Question;Exam QuestionsPart 1: True or False Questions (2 points each).1.T F The advantage of a stream cipher is that you can reuse keys.Answer: _____2.T F A message authentication code is a small block of data generated by apublic key and appended to a message. Answer: ____3.T F The strength of a hash function against brute-force attacks depends solelyon the length of the hash code produced by the algorithm.Answer: _____4.T F Public-key algorithms are based on simple operations on bit patterns.Answer: _____5.T F User authentication is a procedure that allows communicating parties toverify that the contents of a received message have not been altered and that thesource is authentic. Answer: _____6.T F Depending on the application, user authentication on a biometric systeminvolves either verification or identification. Answer: _____7.T F In a biometric scheme some physical characteristic of the individual ismapped into a digital representation. Answer: _____8.T F Any program that is owned by the ?superuser? potentially grantsunrestricted access to the system to any user executing that program.Answer: _____9.TF10.T F Security labels indicate which system entities are eligible to access certainresources.Answer: _____Reliable input is an access control requirement. Answer: _____Part 2: Multiple Choice Questions (3 points each).1. A(n) _________ is an attempt to learn or make use of information from thesystem that does not affect system resources.A. passive attackB. outside attackC. inside attackD. active attackAnswer: _____2. The _________ prevents the normal use or management of communicationsfacilities.A. passive attackB. denial of serviceC. traffic encryptionD. masqueradeAnswer: _____3. Maintaining and improving the information security risk management process inresponse to incidents is part of the _________ step.A. checkC. actB. doD. planAnswer: _____4. The intent of the ________ is to provide a clear overview of how anorganization?s IT infrastructure supports its overall business objectives.A. risk registerC. vulnerability sourceB. corporate security policyD. threat assessmentAnswer: _____5. The _________ approach involves conducting a risk analysis for theorganization?s IT systems that exploits the knowledge and expertise of theindividuals performing the analysis.A. baselineC. detailedB. combinedD. informal6. _______ controls are pervasive, generic, underlying technical IT securitycapabilities that are interrelated with many other controls.A. PreventativeC. OperationalB. SupportiveD. Detection and recoveryAnswer: _____7. Management should conduct a ________ to identify those controls that are mostappropriate and provide the greatest benefit to the organization given the availableresources.A. cost analysisC. benefit analysisB. business analysisD. none of the aboveAnswer: _____8. Maintenance of security controls, security compliance checking, change andconfiguration management, and incident handling are all included in the followup stage of the _________ process.A. managementC. maintenanceB. security awareness and trainingD. all of the aboveAnswer: _____9. The ________ access mode allows the subject only write access to the object.A. readB. appendC. writeD. executeAnswer: _____10. ?An individual (or role) may grant to another individual (or role) access to adocument based on the owner?s discretion, constrained by the MAC rules?describes the _________.A. ss-propertyC. *-propertyB. ds-propertyD. cc-property11. Inserting a new row at a lower level without modifying the existing row at thehigher level is known as ________.A. polyinstantiationC. trustB. ds-propertyD. MACAnswer: _____12. The __________ is the encryption algorithm run in reverse.A. cryptanalysisC. ciphertextB. plaintextD. none of the aboveAnswer: _____13. __________ is a block cipher in which the plaintext and ciphertext are integersbetween 0 and n-1 for some n.A. DSSC. SHAB. RSAD. AESAnswer: _____14. A _________ protects against an attack in which one party generates a messagefor another party to sign.A. data authenticatorC. secure hashB. strong hash functionD. digital signatureAnswer: _____15. Presenting or generating authentication information that corroborates the bindingbetween the entity and the identifier is the ___________.A. identification stepB. authentication stepC. verification stepD. corroboration step16. A __________ strategy is one in which the system periodically runs its ownpassword cracker to find guessable passwords.A. reactive password checkingB. computer-generated passwordC. proactive password checkingD. user educationAnswer: _____17. A __________ attack is directed at the user file at the host where passwords arestored.A. eavesdroppingB. clientC. denial-of-serviceD. hostAnswer: _____18. __________ is the traditional method of implementing access control.A. MACC. DACB. RBACD. MBACAnswer: _____19. A __________ is a named job function within the organization that controls thiscomputer system.A. userC. permissionB. roleD. sessionAnswer: _____20. An approval to perform an operation on one or more RBAC protected objects is_________.A. supportC. exclusive roleB. prerequisiteD. none of the abovePart 3: Short Answers (2 points each).1. Also referred to as single-key encryption, the universal technique for providingconfidentiality for transmitted or stored data is __________.Answer:2. A __________ exploits the characteristics of the algorithm to attempt to deduce the key being used.Answer:3. A __________ processes the input elements continuously, producing output oneelement at a time.Answer:4. A __________ is one that is unpredictable without knowledge of the input keyand which has an apparently random character.Answer:5. With the __________ strategy a user is allowed to select their own password, butthe system checks to see if the password is allowable.Answer:6. Objects that a user possesses for the purpose of user authentication are called__________.Answer:7. A __________ attempts to authenticate an individual based on his or her uniquephysical characteristics.Answer:8. Basic access control systems typically define three classes of subject: ________.Answer:9. The __________ is exempt from the usual file access control constraints and hassystem wide access.Answer:10. __________ enables the definition of a set of mutually exclusive roles, such thatif a user is assigned to one role in the set, the user may not be assigned to anyother role in the set.
Paper#36763 | Written in 18-Jul-2015Price : $27