CS 356 CH 1-5 (Midterm 1)
A(n) __________ is a user who has administrative responsibility for part or all of the database.
Administrator
A(n) __________ is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that correct action can be taken.
Countermeasure
_________ is an organization that produces data to be made available for controlled release, either within the organization or to external users.
Data Owner
__________ is when the data in the SDB can be modified so as to produce statistics that cannot be used to infer values for individual records.
Data Perbutation
A(n) __________ is a structured collection of data stored for use by one or more applications.
Database
Masquerade, falsification, and repudiation are threat actions that cause __________ threat consequences.
Deception
The __________ is the encryption algorithm run in reverse.
Decryption Algorithm
The _________ prevents or inhibits the normal use or management of communications facilities.
Denial of Service
A __________ is created by using a secure hash function to generate a hash value for a message and then encrypting the hash code with a private key.
Digital Signature
__________ allows a issuer to access regional and national networks that connect point of sale devices and bank teller machines worldwide.
EFT
An end user who operates on database objects via a particular application but does not own any of the database objects is the __________.
End user other than the application owner
Each individual who is to be included in the database of authorized users must first be __________ in the system.
Enrolled
A view cannot provide restricted access to a relational database so it cannot be used for security purposes. (T/F)
False
Assurance the the process of examining a computer product or system with respect to certain criteria. (T/F)
False
Cryptanalytic attacks try every possible key on a piece of cipher-text until an intelligible translation into plaintext is obtained. (T/F)
False
Fixed server roles operate at the level of an individual database. (T/F)
False
Memory cards store and process data. (T/F)
False
Public-key algorithms are based on simple operations on bit patterns. (T/F)
False
Query restriction provides answers to all queries, but the answers are approximate. (T/F)
False
The two commands that SQL provides for managing access rights are ALLOW and DENY. (T/F)
False
Threats are attacks carried out. (T/F)
False
Triple DES takes a plaintext block of 64 bits and a key of 56 bits to produce a cipher-text block of 64 bits. (T/F)
False
On average, __________ of all possible keys must be tried in order to achieve success with a brute-force attack.
Half
__________ systems identify features of the hand, including shape, and lengths and widths of fingers.
Hand Geometry
A __________ is directed at the user file at the host where passwords, token passcodes, or biometric templates are stored.
Host Attack
__________ is the process of performing authorized queries and deducing unauthorized information from the legitimate responses received.
Inference
Combined one byte at a time with the plaintext stream using the XOR operation, a __________ is the output of the pseudorandom bit generator.
Keystream
A(n) _________ is an attempt to learn or make use of information from the system that does not affect system resources.
Passive Attack
A __________ is a password guessing program.
Password Cracker
A _________ is defined to be a portion of a row used to uniquely identify a row in a table.
Primary Key
A __________ is any action that compromises the security of information owned by an organization.
Security Attack
A _________ protects against an attack in which one party generates a message for another party to sign.
Strong Hash Function
A query language provides a uniform interface to the database. (T/F)
True
Availability assures that systems works promptly and services is not denied to authorized users. (T/F)
True
Computer security is essentially a battle of wits between a perpetrator who tries to find holes and the administrator who tries to close them. (T/F)
True
Depending on the application, user authentication on a biometric system involves either verification or identification. (T/F)
True
Enrollment creates an association between a user and the user's biometric characteristics. (T/F)
True
Identifiers should be assigned carefully because authenticated identities are the basis for other security services. (T/F)
True
Many security administrators view strong security as an impediment to efficient and user-friendly operations of an information system. (T/F)
True
Public-key cryptography is asymmetric. (T/F)
True
SQL Server allows users to create roles that can then be assigned access rights to portions of the database. (T/F)
True
The database management system operates on the assumption that the computer system has authenticated each user. (T/F)
True
The secret key is input to the encryption algorithm. (T/F)
True
The simplest form of query restriction is query size restriction. (T/F)
True
The value of a primary key must be unique for each tuple of its table. (T/F)
True
User authentication is the basis for most types of access control and for user accountability. (T/F)
True
A _________ is a virtual table.
View
