The Best CNIT 270 Exam 1 Questions And
Answers
What are the 3 key security concepts of the CIA triad? Correct Answers: Confidentiality, Integrity, and
Availability
Which concept from the CIA triad preserves authorized restrictions on information access and
disclosure, including means for protecting personal privacy and proprietary information? Correct
Answers: Confidentiality
Which concept from the CIA triad guards against improper information modification or destruction,
including ensuring information nonrepudiation and authenticity? Correct Answers: Integrity
Which concept from the CIA triad ensures timely and reliable access to and use of information?
Correct Answers: Availability
In addition to the CIA triad concepts, what 3 extra concepts does the Parker Ian Hexed add? Correct
Answers: Non-repudiation, Possession/Control, Utility/Usefulness
What are the 3 types of assets? Correct Answers: Hardware, Software, and Data
What are the 4 types of harm? Correct Answers: Interception, Interruption, Modification, and
Fabrication
What are the 4 ways to prove authentication? Correct Answers: what you know, what you are, what
you have, where you are
What are "should do" NIST Guidelines for passwords? Correct Answers: favor the user, size matters,
allow all UNICODE characters, check against a dictionary of known bad choices
What are "should not do" NIST Guidelines for passwords? Correct Answers: have composition rules,
password hints, expiration without reason, SMS in two factor authentication, knowledge-based
authentication
What is a Smart Card? Correct Answers: looks like a credit card but contains an entire
microprocessor. a way of authenticating with what you have.
What is access control? Correct Answers: Technology or procedures that implement a security policy
to specify who or what may have access to each specific system resource and the type of access
permitted in each instance.
What are the 4 types of access control policies? Correct Answers: Discretionary (DAC), Mandatory
(MAC), Role-based (RBAC), and Attribute-based (ABAC).
What does Set GUID do? Correct Answers: Temporarily uses rights of the file owner/group in addition
to real user's rights when making access control decisions. Enables privileged programs to access
files/resources no generally accessible.
, What is a sticky bit? Correct Answers: When applied to a directory it specifies that only the owner of
any file in the directory can rename, move, or delete that file.
What is a super user? Correct Answers: A user that is exempt from usual access control restrictions
and has system-wide access. This account can take ownership and change the permissions of all
objects in the system. "ROOT"
What is Role-based access control? Correct Answers: Controls based on the roles that users have
within the system and on rules stating what accesses are allowed to users in given roles.
What is Discretionary access control? Correct Answers: Controls based on the ID of the requestor.
What is Mandatory access control? Correct Answers: Controls are based on comparing labels
indicating sensitivity of resources with security clearances. Entities with clearance cannot enabled
other entities access to that resource.
What is Attribute-based access control? Correct Answers: Controls access based on attributes of the
user, the resource, and current environmental conditions.
What are mutually exclusive roles in terms of RBAC? Correct Answers: A user can only be assigned
to one role in the set. Any permission can be granted to only one role in the set.
What is cardinality in terms of RBAC? Correct Answers: Setting a maximum number with respect to
roles.
What are prerequisite roles in terms of RBAC? Correct Answers: Dictates that a user can only be
assigned to a particular role if it is already assigned to some other specified role.
What are 4 methods of procedural access control? Correct Answers: 1) Separation of duties
2) Job rotation
3) Mandatory vacations
4) Principle of least privilege
What is separation of duties in terms of procedural access control? Correct Answers: If a fraudulent
process is going to be put into action, it should be divided between two or more individuals. No single
person should be able to carry out certain processes unilaterally.
What is job rotation in terms of procedural access control? Correct Answers: Limits the amount of
time that individuals can manipulate security configurations. Exposes potential fraud by having
multiple individuals learn about the job and possible uncover vulnerabilities. Can reduce burnout in
employees.
What are mandatory vacations in terms of procedural access control? Correct Answers: For sensitive
positions, individuals are mandated to take vacation and security audits are conducted while they are
away.
What is the principle of least privilege in terms of procedural access control? Correct Answers: Limit
access to the minimum required to do the job. Eliminate unnecessary privileges. Should apply to
users and processes.
