Chapter 1

Question 1

What is Cryptography?

Answer 1

To encode a message

Question 2

What four main areas can Cryptographic algorithms and protocols be classified?

Answer 2

Symmetric encryption, asymetric encryption, data integrity algorithms, and authentication protcols

Question 3

What is symmetric encryption

Answer 3

used to conceal the contents of blocks or streams of data of any size

Question 4

What is asymmetric encryption

Answer 4

used to conceal small blocks of data

Question 5

What is the data integrity algorithm

Answer 5

Used to protect blocks of data

Question 6

What is a authentication protocol

Answer 6

designed to authenticate the identity of entities

Question 7

What is computer Security?

Answer 7

protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources

Question 8

What are the two concepts related to confidentiality?

Answer 8

Data confidentiality and privacy

Question 9

What are the two concepts related to integrity?

Answer 9

Data and system integrity

Question 10

What is a CIA triad?

Answer 10

Integrity, Availability, Confidentiality, Authenticity, and Accountability

Question 11

What are the challenges of computer security?

Answer 11

1) requirements 2) security mechanism or algorithm 3) procedures 4) where to use security mechanism 5) security mechanisms involve more than a particular algorithm or protocol 6) Computer and network security 7) users and system managers perceive security as negative 8) Requires regular or constant monitoring 9) Security is implemented after the design of the system is completed 10) Security admins/users view strong security as a impediment

Question 12

OSI security architecture is what?

Answer 12

Focuses on security attacks, mechanisms, and services Is a recommendation by the X.800

Question 13

What is the difference between a passive and active attack?

Answer 13

Passive-eavesdropping on, or monitoring of transmissions Active-Some modification of the data stream or the creation of a false stream

Question 14

What are the four active attack categories?

Answer 14

masquerade, replay, modification of messages, and denial of service

Question 15

What is a masquerade?

Answer 15

pretending to be a different entity

Question 16

What does replay means in relation to the active attack category?

Answer 16

passive capture of data unit retransmission to produce an unauthorized effect

Question 17

What are two specific authentication services?

Answer 17

peer entity authentication- provides for the corroboration of the identity of a peer entity in an association Data origin authentication-provides for the corroboration of the source of a data unit

Question 18

What is access control?

Answer 18

the ability to limit and control the access to host systems and applications via communications links

Question 19

What is data confidentiality?

Answer 19

protection of transmitted data from passive attacks

Question 20

What is a connection-oriented integrity service?

Answer 20

assures that messages are received as sent with no duplication, insertion, modification, reordering, or replays

Question 21

What is nonrepudiation?

Answer 21

prevents either sender or receiver from denying a transmitted message

Question 22

What are the fundamental security design principles?

Answer 22

Economy of mechanism Fail-safe defaults Complete mediation Open design Separation of privilege Least privilege Least common mechanism Psychological acceptability Isolation Encapsulation Modularity Layering Least astonishment

Question 23

What is economy of mechanism?

Answer 23

design of security measures embodied in both hardware and software should be as simple and small as possible

Question 24

What is fail-safe default?

Answer 24

access decisions should be based on permission

Question 25

What is complete mediation?

Answer 25

every access must be checked against access control mechanism

Question 26

What is open design

Answer 26

design of security mechanism should be open rather than secret

Question 27

What is separation of privilege

Answer 27

practice in which multiple privilege attributes are required to achieve access to a restricted resource

Question 28

What is least privilege

Answer 28

every process and every user of the system should operate using the least set of privileges necessary to perform the task

Question 29

What is least common mechanism

Answer 29

design should minimize the functions shared by different users

Question 30

What is Psychological acceptability

Answer 30

security mechanisms should not interfere unduly with the work of users, while at the same time meeting the needs of those who authorize access

Question 31

What is isolation?

Answer 31

isolation of public access, processes and files, and security mechanisms

Question 32

What is encapsulation

Answer 32

a specific form of isolation based on object oriented functionality

Question 33

What is modularity?

Answer 33

refers to both the development of security functions as separate, protected modules and to the use of a modular architecture for mechanism design and implementation

Question 34

What is layering?

Answer 34

use of multiple, overlapping protection approaches addressing the people, technology, and operational aspects of information systems

Question 35

What is least astonishment?

Answer 35

program or user interface should always respond in the way that is least likely to astonish the user

Question 36

What is a attack surface?

Answer 36

consists of the reachable and exploitable vulnerabilities in a system ex) open ports, services, code, interfaces, and employees

Question 37

What is a network attack surface?

Answer 37

vulnerabilities over an enterprise network, WAN, or the internet

Question 38

What is a software attack surface?

Answer 38

vulnerabilities in application, utility, or operating system code

Question 39

What is a human attack surface?

Answer 39

vulnerabilities created by personnel or outsiders

Question 40

What categories of attack services are there?

Answer 40

Network, software, and human attack surface

Question 41

What is a attack tree?

Answer 41

a branching, hierarchical data structure that represents a set of potential techniques of exploiting security vulnerabilities

Question 42

What two kinds of threats can a program present?

Answer 42

Information access and service threat