You want to ensure that data is only view able by authorized users. What security principle are you trying to enforce?
B. Confidentiality ensures that data is only viewable by authorized users and can be ensured with accesscontrols and encryption. Integrity is enforced with hashing. Availability can be ensured with power and coolingsystems, and various fault tolerance and redundancy techniques. Authentication proves a person’s identity and isa first step in access control, but by itself it does not provide confidentiality.
Of the following choices, what is the best way to protect the confidentiality of data?
D. Encryption protects the confidentiality of data. You can encrypt any type of data, including sensitivedata stored on a server, a desktop, a mobile device, or within a database. Authentication proves a person’sidentity and is a first step in access control, but, by itself, it does not provide confidentiality. Hashing ensures theintegrity of data. Platform as a Service (PaaS) provides an easy to configure operating system for on-demandcloud computing.
You want to ensure that data has not been changed between the time when it was sent and when itarrived at its destination. What provides this assurance?
A. Integrity provides assurances that data has not been modified and is enforced with hashing.Confidentiality prevents unauthorized disclosure and is enforced with access controls and encryption. Availabilityensures systems are up and operational when needed and uses fault tolerance and redundancy methods.Authentication provides proof that users are who they claim to be.
A database administrator is tasked with increasing the retail prices of all products in a database by 10percent. The administrator writes a script performing a bulk update of the database and executes it. However, allretail prices are doubled (increased by 100 percent instead of 10 percent). What has been lost?
B. The database has lost integrity through an unintended change. Loss of confidentiality indicates thatunauthorized users have accessed the database. Hashing can be used to verify integrity in some situations(though not in this scenario), but hashing would not be compromised. Authentication provides proof that usersare who they claim to be.
Your organization is addressing single points of failure as potential risks to security. What are theyaddressing?
D. By addressing a single point of failure (SPOF), you increase availability. An SPOF can be a drive, a server,power, cooling or any other item whose failure will cause the entire system to fail. Confidentiality is enforced withencryption, and integrity is enforced with hashing, Authentication provides proof of a user’s identity.
An organization hosts several bays of servers used to support a large online ecommerce business. Whichone of the following choices would increase the availability of this datacenter?
C. Generators can provide power to a datacenter if the power fails, ensuring that the servers within thedatacenter continue to operate. Encryption increases the confidentiality of data within the datacenter. Hashingverifies integrity.
You are planning to host a free online forum for users to share IT security-related information with eachother. Any user can anonymously view data. Users can post messages after logging in, but you do not wantusers to be able to modify other users’ posts. What levels of confidentiality, integrity, and availability should youseek?
B. Data can be viewed anonymously, so low confidentiality is acceptable. You do not want users to modifyother users’ posts, so integrity is medium. The site is free but you do want users to be able to access it whenneeded, so availability is medium.
What is the purpose of risk mitigation? A. Reduce the chances that a threat will exploit a vulnerability B. Reduce the chances that a vulnerability will exploit a threat C. Eliminate risk D. Eliminate threats
A. Risk mitigation reduces the chances that a threat will exploit a vulnerability. Risk is the likelihood that athreat (such as an attacker) will exploit a vulnerability (any weakness). A vulnerability cannot exploit a threat. Youcannot eliminate risk or eliminate threats.
What is completed when a user’s password has been verified?
C. A user is authenticated when the password is verified. The user claims an identity with a username.After authentication, users are authorized to access resources based on their identity, and auditing can verifywhat resources a user has accessed.
Which of the following formulas represent the complexity of a password policy that requires users to useonly upper and lower case letters with a length of eight characters?
D. The correct formula is 52^8. The formula to calculate the complexity of a password is C^N, where C isthe number of possible characters used and N is the length of the password. Since both uppercase (A-Z) andlowercase (a-z) characters are used, C is fifty-two, and the password has a stated length of eight characters.
Of the following choices, what password has a dissimilar key space than the others?
B. IL0ve$ecur1ty has 13 characters with a mixture of all four character types (uppercase letters,lowercase letters, numbers, and symbols). This has a larger key space (more possibilities) than the otherpasswords. Secur1ty, Passw0rd, and 3uBetuta each use only three character types.
Robert lets you know that he is using his username as his password since it’s easier to remember. Youdecide to inform the user that this isn’t a secure password. What explanation would you include?
