Data and Datum

Questions and Answers

What is the definition of Data/Datum?

To give or something given.

What is the lowest unit of information from which other measurements and analysis can be done?

Data/Datum

Data can be numbers, images, words, _____ or _____.

figures, facts, ideas

What serves as the backbone for analysis?

Data/Datum

No question can be answered without the data.

True (A)

Analyzation of the data often leads to some of the interferences which are very commonly called as the _____.

Information

What type of data is original in nature, problem- or project-specific, and collected for serving in a particular purpose?

Primary Data

What type of data is not topical or research specific and can be economically and quickly collected?

Secondary Data

What type of data involves information a company already possesses and collects routinely?

Internal Data

Data collected by Internal method is not always in tune and regard with the research operation's objectives.

False (B)

What type of data is collected from individuals outside the company and serves as a useful research tool?

External Data

What is the ability of an individual or group to seclude themselves or information about themselves?

Privacy

What type of information might result in loss of advantage or level of security if revealed?

Sensitive Information

What is non-sensitive information that is not released to the public called?

Internal Information

What is information that has been approved for public access called?

Public Information

What are the levels of information sensitivity, typically categorized from most to least restricted?

Restricted, Confidential, Internal, Public

What security process covers all human-to-computer interactions requiring user registration and login?

User authentication

What are the four general means (factors) of authenticating a user's identity?

Something the individual knows, something the individual possesses, something the individual is (static biometrics), something the individual does (dynamic biometrics)

What authentication factor includes passwords, Personal Identification Numbers (PINs), and answers to prearranged questions?

Something the Individual Knows

What authentication factor includes electronic keycards, smart cards, and physical keys (also known as tokens)?

Something the Individual Possesses

What authentication factor involves recognition by fingerprint, retina, and face?

Static Biometrics (Something the Individual Is)

What authentication factor involves recognition of voice patterns, handwriting characteristics, and typing rhythm?

Dynamic Biometrics (Something the Individual Does)

What is the widely used user authentication method where the user provides a name/login and password?

Password Authentication

What type of access control allows the owner of a resource to decide who can access it and what level of access they have?

Discretionary Access Control (DAC)

What type of attack involves an attacker gaining access to the system password file and comparing the password hashes against hashes of common words or precomputed lists offline?

Offline Dictionary Attack

What type of attack targets a specific account and involves submitting password guesses until the correct password is discovered?

Specific Account Attack

What attack involves an attacker choosing a popular password and trying it, possibly combined with attempts to gain knowledge about the account holder?

Popular Password Attack / Against a single user

What attack involves an attacker waiting until a logged-in workstation is unattended to gain unauthorized access?

Workstation Hijacking

Users sometimes likely to write down passwords?

Exploiting user mistakes

What common user mistake involves using similar credentials across different services or applications?

Using similar passwords for many applications

If a password is communicated across a network to log on to a remote system, it is vulnerable to eavesdropping.

Electronic Monitoring

What password cracking technique involves trying words from a large list (dictionary) against the password file?

Dictionary Attacks

What password cracking technique uses pre-computed tables of hash values, often incorporating salts to speed up the cracking process?

Using a Rainbow Table

User authentication only requires a username.

False (B)

Password authentication authenticates the ID of the user logging in.

True (A)

Discretionary Access Control allows the system to determine user privileges.

False (B)

Offline password guessing represents a significant password vulnerability.

True (A)

Workstation hijacking is an online password vulnerability.

False (B)

Exploiting user mistakes is a password cracking technique.

False (B)

Dictionary attacks and rainbow tables are password cracking techniques.

True (A)

Flashcards

Datum/Data

The lowest unit of information for analysis. Can be numbers, images, or words.

Information

The result of analyzing data; provides understanding.

Primary Data

Original data collected for a specific purpose.

Secondary Data

Data that already exists and is collected for other research.

Privacy

The ability to keep oneself or information private.

Sensitive Information

Data that could cause harm if revealed.

User Authentication

Authentication through human-computer interactions that requires a user to register and log in to a system.

Four General Means of Authenticating User Identity

Something you know, something you have, something you are, and something you do.

Password Authentication

User provides username and password.

Discretionary Access Control (DAC)

Resource owner decides access levels.

Offline Dictionary Attack

Attacker gains access to password file and decrypts.

Specific Account Attack

Targeting a single user account with password guesses.

Popular Password Attack

Trying popular passwords against a user.

Workstation Hijacking

Attacker uses unattended, logged-in workstation.

Password Cracking Techniques

Dictionary and rainbow tables are examples of this.

Study Notes

• To give or something given is Data/Datum.
• The basic unit of information for measurements and analysis is Data/Datum.
• Data can be numbers, images, words, figures, facts, or ideas.
• The backbone for analysis is Data/Datum.
• No question can be answered without data: TRUE.
• Data analysis often leads to interferences commonly called Information.
• Guesswork or opinions are not part of data analysis; it is based on Inference (Results).
• Data that is original, problem/project-specific, collected for a particular purpose: Primary Data.
• Data that isn't topical or research-specific and is economically and quickly collected: Secondary Data.
• Primary data collection methods include Observation, Questionnaire/Interview Schedule, Experimentation, Stimulation, Interview Method, Projective Techniques.
• Primary sources provide basic data, more expensive, more time to collect, more accurate, first hand data.
• Data a company already has and collects routinely is Internal.
• Data collected by internal methods isn't always in tune with research operations: FALSE.
• Data collected directly from individuals is External.
• Individuals' ability to seclude themselves or their information is Privacy.
• Information that could cause loss of advantage or security: Sensitive Information.
• Non-public information is Restricted.
• Information that is not released to the public is considered Confidential.
• Publicly available information is Internal.
• Information approved for public access is Public.
• The sensitivity of information levels are Restricted, Confidential, Internal and Public.
• Human-to-computer interactions requiring registration and login are under User authentication.
• The four means of authenticating a user's identity are: Individual Knows, Individual Possesses, Individual is (static biometrics), Individual does (dynamic biometrics).
• Passwords, PINs, and answers to prearranged questions are examples of Individual Knows authentication.
• Electronic keycards, smart cards, and physical keys are examples of Individual Possesses authentication.
• Identifying fingerprints, retinas, and faces falls under Static Biometrics.
• Identifying voice patterns, handwriting, and typing rhythm falls under Dynamic Biometrics.
• Using a name/login and password for authentication is Password Authentication.
• The type of access control that enables resource owners to decide who can access and at what level is Discretionary Access Control (DAC).
• An attacker gaining access to a system password file and comparing password hashes is an Offline Dictionary Attack.
• Targeting a specific account and submitting password guesses is a Specific Account Attack.
• Choosing a popular password is a Popular Password Attack / Against a single user.
• Waiting for a logged-in workstation to be unattended is an example of Workstation Hijacking.
• Exploiting mistakes from user is an example of Exploiting User Mistakes.
• Using similar passwords across many applications is Exploiting Multiple Passwords Use.
• Communicating a password across a network to log into a remote system is Electronic Monitoring.
• Creating a large dictionary of possible passwords is a Dictionary Attacks.
• Pre-computing tables of hash values for all salts is Using A Rainbow Table.
• User authentication requiring only a username is False.
• Password authentication authenticates the user ID logging in: True.
• The system is in charge of determining user privileges via Discretionary Access Control: False.
• Offline password guessing is a password vulnerability: True.
• Workstation hijacking is an online password vulnerability: False.
• Exploiting user mistakes is password cracking: False.
• Dictionary attacks and rainbow tables are password cracking techniques: True.