Lecture 1

Question 1

What is the CIA Triad?

Answer 1

Confidentiality, Integrity and Availability

Question 2

The hardware, software, policy/procedures used to grant/restrict access, monitor/record access, identifies users accessing and determines authorization is what?

Answer 2

Access Control

Question 3

The transfer of information from an object to a subject is called what?

Answer 3

Access

Question 4

There are two types of access, what are they?

Answer 4

Physical and logical

Question 5

Access should always have an implicit what statement?

Answer 5

Implicit Deny

Question 6

What is the term that ensures that only authorized subjects can access objects?

Answer 6

Confidentiality

Question 7

What is the term that ensures that unauthorized or unwanted changes to objects are denied?

Answer 7

Integrity

Question 8

What is the term that ensures that authorized requests for objects are granted as quickly as system and network parameters allow?

Answer 8

Availability

Question 9

What are the seven categories of function or purpose of Access Controls?

Answer 9

Preventive (or preventative)
Deterrent
Detective
Corrective
Recovery
Compensation
Directive

Question 10

What are the 3 ways access controls can be implemented?

Answer 10

Physical
Technical/logical
Administrative

Question 11

Why is accountability important?

Answer 11

It holds an entity responsible for their actions online/on the system

Question 12

What steps are needed to hold someone accountable?

Answer 12

Identification
Authentication
Authorization
Auditing
Accountability

Question 13

process by which a subject professes an identity is called what?

Answer 13

Identification

Examples: userid, username

Question 14

process of verifying that a claimed identity is valid is called what?

Answer 14

Authentication

Question 15

What are the 3 factors used for authentication?

Answer 15

Something you know (password, pin)
Something you have (token, smartcard)
Something you are (fingerprint, retina scan)

Question 16

True/False: Multi-factor authentication includes having a password and a pin number to gain access

Answer 16

False

Multi-factor means using two different types of authentication like a smart card and a pin

Question 17

The process that ensures that the requested activity or object access is possible given the rights and privileges assigned to the authenticated identity, is called what?

Answer 17

Authorization

Question 18

Auditing is the process of what?

Answer 18

Tracking the activity of a subject in the system/online

Question 19

What is the weakest technique of authentication?

Answer 19

Passwords

Question 20

What type of authentication has a Cross Over Error Rate (CER)?
What does that mean?

Answer 20

Biometrics

The False Acceptance Rate and False Rejection Rate are Equal

Question 21

In Biometrics the sensitivity that is Too sensitive is considered what?

Answer 21

Type 1 errors: False Rejection

False Rejection Rate (FRR)

Question 22

In Biometrics the sensitivity that is Not sensitive enough is considered what?

Answer 22

Type 2 errors: False Acceptance

False Acceptance Rate (FAR)

Question 23

Besides sensitivity, several other factors affect the effectiveness of biometric devices. What are they? (3)

Answer 23

Enrollment Time
Throughput Rate
Acceptibility

Question 24

What are the 4 types of tokens?

Answer 24

Static
Synchronous dynamic password tokens
Asynchronous dynamic password tokens
Challenge-response tokens

Question 25

This is a mechanism that employs a third-party entity to prove identification and provide authentication.

Answer 25

Ticket

Kerberos is the most known

Question 26

Kerberos relies on what type of cryptography?

Answer 26

symmetric-key (private-key) cryptography

-Advanced Encryption Standard (AES)

Question 27

What are the two primary categories of access control techniques?

Answer 27

Discretionary Access Control (DAC)
Nondiscretionary Access Control
 -Mandatory Access Control (MAC)
 -Role Based Access Control (RBAC)
 -Task Based Access Control (TBAC)

Question 28

What type of Access Control uses ACLs?

Answer 28

Discretionary

Question 29

This type of Nondiscretionay access control uses classification labels.

Answer 29

Mandatory Access Controls (MAC)

It uses subjects and objects to identify access

Question 30

This type of Nondiscretionay access control uses the subject’s roles and tasks to define access.

Answer 30

Role Based Access Control (RBAC)

Question 31

Access control can be managed in two ways, what are they?

Answer 31

Centralized

Decentralized

Question 32

Access control administration has 3 main responsibilities. What are they?

Answer 32

Account Administration
Account, Log, and Journal Monitoring (covered later in the course)
Access Rights and Permissions

Question 33

Who is the person who has final responsibility for classifying and protecting objects?

Answer 33

The owner

Question 34

Who is the subject who has been assigned the day-to-day responsibility of properly storing and protecting objects?

Answer 34

Custodian