Educating and Protecting and user Flashcards
As part of your training program, you’re trying to educate users on the importance of security.
You explain to them that not every attack depends on implementing advanced technological
methods. Some attacks, you explain, take advantage of human shortcomings to gain access
that should otherwise be denied. What term do you use to describe attacks of this type?
A. Social engineering
B. IDS system
C. Perimeter security
D. Biometrics
A. Social engineering uses the inherent trust in the human species, as opposed to technology,
to gain access to your environment.
Which classification of information designates that information can be released on a
restricted basis to outside organizations?
A. Private information
B. Full distribution
C. Restricted information
D. Limited distribution
D. Limited distribution information can be released to select individuals and organizations,
such as financial institutions, governmental agencies, and creditors.
You’ve recently been hired by ACME to do a security audit. The managers of this company
feel that their current security measures are inadequate. Which information access control
model prevents users from writing information down to a lower level of security and prevents
users from reading above their level of security?
A. Bell-LaPadula model
B. Biba model
C. Clark-Wilson model
D. Noninterference model
A. The Bell-LaPadula model is intended to protect confidentiality of information. This is
accomplished by prohibiting users from reading above their security level and preventing
them from writing below their security level.
The Cyberspace Security Enhancement Act gives law enforcement the right to:
A. Fine ISPs who host rogue sites
B. Gain access to encryption keys
C. Restrict information from public view
D. Stop issuance of .gov domains
B. The Cyberspace Security Enhancement Act gives law enforcement the right to gain access
to encryption keys.
For which U.S. organization was the Bell-LaPadula model designed?
A. Military
B. Census Bureau
C. Office of Management and Budget
D. Executive Office of the President
A. The Bell-LaPadula model was originally designed for use by the military.
Which of the following is another name for social engineering?
A. Social disguise
B. Social hacking
C. Wetware
D. Wetfire
C. Wetware is another name for social engineering.
The Clark-Wilson model must be accessed through applications that have predefined capabilities.
This process prevents all except:
A. Modification
B. Spam
C. Errors
D. Fraud
B. The Clark-Wilson model must be accessed through applications that have predefined
capabilities. This process prevents all the choices listed except spam.
There are two types of implicit denies. One of these can be configured so that only users
specifically named can use the service and is known as:
A. at.deny
B. at.allow
C. at.open
D. at.closed
B. at.allow configurations allow only users specifically named to use the service.
______ information is made available to either large public or specific individuals,
while ______ information is intended for only those internal to the organization.
A. Private; Restricted
B. Public; Private
C. Limited distribution; Internal
D. Public; Internal
B. Public information is made available to either large public or specific individuals, while
Private information is intended for only those internal to the organization.
Which of the following actions would not be allowed in the Bell-LaPadula model?
A. General with Top Secret clearance writing at the Top Secret level
B. Corporal with Confidential clearance writing at the Confidential level
C. General with Top Secret clearance reading at the Confidential level
D. General with Top Secret clearance writing at the Confidential level
D. The first three actions would be allowed since you can write to your level and read at
your level (or below). The situation that would not be allowed is the General with Top
Secret clearance writing at the Confidential level.
Which of the following is the best description of tailgating?
A. Following someone through a door they just unlocked
B. Figuring out how to unlock a secured area
C. Sitting close to someone in a meeting
D. Stealing information from someone’s desk
A. Tailgating is best defined as following someone through a door they just unlocked.
An NDA (nondisclosure agreement) is typically signed by?
A. Alpha testers
B. Customers
C. Beta testers
D. Focus groups
C. An NDA (nondisclosure agreement) is typically signed by beta testers.
What is the form of social engineering in which you simply ask someone for a piece of
information that you want by making it look as if it is a legitimate request?
A. Hoaxing
B. Swimming
C. Spamming
D. Phishing
D. Phishing is the form of social engineering in which you simply ask someone for a piece of
information that you want by making it look as if it is a legitimate request.
Users should be educated in the correct way to close pop-up ads in the workplace. That
method is to:
A. Click the word Close
B. Click the “X” in the top right
C. Press Ctrl+Alt+Del
D. Call IT
B. Pop-up ads should be closed by clicking the “X” in the top right.
Which act mandates national standards and procedures for the storage, use, and transmission
of personal medical information?
A. CFAA
B. HIPAA
C. GLBA
D. FERPA
B. HIPAA mandates national standards and procedures for the storage, use, and transmission
of personal medical information.
