Reasons people might be reluctant to use biometrics for authentication is: hygiene or fear of personal injury and false negatives (falsely not being allowed into a system).
Question 1 (3 points) Question 1 Saved
Reasons people might be reluctant to use biometrics for authentication is: hygiene or fear of personal injury and false negatives (falsely not being allowed into a system).
Question 1 options:
True
False
Save
Question 2 (3 points) Question 2 Saved
A hash algorithm uses a one-way cryptographic function, whereas both secret-key and public-key systems use two-way (i.e., reversible) cryptographic functions.
Question 2 options:
True
False
Save
Question 3 (3 points) Question 3 Saved
AES uses the Rijndael algorithm.
Question 3 options:
True
False
Save
Question 4 (3 points) Question 4 Unsaved
Encrypting a message with the sender’s private key ensures proof of receipt of a message.
Question 4 options:
True
False
Save
Question 5 (3 points) Question 5 Unsaved
Two purpose of using a salt value in storing (hashed) passwords is to prevent password duplication and thwart guessing whether a user has the same password on multiple systems.
Question 5 options:
True
False
Save
Question 6 (3 points) Question 6 Unsaved
In Role-Based Access Control Systems, a user is assigned no more than one role to limit the damage a user can do.
Question 6 options:
True
False
Save
Question 7 (3 points) Question 7 Unsaved
If person A uses AES to transmit an encrypted message to person B, which key or keys will A have to use:
Question 7 options:
A’s private key
A’s public key
B’s private key or public key
None of the keys listed above
Save
Question 8 (3 points) Question 8 Unsaved
Which one of the following is not a goal of cryptographic systems?
Question 8 options:
Nonrepudiation
Availability
onfidentiality
Integrity
Save
Question 9 (3 points) Question 9 Unsaved
Mia, Ashley, Mark, and Chris are studying at Café Roma. Who may be putting their personal information at risk (select all that apply)?
Question 9 options:
Chris logs in to eLearning to work on an assignment that does not contain sensitive information.
Ashley turns off the wireless option when working on files that don’t need an Internet connection.
Mark is paying credit card bills on-line.
Mia takes a break from studying by doing some online shopping. She buys shoes from a site she’s never visited before.
Save
Question 10 (3 points) Question 10 Unsaved
For any organization, understanding the nature of the cybersecurity threat requires knowing at least which of the following elements: (select all that apply)
Question 10 options:
number and types of security guards
number and types of vulnerabilities that exist in a system
number and types of likely threats to a system
number and types of employees
Save
Question 11 (3 points) Question 11 Unsaved
There are basically three categories of rules in control models:
Question 11 options:
Mandatory, control, and access
Discretionary, mandatory and protection
Non-discretionary, discretionary and logical control
Mandatory, discretionary, and non-discretionary
Save
Question 12 (3 points) Question 12 Unsaved
To control access by a subject (____________) to an object ( ) requires management to establish access rules.
Question 12 options:
person or program, files or device
os or memory, files or device
person or program, access or control
none of the above
Save
Question 13 (3 points) Question 13 Unsaved
__________ implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance.
Question 13 options:
Audit control
Access control
System control
Resource control
Save
Question 14 (3 points) Question 14 Unsaved
IT security management functions include:
Question 14 options:
determining organizational IT security objectives, strategies, and policies
detecting and reacting to incidents
specifying appropriate safeguards
all of the above
Save
Question 15 (3 points) Question 15 Unsaved
To counter threats to remote user authentication, systems generally rely on some form of ___________ protocol.
Question 15 options:
challenge-response
eavesdropping
Trojan horse
denial-of-service
Save
Question 16 (3 points) Question 16 Unsaved
Each individual who is to be included in the database of authorized users must first be __________ in the system.
Question 16 options:
verified
authenticated
enrolled
identified
Save
Question 17 (3 points) Question 17 Unsaved
A __________ is an entity capable of accessing objects.
Question 17 options:
group
object
subject
owner
Save
Question 18 (3 points) Question 18 Unsaved
Based on the concept in Chapter 4, the final permission bit is the _________ bit.
Question 18 options:
superuser
kernel
sticky
user
Save
Question 19 (3 points) Question 19 Unsaved
What is the general term for the process of protecting objects that are part of the multiprocessing environment?
Question 19 options:
Memory segmentation
Multitasking
Process control
Access control
Save
Question 20 (3 points) Question 20 Unsaved
__________ defines user authentication as “the process of verifying an identity claimed by or for a system entity”.
Question 20 options:
RFC4949
RFC2298
RFC2493
RFC2328
Save
Question 21 (3 points) Question 21 Unsaved
Recognition by fingerprint, retina, and face are examples of __________.
Question 21 options:
face recognition
dynamic biometrics
static biometrics
token authentication
Save
Question 22 (3 points) Question 22 Unsaved
The __________ strategy is when users are told the importance of using hard to guess passwords and provided with guidelines for selecting strong passwords.
Question 22 options:
reactive password checking
proactive password checking
user education
computer-generated password
Save
Question 23 (3 points) Question 23 Unsaved
To counter threats to remote user authentication, systems generally rely on some form of ___________ protocol.
Question 23 options:
eavesdropping
challenge-response
Trojan horse
denial-of-service
Save
Question 24 (3 points) Question 24 Unsaved
An institution that issues debit cards to cardholders and is responsible for the cardholder’s account and authorizing transactions is the _________.
Question 24 options:
cardholder
issuer
auditor
processor
Save
Question 25 (3 points) Question 25 Unsaved
Any program that is owned by, and SetUID to, the “superuser” potentially grants unrestricted access to the system to any user executing that program.
Question 25 options:
True
False
Save
Question 26 (3 points) Question 26 Unsaved
The main innovation of the NIST standard is the introduction of the RBAC System and Administrative Functional Specification,which defines the features required for an RBAC system.
Question 26 options:
True
False
Save
Question 27 (3 points) Question 27 Unsaved
__________ is the traditional method of implementing access control.
Question 27 options:
MAC
RBAC
MBAC
DAC
Save
Question 28 (3 points) Question 28 Unsaved
A concept that evolved out of requirements for military information security is ______ .
Question 28 options:
reliable input
mandatory access control
discretionary input
open and closed policies
Save
Question 29 (3 points) Question 29 Unsaved
The default set of rights should always follow the rule of least privilege or read-only access.
Question 29 options:
True
False
Save
Question 30 (3 points) Question 30 Unsaved
The principal objectives of computer security are to prevent unauthorized users from gaining access to resources, to prevent legitimate users from accessing resources in an unauthorized manner, and to enable legitimate users to access resources in an authorized manner.
Question 30 options:
True
False
Save
Question 31 (3 points) Question 31 Unsaved
__________ implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance.
Question 31 options:
Audit control
Resource control
System control
Access control
Save
Question 32 (3 points) Question 32 Unsaved
_________ is the granting of a right or permission to a system entity to access a system resource.
Question 32 options:
Authorization
Authentication
Monitoring
Control
Save
Question 33 (3 points) Question 33 Unsaved
A __________ is a named job function within the organization that controls this computer system.
Question 33 options:
permission
role
user
session
Save
Question 34 (6 points) Question 34 Unsaved
Can a user cleared for <secret; {dog, cat, pig}> have access to documents classified in each of the following ways under the military security model? (6 points)
Yes/No
<top secret; dog> _________________
<secret; {dog}> __________________
<secret; {dog, cow}> __________________
<secret; {moose}> _________________
<confidential; {dog, cat, pig}> _________
<confidential; {moose}> __________________
Question 34 options:
Spell check
Save
