Access Control Systems and Methodology

21

Practice Questions
Question 1
Which of the following is a knowledgebased authentication mechanism? 0 a. Smart card 0 b. Token 0 c. Password 0 d. Biometrics

Answer c is correct.

Question 2
Which of the following is a centraized access controlmethodology? l 0 a. RADIUS 0 b. Lattice
0 c. DAC 0 d. MAC

Answer a is correct.

Question 3
What is it called when an attacker sends unsolicited communications? 0 a. Sniffers 0 b. Crackers 0 c. Spoofing 0 d. Spamming

22 Chapter 2

Answer d is correct..

Question 4
Which of the following allows attackers to break passwords? 0 a. Sniffers 0 b. Crackers 0 c. Spoofing 0 d. Spamming

Answer b is correct.

Question 5
Which of the following allows attackers to imitate a different user or system? 0 a. Sniffers 0 b. Crackers 0 c. Spoofing 0 d. Spamming

Answer cis correct

Access Control Systems and Methodology

23

Question 6
Which of the following is a table that identifies user access rights for a particular system object?
0 a. MAC

0 b. DAC 0 c. ACL

0 d. Lattice Answer cis correct.

Question 7
Which access control technique allows security officers to specify access security policies based on an organization's structure?
0 a. MAC
0 b. DAC

0 c. Lattice
0 d. RBAC

Answer dis correct.

24 Chapter 2

Question 8
Which access control technique allows a resource owner to control other user's access to an object?
0

a.

MAC

0 b. DAC

0 c. Lattice
0 d. RBAC

Answer b is correct. DAC allows a resource owner to control other user's access to an object. Answer a is incorrect because MAC is a nondiscretionary access control technique that uses defined security classifications. Answer cis incorrect because lattices deal with information flow in multiuser environments. Answer d is incorrect because RBAC allows security officers to specify access security policies based on an organizations structure. '

Question 9
Which access control technique is nondiscretionary?
0

a.

MAC

0 b. DAC

0 c. Lattice
0 d. RBAC

Answer a is correct. MAC is nondiscretionary. Answer b is incorrect because DAC is discretionary access control. Answer c is incorrect because lattices deal with information flow in multiuser environments. Answer d is incorrect because RBAC allows security officers to specify access security policies based on an . wn orgam zat. 's structure.

Access Control Systems and Methodology

25

Question 10
Which technique monitors networks and computer systems for signs of intrusion or misuse?
0 a. IDS
0 b. MAC

0 c. BeiiLaPadula
0 d. TACACS

Answer a is correct. IDS monitors networks and computer systems for signs of intrusion or misuse. Answer b is incorrect because MAC is an access control technique. Answer c is incorrect because Bell-LaPadula is an access control model. Answer d is incorrect because TACACS is a centralized access control methodology.

54 Chapter 3

Practice Questions
Question 1
Which layer of the OSI modelhandles TCP? 0 a. Physical
0 b. Network

0 c. Transport 0 d. Data Link

Answer cis correct.TCP works at theTransport layer. Answers a and dare incorrect because the Physical and Data Link layers deal with getting data packets to the physical communications medium. Answer b is incorrect because IP works at the Network layer.

Question 2
Which of the following is a protocolthat one program can use to request a service from a program on another computer? 0 a. Secure RPC 0 b. CHAP 0 c. SLIP 0 d. PPTP

Answer a is correct. Secure RPC is a protocol that one program can use to request a service from a program on another computer. Answer b is incorrect because CHAP is a password authentication protocol. Answer cis incorrect because SLIP is a TCP/IP protocol used for communication between two machines configured for communication with each other. Answer dis incorrect because PPTP is a tunneling protocol.

Telecommunications and Network Security

55

Question 3
Which of the following is a tunneling protocol? 0 a. Secure RPC 0 b. CHAP 0 c. SLIP 0 d. PPTP

Answer d is correct. PPTP is a tunneling protocol. Answer a is incorrect because Secure RPC is a protocol that one program can use to request a service from a program on another computer. Answer b is incorrect because CHAP is a secure procedure for connecting to a system. Answer cis incorrect because SLIP is used for communications between machines, such as your system and your ISP.

