Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
99 Cards in this Set
- Front
- Back
A firewall can be classified as a:
A. Directory based access control. B. Rule based access control. C. Lattice based access control. D. ID based access control. |
Rule based access control.
|
|
Which of the following are the two most well known access control models?
A. Lattice and Biba B. Bell LaPadula and Biba C. Bell LaPadula and Chinese war D. Bell LaPadula and Info Flow |
Bell LaPadula and Biba
|
|
What security model implies a central authority that determines what subjects can have access to
what objects? A. ) Centralized access control B. ) Discretionary access control C. ) Mandatory access control D. ) Non-discretionary access control |
Non-discretionary access control
|
|
Which of the following is best known for capturing security requirements of commercial
applications? A. Lattice B. Biba C. Bell LaPadula D. Clark and Wilson |
Clark and Wilson
|
|
Which of the following is a straightforward approach that provides access rights to subjects for
objects? A. ) Access Matrix model B. ) Take-Grant Model C. ) Bell-LaPadula Model D. ) Biba Model |
Access Matrix model
|
|
What is called the type of access control where there are pairs of elements that have the least
upper bound of values and greatest lower bound of values? A. ) Mandatory model B. ) Discretionary model C. ) Lattice model D. ) Rule model |
Lattice model
|
|
Which access control would a lattice-based access control be an example of?
A. ) Mandatory access control B. ) Discretionary access control C. ) Non-discretionary access control D. ) Rule-based access control |
Non-discretionary access control
|
|
Who developed one of the first mathematical models of a multilevel-security computer system?
A. ) Diffie Hillman B. ) Clark and Wilson C. )Bell and LaPadula D. ) Gasser and Lipner |
Clark and Wilson
|
|
Which of the following was the first mathematical model of multilevel security policy?
A. Biba B. Take-Grant C. Bell-La Padula D. Clark Wilson |
Bell-La Padula
|
|
Which security model allows the data custodian to grant access privileges to other users?
A. Mandatory B. Bell-LaPadula C. Discretionary D. Clark-Wilson |
Discretionary
|
|
What is one issue NOT addressed by the Bell-LaPadula model?
A. Information flow control B. Security levels C. Covert channels D. Access modes |
Covert channels
|
|
Which one of the following access control models associates every resource and every user of a
resource with one of an ordered set of classes? A. Take-Grant model B. Biba model C. Lattice model D. Clark-Wilson model |
Lattice model
|
|
What scheme includes the requirement that the system maintain the separation of duty requirement expressed in the access control triples?
A. Bella B. Lattice C. Clark-Wilson D. Bell-LaPadula |
Clark-Wilson
|
|
The access matrix model consists of which of the following parts? (Choose all that apply)
A. A function that returns an objects type. B. A list of subjects. C. A list of objects. |
All of the above
|
|
The access matrix model has which of the following common implementations?
A. Access control lists and capabilities. B. Access control lists. C. Capabilities. D. Access control list and availability. |
Access control lists and capabilities.
|
|
The lattice-based model aims at protecting against:
A. Illegal attributes. B. None of the choices. C. Illegal information flow among the entities. D. Illegal access rights |
Illegal information flow among the entities.
|
|
Which of the following are the components of the Chinese wall model?
A. Conflict if interest. B. All of the choices. C. Subject D. Company Datasets. |
All of the choices.
|
|
Enforcing minimum privileges for general system users can be easily achieved through the use of:
A. TSTEC B. RBAC C. TBAC D. IPSEC |
RBAC
|
|
What is necessary for a subject to have write access to an object in a Multi-Level Security Policy?
A. ) The subject's sensitivity label must dominate the object's sensitivity label B. ) The subject's sensitivity label subordinates the object's sensitivity label C. ) The subject's sensitivity label is subordinated by the object's sensitivity label D. ) The subject's sensitivity label is dominated by the object's sensitivity label |
The subject's sensitivity label is dominated by the object's sensitivity label
|
|
Which of the following security modes of operation involved the highest risk?
A. ) Compartmented Security Mode B. ) Multilevel Security Mode C. ) System-High Security Mode D. ) Dedicated Security Mode |
Multilevel Security Mode
|
|
Controlled Security Mode is also known as:
A. ) Multilevel Security Mode B. ) Partitioned Security Mode C. ) Dedicated Security Mode D. ) System-high Security Mode |
Multilevel Security Mode
|
|
The unauthorized mixing of data of one sensitivity level and need-to-know with data of a lower
sensitivity level, or different need-to-know, is called data A. Contamination B. Seepage C. Aggregation D. Commingling |
Contamination
|
|
Which one of the following should be employed to protect data against undetected corruption?
