COP4360 Final Review Multiple Choice Flashcards
A __________ is any action that compromises the security of information owned by an organization.
security mechanism
security attack
security policy
security service
Security Attack
The assurance that data received are exactly as sent by an authorized entity is __________.
data integrity
access control
data confidentiality
authentication
Data Intgerity
A threat action in which sensitive data are directly released to an unauthorized entity is __________.
disruption
corruption
intrusion
exposure
Exposure
A loss of _________ is the unauthorized disclosure of information.
integrity
confidentiality
availability
authenticity
Confidentiality
__________ is the insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.
Traffic routing
Traffic integrity
Traffic control
Traffic padding
Traffic Padding
A ________ level breach of security could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.
low
normal
moderate
high
high
Masquerade, falsification, and repudiation are threat actions that cause __________ threat consequences.
deception
disruption
usurpation
unauthorized disclosure
deception
An example of __________ is an attempt by an unauthorized user to gain access to a system by posing as an authorized user.
interception
repudiation
inference
masquerade
Masquerade
On average, __________ of all possible keys must be tried in order to achieve success with a brute-force attack
two-thirds
three-fourths
one-fourth
half
Half
A __________ is created by using a secure hash function to generate a hash value for a message and then encrypting the hash code with a private key.
secret key
digital signature
keystream
one way hash function
Digital Signature
The purpose of a __________ is to produce a “fingerprint” of a file, message, or other block of data.
keystream
secret key
digital signature
hash function
Hash Function
__________ is the scrambled message produced as output.
Cipher text
Secret key
Plain text
Cryptanalyst
Cipher Text
__________ is a block cipher in which the plaintext and ciphertext are integers between 0 and n-1 for some n.
DSS
SHA
RSA
AES
RSA
The original message or data that is fed into the algorithm is __________.
encryption algorithm
secret key
decryption algorithm
plain text
Plain Text
The __________ is the encryption algorithm run in reverse.
decryption algorithm
cipher text
plain text
encryption algorithm
Decryption Algorithm
The most important symmetric algorithms, all of which are block ciphers, are the DES, triple DES, and the __________.
AES
DSS
RSA
SHA
AES
__________ is a procedure that allows communicating parties to verify that received or stored messages are authentic.
Decryption
Collision resistance
Message authentication
Cryptanalysis
Message Authentication
If the only form of attack that could be made on an encryption algorithm is brute-force, then the way to counter such attacks would be to __________.
user more keys
use less keys
use shorter keys
user longer keys
user longer keys
Recognition by fingerprint, retina, and face are examples of __________.
face recognition
static biometrics
dynamic biometrics
token authentication
Static Biometrics
__________ defines user authentication as “the process of verifying an identity claimed by or for a system entity”.
RFC 2493
RFC 4949
RFC 2298
RFC 2328
RFC 4949
The most common means of human-to-human identification are __________.
retinal patterns
facial characteristics
signatures
fingerprints
Facial Recognition
Each individual who is to be included in the database of authorized users must first be __________ in the system.
authenticated
verified
enrolled
identified
Enrolled
Presenting or generating authentication information that corroborates the binding between the entity and the identifier is the ___________.
identification step
authentication step
verification step
corroboration step
Verification Step
A __________ is a password guessing program.
password cracker
password hash
password biometric
password salt
Password Cracker
__________ systems identify features of the hand, including shape, and lengths and widths of fingers.
Fingerprint
Hand geometry
Signature
Palm print
Hand Geometry
A __________ strategy is one in which the system periodically runs its own password cracker to find guessable passwords.
proactive password checking
user education
reactive password checking
computer-generated password
reactive password checking
The __________ strategy is when users are told the importance of using hard to guess passwords and provided with guidelines for selecting strong passwords.
reactive password checking
user education
computer-generated password
proactive password checking
User Education
To counter threats to remote user authentication, systems generally rely on some form of ___________ protocol.
challenge-response
eavesdropping
Trojan horse
denial-of-service
Challenge-Response
A concept that evolved out of requirements for military information security is ______.
open and closed policies
reliable input
mandatory access control
discretionary input
Mandatory Access Control
A __________ is an entity capable of accessing objects.
owner
subject
group
object
subject
A(n) __________ is a resource to which access is controlled.
object
owner
subject
world
Object
_________ is the granting of a right or permission to a system entity to access a system resource.
Authorization
Monitoring
Control
Authentication
Authorization
__________ implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance.
Access control
Audit control
Resource control
System control
Access Control
__________ controls access based on comparing security labels with security clearances.
RBAC
MAC
MBAC
DAC
DAC
__________ is verification that the credentials of a user or other system entity are valid.
Authorization
Authentication
Adequacy
Audit
Authentication
The final permission bit is the _________ bit.
superuser
sticky
set user
kernel
Sticky
__________ is based on the roles the users assume in a system rather than the user’s identity.
RBAC
DAC
MAC
URAC
RBAC (Role Based Access Control)
__________ is the traditional method of implementing access control.
MAC
MBAC
DAC
RBAC
Mandatory Access Control (MAC)
__________ is the process of performing authorized queries and deducing unauthorized information from the legitimate responses received.
Partitioning
Perturbation
Compromise
Inference
Inference
A _________ is defined to be a portion of a row used to uniquely identify a row in a table.
data perturbation
primary key
query
foreign key
Primary Key
A ___________ is a person or organization that maintains a business relationship with cloud providers.
cloud consumer
cloud broker
cloud carrier
cloud auditor
Cloud Consumer
__________ encompasses intrusion detection, prevention and response.
Intrusion management
Data loss prevention
Database access control
Security assessments
Intrusion Management
An end user who operates on database objects via a particular application but does not own any of the database objects is the __________.
administrator
end user other than application owner
application owner
foreign key
end user other than application owner
A(n) __________ is a structured collection of data stored for use by one or more applications.
attribute
tuple
database
inference
Database
The basic building block of a __________ is a table of data, consisting of rows and columns, similar to a spreadsheet.
relational database
DBMS
perturbation
query set
Relational Database
A _________ is a virtual table.
tuple
view
query
DBMS
view
A(n) __________ is a user who has administrative responsibility for part or all of the database.
end user other than application owner
database relations manager
administrator
application owner
Administrator
The __________ cloud infrastructure is a composition of two or more clouds that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability.
hybrid
public
private
community
hybrid
A __________ uses macro or scripting code, typically embedded in a document and triggered when the document is viewed or edited, to run and replicate itself into other such documents.
macro virus
boot sector infector
mulipartite virus
file infector
macro virus
A __________ is code inserted into malware that lies dormant until a predefined condition, which triggers an unauthorized act, is met.
trapdoor
trojan horse
worm
logic bomb
Logic Bomb
__________ are used to send large volumes of unwanted e-mail.
Spammer programs
Rootkits
Downloaders
Auto-rooter
Spammer Programs