Principles of Computer Security Chapter 6 & 8 Quiz 3

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What is a certification practices statement (CPS), and what is its purpose?

A CPS outlines the steps a CA goes through to validate identities and generate certificates. Companies should review this document to ensure that the CA follows the necessary steps the company requires and provides the necessary level of protection.

Which of the following properly describes what a public key infrastructure (PKI) actually is?

A framework that does not specify any technologies, but provides a foundation for confidentiality, integrity, and availability services

On whom should a company perform background checks?

All individuals who have unescorted physical access to the facility

Within a PKI environment, where does the majority of the trust actually lie?

All users and devices within an environment trust the CA, which allows them to indirectly trust each other.

Why is physical security so important to good network security?

Because physical access defeats nearly all network security measures

How does multiple-factor authentication improve security?

By using a combination of authentications, it is more difficult for some to gain illegitimate access

The ________________ is the trusted authority that certifies individuals' identities and creates electronic documents indicating that individuals are who they say they are.

Certificate Authority

A(n) ________________ is a holding place for individuals' certificates and public keys that are participating in a particular PKI environment.

Certificate Recovery

A(n) ________________ is used when independent CAs establish peer-to-peer trust relationships.

Cross-certification certificate

A perfect bit-by-bit copy of a drive is called what?

Drive image

Requiring two individuals to recover a lost key together is called _______________, which simply means that two people have to be present to carry out a specific task.

Dual controls

Which of the following certificate characteristics was expanded upon with version 3 of the X.509 standard?

Extensions

Which fire detection device relies on the temperature in an area rising above some predefined level to activate it?

Fixed-temperature fire detector

Why is enrollment important to biometrics?

If enrollment is not done carefully, false positives will increase

If an extension is marked as critical, what does this indicate?

If the end-entity is not programmed to understand and process this extension, the certificate and corresponding keys cannot be used.

Why would a digital certificate be added to a certificate revocation list (CRL)?

If the private key had become compromised

What is the purpose of a digital certificate?

It binds an individual to a public key.

What is a bridge CA, and what is its function?

It is a CA that handles the cross-certification certificates for two or more CAs in a peer-to-peer relationship.

What about physical security makes it more acceptable to other employees?

It protects the employees themselves

What is the most common example of an access token?

Key

Allowing a third party to possess a copy of a private key so that they can decrypt and read sensitive information if the need arises is:

Key escrow

_______________ is the mechanism that allows keys to be retrieved in the event of a user losing access.

Key recovery

What is a common threat to token-based access controls?

Loss or theft of the token

The _________________ is a method of determining whether a certificate has been revoked that does not require local machine storage of CRLs.

Online Certificate Status Protocol

Probably the simplest physical attack on the computer system is:

Outright theft of the computers

In a(n) _______________, one CA is not subordinate to another CA, and these is no established trust anchor between the CAs involved.

Peer-to-peer trust model

A(n) ________________ is a structure that provides all of the necessary components for different types of users and entities to be able to communicate securely and in a predictable manner.

Public key infrastructure

The ___________________ is the PKI component that accepts requests for a digital certificate and performs the necessary steps of registering and authenticating the person requesting the certificate.

Registration authority

Why is HVAC important to computer security?

Sabotage of the AC unit would make the computers overheat and shut down

Which one is not commonly used as a biometric?

Shoulder-to-waist geometry

How can users have faith that the CRL was not modified to present incorrect information?

The CRL is digitally signed by the CA.

Once an individual validates another individual's certificate, what is the use of the public key that is extracted from this digital certificate?

The user can now encrypt session keys and messages with this public key and can validate the sender's digital signatures.

How does a user validate a digital certificate that is received from another user?

The user first sees whether her system has been configured to trust the CA that digitally signed the other user's certificate and then validates that CA's digital signature.

What is the first step a user takes to obtain a digital certificate?

The user submits a certificate request to the RA.

When a user wants to participate in a PKI, what component does he or she need to obtain, and how does that happen?

The user submits a certificate request to the RA.

What steps does a user's software take to validate a CA's digital signature on a digital certificate?

The user's software creates a message digest for the digital certificate and decrypts the encrypted message digest included within the digital certificate. If the decryption performs properly and the message digest values are the same, the certificate is validated.

Why should security guards get cross-training in network security?

They are the eyes and ears of the corporation when it comes to security

Why can USB flash drives be a threat?

They can bring malicious code past other security mechanisms

Which of the following properly explains the m of n control?

This is a control in key recovery to enforce separation of duties.

Why would a company implement a key archiving and recovery system within the organization?

To make sure all data encryption keys are available for the company if and when it needs them

Why is water not used for fire suppression in data centers?

Water would ruin all the electronic equipment


Ensembles d'études connexes

COM Chapter 1: Introduction to Communication

View Set

LS 7B Week 10 LaunchPad Questions

View Set