Answers
What are the 3 key security concepts of the CIA triad? Correct Answers: Confidentiality, Integrity, and
Availability
Which concept from the CIA triad preserves authorized restrictions on information access and
disclosure, including means for protecting personal privacy and proprietary information? Correct
Answers: Confidentiality
Which concept from the CIA triad guards against improper information modification or destruction,
including ensuring information nonrepudiation and authenticity? Correct Answers: Integrity
Which concept from the CIA triad ensures timely and reliable access to and use of information?
Correct Answers: Availability
In addition to the CIA triad concepts, what 3 extra concepts does the Parker Ian Hexed add? Correct
Answers: Non-repudiation, Possession/Control, Utility/Usefulness
What are the 3 types of assets? Correct Answers: Hardware, Software, and Data
What are the 4 types of harm? Correct Answers: Interception, Interruption, Modification, and
Fabrication
What are the 4 ways to prove authentication? Correct Answers: what you know, what you are, what
you have, where you are
What are "should do" NIST Guidelines for passwords? Correct Answers: favor the user, size matters,
allow all UNICODE characters, check against a dictionary of known bad choices
What are "should not do" NIST Guidelines for passwords? Correct Answers: have composition rules,
password hints, expiration without reason, SMS in two factor authentication, knowledge-based
authentication
What is a Smart Card? Correct Answers: looks like a credit card but contains an entire
microprocessor. a way of authenticating with what you have.
What is access control? Correct Answers: Technology or procedures that implement a security policy
to specify who or what may have access to each specific system resource and the type of access
permitted in each instance.
What are the 4 types of access control policies? Correct Answers: Discretionary (DAC), Mandatory
(MAC), Role-based (RBAC), and Attribute-based (ABAC).
What does Set GUID do? Correct Answers: Temporarily uses rights of the file owner/group in addition
to real user's rights when making access control decisions. Enables privileged programs to access
files/resources no generally accessible.
, What is a sticky bit? Correct Answers: When applied to a directory it specifies that only the owner of
any file in the directory can rename, move, or delete that file.
What is a super user? Correct Answers: A user that is exempt from usual access control restrictions
and has system-wide access. This account can take ownership and change the permissions of all
objects in the system. "ROOT"
What is Role-based access control? Correct Answers: Controls based on the roles that users have
within the system and on rules stating what accesses are allowed to users in given roles.
What is Discretionary access control? Correct Answers: Controls based on the ID of the requestor.
What is Mandatory access control? Correct Answers: Controls are based on comparing labels
indicating sensitivity of resources with security clearances. Entities with clearance cannot enabled
other entities access to that resource.
What is Attribute-based access control? Correct Answers: Controls access based on attributes of the
user, the resource, and current environmental conditions.
What are mutually exclusive roles in terms of RBAC? Correct Answers: A user can only be assigned
to one role in the set. Any permission can be granted to only one role in the set.
What is cardinality in terms of RBAC? Correct Answers: Setting a maximum number with respect to
roles.
What are prerequisite roles in terms of RBAC? Correct Answers: Dictates that a user can only be
assigned to a particular role if it is already assigned to some other specified role.
What are 4 methods of procedural access control? Correct Answers: 1) Separation of duties
2) Job rotation
3) Mandatory vacations
4) Principle of least privilege
What is separation of duties in terms of procedural access control? Correct Answers: If a fraudulent
process is going to be put into action, it should be divided between two or more individuals. No single
person should be able to carry out certain processes unilaterally.
What is job rotation in terms of procedural access control? Correct Answers: Limits the amount of
time that individuals can manipulate security configurations. Exposes potential fraud by having
multiple individuals learn about the job and possible uncover vulnerabilities. Can reduce burnout in
employees.
What are mandatory vacations in terms of procedural access control? Correct Answers: For sensitive
positions, individuals are mandated to take vacation and security audits are conducted while they are
away.
What is the principle of least privilege in terms of procedural access control? Correct Answers: Limit
access to the minimum required to do the job. Eliminate unnecessary privileges. Should apply to
users and processes.
