Mastering the Basics of Security Flashcards Preview

Security Plus > Mastering the Basics of Security > Flashcards

Flashcards in Mastering the Basics of Security Deck (25)
Loading flashcards...
1
Q
You want to ensure that data is only viewable by authorized users. What security principle are you trying to enforce?  
   
A. Confidentiality     
B. Integrity      
C. Availability      
D. Authentication
A

A. Confidentiality ensures that data is only viewable by authorized users and can be ensured with access controls and encryption. Integrity is enforced with hashing. Availability can be ensured with power and cooling systems, and various fault tolerance and redundancy techniques. Authentication proves a person’s identity and is a first step in access control, but by itself it does not provide confidentiality.

2
Q
2. Of the following choices, what is the best way to protect the confidentiality of data?   
   
A. Authentication      
B. Encryption      
C. Hashing      
D. PaaS
A
  1. B. Encryption protects the confidentiality of data. You can encrypt any type of data, including sensitive data stored on a server, a desktop, a mobile device, or within a database. Authentication proves a person’s identity and is a first step in access control, but, by itself, it does not provide confidentiality. Hashing ensures the integrity of data. Platform as a Service (PaaS) provides an easy to configure operating system for on-demand cloud computing.
3
Q
  1. You want to ensure that data has not been changed between the time when it was sent and when it arrived at its destination. What provides this assurance?

A. Confidentiality
B. Integrity
C. Availability
D. Authentication

A

B. Integrity provides assurances that data has not been modified and is enforced with hashing. Confidentiality prevents unauthorized disclosure and is enforced with access controls and encryption. Availability ensures systems are up and operational when needed and uses fault tolerance and redundancy methods. Authentication provides proof that users are who they claim to be.

4
Q
4. A database administrator is tasked with increasing the retail prices of all products in a database by 10 percent. The administrator writes a script performing a bulk update of the database and executes it. However, all retail prices are doubled (increased by 100 percent instead of 10 percent). What has been lost? 
     
A. Confidentiality      
B. Integrity      
C. Hashing      
D. Authentication
A

B. Integrity B. The database has lost integrity through an unintended change. Loss of confidentiality indicates that unauthorized users have accessed the database. Hashing can be used to verify integrity in some situations (though not in this scenario), but hashing would not be compromised. Authentication provides proof that users are who they claim to be.

5
Q
5. Your organization is addressing single points of failure as potential risks to security. What are they addressing?
      
A. Confidentiality      
B. Integrity      
C. Availability      
D. Authentication
A

C. By addressing a single point of failure (SPOF), you increase availability. An SPOF can be a drive, a server, power, cooling or any other item whose failure will cause the entire system to fail. Confidentiality is enforced with encryption, and integrity is enforced with hashing, Authentication provides proof of a user’s identity.

6
Q
  1. An organization hosts several bays of servers used to support a large online ecommerce business. Which one of the following choices would increase the availability of this datacenter?

A. Encryption
B. Hashing
C. Generators
D. Integrity

A

C. Generators can provide power to a datacenter if the power fails, ensuring that the servers within the datacenter continue to operate. Encryption increases the confidentiality of data within the datacenter. Hashing verifies integrity.

7
Q
  1. You are planning to host a free online forum for users to share IT security-related information with each other. Any user can anonymously view data. Users can post messages after logging in, but you do not want users to be able to modify other users’ posts. What levels of confidentiality, integrity, and availability should you seek?

A. Low confidentiality, low integrity, and low availability
B. Medium confidentiality, low integrity, and high availability
C. High confidentiality, low integrity, and low availability
D. Low confidentiality, medium integrity, and medium availability

A

D. Data can be viewed anonymously, so low confidentiality is acceptable. You do not want users to modify other users’ posts, so integrity is medium. The site is free but you do want users to be able to access it when needed, so availability is medium.

