Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
95 Cards in this Set
- Front
- Back
|
T F 1. Threats are attacks carried out. |
F |
|
|
T F 2. Computer security is protection of the integrity, availability, and confidentiality of information system resources. |
T |
|
|
T F 3. Data integrity assures that information and programs are changed only in a specified and authorized manner. |
T |
|
|
T F 4. Availability assures that systems works promptly and service is not |
T |
|
|
T F 5. The “A” in the CIA triad stands for “authenticity”. |
F |
|
|
__________ assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.
A. Availability C. System Integrity B. Privacy D. Data Integrity |
B. Privacy |
|
|
________ assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
A. System Integrity C. Data Integrity B. Availability D. Confidentiality |
A. System Integrity |
|
|
A loss of _________ is the unauthorized disclosure of information.
A. confidentiality C. integrity B. authenticity D. availability |
A. confidentiality |
|
|
A ________ level breach of security could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.
A. low C. normal B. moderate D. high |
D. high |
|
|
A flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy is a(n)__________.
A. countermeasure C. vulnerability B. adversary D. risk |
C. vulnerability |
|
|
An assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is a(n) __________.
A. risk C. asset B. attack D. vulnerability |
B. attack |
|
|
A(n) __________ is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that correct action can be taken.
A. attack C. countermeasure B. adversary D. protocol |
C. countermeasure |
|
|
A(n) _________ is an attempt to learn or make use of information from the system that does not affect system resources.
A. passive attack C. inside attack B. outside attack D. active attack |
A. passive attack |
|
|
Masquerade, falsification, and repudiation are threat actions that cause __________ threat consequences.
A. unauthorized disclosure C. deception B. disruption D. usurpation |
C. deception |
|
|
A threat action in which sensitive data are directly released to an unauthorized entity is __________.
A. corruption C. disruption B. intrusion D. exposure |
D. exposure |
|
|
An example of __________ is an attempt by an unauthorized user to gain access to a system by posing as an authorized user.
A. masquerade C. interception B. repudiation D. inference |
A. masquerade |
|
|
The _________ prevents or inhibits the normal use or management of communications facilities.
A. passive attack C. traffic encryption B. denial of service D. masquerade |
B. denial of service |
|
|
A __________ is any action that compromises the security of information owned by an organization.
A. security mechanism C. security attack B. security policy D. security service |
C. security attack |
|
|
The assurance that data received are exactly as sent by an authorized entity is __________.
A. authentication C. data confidentiality B. access control D. data integrity |
D. data integrity |
|
|
T F 1. Symmetric encryption is used primarily to provide confidentiality. |
T |
|
|
T F 2. Two of the most important applications of public-key encryption are digital signatures and key management. |
T |
|
|
T F 3. Cryptanalytic attacks try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained. |
F |
|
|
T F 4. The secret key is input to the encryption algorithm. |
T |
|
|
T F 5. Triple DES takes a plaintext block of 64 bits and a key of 56 bits to produce a ciphertext block of 64 bits. |
F |
|
|
T F 6. Modes of operation are the alternative techniques that have been developed to increase the security of symmetric block encryption for large sequences of data. |
T |
|
|
T F 7. The advantage of a stream cipher is that you can reuse keys. |
F |
|
|
T F 8. A message authentication code is a small block of data generated by a secret key and appended to a message. |
T |
|
|
T F 9. Like the MAC, a hash function also takes a secret key as input. |
F |
|
|
T F 10. The strength of a hash function against brute-force attacks depends solely on the length of the hash code produced by the algorithm. |
T |
|
|
T F 11. Public-key cryptography is asymmetric. |
T |
|
|
T F 12. Public-key algorithms are based on simple operations on bit patterns. |
F |
|
|
T F 13. The purpose of the DSS algorithm is to enable two users to securely reach agreement about a shared secret that can be used as a secret key for subsequent symmetric encryption of messages. |
F |
|
|
T F 14. An important element in many computer security services and applications is the use of cryptographic algorithms. |
T |
|
|
T F 15. Some form of protocol is needed for public-key distribution. |
T |
|
|
The original message or data that is fed into the algorithm is __________.
A. encryption algorithm B. secret key C. decryption algorithm D. plaintext |
D. plaintext |
|
|
The __________ is the encryption algorithm run in reverse.