A. Non-repudiation B. Encryption C. Authentication D. Integrity |
Integrity
|
|
Which of the following is a communication path that is not protected by the system's normal security mechanisms?
A. ) A trusted path B. ) A protection domain C. ) A covert channel D. ) A maintenance hook |
A covert channel
|
|
A channel within a computer system or network that is designed for the authorized transfer of
information is identified as a(n)? A. ) Covert channel B. ) Overt channel C. ) Opened channel D. ) Closed channel |
Overt channel
|
|
Covert channel is a communication channel that can be used for:
A. Hardening the system. B. Violating the security policy. C. Protecting the DMZ. D. Strengthening the security policy. |
Violating the security policy.
|
|
What is an indirect way to transmit information with no explicit reading of confidential information?
A. Covert channels B. Backdoor C. Timing channels D. Overt channels |
Covert channels
|
|
Which one of the following describes a covert timing channel?
A. Modulated to carry an unintended information signal that can only be detected by special, sensitive receivers. B. Used by a supervisor to monitor the productivity of a user without their knowledge. C. Provides the timing trigger to activate a malicious program disguised as a legitimate function. D. Allows one process to signal information to another by modulating its own use of system resources. |
Allows one process to signal information to another by modulating its own use of system resources.
|
|
Covert channel analysis is required for
A. Systems processing Top Secret or classified information. B. A Trusted Computer Base with a level of trust B2 or above. C. A system that can be monitored in a supervisor state. D. Systems that use exposed communication links. |
A Trusted Computer Base with a level of trust B2 or above.
|
|
In multi-processing systems, which one of the following lacks mandatory controls and is NORMALLY AVOIDED for communication?
A. Storage channels B. Covert channels C. Timing channels D. Object channels |
Covert channels
|
|
What security risk does a covert channel create?
A. A process can signal information to another process. B. It bypasses the reference monitor functions. C. A user can send data to another user. D. Data can be disclosed by inference |
It bypasses the reference monitor functions.
|
|
What is the essential difference between a self-audit and an independent audit?
A. ) Tools used B. ) Results C. ) Objectivity D. ) Competence |
Objectivity
|
|
What is called the formal acceptance of the adequacy of a system's overall security by the management?
A. ) Certification B. ) Acceptance C. ) Accreditation D. ) Evaluation |
Accreditation
|
|
FIPS-140 is a standard for the security of:
A. ) Cryptographic service providers B. ) Smartcards C. ) Hardware and software cryptographic modules D. ) Hardware security modules |
Hardware and software cryptographic modules
|
|
Which of the following will you consider as the MOST secure way of authentication?
A. Biometric B. Password C. Token D. Ticket Granting |
Biometric
|
|
In biometric identification systems, at the beginning, it was soon apparent that truly positive identification could only be based on physical attributes of a person. This raised the necessicity of answering 2 questions:
A. ) what was the sex of a person and his age B. ) what part of the body to be used and how to accomplish identification to be viable C. ) what was the age of a person and his income level D. ) what was the tone of the voice of a person and his habits |
what part of the body to be used and how to accomplish identification to be viable
|
|
What is called the percentage of invalid subjects that are falsely accepted?
A. ) False Rejection Rate (FRR) or Type I Error B. ) False Acceptance Rate (FAR) or Type II Error C. ) Crossover Error Rate (CER) D. ) True Acceptance Rate (TAR) or Type III error |
False Acceptance Rate (FAR) or Type II Error
|
|
Which of the following biometrics devices has the highs Crossover Error Rate (CER)?
A. ) Iris scan B. ) Hang Geometry C. ) Voice pattern D. ) Fingerprints |
Voice pattern
|
|
Which of the following biometric parameters are better suited for authentication use over a long
period of time? A. ) Iris pattern B. ) Voice pattern C. ) Signature dynamics D. ) Retina pattern |
Iris pattern
|
|
Which one of the following is the MOST critical characteristic of a biometrics system?
A. Acceptability B. Accuracy C. Throughput D. Reliability |
Accuracy
|
|
Which of the following biometric devices has the lowest user acceptance level?