Question 4
Which of the following allows or denies traffic based only on protocol/port information? 0 a. Packet filtering 0 b. Circuit gateways 0 c. Application proxies 0 d. Switch

Answer a is correct. Packet filtering allows or denies traffic based only on protocol/port information. Answer b is incorrect because circuit gateways are more tunnel oriented. Answer cis incorrect because application proxies create a break in the communication process. Answer d is incorrect because switches are networking devices.

Question 5
Which of the following creates a break in the communication process? 0 a. Packet filtering 0 b. Circuit gateways 0 c. Application proxies 0 d. Switch

56 Chapter 3

Answer c is correct. Application proxies create a break in the communication process. Answer a is incorrect because packet filters allow or deny traffic based only on protocol/port information. Answer b is incorrect because circuit gateways are more tunnel oriented. Answer d is incorrect because switches are networking devices.

Question 6
Firewalls often use which technology to help "hide" internal network IP addresses?
0 a. NAT
0 b. PAP

c. SLIP

0 d. CHAP

Answer a is correct. Firewalls often use NAT to help hide internal network IP addresses. Answers band dare incorrect because PAP and CHAP are authentication protocols. Answer cis incorrect because SLIP is a communications protocol.

Question 7
Which cabling method uses an RJ45 connector? 0 a. Coaxial cable
0 b. UTP

0 c. Fiber optic cable 0 d. Wireless

Answer b is correct. UTP uses an RJ-45 connector. Answer a is incorrect because coaxial cable uses a BNC connector. Answer c is incorrect because fiber optic cable uses an SC connector. Answer d is incorrect because wireless networks do not have specific connectors.

Telecommunications and Network Security

57

Question 8
An Ethernet network often uses which type of topology?
0 a. Star 0 b. Ring 0 c. Bus 0 d. Diamond

Answer cis correct. An Ethernet network often uses a bus topology. Answer a is incorrect because star topologies are used in switched environments. Answer b is incorrect because ring topology is often used in Token Ring implementations. Answer d is incorrect because diamond is not a network topology.

Question 9
Which of the following is not a transmission protocol?
0 a. PPP 0 b. SLIP

0 c. Frame Relay
0 d. ARP

Answer d is correct. ARP is not a transmission protocol. Answer a is incorrect because PPP is a protocol for communication between two computers using a serial interface. Answer b is incorrect because SUP is used for communications between machines, such as your system and your ISP. Answer c is incorrect because Frame Relay is a telecommunications service.

Question 10
Which protocol maps an IP address to a physicalmachine address?
0 a. PPP 0 b. SLIP

0 c. Frame Relay
0 d. ARP

58 Chapter 3

Answer d is correct. ARP maps an IP address to a physical machine address. Answer a is incorrect because PPP is a protocol for communication between two computers using a serial interface. Answer b is incorrect because SLIP is used for communications between machines, such as your system and your ISP. Answer c is incorrect because Frame Relay is a telecommunications service.

72 Chapter 4

Practice Questions
Question 1
Which of the following concepts ensures that data and resources are ac cessible when they need to be? 0 a. Confidentiality 0 b. Integrity 0 c. Availability 0 d. Authorization

Answer c is correct. Availability ensures data and resources are accessible when they need to be. Answer a is incorrect because confidentiality protects data from being viewed by unauthorized individuals. Answer b is incorrect because integrity protects data from being modified, retaining the consistency and original meaning of the information. Answer d is incorrect because authorization provides a means of determining who can access which system resources.

Question 2
Providing a means of determining who can access which system resources describes which of the following concepts? 0 a. Confidentiality 0 b. Integrity 0 c. Availability 0 d. Authorization

Answer d is correct. Authorization provides a means of determining who can access which system resources. Answer a is incorrect because confidentiality protects data from being viewed by unauthorized individuals. Answer b is incorrect because integrity protects data from being modified, retaining the consistency and original meaning of the information. Answer cis incorrect because availability ensures data and resources are accessible when they need to be.

