Question 1. Reasons people might be reluctant to use biometrics for authentication is: hygiene or fear of personal injury and false negatives (falsely not being allowed into a system).

True
False

Question 2. A hash algorithm uses a one-way cryptographic function, whereas both secret-key and public-key systems use two-way (i.e., reversible) cryptographic functions.

True
False

Question 3. AES uses the Rijndael algorithm.

True
False

Question 4. Encrypting a message with the sender's private key ensures proof of receipt of a message.

True
False

Question 5. Two purpose of using a salt value in storing (hashed) passwords is to prevent password duplication and thwart guessing whether a user has the same password on multiple systems.

True
False

Question 6. In Role-Based Access Control Systems, a user is assigned no more than one role to limit the damage a user can do.

True
False

Question 7. If person A uses AES to transmit an encrypted message to person B, which key or keys will A have to use:

A's private key

A's public key

B's private key or public key

None of the keys listed above

Question 8. Which one of the following is not a goal of cryptographic systems?

Nonrepudiation

Availability

onfidentiality

Integrity

Question 9. Mia, Ashley, Mark, and Chris are studying at Café Roma. Who may be putting their personal information at risk (select all that apply)?

Chris logs in to eLearning to work on an assignment that does not contain sensitive information.

Ashley turns off the wireless option when working on files that don't need an Internet connection.

Mark is paying credit card bills on-line.

Mia takes a break from studying by doing some online shopping. She buys shoes from a site she's never visited before.

Question 10. For any organization, understanding the nature of the cybersecurity threat requires knowing at least which of the following elements: (select all that apply)

number and types of security guards

number and types of vulnerabilities that exist in a system

number and types of likely threats to a system

number and types of employees

Question 11. There are basically three categories of rules in control models:

Mandatory, control, and access

Discretionary, mandatory and protection

Non-discretionary, discretionary and logical control

Mandatory, discretionary, and non-discretionary

Question 12. To control access by a subject (____________) to an object ( ) requires management to establish access rules.

person or program, files or device

os or memory, files or device

person or program, access or control

none of the above

Question 13. __________ implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance.

Audit control

Access control

System control

Resource control

Question 14. IT security management functions include:

determining organizational IT security objectives, strategies, and policies

detecting and reacting to incidents

specifying appropriate safeguards

all of the above

Question 15. To counter threats to remote user authentication, systems generally rely on some form of ___________ protocol.

challenge-response

eavesdropping

Trojan horse

denial-of-service

Question 16. Each individual who is to be included in the database of authorized users must first be __________ in the system.

verified

authenticated

enrolled

identified

Question 17. A __________ is an entity capable of accessing objects.

group

object

subject

owner

Question 18. Based on the concept in Chapter 4, the final permission bit is the _________ bit.

superuser

kernel

sticky

user

Question 19. What is the general term for the process of protecting objects that are part of the multiprocessing environment?

Memory segmentation

Multitasking

Process control

Access control

Question 20. __________ defines user authentication as "the process of verifying an identity claimed by or for a system entity".

RFC4949

RFC2298

RFC2493

RFC2328

Question 21. Recognition by fingerprint, retina, and face are examples of __________.

face recognition

dynamic biometrics

static biometrics

token authentication

Question 22. The __________ strategy is when users are told the importance of using hard to guess passwords and provided with guidelines for selecting strong passwords.

reactive password checking

proactive password checking

user education

computer-generated password

Question 23. To counter threats to remote user authentication, systems generally rely on some form of ___________ protocol.

eavesdropping

challenge-response

Trojan horse

denial-of-service

Question 24. An institution that issues debit cards to cardholders and is responsible for the cardholder's account and authorizing transactions is the _________.

cardholder

issuer

auditor

processor

Question 25. Any program that is owned by, and SetUID to, the "superuser" potentially grants unrestricted access to the system to any user executing that program.

True
False

Question 26. The main innovation of the NIST standard is the introduction of the RBAC System and Administrative Functional Specification,which defines the features required for an RBAC system.

True
False

Question 27. __________ is the traditional method of implementing access control.

MAC

RBAC

MBAC

DAC

Question 28. A concept that evolved out of requirements for military information security is ______ .

reliable input

mandatory access control

discretionary input

open and closed policies

Question 29. The default set of rights should always follow the rule of least privilege or read-only access.

True
False

Question 30. The principal objectives of computer security are to prevent unauthorized users from gaining access to resources, to prevent legitimate users from accessing resources in an unauthorized manner, and to enable legitimate users to access resources in an authorized manner.

True
False

Question 31. __________ implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance.

Audit control

Resource control

System control

Access control

Question 32. _________ is the granting of a right or permission to a system entity to access a system resource.

Authorization

Authentication

Monitoring

Control

Question 33. A __________ is a named job function within the organization that controls this computer system.

permission

role

user

session

Question 34. Can a user cleared for have access to documents classified in each of the following ways under the military security model?
Yes/No
_________________
__________________
__________________
_________________
_________