Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
20 Cards in this Set
- Front
- Back
|
Which security model incorporates the "no write up" and "no read down" rules?
|
Bipa - The Biba model focuses on protecting the integrity of the data rather than confidentiality
|
|
|
Which are the three common methods used in password cracking?
|
Dictionary, hybrid, and brute force -
|
|
|
Which of the following refers to an error where the percent of unenrolled or impostors are accepted as authentic?
|
A Type II error - often called a false accept rate, occurs when an unauthorized person is given access to the system.
|
|
|
Which password cracking technique will eventually figure out a hard-to-guess password?
|
Brute Force - A brute force attack will try every possible combination of letters and characters that can form a password.
|
|
|
When talking about biometric access controls, what is a
Type I error? |
False reject rate - Is exemplified by a legitimate user of the system being denied access.
|
|
|
Which of the following critical areas of security represents the
unauthorized modification of information? |
Integrity
|
|
|
Applying which principle represents one of the best ways to thwart internal
attacks using access control systems? |
Least Privelage
|
|
|
What is the MOST influential factor in determining if a biometric solution
is feasible for a system? |
Budget
|
|
|
Which authentication protocol is the strongest?
|
Kerberos
|
|
|
Which Security Model is designed for non-governmental
(commercial) use? |
The Clark-Wilson Model has been adapted for commercial use
|
|
|
What is among the primary design types used for access
control systems today? |
Mandatory, discretionary, and role-based
|
|
|
Name a vulnerability that is not a threat to hardware?
|
A maintenance hook is a huge threat that exists in operations environments, but it threatens the software, not the hardware.
|
|
|
Is it possible for the administrator of a UNIX system to quickly tell you what your password is currently set to?
|
No - The password is stored in a hash
|
|
|
The assurance of access to data when it is needed is one of the three key
principles in information security. What is this principle called? |
Availability
|
|
|
Of the four ways a user can be authenticated, which presents the use of physical human attributes in the process?
|
Biometrics - Something you are.
|
|
|
Which control type is used to provide alternatives to
other controls? |
Compensating
|
|
|
What is the association of a unique identity with an individual presenting himself unknowingly or knowingly to an access control system?
|
Identification
|
|
|
Which concept relates most closely to the Principle of Least Privilege?
|
Separation of duties
|
|
|
What attribute of the Kerberos authentication process makes it so
strong? |
Users and services (also called principals) authenticate to each other
|
|
|
What principle is represented by an accountant creating a company's books and an auditor reviewing the books for accuracy?
|
Separation of duties
|
