Confidentiality is incorrect because it ensures that data is disclosed to only authorized subjects. Integrity is incorrect because it is the property that an object is changed only in a specified and authorized manner. Availability is incorrect because it is the property that a given resource will be usable during a given time period.
251. What is the major advantage of a single sign-on?
a. It reduces management work.
b. It is a convenience for the end user.
c. It authenticates a user once.
d. It provides a centralized administration.
251. b. Under a single sign-on (SSO), a user can authenticate once to gain access to multiple applications that have been previously defined in the security system. The SSO system is convenient for the end user in that it provides fewer areas to manage when compared to multiple sign-on systems, but SSO is risky. Many points of failure exist in multiple sign-on systems as they are inconvenient for the end user because of many areas to manage.
252. Kerberos can prevent which one of the following attacks?
a. Tunneling attack
b. Playback attack
c. Destructive attack
d. Process attack
252. b. In a playback (replay) attack, messages received from something or from somewhere are replayed back to it. It is also called a reflection attack. Kerberos puts the time of day in the request to prevent an eavesdropper from intercepting the request for service and retransmitting it from the same host at a later time.
A tunneling attack attempts to exploit a weakness in a system that exists at a level of abstraction lower than that used by the developer to design the system. For example, an attacker might discover a way to modify the microcode of a processor used when encrypting some data, rather than attempting to break the system’s encryption algorithm.
Destructive attacks damage information in a fashion that denies service. These attacks can be prevented by restricting access to critical data files and protecting them from unauthorized users.
In process attacks, one user makes a computer unusable for others that use the computer at the same time. These attacks are applicable to shared computers.
253. From an access control point of view, which of the following are examples of history-based access control policies?
1. Role-based access control
2. Workflow policy
3. Rule-based access control
4. Chinese Wall policy
a. 1 and 2
b. 1 and 3
c. 2 and 4
d. 3 and 4
253. c. History-based access control policies are defined in terms of subjects and events where the events of the system are specified as the object access operations associated with activity at a particular security level. This assumes that the security policy is defined in terms of the sequence of events over time, and that the security policy decides which events of the system are permitted to ensure that information does not flow in an unauthorized manner. History-based access control policies are not based on standard access control mechanism but based on practical applications. In the history-based access control policies, previous access events are used as one of the decision factors for the next access authorization. The workflow and the Chinese Wall policies are examples of history-based access control policies.
254. Which of the following is most commonly used in the implementation of an access control matrix?
a. Discretionary access control
b. Mandatory access control
c. Access control list
d. Logical access control
254. c. The access control list (ACL) is the most useful and flexible type of implementation of an access control matrix. The ACL permits any given user to be allowed or disallowed access to any object. The columns of an ACL show a list of users attached to protected objects. One can associate access rights for individuals and resources directly with each object. The other three choices require extensive administrative work and are useful but not that flexible.
255. What is Kerberos?
a. Access-oriented protection system
b. Ticket-oriented protection system
c. List-oriented protection system
d. Lock-and-key-oriented protection system
255. b. Kerberos was developed to enable network applications to securely identify their peers. It uses a ticket, which identifies the client, and an authenticator that serves to validate the use of that ticket and prevent an intruder from replaying the same ticket to the server in a future session. A ticket is valid only for a given time interval. When the interval ends, the ticket expires, and any later authentication exchanges require a new ticket.
An access-oriented protection system can be based on hardware or software or a combination of both to prevent and detect unauthorized access and to permit authorized access. In list-oriented protection systems, each protected object has a list of all subjects authorized to access it. A lock-and-key-oriented protection system involves matching a key or password with a specific access requirement. The other three choices do not provide a strong authentication protection, as does the Kerberos.
256. For intrusion detection and prevention system capabilities using anomaly-based detection, administrators should check which of the following to determine whether they need to be adjusted to compensate for changes in the system and changes in threats?
a. Whitelists
b. Thresholds
c. Program code viewing
d. Blacklists
256. b. Administrators should check the intrusion detection and prevention system (IDPS) thresholds and alert settings to determine whether they need to be adjusted periodically to compensate for changes in the system environment and changes in threats. The other three choices are incorrect because the anomaly-based detection does not use whitelists, blacklists, and program code viewing.
257. Intrusion detection systems cannot do which of the following?
a. Report alterations to data files
b. Trace user activity
c. Compensate for weak authentication
d. Interpret system logs
257. c. An intrusion detection system (IDS) cannot act as a “silver bullet,” compensating for weak identification and authentication mechanisms, weaknesses in network protocols, or lack of a security policy. IDS can do the other three choices, such as recognizing and reporting alterations to data files, tracing user activity from the point of entry to the point of exit or impact, and interpreting the mass of information contained in operating system logs and audit trail logs.