Unit 2

Question 1

Which scenario is an example of a physical security issue?

Attackers can sniff (or eavesdrop) network traffic by remotely installing malware on the router through a 0-day vulnerability.
Attackers can cut the power of the data center and cause downtime to the victim server.
Attackers can access the victim website through Ethernet.
Attackers can trick an insider in the company and convince them to give the attacker administrator access to the internal network.

Answer 1

Attackers can cut the power of the data center and cause downtime to the victim server.
Correct! Physical security focuses on protecting information systems from attacks that are caused by attackers having physical access to these systems. Accessing the power supply of a data center, cutting the power supply, and causing downtime is covered under physical security.

Question 2

Which means of threat control is usually sufficient, even when the attacker has physical access to the victim’s information system (e.g., workstations, servers, desktops, networks, etc.)?

Escorted access
Single-file encryption
Username and password for Linux login screen
Full-disk encryption

Answer 2

Escorted access is usually sufficient to ensure that the attacker does not attack information systems or cause damage to information systems, as long as the escorting personnel is qualified.

Question 3

Which threat is specific to physical security?

Never backup data on the development server
Losing the media (such as the cellphone) for two-factor authentication (2FA)
Downloading software from untrusted websites
Earthquakes

Answer 3

Correct! Earthquakes are a significant threat to physical security. Earthquakes may deactivate protection mechanisms (such as electronic door locks) or damage information systems (such as causing data losses in storage servers). Additionally, earthquakes are a big source of secondary disasters, such as explosions, gas leak, structural failures of buildings, and power losses.

Question 4

Which example is usually considered a perimeter security control?

Badges
Gates and fences
Smart cards
Security dogs

Answer 4

Correct! Gates and fences are forms of perimeter security control. They help keep attackers and intruders away from entering critical locations.

Question 5

Under the simplified UNIX file permission model, process p has these rights on file f: rwo. What are all of the rights that process p has on file f?

Read, write, and own
Read and write
Read, write, and overwrite
A readable and writable ownership

Answer 5

Read, write, and own

Question 6

Under the simplified UNIX file permission model, process q does not have any rights on file f. If process q requests process p to grant the read permission to process q, what rights must process p have on file f?

d
o
a
w

Answer 6

o

Question 7

f g

p ao rwx

q r r

Figure: Access Control Matrix

Review Figure: Access Control Matrix. According to this access control matrix, which statement is accurate?

Process q can execute file f.
Process p is the owner of file g.
Process q can execute file g.
Process p is the owner of file f.

Answer 7

Process p is the owner of file f.

Question 8

f p: rw q: ax
g p: ao q: rw

Review Figure: Access Control List. According to this access control list, which statement is accurate?

Process p is the owner of file g.

Process p can execute file f.

Process q is the owner of file f.

Process q can execute file g.

Answer 8

Process p is the owner of file g.

Correct! o represents “own”, and process p has a and o rights on file f

Question 9

Access control can be implemented as either access control lists (ACLs) or capability lists. Which description accurately identifies what ACLs and capability lists do?

Capability lists store file permissions on a per-object basis, and ACLs store file permissions on a per-subject basis.

Both ACLs and capability lists store file permissions on a per-subject basis.

ACLs store file permissions on a per-object basis, and capability lists store file permissions on a per-subject basis.

Both ACLs and capability lists store file permissions on a per-object basis.

Answer 9

ACLs store file permissions on a per-object basis, and capability lists store file permissions on a per-subject basis.

Question 10

A human resources management system implements a restriction: A manager may only view records of paid leave and sick leave of the employees who directly report to the manager themselves. To which access control idea does this restriction belong?

Role-based access controls

Attribute-based access controls

Content-dependent access controls

Location-based access controls

Answer 10

Content-dependent access controls

Correct! Whether a manager can see paid leave and sick leave records or not is based on the actual content of the records themselves. This is a content-dependent access control.

Question 11

Which scenario is an example of a physical security issue?

Attackers can access the victim website through Wi-Fi.

Attackers can sniff (or eavesdrop) network traffic by remotely installing malware on the router through a 0-day vulnerability.

Attackers can break into the data center and destroy storage servers.

Attackers can bribe an IT personnel in the data center and convince them to give the attacker root access on the target server.

Answer 11

Attackers can break into the data center and destroy storage servers.