Security Management Practices 73

Question 3
Protecting data from being viewed by unauthorized individuals describes which of the following concepts? 0 a. Confidentiality 0 b. Integrity 0 c. Availability 0 d. Authorization

Answer a is correct. Confidentiality protects data from being viewed by unauthorized individuals. Answer b is incorrect because integrity protects data from being modified, retaining the consistency and original meaning of the information. Answer c is incorrect because availability ensures data and resources are accessible when they need to be. Answer d is incorrect because authorization provides a means of determining who can access which system resources.

Question 4
Confidentiality,integrity,and availability constitute which of the following? 0 a. Accountability 0 b. Nonrepudiation 0 c. Audit 0 d. CIA triad

Answer d is correct. Confidentiality, integrity, and availability constitute what is known as the CIA triad. Accountability, nonrepudiation, and audit are not part of the CIA triad. Answer a is incorrect because accountability binds an action to a specific individual. Answer b is incorrect because nonrepudiation keeps an individual from denying that a transaction took place. Answer c is incorrect because audit is the process of analyzing and reviewing configurations, policies, procedures, and so on.

74 Chapter 4

Question 5
Which of the following concepts describes binding an action to a specific individual? 0 a. Accountability 0 b. Nonrepudiation 0 c. Audit 0 d. CIA triad

Answer a is correct. Accountability binds an action to a specific individual. An swer b is incorrect because nonrepudiation keeps an individual from denying that a transaction took place. Answer c is incorrect because audit is the process of analyzing and reviewing configurations, policies, procedures, and so on. Answer dis incorrect because the CIA triad is a combination of confidentiality, integrity, and availability.

Question 6
Keeping an individualfrom denying that a transaction took place describes which of the following concepts? 0 a. Accountability 0 b. Nonrepudiation 0 c. Audit 0 d. CIA triad

Answer b is correct. Nonrepudiation keeps an individual from denying that a transaction took place. Answer a is incorrect because accountability binds an action to a specific individual. Answer cis incorrect because audit is the process of analyzing and reviewing configurations, policies, procedures, and so on. Answer d is incorrect because the CIA triad is the combination of confidentiality, integrity, and availability.

Security Management Practices 75

Question 7
Which of the following is not idealin an effective change control program? 0 a. Change requests must be formally documented. 0 b. All changes must be approved. 0 c. Programmer moves code directly to production. 0 d. Code is approved before being migrated to production.

Answer c is correct. A programmer moving code directly to production is not an effective change control program. Answers a, b, and d are incorrect because they are all effective change control procedures.

Question 8
What should you not do after dismissing an employee? 0 a. Escort him out the door 0 b. Let him return to his desk unsupervised 0 c. Disable all accounts and logons 0 d. Follow the termination checklist

Answer b is correct. After dismissing an employee, you should not let him return to his desk unsupervised. Answers a, c, and dare all steps of an effective termination policy.

Question 9
A(n) can assist only in the prevention of deliberate breaches of security such as theft, fraud,sabotage, and misuse. 0 a. Organization structure 0 b. Encapsulation 0 c. Training program 0 d. Change control

Answer a is correct. An organization's structure can assist only in the prevention of deliberate breaches of security such as theft, fraud, sabotage, and misuse. An swers b,c, and dare incorrect because encapsulation, training programs, and change

76 Chapter 4

control all help prevent other security breaches in addition to theft, fraud, sabotage, and misuse.

Question 10
Security awareness programs cannot: 0 a. Make employees aware of issues 0 b. Show them the proper procedures to follow 0 c. Enforce security poicy l 0 d. Make them aware of risks

Answer cis correct. Awareness programs help educate, but they cannot enforce security policy. Answers a, b, and d are thus incorrect.

Applications and Systems Development Security 93

Practice Questions
Question 1
When the computer programming, processing, and data that computers work on are spread out over more than one computer, you have imple mented a(n) 0 a. Distributed Computing Environment 0 b. Nondistributed computing environment 0 c. Agent 0 d. Applet

Answer a is correct. A Distributed Computing Environment is implemented when the computer programming, processing, and data that computers work on are spread out over more than one computer. Answer b is incorrect because a nondistributed computing environment is one where the computer programming, processing, and data are not spread out over more than one computer. Answer cis incorrect because an agent is a program that gathers information or performs some other service on some regular schedule without your immediate presence. Answer d is incorrect because an applet is a small application program.