A. ) Voice recognition B. ) Fingerprint scan C. ) Hand geometry D. ) Signature recognition |
Fingerprint scan
|
|
Biometric performance is most commonly measured in terms of:
A. FRR and FAR B. FAC and ERR C. IER and FAR D. FRR and GIC |
FRR and FAR
|
|
What is the most critical characteristic of a biometric identifying system?
A. ) Perceived intrusiveness B. ) Storage requirements C. ) Accuracy D. ) Reliability |
Accuracy
|
|
Which of the following biometric characteristics cannot be used to uniquely authenticate an
individual's identity? A. ) Retina scans B. ) Iris scans C. ) Palm scans D. ) Skin scans |
Skin scans
|
|
In biometric identification systems, at the beginning, it was soon apparent that truly positive identification could only be based on physical attributes of a person. This raised the necessicity of answering 2 questions:
A. ) What was the sex of a person and his age B. ) what part of body to be used and how to accomplish identification to be viable C. ) what was the age of a person and his income level D. ) what was the tone of the voice of a person and his habits |
what part of body to be used and how to accomplish identification to be viable
|
|
You are comparing biometric systems. Security is the top priority. A low ________ is most important in this regard.
A. FAR B. FRR C. MTBF D. ERR |
FAR
|
|
Almost all types of detection permit a system's sensitivity to be increased or decreased during an inspection process. To have a valid measure of the system performance:
A. ) The CER is used. B. ) the FRR is used C. ) the FAR is used D. ) none of the above choices is correct |
The CER is used.
|
|
The quality of finger prints is crucial to maintain the necessary:
A. FRR B. ERR and FAR C. FAR D. FRR and FAR |
FRR and FAR
|
|
By requiring the user to use more than one finger to authenticate, you can:
A. Provide statistical improvements in EAR. B. Provide statistical improvements in MTBF. C. Provide statistical improvements in FRR. D. Provide statistical improvements in ERR. |
Provide statistical improvements in FRR.
|
|
Which of the following is being considered as the most reliable kind of personal identification?
A. Token B. Finger print C. Password D. Ticket Granting |
Finger print
|
|
Which of the following methods is more microscopic and will analyze the direction of the ridges of the fingerprints for matching?
A. None of the choices. B. Flow direct C. Ridge matching D. Minutia matching |
Minutia matching
|
|
Which of the following are the types of eye scan in use today?
A. Retinal scans and body scans. B. Retinal scans and iris scans. C. Retinal scans and reflective scans. D. Reflective scans and iris scans. |
Retinal scans and iris scans.
|
|
Which of the following eye scan methods is considered to be more intrusive?
A. Iris scans B. Retinal scans C. Body scans D. Reflective scans |
Retinal scans
|
|
Which of the following offers greater accuracy then the others?
A. Facial recognition B. Iris scanning C. Finger scanning D. Voice recognition |
Iris scanning
|
|
In addition to the accuracy of the biometric systems, there are other factors that must also be
considered: A. ) These factors include the enrollment time and the throughput rate, but not acceptability. B. ) These factors do not include the enrollment time, the throughput rate, and acceptability. C. ) These factors include the enrollment time, the throughput rate, and acceptability. D. ) These factors include the enrollment time, but not the throughput rate, neither the acceptability. |
These factors include the enrollment time, the throughput rate, and acceptability.
|
|
What physical characteristics does a retinal scan biometric device measure?
A. ) The amount of light reaching the retina B. ) The amount of light reflected by the retina C. ) The size, curvature, and shape of the retina D. ) The pattern of blood vessels at the back of the eye |
The pattern of blood vessels at the back of the eye
|
|
Type II errors occur when which of the following biometric system rates is high?
A. False accept rate B. False reject rate C. Crossover error rate D. Speed and throughput rate |
False accept rate
|
|
Which of the following are the valid categories of hand geometry scanning?
A. Electrical and image-edge detection. B. Mechanical and image-edge detection. C. Logical and image-edge detection. D. Mechanical and image-ridge detection. |
Mechanical and image-edge detection.
|
|
In the world of keystroke dynamics, what represents the amount of time you hold down in a
particular key? A. Dwell time B. Flight time C. Dynamic time D. Systems time |
Dwell time
|
|
n the world of keystroke dynamics, what represents the amount of time it takes a person to switch between keys?
