CYSE 101 FINAL REVIEW 2022 | with
COMPLETE SOLUTION
Which of the following would *not* be part of a solution in the Polycom case study? Correct
Answer: d. Off site backups
Which of the following is *not* true about complex and automatically generated passwords that
are unique to each system and are a minimum of 30 characters in length, such as !
Hs4(j0qO$&zn1%2SK38cn^!Ks620! ? Correct Answer: b. Brute force password crackers will
break them as quickly as a 4-digit PIN
Which of the following is true regarding the history of cybersecurity as presented in class and the
associated document? Correct Answer: a. Advances (firewalls, intrusion detection, encryption
algorithms, etc.) often followed attacks or apparent weaknesses
What does the concept of defense in depth mean? Correct Answer: d. Protect your data and
systems with tools and techniques from different layers
*D.
The primary vulnerability in the Lodz Tram Hack case study was: Correct Answer: b. Lack of
authentication
Which of the following would *not* be considered a logical (technical) control? Correct
Answer: a. fences
How do we know at what point we can consider our environment to be secure? Correct Answer:
d. Never; perfect security does not exist
Which of the following about vulnerabilities and threats is *not* true? Correct Answer: c.
Vulnerabilities and threats combine to create risk
Considering the CIA triad and the Parkerian hexad, which of the following is true? Correct
Answer: b. Parkerian is more complete but not as widely known
In a data breach (such as the OPM case) which security characteristic of data has been violated?
Correct Answer: d. Confidentiality
What do we call the process in which the client authenticates to the server and the server
authenticates to the client? Correct Answer: d. Mutual authentication
*D
What do we call the rate at which we fail to authenticate legitimate users in a biometric system?
Correct Answer: a. False Acceptance Rate (FAR)
, If we are using an identity card such as a driver's license as the basis for our authentication
scheme, which of the following additions would *not* represent multifactor authentication?
Correct Answer: d. A birth certificate
Which of the following is *not* a reason why an identity card alone might not make an ideal
method of authentication? Correct Answer: d. issued by the government
*D
A physical key (like for a door lock) would be described as which type of authentication factor?
Correct Answer: b. something you have
Which of the following is *not* true? Correct Answer: d. Voice authentication requires speech
to text capability
*D
What biometric factor describes how well a characteristic resists change over time? Correct
Answer: a. permanence
In the fake finger video from class, what was the printed circuit board used for? Correct Answer:
c. to etch the fingerprint
.
What is the difference between verification and authentication of an identity? Correct Answer:
d. verification is a weaker confirmation of identity than authentication
*D
If we are using an 4-character password that contains only lowercase English alphabetic
characters (26 different characters), how many *more* possible passwords are there if we use a
5-character password (still only lowercase English alphabetic characters? Correct Answer: a.
11,424,400 more possibilities
The confused deputy problem can allow unauthorized privilege escalation to take place; how
does this happen? Correct Answer: b. software has greater privilege than the user of the software
Given a file containing sensitive data and residing in a Linux operating system with some users
who should not have access to the data, would setting the file's permissions to rw-rw-rw- cause a
potential security issue? Correct Answer: b. yes, because other users can read and modify the
file
What is the difference between authorization and access control? Correct Answer: d.
Authorization specifies what a user can do, and access control enforces what a user can do
COMPLETE SOLUTION
Which of the following would *not* be part of a solution in the Polycom case study? Correct
Answer: d. Off site backups
Which of the following is *not* true about complex and automatically generated passwords that
are unique to each system and are a minimum of 30 characters in length, such as !
Hs4(j0qO$&zn1%2SK38cn^!Ks620! ? Correct Answer: b. Brute force password crackers will
break them as quickly as a 4-digit PIN
Which of the following is true regarding the history of cybersecurity as presented in class and the
associated document? Correct Answer: a. Advances (firewalls, intrusion detection, encryption
algorithms, etc.) often followed attacks or apparent weaknesses
What does the concept of defense in depth mean? Correct Answer: d. Protect your data and
systems with tools and techniques from different layers
*D.
The primary vulnerability in the Lodz Tram Hack case study was: Correct Answer: b. Lack of
authentication
Which of the following would *not* be considered a logical (technical) control? Correct
Answer: a. fences
How do we know at what point we can consider our environment to be secure? Correct Answer:
d. Never; perfect security does not exist
Which of the following about vulnerabilities and threats is *not* true? Correct Answer: c.
Vulnerabilities and threats combine to create risk
Considering the CIA triad and the Parkerian hexad, which of the following is true? Correct
Answer: b. Parkerian is more complete but not as widely known
In a data breach (such as the OPM case) which security characteristic of data has been violated?
Correct Answer: d. Confidentiality
What do we call the process in which the client authenticates to the server and the server
authenticates to the client? Correct Answer: d. Mutual authentication
*D
What do we call the rate at which we fail to authenticate legitimate users in a biometric system?
Correct Answer: a. False Acceptance Rate (FAR)
, If we are using an identity card such as a driver's license as the basis for our authentication
scheme, which of the following additions would *not* represent multifactor authentication?
Correct Answer: d. A birth certificate
Which of the following is *not* a reason why an identity card alone might not make an ideal
method of authentication? Correct Answer: d. issued by the government
*D
A physical key (like for a door lock) would be described as which type of authentication factor?
Correct Answer: b. something you have
Which of the following is *not* true? Correct Answer: d. Voice authentication requires speech
to text capability
*D
What biometric factor describes how well a characteristic resists change over time? Correct
Answer: a. permanence
In the fake finger video from class, what was the printed circuit board used for? Correct Answer:
c. to etch the fingerprint
.
What is the difference between verification and authentication of an identity? Correct Answer:
d. verification is a weaker confirmation of identity than authentication
*D
If we are using an 4-character password that contains only lowercase English alphabetic
characters (26 different characters), how many *more* possible passwords are there if we use a
5-character password (still only lowercase English alphabetic characters? Correct Answer: a.
11,424,400 more possibilities
The confused deputy problem can allow unauthorized privilege escalation to take place; how
does this happen? Correct Answer: b. software has greater privilege than the user of the software
Given a file containing sensitive data and residing in a Linux operating system with some users
who should not have access to the data, would setting the file's permissions to rw-rw-rw- cause a
potential security issue? Correct Answer: b. yes, because other users can read and modify the
file
What is the difference between authorization and access control? Correct Answer: d.
Authorization specifies what a user can do, and access control enforces what a user can do
