INF4831 INFORMATION SECURITY QUESTIONS AND ANSWERS
A+ GRADED. Buy Quality Materials!
The following are logical controls:
encryption, passwords and usernames.
Threats exploit or take advantage of existing vulnerabilities.
True
A vulnerability
is a weakness that can be used to harm us.
The chief security officer for your company creates a new set of security
guidelines in order to keep customers data more secure. This is an example of
administrative control
The Parkerian hexad is the oldest and simplest model used to discuss
information security issues.
False
Defense in depth is a concept which
advocates multiple layers should be used to help prevent information security attacks.
Confidentiality refers to
keeping information private
Preserving the integrity of information means
Preventing information from being favricated, modified or interrupted
Which category of attack is an attack against confidentiality
Interception
Insuring information is available means preventing it from being fabricated,
modified or interrupted
False
If we are using an identification card as the basis of our authentication scheme,
what step might we add to the process to move to multifactor authentication?
A software-based security token
What is identity verification?
Support for the claim of what someone or something is.
What biometric factor describes how well a characteristic resists change over
time?
Permanence
Which of the following is not a factor in the performance of a biometric system?
False acquaintances
Biometric identifiers are impossible to falsify.
False
What do we call the process in which the client authenticates to the server and
the server authenticates to the client?
Mutual authentication
The most complex passwords consists of.
uppercase and lowercase letters and numbers and symbols.
, Which of the following is not a biometric identifier?
A complicated password.
Identification
is the claim of what someone or something is.
What is authentication?
Establishment of whether a claim of identity is correct.
Establishment of whether a claim of identity is correct.
Authorization
CAPTCHA is an acronym which stands for
Completely Automated Public Turing test to tell Computers and Humans Apart.
This access control model allows the owner of a resource to decide who does
and does not have access.
Discretionary access control
Which type of access control would be used in the case where we want to prevent
users from logging in to their accounts after business hours?
Attribute-based access controls
Why does access control based on MAC addresses of the systems on our
network not provide strong security?
Because MAC addresses can be changed with software.
Network ACLs typically control access with Internet Protocol (IP) addresses,
Media Access Control (MAC) addresses and
ports
This process allows, limits, denies or revokes the uses of resources.
Access control
Access control lists (ACLs) are a very common choice of access control
implementation.
True
The two main methods of access controls are
access control lists and capabilities.
The principle of least privilege dictates
give bare minimum access to a user based on that user's functionality.
One benefit of logging is
it gives a history of activities that have taken place in a computing environment.
In nonrepudiation
sufficient evidence exists as to prevent denial of an action.
Authentication is provides a means to trace activities and accountability is a set
of methods used to establish identity.
False
Accountability is of little value against misbehavior
False
Some people consider accountability a bad idea because it
is akin to Big Brother watching over your shoulder.
The ultimate goal in performing assessments is to find and fix vulnerabilities
before attackers do.
True
A+ GRADED. Buy Quality Materials!
The following are logical controls:
encryption, passwords and usernames.
Threats exploit or take advantage of existing vulnerabilities.
True
A vulnerability
is a weakness that can be used to harm us.
The chief security officer for your company creates a new set of security
guidelines in order to keep customers data more secure. This is an example of
administrative control
The Parkerian hexad is the oldest and simplest model used to discuss
information security issues.
False
Defense in depth is a concept which
advocates multiple layers should be used to help prevent information security attacks.
Confidentiality refers to
keeping information private
Preserving the integrity of information means
Preventing information from being favricated, modified or interrupted
Which category of attack is an attack against confidentiality
Interception
Insuring information is available means preventing it from being fabricated,
modified or interrupted
False
If we are using an identification card as the basis of our authentication scheme,
what step might we add to the process to move to multifactor authentication?
A software-based security token
What is identity verification?
Support for the claim of what someone or something is.
What biometric factor describes how well a characteristic resists change over
time?
Permanence
Which of the following is not a factor in the performance of a biometric system?
False acquaintances
Biometric identifiers are impossible to falsify.
False
What do we call the process in which the client authenticates to the server and
the server authenticates to the client?
Mutual authentication
The most complex passwords consists of.
uppercase and lowercase letters and numbers and symbols.
, Which of the following is not a biometric identifier?
A complicated password.
Identification
is the claim of what someone or something is.
What is authentication?
Establishment of whether a claim of identity is correct.
Establishment of whether a claim of identity is correct.
Authorization
CAPTCHA is an acronym which stands for
Completely Automated Public Turing test to tell Computers and Humans Apart.
This access control model allows the owner of a resource to decide who does
and does not have access.
Discretionary access control
Which type of access control would be used in the case where we want to prevent
users from logging in to their accounts after business hours?
Attribute-based access controls
Why does access control based on MAC addresses of the systems on our
network not provide strong security?
Because MAC addresses can be changed with software.
Network ACLs typically control access with Internet Protocol (IP) addresses,
Media Access Control (MAC) addresses and
ports
This process allows, limits, denies or revokes the uses of resources.
Access control
Access control lists (ACLs) are a very common choice of access control
implementation.
True
The two main methods of access controls are
access control lists and capabilities.
The principle of least privilege dictates
give bare minimum access to a user based on that user's functionality.
One benefit of logging is
it gives a history of activities that have taken place in a computing environment.
In nonrepudiation
sufficient evidence exists as to prevent denial of an action.
Authentication is provides a means to trace activities and accountability is a set
of methods used to establish identity.
False
Accountability is of little value against misbehavior
False
Some people consider accountability a bad idea because it
is akin to Big Brother watching over your shoulder.
The ultimate goal in performing assessments is to find and fix vulnerabilities
before attackers do.
True
