computer security 11, 12, 13 – Flashcards
Unlock all answers in this set
Unlock answersquestion
In the DAC model, ____________________ can create and access their objects freely.
answer
owners
question
What access control model below is considered to be the most restrictive access control model, and involves assigning access controls to users strictly according to the custodian? Mandatory Access Control Role Based Access Control Discretionary Access Control Rule Based Access Control
answer
Mandatory Access Control
question
Select below the access control model that uses access based on a user's job function within an organization: Role Based Access Control Rule Based Access Control Discretionary Access Control Mandatory Access Control
answer
Role Based Access Control
question
To assist with controlling orphaned and dormant accounts, what can be used to indicate when an account is no longer active?
answer
Account expiration
question
Discuss the differences between DAP and LDAP.
answer
-unlike X.500 DAP, LDAP was designed to run over TCP/IP, making it ideal for Internet and intranet applications. X.500 DAP requires special software to access the network. -LDAP has simpler functions, making it easier and less expensive to implement. -LDAP encodes its protocol elements in a less complex way than X.500 that enables it to streamline requests.
question
A shield icon warns users if they attempt to access any feature that requires UAC permission.
answer
true
question
Entries within a Directory Information Base are arranged in a tree structure called the:
answer
DIT
question
Which access control model can dynamically assign roles to subjects based on a set of defined rules?
answer
Rule Based Access Control
question
Describe LDAP injection attacks.
answer
They can occur when user input is not properly filtered. This may allow an attacker to construct LDAP statements based on user input statements. The attacker could then retrieve information from the LDAP database or modify its content. The defense against LDAP injection attacks is to examine all user input before processing.
question
Group policy is a Unix feature that allows for the centralized management and configuration of computers and remote users using Unix Active Directory.
answer
false
question
Describe the two key elements of the MAC model.
answer
labels: In a system using MAC, every entity is an object (laptops, files, projects, and so on) and is assigned a classification label. levels: A hierarchy based on the labels is also used, both for projects and subjects.
question
The action that is taken by a subject over an object is called a(n):
answer
operation
question
The X.500 standard defines a protocol for a client application to access an X.500 directory known as which of the following options?
answer
DAP
question
When using Role Based Access Control (RBAC), permissions are assigned to:
answer
Roles
question
Which access control model is considered to be the least restrictive?
answer
Discretionary Access Control
question
The strength of RADIUS is that messages are always directly sent between the wireless device and the RADIUS server.
answer
false
question
A RADIUS ____________________ is a computer that forwards RADIUS messages among RADIUS clients and RADIUS servers.
answer
proxy
question
Select below the authentication system developed by the Massachusetts Institute of Technology (MIT) to verify the identity of network users:
answer
Kerberos
question
Describe the MAC lattice model.
answer
Different levels on the MAC lattice model have different security levels, and subjects are assigned a "rung" on the lattice just as object are.There can even be multiple lattices placed beside each other to allow for different groups or labels
question
What kind of attack allows for the construction of LDAP statements based on user input statements, which can then be used to access the LDAP database or modify the database's information?
answer
LDAP injection
question
Describe how Kerberos works.
answer
Kerberos is an authentication system. It is typically used when user attempts to access a network service and that service requires authentication. The user is provided a ticket that is issued by the Kerberos authentication server. The user presents this ticket to the network for a service. The service then examines the ticket to verify the identity of the user.
question
What authentication service commonly used on UNIX devices involves communicating user authentication information to a centralized server?
answer
TACACS
question
During RADIUS authentication, what type of packet includes information such as identification of a specific AP that is sending the packet and the username and password?
answer
authentication request
question
Discuss the two significant weaknesses of DAC.
answer
DAC poses risks in that it relies on decisions by the end user to set the proper level of security. As a result, incorrect permissions might be granted to a subject or permissions might be given to an unauthorized subject. A subjects permissions will be inherited by any programs that the subject executes. Attackers often take advantage of this inheritance because end users frequently have a high level of privileges.
question
Providing only the minimum amount of privileges necessary to perform a job or function.?
answer
least privilege
question
The least restrictive access control model in which the owner of the object has total control over it.?