8
Q
  1. What is the purpose of risk mitigation?

A. Reduce the chances that a threat will exploit a vulnerability
B. Reduce the chances that a vulnerability will exploit a threat
C. Eliminate risk
D. Eliminate threats

A

<p>A. Risk mitigation reduces the chances that a threat will exploit a vulnerability. Risk is the likelihood that a threat (such as an attacker) will exploit a vulnerability (any weakness). A vulnerability cannot exploit a threat. You cannot eliminate risk or eliminate threats.
</p>

9
Q
  1. What is completed when a user’s password has been verified?

A. Identification
B. Authentication
C. Authorization
D. Access verification

A

B. A user is authenticated when the password is verified. The user claims an identity with a username. After authentication, users are authorized to access resources based on their identity, and auditing can verify what resources a user has accessed.

10
Q
  1. Which of the following formulas represent the complexity of a password policy that requires users to use only upper and lower case letters with a length of eight characters?

A. 52 ^ 8
B. 26 ^ 8
C. 8 ^ 52
D. 8 ^ 26

A

A. The correct formula is 52 ^ 8. The formula to calculate the complexity of a password is C ^ N, where C is the number of possible characters used and N is the length of the password. Since both uppercase (A-Z) and lowercase (a-z) characters are used, C is fifty-two, and the password has a stated length of eight characters.

11
Q
  1. Of the following choices, what password has a dissimilar key space than the others?

A. Secur1tyIsFun
B. Passw0rd
C. IL0ve $ ecur1ty
D. 4uBetutaOn

A

C. IL0ve $ ecur1ty has 13 characters with a mixture of all four character types (uppercase letters, lowercase letters, numbers, and symbols). This has a larger key space (more possibilities) than the other passwords. Secur1ty, Passw0rd, and 3uBetuta each use only three character types.

12
Q
  1. Robert lets you know that he is using his username as his password since it’s easier to remember. You decide to inform the user that this isn’t a secure password. What explanation would you include?

A. The password wouldn’t meet account lockout requirements
B. The password is too hard to remember C. The password is not long enough
D. The password is not complex

A

D. Strong passwords do not include any part of a username, and if just the username is used, the password would not be complex. Password characteristics are not related to account lockout (where a user account can be locked out after entering the wrong password too many times). A username as a password would not be difficult to remember. Users with long names could have extremely long passwords so they will likely meet length requirements.

13
Q
13. Your organization has implemented a self-service password reset system. What does this provide?  
    
A. Password policy     
B. Certificate reset      
C. Password recovery      
D. Previous logon notification
A

C. A self-service password reset system allows users to recover passwords without administrative intervention. A password policy ensures that users create strong passwords and change them periodically. A password reset system does not reset certificates. A previous logon notification provides notification to users when they last logged on and can help them identify if someone else is using their account.

14
Q
14. A user entered the incorrect password for his account three times in a row and can no longer log on because his account is disabled. What caused this?  
    
A. Password policy      
B. Account disablement policy      
C. Account complexity policy      
D. Account lockout policy
A

D. An account lockout policy will force an account to be locked out after the wrong password is entered a set number of times (such as after three failed attempts). A password policy ensures strong passwords are used and users change their password regularly. An account disablement policy refers to disabling inactive accounts, such as after an employee is terminated. A password policy ensures users create strong, complex passwords, but there is no such thing as an account complexity policy.

15
Q
  1. A user is issued a token with a number displayed in an LCD. What does this provide?

A. Rolling password for one-time use
B. Multifactor authentication
C. CAC
D. PIV

A

A. A token (such as an RSA token) provides a rolling password for one-time use. While it can be used with multifactor authentication (requiring the user to also enter other information such as a password), it doesn’t provide multifactor authentication by itself. A CAC and a PIV are both specialized types of smart cards that include photo identification.

16
Q
  1. Which one of the following includes a photo and can be used as identification? (Choose all that apply.)

A. CAC
B. MAC
C. DAC
D. PIV

A

A, D. A common access card (CAC) and a personal identity verification (PIV) card both include photo identification and function as smart cards. MAC and DAC are access control models, not photo IDs.

