SNHD PROTOCOLS EXAM 2025
COMPREHENSIVE SCRIPT 2026 COMPLETE
QUESTIONS AND SOLUTIONS GRADED A+
⩥ Acceptability. Answer: A measure of how acceptable the particular
characteristic is to the users of the system
⩥ circumvention. Answer: Describes the ease with which a system can
be tricked by a falsified biometric identifier
⩥ Hardware tokens. Answer: Physical devices that generate a one time
password ( something you have )
⩥ Software tokens. Answer: Applications that generate OTP
⩥ one time password. Answer: OTP passwords that expire after a time
frame of after one time usage
⩥ Authorization. Answer: What the user can access, modify, and delete
⩥ Principle of Least Privilege. Answer: The lowest level of authorization
allowed to a user to preform duties
,⩥ Allowing access. Answer: Let's us give a particular party or parties
access to a given resource
⩥ Denying access. Answer: Simply the opposite of granting access
⩥ Limiting access. Answer: Refers to allowing some access to out
resource, but only up to a certain point
⩥ sandbox. Answer: A set of resources devoted to a program, process, or
similar entity, outside of which the entity cannot operate
⩥ Revoking access. Answer: Takes access that was once allowed away
from the user.
⩥ ACLs (access control lists). Answer: The means by which we
implement authorization and deny or allow access to parties based on
what resources we have determined they should be allowed access to .
⩥ capability-based security. Answer: The use of a token that controls our
access
⩥ Read. Answer: Allowing us to access the contents of a file or directory
⩥ Write. Answer: Write to a file or directory
, ⩥ Execute. Answer: Execute the contents of the file
⩥ Network ACLs. Answer: Access controlled by the identifiers we use
for network transactions such as ip address, MAC address and ports
⩥ confused deputy problem. Answer: A type of attack that is more
common in systems that use ACLs rather than capabilities;
- when software has greater permissions than user, the user can trick the
software into misusing authority
⩥ CSRF. Answer: Cross-Site Request Forgery is an attack that causes an
end user to execute unwanted actions on a web application in which he
or she is currently authenticated. Unlike with XSS, in CSRF, the attacker
exploits the website's trust of the browser rather than the other way
around. The website thinks that the request came from the user's browser
and was actually made by the user. However, the request was planted in
the user's browser
⩥ Clickjacking Attack. Answer: also calles UI redress attack; typically
uses an inline frame, or iframe.
In a clickjacking attack, an attacker wraps a trusted page in an iframe
that places transparent image over legitimate links, graphics or form
COMPREHENSIVE SCRIPT 2026 COMPLETE
QUESTIONS AND SOLUTIONS GRADED A+
⩥ Acceptability. Answer: A measure of how acceptable the particular
characteristic is to the users of the system
⩥ circumvention. Answer: Describes the ease with which a system can
be tricked by a falsified biometric identifier
⩥ Hardware tokens. Answer: Physical devices that generate a one time
password ( something you have )
⩥ Software tokens. Answer: Applications that generate OTP
⩥ one time password. Answer: OTP passwords that expire after a time
frame of after one time usage
⩥ Authorization. Answer: What the user can access, modify, and delete
⩥ Principle of Least Privilege. Answer: The lowest level of authorization
allowed to a user to preform duties
,⩥ Allowing access. Answer: Let's us give a particular party or parties
access to a given resource
⩥ Denying access. Answer: Simply the opposite of granting access
⩥ Limiting access. Answer: Refers to allowing some access to out
resource, but only up to a certain point
⩥ sandbox. Answer: A set of resources devoted to a program, process, or
similar entity, outside of which the entity cannot operate
⩥ Revoking access. Answer: Takes access that was once allowed away
from the user.
⩥ ACLs (access control lists). Answer: The means by which we
implement authorization and deny or allow access to parties based on
what resources we have determined they should be allowed access to .
⩥ capability-based security. Answer: The use of a token that controls our
access
⩥ Read. Answer: Allowing us to access the contents of a file or directory
⩥ Write. Answer: Write to a file or directory
, ⩥ Execute. Answer: Execute the contents of the file
⩥ Network ACLs. Answer: Access controlled by the identifiers we use
for network transactions such as ip address, MAC address and ports
⩥ confused deputy problem. Answer: A type of attack that is more
common in systems that use ACLs rather than capabilities;
- when software has greater permissions than user, the user can trick the
software into misusing authority
⩥ CSRF. Answer: Cross-Site Request Forgery is an attack that causes an
end user to execute unwanted actions on a web application in which he
or she is currently authenticated. Unlike with XSS, in CSRF, the attacker
exploits the website's trust of the browser rather than the other way
around. The website thinks that the request came from the user's browser
and was actually made by the user. However, the request was planted in
the user's browser
⩥ Clickjacking Attack. Answer: also calles UI redress attack; typically
uses an inline frame, or iframe.
In a clickjacking attack, an attacker wraps a trusted page in an iframe
that places transparent image over legitimate links, graphics or form
