Information Security Chapter 2 Quiz
38 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What does identification in the context of authentication refer to?

  • Proving that someone is who they claim to be.
  • Asserting who a person is. (correct)
  • Providing a unique password.
  • Making personal details public.
  • Which of the following is NOT a type of authentication mechanism?

  • Something you know
  • Something you have
  • Something you feel (correct)
  • Something you are
  • What is a common method attackers might use to compromise passwords?

  • Phishing
  • Data Encryption
  • Guessing (correct)
  • Eavesdropping
  • How does a dictionary attack function?

    <p>By employing a list of common words and phrases.</p> Signup and view all the answers

    Which method is an example of authentication based on something you are?

    <p>Fingerprint</p> Signup and view all the answers

    What is a significant risk to password protection systems?

    <p>Human practices sometimes degrade their quality.</p> Signup and view all the answers

    Which of the following represents a potential password weakness during an attack?

    <p>Choosing a password derived from a personal name.</p> Signup and view all the answers

    What is the primary purpose of an authentication mechanism?

    <p>To confirm a user’s identity.</p> Signup and view all the answers

    What does Top Secret clearance allow John to access?

    <p>Files of Secret, Confidential level and Top Secret</p> Signup and view all the answers

    In Discretionary Access Control (DAC), who primarily determines access to an object?

    <p>The object owner</p> Signup and view all the answers

    What does the command 'wmic useraccount get sid, name' retrieve in a Windows environment?

    <p>The Security ID (SID) of a user</p> Signup and view all the answers

    Which role would primarily be responsible for creating new accounts in a Role-Based Access Control system?

    <p>Administrator</p> Signup and view all the answers

    Role-Based Access Control is designed to account for what main aspect?

    <p>Distinguishing various users' privileges</p> Signup and view all the answers

    What is the primary purpose of authentication in the context of AAA?

    <p>To identify the user</p> Signup and view all the answers

    Which of the following is an example of a one-time password scheme?

    <p>Having a shared secret list of passwords</p> Signup and view all the answers

    Which account type typically has the fewest permissions?

    <p>Guest Account</p> Signup and view all the answers

    What does access control refer to in the context of information security?

    <p>Limiting user access to resources</p> Signup and view all the answers

    Which of the following best describes 'Out-of-Band Communication' related to security?

    <p>Delivering PINs separately from related materials</p> Signup and view all the answers

    Which access mode allows a user to view data without making changes?

    <p>Read Only</p> Signup and view all the answers

    Which factor is NOT typically used in multifactor authentication?

    <p>Something you saw</p> Signup and view all the answers

    What is the main focus of auditing in the context of accounting within AAA?

    <p>Tracking user activities</p> Signup and view all the answers

    Which utilities can be used by an administrator to scan for weak passwords?

    <p>COPS, Crack, and SATAN</p> Signup and view all the answers

    Which of the following is considered a strong password practice?

    <p>Choosing long passwords with various characters</p> Signup and view all the answers

    What type of authentication relies on the unique characteristics of a person?

    <p>Biometric Authentication</p> Signup and view all the answers

    In authentication methods, what is a passive token?

    <p>A token that does not change, like a photo ID</p> Signup and view all the answers

    What is the primary purpose of a brute force attack?

    <p>To sequentially check all possible passwords</p> Signup and view all the answers

    What does the term 'dynamic token' refer to?

    <p>Tokens that change their value regularly</p> Signup and view all the answers

    Which of these is NOT a good password practice?

    <p>Using actual names for convenience</p> Signup and view all the answers

    Single sign-on (SSO) allows for what benefit in authentication?

    <p>Convenience by only needing to sign in once</p> Signup and view all the answers

    Which of the following describes a common attack method for discovering weak passwords?

    <p>Guessing probable passwords</p> Signup and view all the answers

    What is the primary goal of the principle of least privilege in access control?

    <p>To restrict users and processes to only necessary permissions</p> Signup and view all the answers

    What does an access log primarily help identify during a system failure?

    <p>Which objects were accessed prior to the failure</p> Signup and view all the answers

    In which access control model are labels used to identify access?

    <p>Mandatory Access Control</p> Signup and view all the answers

    What is the purpose of the Access Control List?

