#31 Flashcards

1
Q

What means that only authorized people should be able to access or read specific computer systems and data?

A

Secrecy or Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Data breeches are where hackers reveal peoples credit card info. This is an example of what?

A

Secrecy or Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What means that only authorized people should have the ability to use or modify systems and data?

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Hackers who learn your password and send emails masquerading as you is what?

A

Integrity hacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What means that authorized people should always have access to their systems and data?

A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Denial of Service Attacks are where hackers overload a website with fake requests to make it slow or unreachable to others. This is an example of what?

A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

To achieve the three goals security experts start with a specification of who your “enemy” is, at an abstract level. This is called a what?

A

Threat Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What profiles attackers: their capabilities, goals and probable means of attack?

A

Threat models

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How a system is secured depends heavily on who it’s being secured against.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Often you’ll see threat models specified in terms of technical capabilities. An example of this is someone who has physical access to your laptop along with ________ _______.

A

Unlimited Time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

There are many methods for protecting computer systems, networks and data.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Two main security questions:
1.
2.

A
  1. who are you?

2. what should you have access to?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the process by which a computer understands who it is interacting with?

A

Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Three types of authentication
1.
2.
3.

A
  1. What you know
  2. What you have
  3. What you are
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Based on the knowledge of a secret that should be known only by the real user and the computer.

A

What you know

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Username and Password

A

What you know

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Based on possession of a secret token that only the real user has.

A

What you have

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Physical key and lock

A

What you have

19
Q

Based on you! You authenticate by presenting yourself to the computer.

A

What you are

20
Q

biometric authenticators, like fingerprint and iris scanners

A

What you are

21
Q

How many possible combinations for 4 digit PINs?

A

10,000

22
Q

Brute Force Attack means that it tries everything.

A

True

23
Q

How many combinations with an 8 digit PIN?

A

100 million

24
Q

How many combinations with an 8 digit PIN that has upper and lowercase as well as symbols?

A

600 trillion

25
Q

Three words together for a password would allow how many possibilities?

A

1 quadrillion

26
Q

What is even better passwords against more sophisticated kinds of attacks ?

A

Non-dictionary words

27
Q

Biometric authentication is what?

A

probabilistic

28
Q

An attacker may be able to guess your password or steal your phone but it is much harder to do both. This is an example of what ?

A

Two factor Authentication

29
Q

Once a system knows who you are it needs to know what you should be able to access, This is done through permissions or access control lists which describe what access each used has for every file, folder, or program on a computer.

A

After Authentication come Access Control

30
Q

Permissions
1.
2.
3.

A
  1. read
  2. write
  3. execute
31
Q

What allows a user to see the contents of a file

A

read

32
Q

What allows a user to modify the contents

A

write

33
Q

What allows a user to run a file

A

execute

34
Q

Three levels of Access:
1.
2.
3.

A
  1. public
  2. secret
  3. top secret
35
Q

People shouldn’t be able to read up.

A

True

36
Q

People shouldn’t be able to write down.

A

True

37
Q

“No read up, No write down.” Bell-LaPadula Model was formulated for who?

A

The US Department of Defense’s Multi-level security policy

38
Q

Chinese Wall Model

Biba Model

A

Models for Access Control

39
Q

Malicious Software

A

Malware

40
Q

Most security errors come from implementation error

A

True

41
Q

One of the holy grails of a system level security is a security kernel or a trusted computing base: A minimal set of operating system software that is close to probably secure?

A

True

42
Q

What works by having a code audited by a crowd of security- minded developers?

A

Independent Verification

43
Q

DEF CON - Las Vegas

A

True

44
Q

Operating systems attempt to sandbox, applications by giving each their own block of memory that other programs can’t touch.

A

Isolation