A. Dynamic time B. Flight time C. Dwell time D. Systems time. |
Flight time
|
|
Which of the following are the benefits of Keystroke dynamics?
A. Low cost B. Unintrusive device C. Transparent D. All of the choices. |
All of the choices.
|
|
DSV as an identification method check against users:
A. Fingerprints B. Signature C. Keystrokes D. Facial expression |
Signature
|
|
Signature identification systems analyze what areas of an individual's signature?
A. All of the choices EXCEPT the signing rate. B. The specific features of the signature. C. The specific features of the process of signing one's signature. D. The signature rate. |
All of the choices EXCEPT the signing rate.
|
|
What are the advantages to using voice identification?
A. All of the choices. B. Timesaving C. Reliability D. Flexibility |
All of the choices.
|
|
What are the methods used in the process of facial identification?
A. None of the choices. B. Detection and recognition. C. Scanning and recognition. D. Detection and scanning. |
Detection and recognition.
|
|
In the process of facial identification, the basic underlying recognition technology of facial identification involves:
A. Eigenfeatures of eigenfaces. B. Scanning and recognition. C. Detection and scanning. D. None of the choices. |
Eigenfeatures of eigenfaces.
|
|
What is known as the probability that you are not authenticated to access your account?
A. ERR B. FRR C. MTBF D. FAR |
FRR
|
|
What is known as the chance that someone other than you is granted access to your account?
A. ERR B. FAR C. FRR D. MTBF |
FAR
|
|
What is typically used to illustrate the comparative strengths and weaknesses of each biometric technology?
A. Decipher Chart B. Zephyr Chart C. Cipher Chart D. Zapper Chart |
Zephyr Chart
|
|
In terms of the order of effectiveness, which of the following technologies is the most affective?
A. Fingerprint B. Iris scan C. Keystroke pattern D. Retina scan |
Iris scan
|
|
In terms of the order of effectiveness, which of the following technologies is the least effective?
A. Voice pattern B. Signature C. Keystroke pattern D. Hand geometry |
Signature
|
|
In terms of the order of acceptance, which of the following technologies is the LEAST accepted?
A. Fingerprint B. Iris C. Handprint D. Retina patterns |
Retina patterns
|
|
Which of the following biometric characteristics cannot be used to uniquely authenticate an individual's identity?
A. ) Retina scans B. ) Iris scans C. ) Palm scans D. ) Skin scans |
Skin scans
|
|
Which of the following is true of two-factor authentication?
A. ) It uses the RSA public-key signature based algorithm on integers with large prime factors B. ) It requires two measurements of hand geometry C. ) It does not use single sign-on technology D. ) It relies on two independent proofs of identity |
It relies on two independent proofs of identity
|
|
What is Kerberos?
A. ) A three-headed dog from Egyptian Mythology B. ) A trusted third-party authentication protocol C. ) A security model D. ) A remote authentication dial in user server |
A trusted third-party authentication protocol
|
|
Which of the following is true about Kerberos?
A. ) It utilized public key cryptography B. ) It encrypts data after a ticket is granted, but passwords are exchanged in plain text C. ) It depends upon symmetric ciphers D. ) It is a second party authentication system |
It depends upon symmetric ciphers
|
|
Kerberos depends upon what encryption method?
A. ) Public Key cryptography B. ) Private Key cryptography C. ) El Gamal cryptography D. ) Blowfish cryptography |
Private Key cryptography
|
|
The primary service provided by Kerberos is which of the following?
A. ) non-repudiation B. ) confidentiality C. ) authentication D. ) authorization |
authentication
|
|
Which of the following are authentication server systems with operational modes that can implement SS0?
A. ) Kerberos, SESAME and KryptoKnight B. ) SESAME, KryptoKnight and NetSP C. ) Kerberos and SESAME D. ) Kerberos, SESAME, KryptoKnight, and NetSP |
Kerberos, SESAME, KryptoKnight, and NetSP
|
|
Which of the following is a trusted, third party authentication protocol that was developed under Project Athena at MIT?
A. ) Kerberos B. ) SESAME C. ) KryptoKnight D. ) NetSP |
Kerberos
|
|
Which of the following is true about Kerberos?