answer
DAC
question
?The practice of requiring that processes should be divided between two or more individuals.
answer
separation of duties
question
The act of movinng individuals from one job responsibility to another.?
answer
job rotation
question
?The process of setting a user's account to expire
answer
account expiration
question
?Limitation imposed as to when a user can log in to a system or access resources.
answer
time-of-day restriction
question
?The most restrictive access control model, typically found in military settings in which security is of supreme importance.
answer
MAC
question
An attack that constructs LDAP statements based on user input statements, allowing the attacker to retrieve information from the LDAP database or modify its content.
answer
LDAP injection attack+
question
The current version of the Terminal Access Control Access Control System (TACACS) authentication service.?
answer
TACACS+
question
The second version of the Terminal Access Control Access Control System (TACACS) authentication service.?
answer
XTACACS
question
The capability to look up information by name under the X.500 standard is known as a(n) ____________________-pages service.
answer
white
question
What is the name for a predefined framework that can be used for controlling access, and is embedded into software and hardware?
answer
access control model
question
List the steps for RADIUS authentication with a wireless device in an IEEE 802.1x network.
answer
1. A wireless device sends a request to an AP requesting permission to join the WLAN. 2. The AP creates a data packet from this information. 3. When an authentication packet request is received, the RADIUS server validates that the request is from an AP and then decrypts the data packet to access the user name and password information. 4. If the username and password are correct, the RADIUS server sends an authentication acknowledgement that includes information on the user's network system and service requirements. 5. If accounting is also supported by the RADIUS server, an entry is started in the accounting database. 6. Once the server information is received and verified by the AP, it enables the necessary configuration to deliver the wireless services to the user.
question
Describe the Bell-LaPadula model.
answer
It contains an additional restriction not found in the original lattice model. This protection prevents subjects from creating a new object or performing specific functions on objects that are lower level than their own.
question
A list that specifies which subjects are allowed to access an object and what operations they can perform on it is referred to as a(n):
answer
ACL
question
To prevent one individual from having too much control, employees can ____________ job responsibilities within their home department or across positions in other departments.
answer
rotate
question
User accounts that remain active after an employee has left an organization are referred to as being what type of accounts?
answer
orphaned
question
What are the three broad categories on which authentication can be based?
answer
what you know: Passwords what you have: tokens, cards, and cellphones what you are: biometrics
question
Using one authentication credential to access multiple accounts or applications.?
answer
single sign-on
question
?Five elements that can prove the genuineness of a user: what you know, what you have, what you are, what you do, and where you are.
answer
authentication factors
question
?A small device that can be affixed to a keychain with a window display that shows a code to be used for authentication.
answer
token
question
A password attack in which every possible combination of letters, numbers, and characters is used to create encrypted passwords that are matched against those in a stolen password file.?
answer
brute force attack
question
A password hashing algorithm that requires significantly more time than standard hashing algorithms to create the digest.?
answer
key stretching
question
A popular key stretching password hash algorithm?
answer
bcrypt
question
?A random string that is used in hash algorithms.
answer
salt
question
?A password attack that slightly alters dictionary words by adding numbers to the end of the password, spelling words backward, slightly mispelling words, or including special characters.
answer
hybrid attack
question
?A hash used by modern Microsoft Windows operating systems for creating password digests.
answer
NTLM (New Technology LAN Manager) hash
question
A password attack that creates encrypted versions of common dictionary words and compares them against those in a stolen password file.?
answer
dictionary attack
question
Token credentials can be revoked at any time by the user without affecting other token credentials issued to other sites.
answer
true
question
A secret combination of letters, numbers, and/or characters that only the user should have knowledge of, is known as a:
answer
password
question
Explain how an attacker can use a resetting attack.
answer
The attacker can gain access to the user's computer and erase the existing password and reset it to a new password.
question
The most common type of authentication today is a(n) ____________________.
answer
password
question
Geolocation is the identification of the location of a person or object using technology, and can be used as part of an authentication method.?
answer
true
question
Why do passwords place a heavy load on human memory?
answer
because humans can only memorize a limited number of items.
