the user's ability to access resources in the system. Specifically for ATMs, which method is being used?
Physically constrained user interfaces
The ___________ is the central part of a computing environment's hardware, software, and firmware that enforces access control.
security kernel
Which security model does not protect the integrity of information?
Bell-LaPadula
True or False? Kerberos is an example of a biometric method.
False
A company's IT manager has advised the business's executives to use a method of decentralized access control rather than centralized to avoid creating a single point of failure. She selects a common protocol that hashes passwords with a one-time challenge number to defeat eavesdropping-based replay attacks. What is this protocol? Kerberos
Challenge-Handshake Authentication Protocol (CHAP)
True or False? A Chinese wall security policy defines a barrier and develops a set of rules to ensure that no subject gets to objects on the other side.
True
True or False? Temporal isolation is commonly used in combination with rule-based access control.
False
Which type of password attack is used on weak passwords and compares a hashed value of the passwords to the system password file to find a match?
Dictionary attack
Arturo is a network engineer. He wants to implement an access control system in which the owner of the resource decides who can change permissions, and permission levels can be granted to specific users, groups of people in the same or similar job roles, or by project. Which of the following should Arturo choose?
Discretionary access control (DAC
Maria is using accounting software to compile sensitive financial information. She receives a phone call and then momentarily leaves her desk. While she's gone, Bill walks past her cubicle and sees that she has not locked her desktop and left data exposed. Bill uses his smartphone to take several photos of this data with the intent of selling it to the company's competitor. What access control compromise is taking place?
Eavesdropping by observation
Lincoln is a network security specialist. He is updating the password policy for his company's computing infrastructure. His primary method of improving password policy involves lowering the chance that an attacker can compromise and use the password before it expires. What does he do?
Enables a 30-day password change policy