Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
56 Cards in this Set
- Front
- Back
A user copies files from her desktop computer to a USB flash device and puts the device in her pocket. Which security goals is most at risk |
Confidentiality |
|
Smart phones with cameras and internet capabilities pose a risk to which security goal |
Confidentiality |
|
By definition which security concept ensures that only authorized parties can access data? |
Confidentiality |
|
In this example what protection does the hashing activity provide |
Integrity |
|
Which of the following is an example of an internal threat |
A user accidentally deleted the new product designs |
|
What is the greatest threat to the confidentiality of data in most secure organizations |
USB devices |
|
Which of the following is the correct definition of a threat |
Any potential danger to the confidentiality, integrity, or availability of integrity, or availability of information or systems |
|
Example of vulnerability |
misconfigured server |
|
Not a valid concept to associate with integrity |
Control access to resources to prevent unwanted access |
|
When a cryptographic system is used to protect the confidentiality of data, what is protected |
Unauthorized users are prevented from viewing or accessing the resource |
|
By definition which security concept uses the ability to prove that a sender sent an encrypted message? |
Non-repudiation |
|
Which form of access control enforces security based on user identities and allows individual users to define access controls over owned resources |
DAC |
|
Which type of access control focuses on assigning privileges based on security clearance and data sensitivity |
MAC |
|
In which form of access control environment is access controlled by rules rather than by identity |
MAC |
|
You have implemented an access control method that allows only users who are managers to access specific data. Which type of access control model is used |
RBAC |
|
You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented? |
DAC |
|
Term for the process of validating a subjects identity |
authentication |
|
Used for identification |
Username |
|
A remote access user needs to gain access to resources on the server. Which of the process are performed by the remote access server to control access to resources |
Authentication and authorization |
|
Defines an object as used in access control |
data, applications, systems, networks, and physical space |
|
Access control model manages rights and permissions based on job descriptions and responsibilities |
Role based access control (RBAC) |
|
Which is the star property of Bell-LaPadula |
No write down |
|
The Clark-Wilson model is primarily based on |
Controlled intermediary access applications |
|
The Brewer-Nash model is designed to primarily to prevent |
conflicts of interest |
|
DAC manages access to resources using what primary element or aspect |
Identity |
|
What form of access control is based on job descriptions |
RBAC |
|
Example of two factor authentication |
token device pin |
|
Example of three factor authentication |
token device keystroke analysis cognitive question |
|
Example of Type II authentication credentials |
Smart card Photo ID |
|
Used to describe an event in which a person is denied access to a system when they should be allowed to enter |
False negative |
|
Defines crossoever rate for evaluating biometric systems |
The point where the number of false positives matches the number of false negatives in a biometric system |
|
Examples of SSO |
SESAME Kerberos |
|
Stronger than any biometric authentication factor |
Two factor authentication |
|
A device which is synchronized to an authentication server uses which authentication type |
Synchronous token |
|
The mathematical algorithm used by HMAC-based One Time Passwords (HOTP) relies on two types of information to generate a new password based on the previously generated password. Which info is used to generate the new password |
Shared secret Counter |
|
The mathematical algorithm used to generate TOTP uses a shared secret and a counter to generate unique on time passwords. Which event causes the counter to increment when creating TOTP passwords |
Passage of time
|
|
Which type of media prep is sufficient to media that will be reused in a different security context within your organization |
sanitization |
|
Which security principle prevents any one admin from having sufficient access to compromise the security of the overall IT solution |
Separation of duties |
|
You want to implement an ACL where only users you specifically authorize have access to the resource. Anyone not on list should be prevented from having access. Which of access list should be used |
Explicit allow, implicit deny
|
|
Separation of duties is an example of which type of access control |
Preventive |
|
Within the /etc/security/limits.conf file you notice the following entry: @guests hard maxlogins 3 What effect does the line have on the Linux system |
Limits the # of max logins from the guest group to three
|
|
Methods for providing centralized authentication, authorization, and accounting for remote access |
TACACS+ RADIUS |
|
Have decided to implement a remote access solution that uses multiple remote access servers. You want to implement RADIUS to centralize remote access authentication and authorization |
Configure the remote access servers as RADIUS clients |
|
Characteristics of TACACS+ |
Allows for possible 3 different servers, one each for authentication, authorization, and accounting Uses TCP |
|
Differences between RADIUS and TACACS+ |
Radius combines authentication and authorization into a single function; TACACS+ allows these services to be split between different servers |
|
Protocol that can be used to centralize remote access authentication |
TACACS |
|
RADIUS is primarily used for what |
Authenticating remote clients before access to network is granted |
|
Characteristic of TACACS+ |
Encrypts entire packet, not just authentication packets |
|
Which port is used with TACACS |
49 |
|
What does a remote access server use for authorization |
Remote access policies |
|
Best example of remote access authentication |
User establishes a dialup connection to a server to gain access to shared resources |
|
Feature of MS-CHAP v2 that is not included in CHAP |
Mutual authentication |
|
CHAP performs which of the following security functions |
Periodically verifies the identity of a peer using a three way handshake |
|
Which of the following authentication protocols transmits passwords in clear text, and is therefore considered too insecure for modern networks |
PAP |
|
Which remote access authentication protocol periodically and transparently re-authenticates during a logon session by default |
CHAP |
|
Which of the following authentication protocols uses a three way handshake to authenticate users to the network |
CHAP
MS-CHAP |