17
Q
17. Which of the following is a behavioral biometric authentication model? 
     
A. Fingerprint      
B. Token      
C. Voice recognition      
D. Iris scan
A

C. Voice recognition is a form of behavioral biometric authentication. Biometrics are the most difficult for an attacker to falsify or forge, because they represent a user based on personal characteristics. Fingerprints and iris scans are forms of physical biometric authentication. A token provides a rolling password for one-time use.

18
Q
  1. Which of the following is an example of multifactor authentication?

A. Smart card and token
B. Smart card and PIN
C. Thumbprint and voice recognition
D. Password and PIN

A

B. A smart card and PIN is an example of multifactor authentication since it uses methods from the something you have factor and something you know factor. A smart card and token are both in the something you have factor. Thumbprint and voice recognition are both in the something you are factor. A password and PIN are both in the something you know factor.

19
Q
  1. Which of the following choices is an example of using multiple authentication factors?

A. Fingerprint and retina scan
B. Smart card and token
C. Fingerprint and password
D. A password and a PIN

A

C. A fingerprint uses the something you are factor, and a password uses the something you know factor. All the other answers use examples from the same factor. A fingerprint and retina are both examples of the something you are factor. A smart card and token are both examples of the something you have factor. A password and a PIN are both examples of the something you know factor.

20
Q
  1. Of the following choices, what provides the strongest authentication?

A. Password
B. Smart card
C. Retina scan
D. Multifactor authentication

A

D. Multifactor authentication combines two or more other factors of authentication and is stronger than any authentication using a single factor. A password is something you know, a smart card is something you have, and a retina scan is based on something you are.

21
Q
  1. What is used for authentication in a Microsoft Active Directory domain?

A. RADIUS
B. TACACS +
C. Kerberos
D. NIDS

A

C. Kerberos is used as a network authentication protocol in Microsoft Active Directory domains and in UNIX realms. Kerberos uses tickets issued by a KDC. RADIUS and TACACS + are central authentication services that also provide authorization and accounting. A network-based intrusion detection service (NIDS) attempts to detect intrusions on a network.

22
Q
  1. Which of the following best describes the purpose of LDAP?

A. A central point for user management
B. Biometric authentication
C. Prevent loss of confidentiality
D. Prevent loss of integrity

A

A. The Lightweight Directory Access Protocol (LDAP) specifies formats and methods to query directories and is used to manage objects (such as users and computers) in an Active Directory domain. LDAP is not associated with biometrics. While LDAP contributes indirectly to confidentiality and integrity, it is more accurate to say that LDAP is used as a central point for user management.

23
Q
  1. A federated user database is used to provide central authentication via a web portal. What service does this database provide?

A. SSO
B. Multifactor authentication
C. CAC
D. DAC

A

A. Single sign-on (SSO) can be used to provide central authentication with a federated database and use this authentication in a nonhomogeneous environment. Multifactor authentication uses authentication from two or more factors. A common access card (CAC) is a form of photo identification and also function as a smart card. DAC is an access control model.

24
Q
  1. Of the following protocols, which one does not encrypt the entire authentication process, but instead only encrypts the password in traffic between the client and server?

A. RADIUS
B. TACACS +
C. XTACACS
D. Token

A

A. Remote Authentication Dial-In User Service (RADIUS) will encrypt the password packets between a client and a server, but it does not encrypt the entire authentication process. Terminal Access Controller Access-Control System + (TACACS +) and Extended TACACS (XTACACS) both encrypt the entire logon process. A token uses a one-time rolling password, but it is not a protocol in itself.

25
Q
  1. Which one of the following AAA protocols uses multiple challenges and responses?

A. CHAP
B. RADIUS
C. TACACS
D. TACACS +

A

D. TACACS + uses multiple challenges and responses and is an authentication, authorization, and accounting (AAA) protocol. CHAP is not an AAA protocol. RADIUS and TACACS do not use multiple challenges and responses.