Review Questions

1. 

Of the following choices, which technique is used to falsify or imitate another user’s identity in order to gain access to a system?

1. Sniffing.

2. Encrypting.

3. Spoofing.

4. Decrypting

2. 

Which of the following choices best describes an ACL?

1. Uses a mathematical format to determine if access should be granted.

2. Creates audit messages when protected objects receive access requests.

3. Authentication Clarification List.

4. A table used to identify user access rights assigned to an object.

3. 

Which of the following choices is used to unlock a previously encrypted message?

1. Undercover security guard.

2. Certificate Authority.

3. Private key.

4. Public key.

4. 

Which of the following choices best defines a password?

1. A token-based authentication mechanism.

2. A knowledge-based authentication mechanism.

3. A characteristic-based authentication mechanism.

4. A physical security authentication mechanism.

5. 

Which type of access control technique uses a mathematical formula or lattice to determine whether or not access should be granted to a resource?

1. LBAC.

2. DAC.

3. MAC.

4. RBAC.

6. 

Which type of access control technique is discretionary and restricts access to resources based on the identity of users and/or groups?

1. TOBACK.

2. MAC.

3. DAC.

4. TBAC.

7. 

Which of the following protocols represent centralized access control? (Choose two)

1. MAC.

2. LBAC.

3. RADIUS.

4. DAC.

5. TACACS.

8. 

Which of the following choices best represents a strong password?

1. brians.

2. An7!$4Dt.

3. bob1965.

4. 123abc.

9. 

Which of the following represent logical security controls? (Choose two)

1. Antivirus software.

2. Performance assessments.

3. Battery backups.

4. Passwords.

5. Security training.

10. 

Which of the following are considered to be Denial of Service (DoS) attack methods? (Choose three)

1. MAC attack.

2. Buffer overflow attack.

3. SYN attack.

4. Smurf attack.

5. Spam attack.

11. 

Which attack methods do crackers most commonly use to figure out passwords?

1. Ticket and token attacks.

2. SYN and Smurf attacks.

3. Buffer overflow and spamming attacks.

4. Brute force and dictionary attacks.

12. 

Which choice is an “electronic credit card” used to verify one’s identity for Internet or electronic transactions?

1. Digital certificate.

2. Token.

3. Private key.

4. Certificate authority.

13. 

Which choice compares the patterns of an attack against a known system footprint before reporting an intrusion?

1. Signature intrusion analysis.

2. Statistical intrusion analysis.

3. TACACS analysis.

4. Event Viewer analysis.

14. 

What does a Kerberos ticket do?

1. Analyzes and tests the security of a computing system.

2. Allows users to access physically secured areas.

3. Allows users access to objects.

4. It’s freeware that analyses security holes in a network

15. 

Which security model was the first mathematical security model used to address security, modes of access, and a set of rules for assigning security access rights?

1. Biba model.

2. Clark-Wilson model.

3. OSI model.

4. Bell-LaPadula model.

5. Wilson-Phillips model.

16. 

Which authentication method requires a user password and a digitally signed certificate to allow access to a system or resource?

1. Mutual.

2. Multi-factor.

3. Single Sign-On.

4. Smart card.

17. 

Which type of biometric device is considered to be the most secure?

1. Fingerprint scanner.

2. Signature scanner.

3. Security dog (K9).

4. Retina scanner.

1. 

Correct answer = C

Spoofing is used to allow intruders the ability to act or pretend to be an authorized user. Sniffing refers to the gathering of network packets. Encrypting is a conversion process where plain text is converted to cipher text through cryptography algorithms in order to make information secret or unreadable. Decrypting is the process of taking information or data that has been encrypted and transforming or deciphering it into plain text format. Cryptography methods are used for this conversion process.

2. 

Correct answer = D

An ACL (Access Control List) is a list of access rights that are assigned to an object in a system. The System Access Control List (SACL) creates the audit messages when protected objects receive access requests. The Authentication Clarification List is a trick and does not exist. Lattice-Based Access Control (LBAC) is an access control method that uses a mathematical format to determine if access should be granted to a system.

3. 

Correct answer = C

A private key is a secret part of a key pair that is used to decrypt or unlock a previously encrypted or locked message. If you picked choice A, please read Chapter 2 again. A certificate authority is a trusted provider or issuing organization that provides and guarantees digital certificates. A public key is the known part of a key pair that is used to encrypt or lock a message.

4. 

Correct answer = B

A password (which is a knowledge-based authentication method) is typically compared to a security database on a host. If all requirements are met, the user is allowed access. A smart card is a token-based authentication device or mechanism. Retina and fingerprint scanning are characteristic-based authentication mechanisms. Security guards, padlocks, and gates are examples of physical security.

5. 

Correct answer = A

LBAC uses a mathematical formula, or lattice, to determine whether or not access to a resource should be granted. DAC restricts access to resources based on the identity of users and/or groups of which they are members. This technique is referred to as discretionary because it also allows users to pass on access permissions to other users within the organization. MAC assigns hierarchical, multilevel sensitivity labels to users and data (as in the military—unclassified, confidential, secret, and top secret). RBAC enables organizational planners to put an access control policy into place that the system must abide by, rather than a policy that changes with the whim of a user or administrator.

