Weaknesses 3-21

Question 1

Piggybacking can best be prevented by which physical control?

Answer 1

Mantrap

Question 2

An audit trail not only reveals the who, what, where, and how for logged activity–but also what?

Answer 2

Separation of duties

Question 3

Why is a password generator a less effective security control than others such as using dictionary attack tools or just hiding cleartext?

Answer 3

Because they often cause users to write their passwords down, which creates a new vulnerability

Question 4

A collection of data from different sources that is targeted at one group or for a specific objective is called what?

Answer 4

Datamart

Question 5

What important variable is used when evaluating the effectiveness of biometric systems?

Answer 5

Crossover Error Rate (CER)

Question 6

What is Crossover Error Rate in biometric systems?

Answer 6

The point at which false acceptance and false rejection rates are equal. Lower CER is higher accuracy.

Question 7

What type of computer memory improves system performance by acting as a special storage area for information that is retrieved often, especially while an application is in use.

Answer 7

Cache memory

Question 8

TRUE/FALSE - Database security measures can protect against buffer overflow attacks?

Answer 8

FALSE - Buffer overflows are an application weakness, not a database security weakness

Question 9

Clark-Wilson model requires users do what?

Answer 9

Use an external program to interface with an application

Question 10

The external program used in Clark-Wilson models is also referred to as what?

Answer 10

Access Triple

Question 11

What security service is provided if a sender encrypts data with the receiver’s public key?

Answer 11

Confidentiality

Question 12

TRUE/FALSE - Message Authentication Code is part of the Kerberos authentication implementation?

Answer 12

False

Question 13

In a hospital type environment, what role would be responsible for protecting health and personal information?

Answer 13

Chief Privacy Officer

Question 14

What is a common technique spammers use to hide the origin of their spam email?

Answer 14

Blacklist of companies with wide open mail server relays

Question 15

In programming, what language type represents binary to the processor?

Answer 15

Machine

Question 16

What Windows utility can be used to encrypt the database that holds all of the system’s, or network’s passwords?

Answer 16

Syskey

Question 17

Where are passwords stored in a Windows environment by default?

Answer 17

A Security Accounts Management (SAM) databse

Question 18

What is the main purpose of interrogating an employee?

Answer 18

To obtain evidence for trial

Question 19

Access controls that give subjects and objects a range of upper and lower bound capabilities are called what?

Answer 19

Lattice based

Question 20

SOAP encapsulates what?

Answer 20

Web service request and authentication data

Question 21

What is a meta-directory?

Answer 21

Central directory for all passwords and passphrases for proper password management

Question 22

TRUE/FALSE - Discretionary is not a single sign-on access approach

Answer 22

TRUE

Question 23

Platforms using the CORBA framework send requests to where?

Answer 23

Object Request Brokers (ORBs)

Question 24

OSI Data Link Layer is broken down into what two sublayers?

Answer 24

802.2 and 802.3

Question 25

Tunnel mode is used in what VPN implementations?

Answer 25

IPSec