CAS CS 27076

subject Type Homework Help
subject Pages 13
subject Words 1507
subject Authors Lawrie Brown, William Stallings

Unlock document.

This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
page-pf1
___________ was the first published public-key algorithm.
A. NIST
B. Diffie-Hellman
C. RC4
D. RSA
The Common Criteria for Information Technology and Security Evaluation are ISO
standards for specifying security requirements and defining evaluation criteria.
_________ attacks have several approaches, all equivalent in effort to factoring the
product of two primes.
A. Mathematical
B. Brute-force
C. Chosen ciphertext
D. Timing
page-pf2
A __________ gateway sets up two TCP connections, one between itself and a TCP
user on an inner host and one between itself and a TCP user on an outside host.
A. packet filtering
B. stateful inspection
C. application-level
D. circuit-level
At its most fundamental level the Internet mail architecture consists of a user world in
the form of _________.
A. MHS
B. MSA
C. MUA
D. MDA
page-pf3
The copyright owner has which exclusive right(s)?
A. reproduction right
B. distribution right
C. modification right
D. all of the above
Periodically reviewing controls to verify that they still function as intended, upgrading
controls when new requirements are discovered, ensuring that changes to systems do
not adversely affect the controls, and ensuring new threats or vulnerabilities have not
become known are all ________ tasks.
A. security compliance
B. maintenance
C. incident handling
D. program management
The ideal solution to the threat of malware is __________.
A. identification
page-pf4
B. removal
C. detection
D. prevention
During the __________ the virus is idle.
A. dormant phase
B. propagation phase
C. triggering phase
D. execution phase
Digital signatures and key management are the two most important applications of
__________ encryption.
A. private-key
B. public-key
C. preimage resistant
D. advanced
page-pf5
The _______ access mode allows the subject both read and write access to the object.
A. read
B. append
C. write
D. execute
_________ audit trails may be used to detect security violations within an application or
to detect flaws in the application's interaction with the system.
A. Application-level B. System-level
C. User-level D. None of the above
page-pf6
__________ is the process of performing authorized queries and deducing unauthorized
information from the legitimate responses received.
A. Perturbation
B. Inference
C. Compromise
D. Partitioning
Subject attributes, object attributes and environment attributes are the three types of
attributes in the __________ model.
A. DSD
B. RBAC
C. ABAC
D. SSD
The _________ module analyzes LAN traffic and reports the results to the central
manager.
A. LAN monitor agent
page-pf7
B. host agent
C. central manager agent
D. architecture agent
A threat action in which sensitive data are directly released to an unauthorized entity is
__________.
A. corruption
B. intrusion
C. disruption
D. exposure
The most common means of human-to-human identification are __________.
A. facial characteristics
B. retinal patterns
C. signatures
D. fingerprints
page-pf8
To protect the data, either the signature alone or the signature plus the message are
mapped into printable ASCII characters using a scheme known as ________ or
base64mapping.
A. radix-64
B. ASCII-64
C. ESP-64
D. safe mapping
The most common technique for using an appropriate synchronization mechanism to
serialize the accesses to prevent errors is to acquire a _______ on the shared file,
ensuring that each process has appropriate access in turn.
A. lock
B. code injection
C. chroot jail
D. privilege escalation
page-pf9
______ is the identification of data that exceed a particular baseline value.
A. Anomaly detection
B. Real-time analysis
C. Thresholding
D. All of the above
The smallest building block of a wireless LAN is a ______.
A. BSS B. ESS
C. WPA D. CCMP
A __________ is a named job function within the organization that controls this
computer system.
A. user
page-pfa
B. role
C. permission
D. session
Identification and authentication is part of the _______ class of security controls.
A. technical
B. operational
C. management
D. none of the above
Any intangible asset that consists of human knowledge and ideas is _______.
A. cyber property
B. personal property
C. intellectual property
D. real property
page-pfb
The buffer is located __________ .
A. in the heap
B. on the stack
C. in the data section of the process
D. all of the above
Public-key encryption was developed in the late ________.
A. 1950s
B. 1970s
C. 1960s
D. 1980s
page-pfc
__________ is the first function in the propagation phase for a network worm.
A. Propagating
B. Fingerprinting
B. Keylogging
D. Spear phishing
_______ bandwidth attacks attempt to take advantage of the disproportionally large
resource consumption at a server.
A. Application-based
B. System-based
C. Random
D. Amplification
A(n) __________ is an action, device, procedure, or technique that reduces a threat, a
vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can
cause, or by discovering and reporting it so that correct action can be taken.
page-pfd
A. attack
B. adversary
C. countermeasure
D. protocol
A ________ is anything that might hinder or present an asset from providing
appropriate levels of the key security services.
A. vulnerability
B. threat
C. risk
D. control
The following steps should be used to secure an operating system:
A. test the security of the basic operating system
B. remove unnecessary services
C. install and patch the operating system
page-pfe
D. all of the above
The four layers of the learning continuum as summarized by NIST SP 800-16 are:
security awareness, security basics and literacy, roles and responsibilities relative to IT
systems, and the _________ level.
A subject is said to have a security _________ of a given level.
A __________ attack occurs when an attacker continually bombards a wireless access
point or some other accessible wireless port with various protocol messages designed to
consume system resources.
page-pff
______ was designed in 1987 by Ron Rivest and is a variable key-size stream cipher
with byte-oriented operations.
An individual's signature is not unique enough to use in biometric applications.
_________ threats encompass conditions in the environment that can damage or
interrupt the service of information systems and the data they contain.
page-pf10
The wireless access point provides a connection to the network or service.
RFC 2196 (Site Security Handbook) lists three alternatives for storing audit records:
read/write file on a host, write-once/read-many device, and ______.
The database management system makes use of the database description tables to
manage the physical database.
The _______ is a directory lookup service that provides a mapping between the name
of a host on the Internet and its numerical address.
page-pf11
Awareness only communicates information security policies and procedures that need
to be followed and does not provide the foundation for any sanctions or disciplinary
actions imposed for noncompliance.
Defensive programming requires a changed mindset to traditional programming
practices.
______ is the set of hardware, software, people, policies, and procedures needed to
create, manage, store, distribute, and revoke digital certificates based on asymmetric
cryptography.
page-pf12
Like the MAC, a hash function also takes a secret key as input.
________ are decoy systems that are designed to lure a potential attacker away from
critical systems.
A signed data message can only be viewed by a recipient with __________ capability.
SHA-3 algorithms must be designed to resist any potentially successful attack on
SHA-2 functions.
page-pf13
X.509 provides a format for use in revoking a key before it expires.
Unauthorized physical access can lead to other threats.

Trusted by Thousands of
Students

Here are what students say about us.

Copyright ©2022 All rights reserved. | CoursePaper is not sponsored or endorsed by any college or university.