CYSE 101 - JIM JONES| 110 questions| with
100% Correct Answers
Which of the following is true regarding the history of cybersecurity as presented in class and the
associated document? Correct Answer: Advances (firewalls, intrusion detection, encryption
algorithms, etc.) often followed attacks or apparent weaknesses
How do we know at what point we can consider our environment to be secure? Correct Answer:
Never; perfect security does not exist
Considering the CIA triad and the Parkerian hexad, which of the following is true? Correct
Answer: Parkerian is more complete but not as widely known
Which of the following would *not* be part of a solution in the Polycom case study? Correct
Answer: Off site backups
In a data breach (such as the OPM case) which security characteristic of data has been violated?
Correct Answer: Confidentiality
Which of the following would *not* be considered a logical (technical) control? Correct
Answer: Fences
The primary vulnerability in the Lodz Tram Hack case study was: Correct Answer: Lack of
authentication
Which of the following is *not* true about complex and automatically generated passwords that
are unique to each system and are a minimum of 30 characters in length, such as !
Hs4(j0qO$&zn1%2SK38cn^!Ks620! ? Correct Answer: Brute force password crackers will
break them as quickly as a 4-digit PIN
Which of the following about vulnerabilities and threats is *not* true? Correct Answer: A
vulnerability or a threat, but not both, are required to create risk
What does the concept of defense in depth mean? Correct Answer: Protect your data and
systems with tools and techniques from different layers
In the fake finger video from class, what was the printed circuit board used for? Correct Answer:
to etch the fingerprint
What is the difference between verification and authentication of an identity? Correct Answer:
verification is a weaker confirmation of identity than authentication
What do we call the rate at which we fail to authenticate legitimate users in a biometric system?
Correct Answer: False Rejection Rate (FRR)
, What do we call the process in which the client authenticates to the server and the server
authenticates to the client? Correct Answer: Mutual authentication
Which of the following is *not* true? Correct Answer: Voice authentication requires speech to
text capability
If we are using an 4-character password that contains only lowercase English alphabetic
characters (26 different characters), how many *more* possible passwords are there if we use a
5-character password (still only lowercase English alphabetic characters? Correct Answer:
11,424,400 more possibilities
A physical key (like for a door lock) would be described as which type of authentication factor?
Correct Answer: something you have
Which of the following is *not* a reason why an identity card alone might not make an ideal
method of authentication? Correct Answer: issued by the governmentA PIN (personal
identification number)
The confused deputy problem can allow unauthorized privilege escalation to take place; how
does this happen? Correct Answer: the user has greater privilege than the software they are
using
What biometric factor describes how well a characteristic resists change over time? Correct
Answer: Permanence
Which of the following is *not* a reason why an identity card alone might not make an ideal
method of authentication? Correct Answer: issued by the government
What is the "principle of least privilege"? Correct Answer: Users are only provided the level of
access needed for the task
What is the difference between Mandatory Access Control (MAC) and Discretionary Access
Control (DAC)? Correct Answer: In DAC, the owner of the resource determines access; in
MAC, the owner of the resource does not determines access
Which should take place first, authorization or authentication? Correct Answer: authentication
Given a file containing sensitive data and residing in a Linux operating system with some users
who should not have access to the data, would setting the file's permissions to rw-rw-rw- cause a
potential security issue? Correct Answer: no, because no users can execute the file
Which type of access control would be used in the case where we wish to prevent users from
logging in to their accounts after business hours? Correct Answer: Something you know
What does the Brewer and Nash model protect against? Correct Answer: Network traffic
sniffing
100% Correct Answers
Which of the following is true regarding the history of cybersecurity as presented in class and the
associated document? Correct Answer: Advances (firewalls, intrusion detection, encryption
algorithms, etc.) often followed attacks or apparent weaknesses
How do we know at what point we can consider our environment to be secure? Correct Answer:
Never; perfect security does not exist
Considering the CIA triad and the Parkerian hexad, which of the following is true? Correct
Answer: Parkerian is more complete but not as widely known
Which of the following would *not* be part of a solution in the Polycom case study? Correct
Answer: Off site backups
In a data breach (such as the OPM case) which security characteristic of data has been violated?
Correct Answer: Confidentiality
Which of the following would *not* be considered a logical (technical) control? Correct
Answer: Fences
The primary vulnerability in the Lodz Tram Hack case study was: Correct Answer: Lack of
authentication
Which of the following is *not* true about complex and automatically generated passwords that
are unique to each system and are a minimum of 30 characters in length, such as !
Hs4(j0qO$&zn1%2SK38cn^!Ks620! ? Correct Answer: Brute force password crackers will
break them as quickly as a 4-digit PIN
Which of the following about vulnerabilities and threats is *not* true? Correct Answer: A
vulnerability or a threat, but not both, are required to create risk
What does the concept of defense in depth mean? Correct Answer: Protect your data and
systems with tools and techniques from different layers
In the fake finger video from class, what was the printed circuit board used for? Correct Answer:
to etch the fingerprint
What is the difference between verification and authentication of an identity? Correct Answer:
verification is a weaker confirmation of identity than authentication
What do we call the rate at which we fail to authenticate legitimate users in a biometric system?
Correct Answer: False Rejection Rate (FRR)
, What do we call the process in which the client authenticates to the server and the server
authenticates to the client? Correct Answer: Mutual authentication
Which of the following is *not* true? Correct Answer: Voice authentication requires speech to
text capability
If we are using an 4-character password that contains only lowercase English alphabetic
characters (26 different characters), how many *more* possible passwords are there if we use a
5-character password (still only lowercase English alphabetic characters? Correct Answer:
11,424,400 more possibilities
A physical key (like for a door lock) would be described as which type of authentication factor?
Correct Answer: something you have
Which of the following is *not* a reason why an identity card alone might not make an ideal
method of authentication? Correct Answer: issued by the governmentA PIN (personal
identification number)
The confused deputy problem can allow unauthorized privilege escalation to take place; how
does this happen? Correct Answer: the user has greater privilege than the software they are
using
What biometric factor describes how well a characteristic resists change over time? Correct
Answer: Permanence
Which of the following is *not* a reason why an identity card alone might not make an ideal
method of authentication? Correct Answer: issued by the government
What is the "principle of least privilege"? Correct Answer: Users are only provided the level of
access needed for the task
What is the difference between Mandatory Access Control (MAC) and Discretionary Access
Control (DAC)? Correct Answer: In DAC, the owner of the resource determines access; in
MAC, the owner of the resource does not determines access
Which should take place first, authorization or authentication? Correct Answer: authentication
Given a file containing sensitive data and residing in a Linux operating system with some users
who should not have access to the data, would setting the file's permissions to rw-rw-rw- cause a
potential security issue? Correct Answer: no, because no users can execute the file
Which type of access control would be used in the case where we wish to prevent users from
logging in to their accounts after business hours? Correct Answer: Something you know
What does the Brewer and Nash model protect against? Correct Answer: Network traffic
sniffing
