Security

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What is the UNIX/Linux UID of the root user?

0

Which security principle dictates how often should you use the System Administration account?

Principle of Least Privilege

Which part of the DES algorithm makes reversing the process impossible?

S-Boxes

According to Claude Shannon, how should the size of the resulting ciphertext of a message compare to the original plaintext?

The amount of ciphertext should be less than or equal to the amount of plaintext.

How does the Principle of Adequate Protection apply to data?

The amount of protection used should be equivalent to value of the data

Why are Macro visuses easier to create than other types?

The code for previous ones are easy to extract and copy from infected files.

What kind(s) of attacks can "Sanity" checks help protect against?

Insertion attacks (code, SQL, and command)

The RSA public Key algorithm manipulates what kinds of numbers?

(Large) Prime Numbers

In terms of numbers of people, which group of attackers pose the biggest security threat?

Script Kiddies

How many Pentium Protection Rings are used by Microsoft Operating systems?

2 out of the 4 possible rings

Shifting the ciphertext alphabet to the left (or right) some number of places describes what sort of simple substitution cipher?

A Caesar Cipher

The Vigenere Cipher is an example of what kind of an encyption technique?

A poly-alphabetic substitution

How does the mutation engine make it harder to detect Polymorpgic viruses?

Adds random code into the virus that change the signature but now how the virus runs.

What is security through obscurity?

Assuming that a problem is so subtle that no one would ever find it.

What are the 3 A's of Security?

Authentication, Authorization (Access Control), and Audit.

A Signature scan is an example of what kind of biometric trait?

Behavioral (or dynamic)

What did a programmer forget to do when a program is said to be vulnerable to buffer overflow attacks?

Bounds checking (on arrays)

What is an advantage of using an Access Control Matrix?

Centralization

List the goals of security?

Confidentiality, Integrity, and Availability.

What function does the reference monitor provide?

Determines whether or not a subject (i.e. user) can access an object (i.e. file) in the way s/he wishes to.

How do brute force password attacks differ from dictionary based ones?

Dictionary attacks hash each word in a dictionary looking for a match while brute force attacks try every possible character combination

If Bob was going to digitally sign a message being sent to Alice, which key would he use?

His private key

What is a benefit from log centralization?

If a system is broken into, the attacks can't change the logs to hide the fact.

How do Transposition encryted messages affect the frequency analysis of the original message?

It doesn't. The letters are rearranged, not swapped

who was the Math Consultant for the movie "Sneakers"?

Len Adelman - the A in RSA

The Rijndael (AES) algorithm treats every block as what kind of data structure?

Matrix

Using base and bounds registers help protect which computer component?

Memory

If the 5th block of an encrypted message using Output Feedback Mode is corrupted during transmission, how will it affect the receiver's ability to decrypt the entire message?

Minor since only that block will be incorrectly deciphered.

What problem does using a lock file help address?

Race conditions / Processing data in the wrong order

Why are password hashes salted?

Randomization (would want 2 identical passwords to appear different)

Databases typically use what kind of Access Control Model?

Role Based Access Control (RBAC)

Replacing Shared libaries (e.g. .dll or .so files) is a technique used by what kind of Malicious software?

Rootkits

You receive an email saying it is from your bank and includes a link for you to follow to reset your password is an example of what sort of attacker technique?

Social Engineering (Phishing)

Token based (i.e. Google Authenticator) are an example of what kind of One Time Password approach?

Synchronized

In a system which uses Discretionary Access Controls, who decides what access permissions should be assigned to an object?

The owner of the object

How does a polyalphabetic cipher affect the frequency analysis on an encrypted message?

The peeks and valleys between high and low frequency letters narrower.

How does Windows determine what permisisons to assign to a newly created file or directory?

The permissions are inherited from the parent directory (folder)

How to Stealth Viruses hide their existance?

They rewrite to the Interrupt Vector Table or Handler to use their code

How to worms spread?

Through the network, taking advantage in software bugs, etc.

What is the reduction function used in a rainbow table used for?

To get a new key from the previous ciphertext

Why do some organizations set a minimum time between user password changes?

To prevent users from changing a password then immediately changing it right back.

What is "Fuzzing"?

Using completely random data as inputs during software testing

In cryptographic terminology, what does non-repudiation provide?

Verifies the identity of the sender.

How does using Authenticode help with system security?

We can decide if we trust the author of software before installing it

How difficult is it to decrypt Hash functions?

You can't (should be able to anyway). They are one-way functions.

Why would qwertasdf not be considered a good password?

keyboard pattern


Ensembles d'études connexes

ISO27001 and ISO27002, standards and risk management

View Set

Chapter 14 PrepUWhich group of terms best defines assessing in the nursing process?

View Set

OLIGOPOLIO Y COMPETENCIA MONOPOLISTICA

View Set

Global & Strategic Management Exam 2 Ch 5,6,7,8

View Set

Ch 12-Brooker Biology-Gene Expression at the Molecular Level

View Set

UNIT 1 - Challenge 2: Age of Exploration: 1400s - 1600s

View Set

Bio SAT ii Practice test problems

View Set