Exam Questions;Part 1: True or False Questions (2 points each).;1. T F The advantage of a stream cipher is that you can reuse keys.;Answer;2. T F A message authentication code is a small block of data generated by a public key and appended to a message. Answer;3. T F The strength of a hash function against brute-force attacks depends solely on the length of the hash code produced by the algorithm.;Answer;4. T F Public-key algorithms are based on simple operations on bit patterns.;Answer;5. T F User authentication is a procedure that allows communicating parties to verify that the contents of a received message have not been altered and that the source is authentic. Answer;6. T F Depending on the application, user authentication on a biometric system involves either verification or identification. Answer;7. T F In a biometric scheme some physical characteristic of the individual is mapped into a digital representation. Answer;8. T F Any program that is owned by the ?superuser? potentially grants unrestricted access to the system to any user executing that program. Answer;9. TF;10. T F Security labels indicate which system entities are eligible to access certain resources.;Answer;Reliable input is an access control requirement. Answer;Part 2: Multiple Choice Questions (3 points each).;1. A(n) _________ is an attempt to learn or make use of information from the system that does not affect system resources.;A. passive attack;B. outside attack;C. inside attack;D. active attack;Answer;2. The _________ prevents the normal use or management of communications facilities.;A. passive attack;B. denial of service;C. traffic encryption;D. masquerade;Answer;3. Maintaining and improving the information security risk management process in response to incidents is part of the _________ step.;A. check;C. act;B. do;D. plan;Answer;4. The intent of the ________ is to provide a clear overview of how an;organization?s IT infrastructure supports its overall business objectives.;A. risk register;C. vulnerability source;B. corporate security policy;D. threat assessment;Answer;5. The _________ approach involves conducting a risk analysis for the organization?s IT systems that exploits the knowledge and expertise of the individuals performing the analysis.;A. baseline;C. detailed;B. combined;D. informal;6. _______ controls are pervasive, generic, underlying technical IT security capabilities that are interrelated with many other controls.;A. Preventative;C. Operational;B. Supportive;D. Detection and recovery;Answer;7. Management should conduct a ________ to identify those controls that are most appropriate and provide the greatest benefit to the organization given the available resources.;A. cost analysis;C. benefit analysis;B. business analysis;D. none of the above;Answer;8. Maintenance of security controls, security compliance checking, change and configuration management, and incident handling are all included in the followup stage of the _________ process.;A. management;C. maintenance;B. security awareness and training;D. all of the above;Answer;9. The ________ access mode allows the subject only write access to the object.;A. read;B. append;C. write;D. execute;Answer;10. ?An individual (or role) may grant to another individual (or role) access to a document based on the owner?s discretion, constrained by the MAC rules? describes the _________.;A. ss-property;C. *-property;B. ds-property;D. cc-property;11. Inserting a new row at a lower level without modifying the existing row at the higher level is known as ________.;A. polyinstantiation;C. trust;B. ds-property;D. MAC;Answer;12. The __________ is the encryption algorithm run in reverse.;A. cryptanalysis;C. ciphertext;B. plaintext;D. none of the above;Answer;13. __________ is a block cipher in which the plaintext and ciphertext are integers between 0 and n-1 for some n.;A. DSS;C. SHA;B. RSA;D. AES;Answer;14. A _________ protects against an attack in which one party generates a message for another party to sign.;A. data authenticator;C. secure hash;B. strong hash function;D. digital signature;Answer;15. Presenting or generating authentication information that corroborates the binding between the entity and the identifier is the ___________.;A. identification step;B. authentication step;C. verification step;D. corroboration step;16. A __________ strategy is one in which the system periodically runs its own password cracker to find guessable passwords.;A. reactive password checking;B. computer-generated password;C. proactive password checking;D. user education;Answer;17. A __________ attack is directed at the user file at the host where passwords are stored.;A. eavesdropping;B. client;C. denial-of-service;D. host;Answer;18. __________ is the traditional method of implementing access control.;A. MAC;C. DAC;B. RBAC;D. MBAC;Answer;19. A __________ is a named job function within the organization that controls this computer system.;A. user;C. permission;B. role;D. session;Answer;20. An approval to perform an operation on one or more RBAC protected objects is _________.;A. support;C. exclusive role;B. prerequisite;D. none of the above;Part 3: Short Answers (2 points each).;1. Also referred to as single-key encryption, the universal technique for providing confidentiality for transmitted or stored data is __________.;Answer;2. A __________ exploits the characteristics of the algorithm to attempt to deduce the key being used.;Answer;3. A __________ processes the input elements continuously, producing output one element at a time.;Answer;4. A __________ is one that is unpredictable without knowledge of the input key and which has an apparently random character.;Answer;5. With the __________ strategy a user is allowed to select their own password, but the system checks to see if the password is allowable.;Answer;6. Objects that a user possesses for the purpose of user authentication are called __________.;Answer;7. A __________ attempts to authenticate an individual based on his or her unique physical characteristics.;Answer;8. Basic access control systems typically define three classes of subject: ________.;Answer;9. The __________ is exempt from the usual file access control constraints and has system wide access.;Answer;10. __________ enables the definition of a set of mutually exclusive roles, such that if a user is assigned to one role in the set, the user may not be assigned to any other role in the set.
Paper#66552 | Written in 18-Jul-2015Price : $27