Question 2
A program that gathers information or performs some other service on some regular schedule without your immediate presence is a(n) 0 a. Applet 0 b. ActiveX control 0 c. Agent 0 d. C++ control

Answer cis correct. An agent is a program that gathers information or performs some other service on some regular schedule without your immediate presence. Answer a is incorrect because an applet is a small application program. Answers b and d are incorrect because a control (ActiveX or C++) is a component of the ActiveX language and environment.

94 Chapter 5

Question 3
Which programming language was developed for specific use on the Internet and on a wide variety of platforms? 0 a. Fortran
0 b. C++ 0 c.

0 d. Java Answer dis correct.Java was developed for specific use on the Internet and on a wide variety of platforms. Answers a, b, and c are incorrect because these languages were not developed specifically for use over the Internet and for functionality on a wide variety of platforms.

Question 4
An activity in which an unclassified user legitimately accesses unclassified

information and deduces secret information refers to 0 a. Inference 0 b. Polyinstantiation 0 c. Data mining 0 d. Aggregation Answer a is correct. Inference is an activity in which an unclassified user legitimately accesses unclassified information and deduces secret information. An swer b is incorrect because polyinstantiation is used to prevent inference violations. Answer cis incorrect because data mining is the analysis of data for relationships that have not previously been discovered. Amwer d is incorrect because aggregation is the process of combining small pieces of information to gain insight into the whole.

Applications and Systems Development Security 95

Question 5
The analysis of data for relationships that have not previously been discov ered is 0 a. Inference 0 b. Polyinstantiation 0 c. Data mining 0 d. Aggregation

Answer cis correct.Data mining is the analysis of data for relationships that have not previously been discovered. Answer a is incorrect because inference is a unilateral activity in which an unclassified user legitimately accesses unclassified information and deduces secret information. Answer b is incorrect because polyinstantiation is used to prevent inference violations. Answer d is incorrect because aggregation is the process of combining small pieces of information to gain insight into the whole.

Question 6
What technique is used to prevent inference violations? 0 a. Inference 0 b. Polyinstantiation 0 c. Data mining 0 d. Aggregation

Answer b is correct. Polyinstantiation is used to prevent inference violations. Answer a is incorrect because inference is a unilateral activity in which an unclassified user legitimately accesses unclassified information and deduces secret information. Answer c is incorrect because data mining is the analysis of data for relationships that have not previously been discovered. Answer d is incorrect because aggregation is the process of combining small pieces of information to gain insight into the whole.

96 Chapter 5

Question 7
A type of virus or replicative code that situates itself in a computer system in a place where it can do harm is a 0 a. Worm 0 b. Trojan horse 0 c. Logic bomb 0 d. Denial of service attack Answer a is correct. A worm is a type of virus or replicative code that situates itself in a computer system in a place where it can do harm. Answer b is incorrect because a Trojan horse is a program or virus in which malicious or harmful code is contained inside apparently harmless programming, data, or message in such a way that it can get control and do its chosen form of damage. Answer cis incorrect because a logic bomb is code or an application that is surreptitiously inserted into an application or OS that causes it to perform some destructive or securitycompromising activity whenever specified conditions are met. Answer dis incorrect because a denial of service attack prohibits users from accessing data or a service when needed.

Question 8
Code surreptitiously inserted into an application or DS that causes it to per form some destructive or securitycompromising activity whenever speci fied conditions are met is a 0 a. Worm 0 b. Trojan horse 0 c. Logic bomb 0 d. Denial of service attack Answer cis correct. A logic bomb is code surreptitiously inserted into an application or OS that causes it to perform some destructive or security-compromising activity whenever specified conditions are met. Answer a is incorrect because a worm is a type of virus or replicative code that situates itself in a computer system in a place where it can do harm. Answer b is incorrect because a Trojan horse is a program or virus in which malicious or harmful code is contained inside apparently harmless programming, data, or messages in such a way that it can get control and do its chosen form of damage. Answer dis incorrect because a denial of service attack prohibits users from accessing data or a service when needed.