question
____________________ is a decentralized open source FIM that does not require specific software to be installed on the desktop.
answer
openID
question
?What federated identity management (FIM) relies on token credentials?
answer
OAuth
question
Explain why the LAN Manager (LM) hash is vulnerable.
answer
Because the LN hash encrypts the password with a key that is the password itself. Also it is not case sensitive so it is way easier for an attacker to guess your password. Lastly, the hash splits passwords into two 7 character parts. So if you have a password that is longer than 14 characters, the extra letters are dropped.
question
The use of a single authentication credential that is shared across multiple networks is called:
answer
identity management
question
What variation of a dictionary attack involves a dictionary attack combined with a brute force attack, and will slightly alter dictionary words by adding numbers to the end of the password, spelling words backward, slightly misspelling words, or including special characters?
answer
hybrid
question
What is the center of the weakness of passwords?
answer
human memory
question
OpenID is an example of a web-based federated identity management (FIM) system.?
answer
true
question
Discuss the weaknesses of OpenID.
answer
OpenID depends on the URL identifier routing to the correct server, which depends on a domain name server (DNS) that may have its own security weaknesses.
question
?Which hashing algorithm below is used with NTLMv2's Hashed Message Authentication Code? SHA-1 ?SHA-256 ?MD4 MD5
answer
?MD5
question
What is the difference between multifactor authentication and single-factor authentication??
answer
multifactor authentication uses more than one type of authentication, while single-factor authentication just uses one type of authentication.
question
What kind of biometrics utilizes a person's unique physical characteristics for authentication, such as fingerprints or unique characteristics of a person's face?
answer
Standard biometrics
question
Describe how rainbow tables work.
answer
First you have to create the table itself. The table is used to crack a password. The password that is going to be broken is hashed and run through the same procedure used to create the initial table. This results in the initial password of the chain. Then the process is repeated, starting with this initial password until the original digest is found. The password used at the last iteration is the cracked password.
question
What type of attack involves using every possible combination of letters, numbers, and characters to create candidate digests that are then matched against those in a stolen digest file?
answer
Brute force
question
Discuss the types of shortcuts that users take to help them recall their passwords.
answer
User's will use a common password, a short password, or personal information. Even when a user attempts to create a stronger password, they generally follow predictable patterns of appending and replacing.
question
The use of one authentication credential to access multiple accounts or applications is referred to as?
answer
Single Sign On
question
?A U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel along with civilian employees and special contractors is called:
answer
?Common Access Card (CAC)
question
What are the three advantages of a rainbow table over other password attacks?
answer
1. A rainbow table can be used repeatedly for attacks on other passwords. 2. Rainbow tables are much faster than dictionary attacks. 3. The amount of memory needed on the attacking machine is greatly reduced.
question
Using a rainbow table to crack a password requires three steps: Creation of the table, comparing the table to known hash values, and decrypting the password.
answer
false
question
?A list of the available nonkeyboard characters can be seen in Windows by opening what utility?
answer
charmap.exe
question
A token ____________________ is a unique random string of characters that is encrypted to protect the token from being used by unauthorized parties.
answer
identifier
question
What can be used to increase the strength of hashed passwords??
answer
salt
question
In most systems, a user logging in would be asked to ____________________ herself.
answer
identify
question
?What type of one-time password (OTP) changes after a set time period?
answer
?Time-based one-time password (TOTP)
question
Which term below describes the time it takes for a key to be pressed and then released?
answer
dwell time
question
Passwords that are transmitted can be captured by what type of software?
answer
protocol analyzer
question
What type of attack involves an attacker stealing a file containing password digests and comparing the digests with digests created by the attacker?
answer
offline cracking
question
What technology allows users to share resources stored on one site with a second site without forwarding their authentication credentials to the other site?
answer
OAuth
question
Windows stores files on a hard drive in 512-byte blocks called ____________________.
answer
sectors
question
A snapshot of the current state of a computer that contains all current settings and data is known as what option below: system standard system view system image system baseline
answer
system image
question
What are the steps in damage control?
