#31

Question 1

What means that only authorized people should be able to access or read specific computer systems and data?

Answer 1

Secrecy or Confidentiality

Question 2

Data breeches are where hackers reveal peoples credit card info. This is an example of what?

Answer 2

Secrecy or Confidentiality

Question 3

What means that only authorized people should have the ability to use or modify systems and data?

Answer 3

Integrity

Question 4

Hackers who learn your password and send emails masquerading as you is what?

Answer 4

Integrity hacker

Question 5

What means that authorized people should always have access to their systems and data?

Answer 5

Availability

Question 6

Denial of Service Attacks are where hackers overload a website with fake requests to make it slow or unreachable to others. This is an example of what?

Answer 6

Availability

Question 7

To achieve the three goals security experts start with a specification of who your “enemy” is, at an abstract level. This is called a what?

Answer 7

Threat Model

Question 8

What profiles attackers: their capabilities, goals and probable means of attack?

Answer 8

Threat models

Question 9

How a system is secured depends heavily on who it’s being secured against.

Answer 9

True

Question 10

Often you’ll see threat models specified in terms of technical capabilities. An example of this is someone who has physical access to your laptop along with ________ _______.

Answer 10

Unlimited Time

Question 11

There are many methods for protecting computer systems, networks and data.

Answer 11

True

Question 12

Two main security questions:
1.
2.

Answer 12

1. who are you?

2. what should you have access to?

Question 13

What is the process by which a computer understands who it is interacting with?

Answer 13

Authentication

Question 14

Three types of authentication
1.
2.
3.

Answer 14

1. What you know
2. What you have
3. What you are

Question 15

Based on the knowledge of a secret that should be known only by the real user and the computer.

Answer 15

What you know

Question 16

Username and Password

Answer 16

What you know

Question 17

Based on possession of a secret token that only the real user has.

Answer 17

What you have

Question 18

Physical key and lock

Answer 18

What you have

Question 19

Based on you! You authenticate by presenting yourself to the computer.

Answer 19

What you are

Question 20

biometric authenticators, like fingerprint and iris scanners

Answer 20

What you are

Question 21

How many possible combinations for 4 digit PINs?

Answer 21

10,000

Question 22

Brute Force Attack means that it tries everything.

Answer 22

True

Question 23

How many combinations with an 8 digit PIN?

Answer 23

100 million

Question 24

How many combinations with an 8 digit PIN that has upper and lowercase as well as symbols?

Answer 24

600 trillion

Question 25

Three words together for a password would allow how many possibilities?

Answer 25

1 quadrillion

Question 26

What is even better passwords against more sophisticated kinds of attacks ?

Answer 26

Non-dictionary words

Question 27

Biometric authentication is what?

Answer 27

probabilistic

Question 28

An attacker may be able to guess your password or steal your phone but it is much harder to do both. This is an example of what ?

Answer 28

Two factor Authentication

Question 29

Once a system knows who you are it needs to know what you should be able to access, This is done through permissions or access control lists which describe what access each used has for every file, folder, or program on a computer.

Answer 29

After Authentication come Access Control

Question 30

Permissions
1.
2.
3.

Answer 30

1. read
2. write
3. execute

Question 31

What allows a user to see the contents of a file

Answer 31

read

Question 32

What allows a user to modify the contents

Answer 32

write

Question 33

What allows a user to run a file

Answer 33

execute

Question 34

Three levels of Access:
1.
2.
3.

Answer 34

1. public
2. secret
3. top secret

Question 35

People shouldn’t be able to read up.

Answer 35

True

Question 36

People shouldn’t be able to write down.

Answer 36

True

Question 37

“No read up, No write down.” Bell-LaPadula Model was formulated for who?

Answer 37

The US Department of Defense’s Multi-level security policy

Question 38

Chinese Wall Model

Biba Model

Answer 38

Models for Access Control

Question 39

Malicious Software

Answer 39

Malware

Question 40

Most security errors come from implementation error

Answer 40

True

Question 41

One of the holy grails of a system level security is a security kernel or a trusted computing base: A minimal set of operating system software that is close to probably secure?

Answer 41

True

Question 42

What works by having a code audited by a crowd of security- minded developers?

Answer 42

Independent Verification

Question 43

DEF CON - Las Vegas

Answer 43

True

Question 44

Operating systems attempt to sandbox, applications by giving each their own block of memory that other programs can’t touch.

Answer 44

Isolation