Applications and Systems Development Security 97

Question 9
Which viruses infect executable code found in certain system areas on a disk? 0 a. Trap doors 0 b. Trojan horses 0 c. Macro viruses 0 d. Bootsector viruses
Answer d is correct. Boot-sector viruses infect executable code found in certain system areas on a disk. Answer a is incorrect because a trap door is a back door to an application or system created by the developer. Answer b is incorrect because a Trojan horse is a program or virus in which malicious or harmful code is contained inside apparently harmless programming, data, or messages in such a way that it can get control and do its chosen form of damage. Answer c is incorrect because macro viruses infect applications such as Word and Excel by planting malicious macros.

Question 10
A backdoor application entry point added by the developer is a 0 a. Trap door 0 b. Trojan horse 0 c. Macro virus 0 d. Bootsector virus
Answer a is correct. A trap door is a backdoor application entry point added by the developer. Answer b is incorrect because a Trojan horse is a program or virus in which malicious or harmful code is contained inside apparently harmless programming, data, or messages in such a way that it can get control and do its chosen form of damage. Answer cis incorrect because macro viruses infect applications such as \IVord and Excel by planting malicious macros. Answer d is incorrect because a boot-sector virus infects executable code found in the master boot record.

Cryptography

125

Practice Questions
Question 1
Which of the following is a symmetric encryption algorithm?

0 a. 3DES
0 b. MD5
0 c. RSA

0 d. DiffieHelman

Answer a is correct. 3DES is a symmetric encryption algorithm. Answer b is incorrect because MDS is a hashing algorithm. Answers c and d are incorrect because RSA and Diffie-Helman are asymmetric algorithms.

Question 2
Which of the following is a hash algorithm?

0 a. 3DES
0 b. MD5 0 c. RSA 0 d. DiffieHelman

Answer b is correct. MDS is a hash algorithm. Answer a is incorrect because 3DES is a symmetric algorithm. Answers c and dare incorrect because RSA and Diffie-Helman are asymmetric algorithms.

Question 3
Which of the following is an asymmetric algorithm?

0 a. 3DES
0 b. MD5 0 c. RSA 0 d. SHA

124 Chapter 6

Answer cis correct. RSA is an asymmetric algorithm. Answer a is incorrect because 3DES is a symmetric algorithm. Answers b and d are incorrect because MDS and SHA are hashing algorithms.

Question 4
Which of the following is not a core component of a PKI? 0 a. Digital certificate
0 b. CA

0 c. RA 0 d. Firewall

Answer d is correct. A firewall is not a core component of a PKI. Answers a, b, and c are incorrect because digital certificates, CAs, and RAs are core components of a PKI.

Question 5
make up the foundation of the encryption process. 0 a. Hashes 0 b. Email messages 0 c. Certificates 0 d. Algorithms

Answer dis correct.Algorithms make up the foundation of the encryption process. Answers a, b, and c are incorrect because hashes, email messages, and certificates can all use encryption, but they are not the foundation for the encryption process.

Question 6
refers to the method of using multiple processes,processors, or machines working together to try to crack an algorithm. 0 a. Parallelization 0 b. Polyinstantiation 0 c. Encryption 0 d. Hashing

126

Question 7

d.

Question 8

127

Question 9
a nxen

Question 10

Practice Questions
Question 1
a

Question 2

142

Question 3
a
f

d.
a

Question 4

Question 5

b.

Security Architecture and Models 143

Question 6
What is the name of the European evaluation criteria? 0 a. ITSEC 0 b. TEMPEST 0 c. IPSec 0 d. TCSEC

Answer a is correct. ITSEC is the European evaluation criteria. Answer b is incorrect because TEMPEST deals with electromagnetic radiation. Answer cis incorrect because IPSec is a communications protocol. Answer d is incorrect because TCSEC is the U.S. evaluation criteria.

Question 7
Which of the following is not an operating state? 0 a. Blocked 0 b. Running 0 c. Ready 0 d. Open

Answer d is correct. Open is not an operating state. Answers a, b, and c are incorrect because blocked, running, and ready are all operating states.

