Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/50

Click to flip

50 Cards in this Set

  • Front
  • Back
1.
Covert channel is a communication channel that can be used for:

violating the security policy

strengthening the security policy

hardening the system

protecting the DMZ
violating the security policy
2.
To ensure that integrity is attained through the Clark and Wilson model, certain rules are needed. These rules are:

Integrity-bouncing rules

certification rules and enforcement rules

certification rules and general rules

processing rules and enforcement rules
certification rules and enforcement rules
3.
What was introduced for circumventing difficulties in classic approaches to computer security by limiting damages produced by malicious programs?

Non-Interference

Ref Mon

Integrity-monitoring

Integrity-preserving
Non-Interference
4.
What is an indirect way to transmit information with no explicit reading of confidential information?

Covert channels

Overt channels

Timing channels

Backdoor
Covert channels
5.
Which of the following are the limitations of the BLP model?

no policies for changing access data control

static in nature

contains covert channels

No Answer is Correct
All
6.
Which of the following are the two most well known access control models?

Bell LaPadula and Biba

Lattice and Biba

Bell LaPadula and Chinese War

Bell LaPadula and Info Flow
Bell LaPadula and Biba
7.
What can be defined as a formal security model for the integrity of subjects and objects in a system?

Bell LaPadula

Lattice

Biba

Info Flow
Biba
8.
Which of the following is best known for capturing security requirements of commercial applications?

Bell LaPadula

Lattice

Biba

Clark and Wilson
Clark and Wilson
9.
The Clark Wilson model has its emphasis on:

integrity

confidentiality

accountability

security
integrity
10.
In BLP, what property means "no write down"?

*

ss

ds

ws
*
11.
In BLP, what property means "no read up"?

*

ss

ds

ws
ss
12.
In BLP, what property is not part of the first version of the BLP model?

*

ss

ds

ws
*
13.
Which of the following is a state machine model capturing confidentiality aspects of access control?

Bell-LaPadula

Clarke Wilson

Lattice

Chinese Wall
Bell-LaPadula
14.
With the BLP model, access permissions are defined through:

Access Control matrix

Security labels

Filter rules

Profiles
Access Control matrix
15.
With the BLP model, security policies prevent information flowing downwards from a:

high security level

low security level

medium security level

neutral security level
high security level
16.
When will BLP consider the information flow that occurs?

when a subject observes an object

when a subject alters an object

when a subject accesses an object

No Answer is Correct
when a subject observes an object

when a subject alters an object
17.
Separation of duties is valuable in deterring:

fraud

external intruder

Trojan house

DoS
fraud
18.
What principle requires that for particular sets of transactions, no single individual be allowed to execute all transactions within the set?

Balance of power

Separation of duties

Use of rights

Fair use
Separation of duties
19.
Separation of duty can be:

static only

dynamic only

encrypted

static or dynamic
static or dynamic
20.
Who should determine the appropriate sensitivity classifications of information?

owner

user

administrator

server
owner
21.
Who should determine the appropriate access control of information?

owner

user

administrator

server
owner
22.
What principle requires that a user be given no more privilege than necessary to perform a job?

Principle of least privilege

Principle of effective privilege

Principle of most privilege

Principle of aggregate privilege
Principle of least privilege
23.
To ensure least privilege requires that _______________ is identified.

what the user's job is

what the user's group is

what the user's cost is

what the user's privilege owns
what the user's job is
24.
The concept of least privilege currently exists within the context of:

TCSEC

OSI

ISO

IETF
TCSEC
25.
Enforcing minimum privileges for general system users can be easily achieved through the use of:

RBAC

TBAC

TSTEC

IPSEC
RBAC
26.
Which of the following are potential firewall problems that should be logged?

Reboot

Proxies restarted

Changes to configuration file.

No Answer is Correct
reboot
27.
Which of the following are security events on Unix that should be logged?

Use of Setuid.

Use of Setgid.

Change of permission on system files.

No Answer is Correct
All
28.
What process determines who is trusted for a given purpose?

Authorization

Authentication

Identification

Accounting
Authorization
29.
Which of the following tools can you use to assess your network's vulnerability?

ISS

Ballista

SATAN

No Answer is Correct
All
30.
Which of the following should NOT be logged for performance problems?

CPU load.

Percentage of idle time.

Percentage of use.

No Answer is Correct
No Answer is Correct
31.
Which of the following should be logged for security problems?

Use of mount command.

Percentage of idle time.

Percentage of use.

No Answer is Correct
Use of mount command
32.
Which of the following services should be logged for security purpose?

bootp

tftp

sunrpc

No Answer is Correct
All
33.
Who should NOT have access to the log files?

internal audit staff

security staff

system administration staff

manager's secretary
manager's secretary
34.
Which of the following correctly describe the use of the collected logs?

They are used in the active and passive monitoring process.

They are used in the active monitoring process only.

They are used in the passive monitoring process only.

They are used in the archiving process only.
They are used in the active and passive monitoring process.
35.
All logs are kept on archive for a period of time. What determines this period of time?

retention policies

administrator preferences

MTTF

MTTR
retention policies
36.
Logs must be secured to prevent:

modification, deletion, and destruction

creation, modification, and destruction

modification, deletion, and initialization

modification, deletion, and inspection
modification, deletion, and destruction
37.
To ensure dependable and secure logging, all computers must have their clock synchronized to:

a central timeserver

the respective local times

the log time stamp

No Answer is Correct
a central timeserver
38.
How often should logging be run?

always

once a day

once every week

during maintenance
Always
39.
The activity that consists of collecting information that will be used for monitoring is called:

logging

troubleshooting

auditing

inspecting
logging
40.
To ensure dependable and secure logging, logging information traveling on the network should be:

encrypted

stored

monitored

isolated
encrypted
41.
If the computer system being used contains confidential information, users must not:

leave their computer without first logging off

share their desks

encrypt their passwords

communicate
leave their computer without first logging off
42.
Security is a process that is:

continuous

examined

indicative

abnormal
continuous
43.
Which of the following user items can be shared?

home directory

ID

password

No Answer is Correct
No Answer is Correct
44.
The root account must be the only account with a user ID of __________ that has open access to the UNIX shell.

0

1

2

5
0
45.
Root login in should only be allowed via:

system console

remote program

VNC

Rsh
system console
46.
What should you do to the user accounts as soon as employment is terminated?

Disable the user accounts and have the data kept for a specified period of time

Maintain the user accounts and have the data kept for a specified period of time

Disable the user accounts and erase immediately the data kept

No Answer is Correct
Disable the user accounts and have the data kept for a specified period of time
47.
Access to the _____________ account on a Unix server must be limited to only the system administrators that must absolutely have this level of access.

superuser or root

superuser or inetd

fsd or root

manager or root
superuser or root
48.
Which of the following correctly describe "good" security practice?

Accounts should be monitored regularly

You should have a procedure in place to verify password strength

You should ensure that there are no accounts without passwords

No Answer is Correct
All
49.
LOMAC is a security enhancement for what operating system?

Linux

NT

Solaris

Netware
Linux
50.
LOMAC uses what Access Control method to protect the integrity of processes and data?

Low Water-Mark Mandatory Access Control

Linux based EFS

Linux based NFS

High Water-Mark Mandatory Access Control
Low Water-Mark Mandatory Access Control