Practice Questions Chapters 1 9
A good hash function is resistant to what? Collisions
A perfect bit-by-bit copy of a drive is called what? Drive image
A relationship where two or more entities define how they will communicate securely is known
as what? A
Bell-LaPadula security model
Simple security rule (no read up)
The *-property (pronounced "star property") principle (no write down)
Objective Protect confidentiality
Chapter 7 Review Questions
7.2 What types of resources are targeted by such DoS attacks?
7.3 What is the goal of a flooding attack?
The intent is to overload the network capacity on some link to a s
Means of Authenticating a Users Identity
- something the individual knows
- something the individual
- something the individual is
- something the individual does
Offline Dictionary Attack
Typically, strong access controls are used to protect th
Chapter 5 Review Questions
5.3 How many primary keys and how many foreign keys may a table have in a relational database?
The value of a primary key must be unique, a foreign key value can appear multiple times in a table.
5.5 Explain the concept of casca
Chapter 1 Review Questions
1.1 Define computer security.
The protection afforded to an automated information system in order to attain the applicable
objectives of preserving the integrity, availability, and confidentiality of information system resourc
Chapter 9 Review Questions
9.2 List four techniques used by firewalls to control access and enforce a security policy.
* Service Control: Determines the types of Internet services that can be accessed, inbound or outbound. The
firewall may filter traffic
Chapter 4 Review Questions
4.2 How does RBAC relate to DAC and MAC?
Role-based access control relates to Discretionary access control and Mandatory access control in that
users are allowed access to a system. The difference is that DAC systems define th
The Role of People in Security (cont)
Following closely behind a person who has just used their own access card
to gain physical access to a room or building.
Relies on the attacker taking advantage of an authorized user not
International Data Encryption Algorithm (IDEA)
Released as IDEA in 1992.
Block mode cipher using 64-bit block size and 128-bit key.
This algorithm is fairly new.
Full, eight-round IDEA shows that the most efficient attack would be to brute-fo
A collision attack is used to compromise a hash algorithm.
It occurs when an attacker finds two different messages that hash to the same value.
This attack is very difficult and requires generating a separate algorithm that
Cryptography is the art and science of secret writing, encrypting, or hiding of information from
all but the intended recipient.
Cryptanalysis is the process of attempting to break a cryptographic system and return the
The Role of People in Security (cont)
Attacker directly observes sensitive information by
Looking over the shoulder of the user
Setting up a camera
Personal identification number (PIN) at an ATM
Operational and Organizational Security
Security Operations in Your Organization
The operational model of security
Protection = Prevention + (Detection + Response)
No matter how secure we attempt to make our systems, some way will
always be found to ci
The Role of People in Security
Technique in which the attacker uses deceptive practices to
Convince someone to divulge information they normally would not
Convince someone to do something they normally wouldnt do.
CHAPTER 1 Key Concept
The Security Problem
Fifty years ago, computers and data were uncommon.
Computer hardware was a high-value item and security was mainly a physical issue.
Now, personal computers are ubiquitous and portable, making them much more diff
General Security Concepts Part 1
Previously used as a term for a person who had a deep understanding
of computers and networks. He or she would see how things worked
in their separate parts (or hack them).
Media has now redefined the term as a p
General Security Concepts Part 2
Access control is a term used to define a variety of protection schemes.
This is a term sometimes used to refer to all security features used to prevent
unauthorized access to a computer sy
Chapter 2 Review Questions
2.2 How many keys are required for two people to communicate via a symmetric cipher?
Sender and receiver use the same key. It is used for both encryption and decryption.
2.3 What are the two principal requirements for the secure