answer
-report the incident to security or the police -confront any suspects (if the situation allows) -neutralize the suspected perpetrator from harming other(if necessary) -secure physical security features -quarantine electronic equipment -contact the response team
question
What does Windows do if a file being saved is not long enough to fill up the last sector on the disk?
answer
Windows pads the remaining cluster space with data that is currently stored in RAM.
question
When a company needs to identify mission-critical business functions and quantify the impact a loss of such functions may have on the organization in terms of it's operational and financial position, what should be performed?
answer
Business impact analysis (BIA)
question
Most metadata about a file is generated and recorded automatically without the user's knowledge.
answer
true
question
RAM slack can contain any information that has been created, viewed, modified, downloaded, or copied since the computer was last booted.
answer
true
question
Multiple sectors on a disk, when combined, are referred to as a:
answer
cluster
question
Select below the type of cluster that is used to provide high-availability applications that require a high level of read and write actions, such as databases, messaging systems, and file and print services: symmetric network symmetric server asymmetric network asymmetric server
answer
asymmetric server
question
RAID 0 technology is based on ____________________.
answer
striping
question
Explain how to best capture volatile data.
answer
Capturing volatile information can best be performed by capturing the entire system image, which is a snapshot of the current state of the computer that contains all current settings and data.
question
A metallic enclosure that prevents the entry or escape of an electromagnetic field.?
answer
faraday cage
question
Combining two or more servers to appear as one single unit.?
answer
clustering
question
?The ability of a business to continue to function in the even of a disaster.
answer
continuity of operations
question
The ability of an organization to maintain its operations and services in the face of a disruptive event.?
answer
business continuity
question
A statistical value that is the average time until a component fails, cannot be repaired, and must be replaced.?
answer
mean time between failure (MTBF)
question
Using technology to search for computer evidence of a crime.?
answer
computer forensics
question
?The process of identifying threats.
answer
risk assessment
question
A process of documentation that shows that the evidence was under strict control at all times and no unauthorized individuals were given the opportunity to corrupt the evidence.?
answer
chain of custody
question
A duplicate of the production site that has all the equipment needed for an organization to continue running, including office space and furniture, telephone jacks, computer equipment, and a live telecommunications link.?
answer
hot site
question
The maximum length of time that an organization can tolerate between backups.?
answer
recovery point objective
question
Which term below describes a component or entity in a system which, if it no longer functions, will disable an entire system? recovery site recovery point single point of failure cascade point of failure
answer
single point of failure
question
Duplicate image backups are considered a primary key to uncovering evidence because they create exact replicas of the crime scene.
answer
false
question
In what type of server cluster can services fail over from downed servers to functional servers?
answer
symmetric server
question
The remaining cluster space of a partially filled sector is padded with contents from RAM. What is the name for this type of scenario?
answer
RAM slack
question
What are the objectives of disaster exercises?
answer
-test the efficiency of interdepartmental planning and coordination in managing a disaster -test current procedures of the DRP -determine the strengths and weaknesses in responses
question
When creating a data backup plan or policy, what five basic questions should be answered?
answer
-what information should be backed up? -how frequently should it be backed up? -what media should be used? -where should the backup be stored? -what hardware or software should be used?
question
The process of identifying exposure to threats, creating preventive and recovery procedures, and then testing them to determine if they are sufficient, is known as:
answer
Business continuity planning and testing
question
?What RAID type below utilizes parity data across all drives instead of using a separate drive to hold parity error checking information?
answer
RAID 5
question
What is required upon completion of an evidence examination?
answer
a detailed report is required that lists the steps that were taken and any evidence that was uncovered in the forensic investigation.
question
____________________ is data about data.
answer
metadata
question
What kind of data can be lost when a computer is turned off?
answer
volatile
question
A service contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party, and any guarantees of service, is known as:
answer
service level agreement
question
Generally, ____________________ focuses on restoring computing and technology resources to their former state.
answer
DRP
question
What is the name for an image that consists of an evidence-grade backup because its accuracy meets evidence standards?
answer
mirror image
question
What term is used to describe a documentation of control over evidence, which is used to ensure that no unauthorized person was given the opportunity to corrupt the evidence?
answer
chain of custody