A. ) It utilizes public key cryptography B. ) It encrypts data after a ticket is granted, but passwords are exchanged in plain text. C. ) It depends upon symmetric ciphers D. ) It is a second party authentication system |
It depends upon symmetric ciphers
|
|
One of the differences between Kerberos and KryptoKnight is that there is:
A. ) a mapped relationship among the parties takes place B. ) there is a peer-to-peer relationship among the parties with themselves. C. ) there is no peer-to-peer relationship among the parties and the KDC D. ) a peer-to-peer relationship among the parties and the KDC |
a peer-to-peer relationship among the parties and the KDC
|
|
Which of the following is the MOST secure network access control procedure to adopt when using a callback device?
A. The user enters a userid and PIN, and the device calls back the telephone number that corresponds to the userid. B. The user enters a userid, PIN, and telephone number, and the device calls back the telephone number entered. C. The user enters the telephone number, and the device verifies that the number exists in its database before calling back. D. The user enters the telephone number, and the device responds with a challenge. |
The user enters a userid and PIN, and the device calls back the telephone number that corresponds to the userid.
|
|
What is called the access protection system that limits connections by calling back the number of
a previously authorized location? A. ) Sendback system B. ) Callback forward systems C. ) Callback systems D. ) Sendback forward systems |
Callback systems
|
|
A confidential number to verify a user's identity is called a:
A. ) PIN B. ) userid C. ) password D. ) challenge |
PIN
|
|
How are memory cards and smart cards different?
A. ) Memory cards normally hold more memory than smart cards B. ) Smart cards provide a two-factor authentication whereas memory cards don't C. ) Memory cards have no processing power D. ) Only smart cards can be used for ATM cards |
Memory cards have no processing power
|
|
They in form of credit card-size memory cards or smart cards, or those resembling small calculators, are used to supply static and dynamic passwords are called:
A. ) Tickets B. ) Tokens C. ) Token passing networks D. ) Coupons |
Tokens
|
|
Tokens, as a way to identify users are subject to what type of error?
A. Token error B. Decrypt error C. Human error D. Encrypt error |
Human error
|
|
Which of the following factors may render a token based solution unusable?
A. Token length B. Card size C. Battery lifespan D. None of the choices. |
Battery lifespan
|
|
Memory only cards work based on:
A. Something you have. B. Something you know. C. None of the choices. D. Something you know and something you have. |
Something you know and something you have
|
|
Which of the following is a disadvantage of a memory only card?
A. High cost to develop. B. High cost to operate. C. Physically infeasible. D. Easy to counterfeit. |
Easy to counterfeit.
|
|
he word "smart card" has meanings of:
A. Personal identity token containing IC-s. B. Processor IC card. C. IC card with ISO 7816 interface. D. All of the choices. |
All of the choices
|
|
Processor card contains which of the following components?
A. Memory and hard drive. B. Memory and flash. C. Memory and processor. D. Cache and processor. |
Memory and processor.
|
|
Which of the following offers advantages such as the ability to use stronger passwords, easier password administration, and faster resource access?
A. ) Smart cards B. ) Single Sign-on (SSO) C. ) Kerberos D. ) Public Key Infrastructure (PKI) |
Single Sign-on (SSO)
|
|
What is the main concern with single sign-on?
A. ) Maximum unauthorized access would be possible if a password is disclosed B. ) The security administrator's workload would increase C. ) The users' password would be to hard to remember D. ) User access rights would be increased |
Maximum unauthorized access would be possible if a password is disclosed
|
|
Which of the following describes the major disadvantage of many SSO implementations?
A. ) Once a user obtains access to the system through the initial log-on they can freely roam the network resources without any restrictions B. ) The initial logon process is cumbersome to discourage potential intruders C. ) Once a user obtains access to the system through the initial log-on, they only need to logon to some applications. D. ) Once a user obtains access to the system through the initial log-on, he has to logout from all other systems |
Once a user obtains access to the system through the initial log-on they can freely roam the network resources without any restrictions
|
|
Which of the following addresses cumbersome situations where users need to log on multiple times to access different resources?
A. ) Single Sign-On (SSO) systems B. ) Dual Sign-On (DSO) systems C. ) Double Sign-On (DS0) systems D. ) Triple Sign-On (TSO) systems |
Single Sign-On (SSO) systems
|
|
A method for a user to identify and present credentials only once to a system is known as:
A. SEC B. IPSec C. SSO D. SSL |
SSO
|
|
Which of the following correctly describe the features of SSO?
A. More efficient log-on. B. More costly to administer. C. More costly to setup. D. More key exchanging involved. |
More efficient log-on.
|