6. 

Correct answer = C

Discretionary Access Control restricts access to resources based on the identity of users and/or groups of which they are members. This technique is referred to as discretionary because it also allows users to pass on access permissions to other users within the organization. TOBACK is the last name of a contributor of this book. Mandatory Access Control, also called nondiscretionary, uses a centralized approach to restrict access to data based on the sensitivity of the data in question. TBAC bases its access decisions on the current state of works in progress.

7. 

Correct answers = C and E

RADIUS is a scalable, client/server-based UDP protocol used to transfer authentication and authorization data between a dial-in client and a server. TACACS is a dated, remote authentication protocol typically implemented on UNIX servers. Both RADIUS and TACACS are protocols that represent centralized access control. MAC, DAC, and LBAC are not protocols; they are access control techniques and models.

8. 

Correct answer = B

A strong password should be a minimum of seven characters in length. The password should contain a combination of upper- and lowercase letters. There should be at least one number contained in the password. The password should contain at least one of the following characters: ! @#$%^&*. A password should never be a word from a dictionary, a person’s name, family name, phone number, birth date, or favorite phrase. All choices other than B do not meet these criteria.

9. 

Correct answers = A and D

Logical controls refer to systems such as access control software, antivirus software, communications hardware (routers), passwords, and smart cards. They represent the systems in place that prevent unauthorized access to digitized information. Administrative controls are the personnel-related mechanisms for managing people’s behavior. These include security training, background investigations, mandatory vacations, and performance assessments. Physical controls entail the use of instruments such as locks, fences, motion detectors, battery backups, and burglar/fire alarms. They are the material systems and devices that protect assets from theft, fire, or other means of destruction.

10. 

Correct answers = B, C, and D

A denial of service attack is designed to render a network or related service useless by flooding the network with worthless or useless network traffic. Buffer overflow, SYN, and Smurf attacks are all designed to meet these criteria. If you chose MAC attack, you are probably hungry and should get something to eat before you continue on with the next chapter. Spam is the proliferation or sending of unsolicited e-mail or electronic advertisements and messages.

11. 

Correct answer = D

Crackers most commonly use brute force and dictionary attack methods as tools of choice to figure out passwords. Tokens and tickets are used as characteristic-based authentication mechanisms. SYN, Smurf, and buffer overflow attacks are denial of service attack methods used to disable access to a network or service. Spamming attacks are used to send out unsolicited e-mail advertisements and messages.

12. 

Correct answer = A

A digital certificate is like an electronic credit card used to verify one’s credentials for Internet or e-business transactions. A token is a small credit-card sized security device that contains an ever-changing identification code, which allows its holder to access network resources. A private key is the secret part of a key pair that is used to decrypt or unlock a previously encrypted or locked message. A certificate authority is a trusted provider or issuing organization that provides and guarantees digital certificates.

13. 

Correct answer = B

Statistical intrusion analysis is the process of establishing a known footprint or baseline of a system’s usage of such things as CPU (central processing unit) utilization, disk utilization, use of user rights, user log-ins, file and folder access over time, and analyzing the system for any deviation from the system’s baseline or “normal” behavior. Signature intrusion analysis uses a method of comparing suspect system activity against a database of known attack method patterns. TACACS analysis and Event Viewer analysis are invalid choices.

14. 

Correct answer = C

The Kerberos authentication protocol uses a string of encoded messages and the issuance of special tickets to verify the identification of the user in question and allow or disallow a user’s access to objects. Non-interference is designed as a tool for analyzing or testing the security of a computing system. Kerberos has nothing to do with allowing users access to physically secured areas. A computerized or electronic door or gate pass typically provides this function. SATAN is a freeware program that analyses security holes in a network.

15. 

Correct answer = D

The Bell-LaPadula model was the first mathematical security model used to address security, modes of access, and a set of rules for assigning security access rights. The Biba security model was created to address some of the particular weaknesses in the Bell-LaPadula model. It was not the first model. The Clark-Wilson security model was developed in 1987. Its main focus is to protect the integrity of data through the use of secured programs. The OSI model is a widely accepted seven-layered reference model that identifies how data should flow from one location to another in a computer network. The Wilson-Phillips model is not a valid choice.

16. 

Correct answer = B

Multi-factor authentication is the combined use of a password as well as a key-exchange system to provide strong authentication. This type of authentication scheme should be implemented when the use of a single sign-on and password or an encrypted key system alone will not be enough security. With mutual authentication, a trust relationship is first established between a host and its intended recipients or clients. Second, digitally signed certificates are typically implemented in order to allow the host or server system to authenticate to the client system. Single Sign-On (SSO) provides a secure way for users to be authenticated just once while enabling enterprise-wide access to data. A smart card is a token-based authentication device that allows its owner to gain access to a particular service such as banking, parking, or gasoline services.

17. 

Correct answer = D

A retina scanner is currently the most secure biometric device available. Fingerprint devices and signature scanning devices are the most widely accepted forms of biometric implementation. However, they are not as secure as retina scanning devices. Although security dogs can be very faithful and effective, they are not considered to be secure biometric authentication methods.