B. Strong passwords do not include any part of a username, and if just the username is used, thepassword would not be complex. Password characteristics are not related to account lockout (where a useraccount can be locked out after entering the wrong password too many times). A username as a passwordwould not be difficult to remember. Users with long names could have extremely long passwords so they willlikely meet length requirements.
Your organization has implemented a self-service password reset system. What does this provide?
C. A self-service password reset system allows users to recover passwords without administrativeintervention. A password policy ensures that users create strong passwords and change them periodically. Apassword reset system does not reset certificates. A previous logon notification provides notification to userswhen they last logged on and can help them identify if someone else is using their account.
A user entered the incorrect password for his account three times in a row and can no longer log onbecause his account is disabled. What caused this?
D. An account lockout policy will force an account to be locked out after the wrong password is entereda set number of times (such as after three failed attempts). A password policy ensures strong passwords areused and users change their password regularly. An account disablement policy refers to disabling inactiveaccounts, such as after an employee is terminated. A password policy ensures users create strong, complexpasswords, but there is no such thing as an account complexity policy.
A user is issued a token with a number displayed in an LCD. What does this provide?
B. A token (such as an RSA token) provides a rolling password for one-time use. While it can be usedwith multifactor authentication (requiring the user to also enter other information such as a password), it doesn’tprovide multifactor authentication by itself. A CAC and a PIV are both specialized types of smart cards thatinclude photo identification.
Which one of the following includes a photo and can be used as identification? (Choose all that apply.)
A, D. A common access card (CAC) and a personal identity verification (PIV) card both include photoidentification and function as smart cards. MAC and DAC are access control models, not photo IDs.
Which of the following is a behavioral biometric authentication model?
D. Voice recognition is a form of behavioral biometric authentication. Biometrics are the most difficult foran attacker to falsify or forge, because they represent a user based on personal characteristics. Fingerprints andiris scans are forms of physical biometric authentication. A token provides a rolling password for one-time use.
Which of the following is an example of multifactor authentication?
A. A smart card and PIN is an example of multifactor authentication since it uses methods from thesomething you have factor and something you know factor. A smart card and token are both in the somethingyou have factor. Thumbprint and voice recognition are both in the something you are factor. A password andPIN are both in the something you know factor.
Which of the following choices is an example of using multiple authentication factors?
B. A fingerprint uses the something you are factor, and a password uses the something you know factor.All the other answers use examples from the same factor. A fingerprint and retina are both examples of thesomething you are factor. A smart card and token are both examples of the something you have factor. Apassword and a PIN are both examples of the something you know factor.
Of the following choices, what provides the strongest authentication?
B. Multifactor authentication combines two or more other factors of authentication and is stronger thanany authentication using a single factor. A password is something you know, a smart card is something you have,and a retina scan is based on something you are.
What is used for authentication in a Microsoft Active Directory domain?
A. Kerberos is used as a network authentication protocol in Microsoft Active Directory domains and inUNIX realms. Kerberos uses tickets issued by a KDC. RADIUS and TACACS+ are central authentication servicesthat also provide authorization and accounting. A network-based intrusion detection service (NIDS) attempts todetect intrusions on a network.
Which of the following best describes the purpose of LDAP?
D. The Lightweight Directory Access Protocol (LDAP) specifies formats and methods to query directoriesand is used to manage objects (such as users and computers) in an Active Directory domain. LDAP is notassociated with biometrics. While LDAP contributes indirectly to confidentiality and integrity, it is more accurateto say that LDAP is used as a central point for user management.
A federated user database is used to provide central authentication via a web portal. What service doesthis database provide?
A. Single sign-on (SSO) can be used to provide central authentication with a federated database and usethis authentication in a nonhomogeneous environment. Multifactor authentication uses authentication from twoor more factors. A common access card (CAC) is a form of photo identification and also function as a smart card.DAC is an access control model.
Of the following protocols, which one does not encrypt the entire authentication process, but insteadonly encrypts the password in traffic between the client and server?
D. Remote Authentication Dial-In User Service (RADIUS) will encrypt the password packets between aclient and a server, but it does not encrypt the entire authentication process. Terminal Access Controller Access-Control System + (TACACS+) and Extended TACACS (XTACACS) both encrypt the entire logon process. A tokenuses a one-time rolling password, but it is not a protocol in itself.
Which one of the following AAA protocols uses multiple challenges and responses?
D. TACACS+ uses multiple challenges and responses and is an authentication, authorization, andaccounting (AAA) protocol. CHAP is not an AAA protocol. RADIUS and TACACS do not use multiple challengesand responses.