A. decryption algorithm B. plaintext C. ciphertext D. encryption algorithm |
A. decryption algorithm |
|
|
__________ is the scrambled message produced as output. A. Plaintext B. Ciphertext C. Secret key D. Cryptanalysis |
B. Ciphertext |
|
|
On average, __________ of all possible keys must be tried in order to achieve success with a brute-force attack. A. one-fourth B. half C. two-thirds D. three-fourths |
B. half |
|
|
The most important symmetric algorithms, all of which are block ciphers, are the DES, triple DES, and the __________. A. SHA B. RSA C. AES D. DSS |
C. AES |
|
|
If the only form of attack that could be made on an encryption algorithm is brute-force, then the way to counter such attacks would be to __________ . A. use longer keys B. use shorter keys C. use more keys D. use less keys |
A. use longer keys |
|
|
__________ is a procedure that allows communicating parties to verify that received or stored messages are authentic. A. Cryptanalysis B. Decryption C. Message authentication D. Collision resistance |
C. Message authentication |
|
|
The purpose of a __________ is to produce a “fingerprint” of a file, message, or other block of data. A. secret key B. digital signature C. keystream D. hash function |
D. hash function |
|
|
__________ is a block cipher in which the plaintext and ciphertext are integers between 0 and n-1 for some n. A. DSS B. RSA C. SHA C. AES |
B. RSA |
|
|
A __________ is created by using a secure hash function to generate a hash value for a message and then encrypting the hash code with a private key. A. digital signature B. keystream C. one way hash function D. secret key |
A. digital signature |
|
|
Digital signatures and key management are the two most important applicationsof __________ encryption. A. private-key B. public-key C. preimage resistant C. advanced |
B. public-key |
|
|
A __________ is to try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained. A. mode of operation B. hash function C. cryptanalysis D. brute-force attack |
D. brute-force attack |
|
|
Combined one byte at a time with the plaintext stream using the XOR operation, a __________ is the output of the pseudorandom bit generator. A. keystream B. digital signature C. secure hash D. message authentication code |
A. keystream |
|
|
A _________ protects against an attack in which one party generates a message for another party to sign. A. data authenticator B. strong hash function C. weak hash function D. digital signature |
B. strong hash function |
|
|
Also referred to as single-key encryption, the universal technique for providing confidentiality for transmitted or stored data is ______________ . |
symmetric encryption |
|
|
There are two general approaches to attacking a symmetric encryption scheme: cryptanalytic attacks and __________ attacks. |
brute-force |
|
|
The ___________ algorithm takes the ciphertext and the secret key and produces the original plaintext. |
decryption |
|
|
A ________________ attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used. |
cryptanalysis |
|
|
A ________________ processes the plaintext input in fixed-size blocks and produces a block of ciphertext of equal size for each plaintext block. |
block cipher |
|
|
A __________ processes the input elements continuously, producing output one element at a time. |
stream cipher |
|
|
The two criteria used to validate that a sequence of numbers is random are independence and __________________ . |
uniform distribution |
|
|
A ______________ stream is one that is unpredictable without knowledge of the input key and which has an apparently random character. |
pseudorandom |
|
|
The _____________ is a pair of keys that have been selected so that if one is used for encryption, the other is used for decryption. |
public and private key |
|
|
T F 1. User authentication is the fundamental building block and the primary line of defense. |
T |
|
|
T F 2. User authentication is a procedure that allows communicating parties to verify that the contents of a received message have not been altered and that the source is authentic. |
F |
|
|
T F 3. User authentication is the basis for most types of access control and for user accountability. |
T |
|
|
T F 4. Keylogging is a form of host attack. |
F |
|
|
Recognition by fingerprint, retina, and face are examples of __________. A. face recognition C. dynamic biometrics B. static biometrics D. token authentication |
B. static biometrics |
|
|
The __________ strategy is when users are told the importance of using hard to guess passwords and provided with guidelines for selecting strong passwords. A. reactive password checking C. proactive password checking B. computer-generated password D. user education |
D. user education |
|
|
A __________ strategy is one in which the system periodically runs its own password cracker to find guessable passwords. A. user education C. proactive password checking B. reactive password checking D. computer-generated password |
C. reactive password checking |
|
|
The most common means of human-to-human identification are __________. A. facial characteristics C. signatures B. retinal patterns D. fingerprints |
A. facial characteristics |
|
|
__________ systems identify features of the hand, including shape, and lengths and widths of fingers. A. Signature C. Hand geometry B. Fingerprint D. Palm print |
C. Hand geometry |
|
|
Each individual who is to be included in the database of authorized users must first be __________ in the system. A. verified C. authenticated B. identified D. enrolled |
D. enrolled |
|
|
To counter threats to remote user authentication, systems generally rely on some form of ___________ protocol. A. eavesdropping C. Trojan horse B. challenge-response D. denial-of-service |
B. challenge-response |
|
|
A __________ is when an adversary attempts to achieve user authentication without access to the remote host or to the intervening communications path.
