233. Ensuring data and program integrity is important. Which of the following controls best applies the separation of duties principle in an automated computer operations environment?

a. File placement controls

b. Data file naming conventions

c. Program library controls

d. Program and job naming conventions

233. c. Program library controls enable only assigned programs to run in production and eliminate the problem of test programs accidentally entering the production environment. They also separate production and testing data to ensure that no test data are used in normal production. This practice is based on the “separation of duties” principle.

File placement controls ensure that files reside on the proper direct access storage device so that data sets do not go to a wrong device by accident. Data file, program, and job naming conventions implement the separation of duties principle by uniquely identifying each production and test data file names, program names, job names, and terminal usage.

234. Which of the following pairs of high-level system services provide controlled access to networks?

a. Access control lists and access privileges

b. Identification and authentication

c. Certification and accreditation

d. Accreditation and assurance

234. b. Controlling access to the network is provided by the network’s identification and authentication services, which go together. This service is pivotal in providing controlled access to the resources and services offered by the network and in verifying that the mechanisms provide proper protection. Identification is the process that enables recognition of an entity by a computer system, generally by the use of unique machine-readable usernames. Authentication is the verification of the entity’s identification. That is when the host, to whom the entity must prove his identity, trusts (through an authentication process) that the entity is who he claims to be. The threat to the network that the identification and authentication service must protect against is impersonation.

Access control list (ACL) and access privileges do not provide controlled access to networks because ACL is a list of the subjects that are permitted to access an object and the access rights (privileges) of each subject. This service comes after initial identification and authentication service.

Certification and accreditation services do not provide controlled access to networks because certification is the administrative act of approving a computer system for use in a particular application. Accreditation is the management’s formal acceptance of the adequacy of a computer system’s security. Certification and accreditation are similar in concept. This service comes after initial identification and authentication service.

Accreditation and assurance services do not provide controlled access to networks because accreditation is the management’s formal acceptance of the adequacy of a computer system’s security. Assurance is confidence that a computer system design meets its requirements. Again, this service comes after initial identification and authentication service.

235. Which of the following is not subjected to impersonation attacks?

a. Packet replay

b. Forgery

c. Relay

d. Interception

235. a. Packet replay is one of the most common security threats to network systems, similar to impersonation and eavesdropping in terms of damage, but dissimilar in terms of functions. Packet replay refers to the recording and retransmission of message packets in the network. It is a significant threat for programs that require authentication-sequences because an intruder could replay legitimate authentication sequence messages to gain access to a system. Packet replay is frequently undetectable but can be prevented by using packet timestamping and packet-sequence counting.

Forgery is incorrect because it is one of the ways an impersonation attack is achieved. Forgery is attempting to guess or otherwise fabricate the evidence that the impersonator knows or possesses.

Relay is incorrect because it is one of the ways an impersonation attack is achieved. Relay is where one can eavesdrop upon another’s authentication exchange and learn enough to impersonate a user.

Interception is incorrect because it is one of the ways an impersonation attack is achieved. Interception is where one can slip in between the communications and “hijack” the communications channel.

236. Which of the following security features is not supported by the principle of least privilege?

a. All or nothing privileges

b. The granularity of privilege

c. The time bounding of privilege

d. Privilege inheritance

236. a. The purpose of a privilege mechanism is to provide a means of granting specific users or processes the ability to perform security-relevant actions for a limited time and under a restrictive set of conditions, while still permitting tasks properly authorized by the system administrator. This is the underlying theme behind the security principle of least privilege. It does not imply an “all or nothing” privilege.

The granularity of privilege is incorrect because it is one of the security features supported by the principle of least privilege. A privilege mechanism that supports granularity of privilege can enable a process to override only those security-relevant functions needed to perform the task. For example, a backup program needs to override only read restrictions, not the write or execute restriction on files.

The time bounding of privilege is incorrect because it is one of the security features supported by the principle of least privilege. The time bounding of privilege is related in that privileges required by an application or a process can be enabled and disabled as the application or process needs them.

Privilege inheritance is incorrect because it is one of the security features supported by the principle of least privilege. Privilege inheritance enables a process image to request that all, some, or none of its privileges get passed on to the next process image. For example, application programs that execute other utility programs need not pass on any privileges if the utility program does not require them.

237. Authentication is a protection against fraudulent transactions. Authentication process does not assume which of the following?

a. Validity of message location being sent

b. Validity of the workstations that sent the message

c. Integrity of the message that is transmitted

d. Validity of the message originator

237. c. Authentication assures that the data received comes from the supposed origin. It is not extended to include the integrity of the data or messages transmitted. However, authentication is a protection against fraudulent transactions by establishing the validity of messages sent, validity of the workstations that sent the message, and the validity of the message originators. Invalid messages can come from a valid origin, and authentication cannot prevent it.

238. Passwords are used as a basic mechanism to identify and authenticate a system user. Which of the following password-related factors cannot be tested with automated vulnerability testing tools?