Cybersecurity ch. 5&7

Ace your homework & exams now with Quizwiz!

Which of the following adequately defines continuous authentication

A property that indicates that a specific subject needs access to a specific object. This is necessary to access the object in addition to possessing the proper clearance for the objects classification

The process of associating actions with users for later reporting and research is known as

Accountability

Which of the following describes an asynchronous token

An authentication token used to process challenge-response authentication with a server. It takes the servers challenge value and calculates a response. The user enters the response to authenticate a connection

Before you can determine whether something has worked, you must first define how it's supposed to work. This is known as system ________

Assessment

Ricky is reviewing a security logs to independently assess security controls. Which security review process is Ricky engaging in?

Audit

In Kerberos SSO process _________ conforms a user through secret key based on the users password

Authentication server

__________ is an authorization method in which access to resources is decided by the users formal status

Authority-level policy

Fran is conducting a security test of a new application. She does not have any access to the source code or other details of the application she is testing. What type of test is Fran conducting?

Black-box test

_________ model makes sure conflicts of interest are recognized and that people are prevented from advantage of date to which they should not have access

Brewer and Nash

________ cloud is a type of infrastructure, which provides services for several organizations

Community cloud

The Bell-La Padula access control model focuses primarily on _____________

Confidentiality of data and control of access to classified information

_________ is disposal method, which creates a magnetic field that erases data from magnetic storage media

Degaussing

Curtis is conducting an audit of an identity management system. Which question is NOT likely to be in the scope of his audit?

Does the firewall properly block unsolicited network connection attempts?

________ is an application in Microsoft Windows, that stores and displays log information to users

Event viewer

An SOC 1 report primarily focuses on security and privacy controls

False

During the secure phase of a security review, you review and measure all controls to capture actions and changes on the system

False

FAR (False Acceptance Rate) is the rate which valid subjects are rejected

False

Role-Based Access Control (RBAC) means limiting users access to database views, as opposed to allowing users to access data in database tables directly

False

The four main types of logs that you need to keep supporting security auditing include event, access, user, and security

False

Anthony is responsible for tuning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time that an administrator connects to a server using Secure Shell (SSH). What type of error is occurring?

False positive error

__________ are traps which are set to capture information about improper activity on a network

Honeypots

Which of the following is not a type of authentication

Identification

Which of the following biometric trait is very accurate

Keystroke dynamics

A mechanism that limits access to computer systems and network resources is _______.

Logical access control

______ is used to describe a property that indicates that a specific subject needs access to a specific object. This is necessary to access the object in addition to possessing the proper clearance for the objects classification.

Need-to-know

Which security testing activity uses tools that scan for services running on systems

Network mapping

________ is an authentication credential that is generally longer and more complex than a password

Passphrase

__________ are permissions granted to an authorized user, such as 'read', 'write', and 'execute'

Relationships

What name is given to an access control method that bases access control approval last on the jobs the user is assigned?

Role-based access control (RBAC)

_____________ access control method which uses the logic "if X, then Y"

Rule-Based

Microsoft office 365 is a popular example of _______

SaaS (Software as a Service)

One crucial type of evaluation to avoid a data breach is a ________

Security audit

The ______ is the central part of computing environments hardware, software, and firmware that enforced access control for computer systems

Security kernel

Which intrusion detection system strategy relies upon pattern matching?

Signature detection

________ looks for a specific sequences appearing across several packets in a traffic stream rather than just in individual packets

Stateful matching

What term is used to describe a device used as a logon authenticator for remote users of a network?

Synchronous token

Which of the following is an accurate description of cloud computing

The practice of using computing services that are delivered over a network

Risk is defined as the probability that a _____ will be realized

Threat

When you apply an account-lockout policy, set ______ to a high enough number that authorized users aren't locked out due to mistyped passwords

Threshold

A HIDS can detect inappropriate traffic that organizes inside the network.

True

During an audit, an auditor compares the current setting of a computer or device with a benchmark to help identify differences.

True

In non-discretionary access control, access rules are closely managed by the security administrators

True

In the reconnaissance phase, you gather information through techniques such as social engineering or by researching organizations website

True

Mandatory access control (MAC) is a means of restricting access to an object based on the objects classification and the users security clearance

True

SSO (Single Sign-On) reduces human error, which is a major part of system failures

True

The term asynchronous token refers to an authentication token used to process challenge-response authentication with a server. The token takes the server challenge value and calculates a response. The user enters the response to authenticate a connection.

True

Which of these biometric authentication methods is not as accurate as the rest

Voice pattern

A ___________ is a unique query of a DNS server that asks for the contents of its zone

Zone transfer


Related study sets

Exam #2 (Chp 6-10) - Organizational Behavior

View Set

Maslow's hierarchy of needs (needs based theory)

View Set

6013 Security in Mobile Computing Final

View Set