Quiz 2 Material

Question 1

Each layer of code needs appropriate hardening measures in place to provide appropriate security services. T/F

Answer 1

True

Question 2

It is possible for a system to be compromised during the installation process. T/F

Answer 2

True

Question 3

The default configuration for many operating systems (OS) usually maximizes security. T/F

Answer 3

False

Question 4

A malicious driver can potentially bypass many security controls to install malware T/F

Answer 4

True

Question 5

Performing regular backups of data on a system is a critical control that assists with maintaining the integrity of the system and user data. T/F

Answer 5

True

Question 6

Many users choose a password that is too short or too easy to guess because it is hard for users to remember long and random passwords

Answer 6

True

Question 7

User authentication is a procedure that allows communicating parties to verify that the contents of a received message have not been altered and the source is authentic T/F

Answer 7

False

Question 8

In a biometric scheme some physical characteristics of the individual is mapped into a digital representation T/F

Answer 8

True

Question 9

What needs to be taken into consideration during the system security planning process?

Answer 9

• How users are authenticated
• The categories of users of the systems
  What access the system has to information stored on other hosts

Question 10

Which steps should be used to secure an operating system?

Answer 10

1. Test the security of the basic OS
2. remove unnecessary services
3. Install and patch the operating system.

Question 11

____ applications is a control that limits the programs that can execute on the system to just those in an explicit list.

Answer 11

White Listing

Question 12

Presenting or generating authentication information that corroborates the binding between the entity and the identifier is the _____

Answer 12

verification step

Question 13

Recognition by fingerprint, retina, and face are examples of ____

Answer 13

static biometrics

Question 14

Voice pattern, handwriting characteristics, and typing rhythm are examples of ____

Answer 14

dynamic biometrics

Question 15

A ____ strategy is one in which the system periodically runs its own password cracker to find guessable passwords.

Answer 15

Reactive password checking

Question 16

Each individual who is to be included in the database of authorized users must first be \_\_\_\_ in the system
A. verified
B. Identified
C. Authenticated
D. Enrolled

Answer 16

Enrolled

Question 17

When the following is an example of multi-factor authentication
A. Enter both a group password and a user password
B. Enter a pin and put a finger on fingerprint reader
C. Use an authentication token (smartcard)

Answer 17

B. Pin and fingerprint reader

Question 18

Threat to or concerns of biometric authentication

Answer 18

1. Inherent imprecision (two people may have their fingerprints digitally interpreted as the same)
2. Impersonation
3. Coercion (force user finger on reader)

Question 19

What are the TCB Requirements

Answer 19

Complete Mediation
Tamper-proof
Correct

Question 20

What is Complete Mediation

Answer 20

Abstract. The between the hardware and untrusted applications.

Question 21

How does the OS protect resources?

Answer 21

1. Authenticates a request for resources
2. Authorization or access control
3. uses mechanisms that allow various policies

Question 22

What is an execution ring?

Answer 22

Same as an execution level. You can have rings for users, admin, root, etc.

Question 23

Process A can map to a physical page of process B. T/F

Answer 23

Technically True, but it would have to be done explicitly. A cannot access B’s memory.