Quiz 5 Information Security Fundamentals

Ace your homework & exams now with Quizwiz!

Alan is evaluating different biometric systems and is concerned that users might not want to subject themselves to retinal scans due to privacy concerns. Which characteristic of a biometric system is he considering?

Acceptability

Ed wants to make sure that his system is designed in a manner that allows tracing actions to an individual. Which phase of access control is Ed concerned about?

Accountability

During which phase of the access control process does the system answer the question,"What can the requestor access?"

Authorization

Which type of password attack attempts all possible combinations of a password in an attempt to guess the correct value?

Brute-force attack

Which type of authentication includes smart cards?

Ownership

Which one of the following is an example of a logical (as opposed to physical) access control?

Password

Which of the following does NOT offer authentication, authorization, and accounting (AAA) services?

Redundant Array of Independent Disks (RAID)

What is an XML-based open standard for exchanging authentication and authorization information and is commonly used for web applications?

Security Assertion Markup Language (SAML)

Which one of the following is an example of two-factor authentication?

Smart card and personal identification number (PIN)

Monitoring activity in the workplace includes which of the following?

All of these could be monitored.

Which of the following is an example of a hardware security control?

password*** security policy***

The ___________ is the central part of a computing environment's hardware, software, and firmware that enforces access control.

security kernel

Which one of the following is NOT an advantage of biometric systems?

Physical characteristics may change.

Which one of the following principles is NOT a component of the Biba integrity model?

Subjects cannot change objects that have a lower integrity level.

Which characteristic of a biometric system measures the system's accuracy using a balance of different error types?

Crossover error rate (CER)

Charles has obtained a user/password database and will attempt to crack the passwords. The passwords are hashed (encrypted). Charles has a huge list of precomputed hashes to compare to the encrypted passwords to see if he gets any matches. This password cracking technique utilizes:

Rainbow Tables

Gary would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. Which model fits that scenario?

Role-based access control (RBAC)**** Rule-based access control****

What is a single sign-on (SSO) approach that relies upon the use of key distribution centers (KDCs) and ticket-granting servers (TGSs)?

Secure European System for Applications in a Multi-Vendor Environment (SESAME)****

Tomahawk Industries develops weapons control systems for the military. The company designed a system that requires two different officers to enter their access codes before allowing the system to engage. Which principle of security is this following?

Separation of duties

Which one of the following is NOT a commonly accepted best practice for password security?

Use no more than eight characters.


Related study sets

RELIGION CTT Ch. 9 The Age of the Imperial Church

View Set

the largest quizlet set ever!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

View Set

Project Management - The Managerial Process 7E - Unit 1

View Set

Module 1 health promotions for advance practice nurses

View Set

chapter 63: acute kidney injury and chronic kidney disease

View Set

Chapter 1 Exam question and answers

View Set

Chapter 28 Reflection and Refraction

View Set