Question 8
A is an access control concept that refers to an abstract ma chine that mediates all access to objects by subjects. 0 a. Closed system 0 b. Security perimeter 0 c. Reference monitor 0 d. Covert channel

Answer c is correct. A reference monitor is an access control concept that refers to an abstract machine that mediates all access to objects by subjects. Answer a is

144

Question 9

Question 0

Practice Questions
Question 1

Question 2

Question 3

156

Question 4

Question 5

Question 6

Question 7

158 Chapter 8

Question 8
When dealing with media,which of the following is not important? 0 a. Marking 0 b. Handling 0 c. Destruction 0 d. Writng i

Answer d is correct.The method used to get the data onto the media type is not as important as proper marking, handling, and destruction. Answers a, b, and c are thus incorrect.

Question 9
Audits can be performed: 0 a. Daily 0 b. Weekly 0 c. Annually 0 d. All of the above

Answer d is correct. Audits can be performed whenever possible.They can be formal projects or quick tasks that just take a minute. Answers a, b, and care thus mcorrect.

Question 10
When an employee is dismissed, which of the following should you not do? 0 a. Let him back on his computer 0 b. Lock his account 0 c. Remove network access 0 d. Disable email

Answer a is correct. You should not let employees back on their computers when they have been dismissed. Answers b, c, and d are all things that should be done when an employee is terminated.

168

Practice Questions
Question 1

Question 2

d.

Question 3

d.

169

Question 4

Question 5

170

Question 6

Question 7

b.

171

Question 8
the

Question 9

172

Question 10

193

Practice Questions
Question 1

Question 2

,,
of 1

194

Question 3

Question 4

195

Question 5

Question 6

196

Question 7

Question 8
thing

197

Question 9
not

Question 10

218

Practice Questions
Question 1

Question 2

Question 3

21
c

Question 4
a

Question 5

218

Question 6
1

Question 7

Question 8

21

Question 9

Question 0
a

Sample Test
Question 1
a

Question 2

221

227

Question 3

d.

Question 4

Question 5

b.

Question 6
a a

c.

222

Question 7

Question 8

Question 9
on

Question 10
a

225
""' "'"'"'"'"'* ""' "'"' "'"'* """"''" "'"'"'"'""'""'"' "''"'"'

Question 1
a

Question 2

Question 3

Question 14

224

Question 15
1
?

Question 16
a

Question 17

Question 18

226 Chapter 12

Question 19
A backdoor application entry point added by the developer is a: 0 a. Trap door 0 b. Trojan horse 0 c. Macro virus 0 d. Bootsector virus

Question 20
encryption converts data from a variable length to a fixed length piece of data. 0 a. Symmetric 0 b. Asymmetric 0 c. Hash 0 d. Email

Question 21
Which of the following is not a TCSEC level? 0 a. F
0 b.

0 c. B 0 d. D

Question 22
Maintaining backups in case a system needs to be restored is what type of control? 0 a. Detective control 0 b. Preventive control 0 c. Corrective control 0 d. Recovery control

227

Question 23

Question 24

Question 25

b.

Question 26

228
m m m

1
m m m m
E

Question 27

Question 28

Question 29

Question 30

d.

229

Question 31

Question 32

Question 33

Question 34

d.

230
m m m

1
m m m m
E

Question 35

Question 36

b.

Question 37

b.
d.

Question 38

c.
d.

231

Question 39

Question 40
a

Question 41

Question 42

232
m m m

1
m m m m
E

Question 43

b.

Question 44

d.

Question 45

Question 46

Question 47

Question 48
a

Question 49

Question 50

236

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6
c

Question 7

Question 8
d

Question 9

Question 10

238

Question 11

and

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20
c

Question 21
a

240

Question 22

Question 23

Question 24

Question 25

Question 26

241

Question 27

Question 28
c

help
and

Question 29

Question 30

Question 31
a
c

242

Question 32

Question 33

Question 34

all

Question 35

Question 36
a

Question 37
a a

a c

Question 38
c

Question 39

Question 40

244

Question 41

Question 42

Question 43
a

Question 44
a

Question 45
a

Question 46

Question 47

Question 48

Question 49

Question 50