    <p>To assign permissions per user for each object accessed</p> Signup and view all the answers

    Which statement describes the concept of 'Need to Know Policy'?

    <p>Users may access only specific data necessary for their tasks</p> Signup and view all the answers

    Which of the following is NOT a reason for logging access?

    <p>To minimize user access restrictions</p> Signup and view all the answers

    How is an Access Control Matrix typically represented?

    <p>As a list of triples representing subject, object, and rights</p> Signup and view all the answers

    What is a reference monitor responsible for in access control systems?

    <p>Enforcing access rights based on subject requests</p> Signup and view all the answers

    Study Notes

    Part I: Authentication

    • Authentication involves confirming a user's identity through verification processes.
    • Identification asserts who a person is, typically using a username or email.
    • Authentication proves the asserted identity, often through passwords or security questions.
    • Authentication mechanisms rely on three qualities:
      • Something you know (e.g., passwords, PINs)
      • Something you are (e.g., biometrics such as fingerprints, voice patterns)
      • Something you have (e.g., identity badges, physical keys)

    Passwords and Security

    • Password protection’s security can be undermined by poor user practices.

    • Common methods for password attacks include:

      • Guessing based on obvious patterns or common words
      • Dictionary attacks, leveraging lists of common passwords
      • Brute force attacks, systematically testing every possible combination
    • Counting passwords of length three or less yields a total of 18,278 combinations (non-case sensitive).

    • Passwords should be long, complex, and varied to enhance security.

    • Good practices include:

      • Avoiding personal names or common words
      • Regularly updating passwords
      • Not sharing or writing them down

    Biometric Authentication

    • Biometrics utilize unique physical characteristics for identification, including:
      • Fingerprints, hand geometry, facial recognition, and retinal patterns
      • Voice recognition and handwriting dynamics

    Token-Based Authentication

    • Tokens can be categorized as active (dynamic, changeable) or passive (static, unchanging).
    • Examples include:
      • Static tokens: IDs, keys, passports
      • Dynamic tokens: RFID cards that change their value to enhance security

    Authentication Methods

    • Single Sign-On (SSO) simplifies user authentication to one initial login session.
    • Multifactor Authentication (MFA) uses multiple factors for added security.
    • Secure authentication requires careful consideration of potential threats and available defenses.

    Successful Identification and Authentication

    • Shared secrets like One-Time Passwords (OTP) enhance security by providing unique, temporary access codes.
    • Continuous Authentication can be maintained through encryption, ensuring ongoing identity verification.
    • Out-of-Band Communication involves separate methods of conveying sensitive information, e.g., mailing bank PINs separately from cards.

    Part II: Access Control

    • The AAA framework includes:
      • Authentication: Verifying user's identity
      • Authorization: Determining user permissions
      • Accounting: Auditing access activities

    Access Control Concepts

    • Access Control limits what subjects (users) can do with particular objects (data/resources).
    • Access modes vary from read/write to execute/delete.
    • The principles of Least Privilege and Need to Know restrict access to only what is necessary.

    Access Control Mechanisms

    • Access Control Directory maintains user-specific access lists.
    • Access Control Matrix and Access Control Lists define user permissions.

    Access Control Models

    • Mandatory Access Control (MAC) assigns access rights based on security clearance levels, often used in military contexts.
    • Discretionary Access Control (DAC) allows object owners to set access levels.
    • Role-Based Access Control (Role-BAC) assigns permissions based on user roles, differentiating access levels for different types of users.

    Role-Based Access Control Example

    • Roles within a banking context can include:
      • Teller: Crediting and debiting accounts
      • Clerk: Transferring funds
      • Administrator: Full access, including creating new accounts

    This hierarchical framework streamlines permission management according to organizational needs.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    Description

    This quiz covers key concepts in Chapter 2 of Information & Computer Security, focusing on authentication and identification. Test your understanding of how computer systems determine user identity without face-to-face cues. Ideal for students in Computer Science and Information Systems.

    More Like This

    IT System Security and Authentication
    28 questions
    Authentication in Electronic Communications
    10 questions
    Basic Notions of Information Security
    8 questions
    Use Quizgecko on...
    Browser
    Browser