A. client attack C. eavesdropping attack B. host attack D. Trojan horse attack |
A. client attack |
|
|
A __________ is directed at the user file at the host where passwords, token passcodes, or biometric templates are stored. A. eavesdropping attack C. denial-of-service attack B. client attack D. host attack |
D. host attack |
|
|
A __________ attack involves an adversary repeating a previously captured user response. A. client C. replay B. Trojan horse D. eavesdropping |
C. replay |
|
|
An authentication process consists of the _____________ step and the verification step. |
identification |
|
|
Voice pattern, handwriting characteristics, and typing rhythm are examples of ______________ biometrics. |
dynamic |
|
|
A _______________ is a separate file from the user IDs where hashed passwords are kept. |
shadow password file |
|
|
With the ______________ strategy a user is allowed to select their own password, but the system checks to see if the password is allowable. |
proactive password checking |
|
|
T F 1. Access control is the central element of computer security. |
T |
|
|
T F 2. The authentication function determines who is trusted for a given purpose. |
F |
|
|
T F 3. An auditing function monitors and keeps a record of user accesses to system resources. |
T |
|
|
T F 4. The principal objectives of computer security are to prevent unauthorized users from gaining access to resources, to prevent legitimate users from accessing resources in an unauthorized manner, and to enable legitimate users to access resources in an authorized manner. |
T |
|
|
T F 5. Security labels indicate which system entities are eligible to access certain resources. |
F |
|
|
T F 6. A user may belong to multiple groups. |
T |
|
|
T F 7. The default set of rights should always follow the rule of least privilege or read-only access |
T |
|
|
T F 8. A user program executes in a kernel mode in which certain areas of memory are protected from the user’s use and certain instructions may not be executed. |
F |
|
|
T F 9. Any program that is owned by, and SetUID to, the “superuser” potentially grants unrestricted access to the system to any user executing that program. |
T |
|
|
T F 10. A constraint is a defined relationship among roles or a condition related to roles. |
T |
|
|
__________ implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance. A. Audit control B. Resource control C. System control D. Access control |
D. Access control |
|
|
__________ is verification that the credentials of a user or other system entity are valid. A. Adequacy B. Authentication C. Authorization D. Audit |
B. Authentication |
|
|
_________ is the granting of a right or permission to a system entity to access a system resource. A. Authorization B. Authentication C. Control D. Monitoring |
A. Authorization |
|
|
__________ is the traditional method of implementing access control. A. MAC B. RBAC C. DAC D. MBAC |
C. DAC |
|
|
__________ controls access based on comparing security labels with security clearances. A. MAC B. DAC C. RBAC D. MBAC |
A. MAC |
|
|
A __________ is an entity capable of accessing objects. A. group B. object C. subject D. owner |
C. subject |
|
|
A(n) __________ is a resource to which access is controlled. A. object B. owner C. world D. subject |
A. object |
|
|
__________ is based on the roles the users assume in a system rather than the user’s identity. A. DAC B. RBAC C. MAC D. URAC |
B. RBAC |
|
|
__________ provide a means of adapting RBAC to the specifics of administrative and security policies in an organization. A. Constraints B. Mutually Exclusive Roles C. Cardinality D. Prerequisites |
A. Constraints |
|
|
__________ refers to setting a maximum number with respect to roles. A. Cardinality B. Prerequisite C. Exclusive D. Hierarchy |
A. Cardinality |
