USB Data Theft Quiz

Questions and Answers

Which concept is used to secure against someone removing confidential data from an environment on a USB flash drive?

• Defense in depth (correct)
• Authorization
• Authentication
• Access control

What aspect of the Parkerian Hexad allows you to determine the proper owner or creator of data?

• Integrity
• Confidentiality
• Availability
• Authenticity (correct)

What is the difference between authorization and access control?

• Authorization is the process of determining access, while access control is the process of granting access.
• Authorization determines what an authenticated party can do, while access control is the tools and systems used to deny or allow access. (correct)
• Authorization and access control are the same thing.
• Authorization is used for physical access, while access control is used for logical access.

Which should take place first, authorization or authentication?

Authentication (C)

What is the primary security focus of the Bell-LaPadula and Biba multilevel access control models?

Confidentiality (C)

Can the Bell-LaPadula and Biba multilevel access control models be used together?

No, they have conflicting security requirements. (C)

What is the primary purpose of encryption for protecting confidential data on a USB flash drive?

To prevent unauthorized access to the data (A)

What is the Parkerian Hexad?

A framework for understanding information security (B)

Which layer of security is implemented to deny or allow access to resources?

Access control (A)

What is the purpose of authentication in the context of information security?

To verify the identity of a user or service (D)

Which access control model protects integrity by ensuring that the resource can only be written by those with a high level of access and that those with a high level of access don't access a resource with a lower classification?

Biba model (A)

What does the Bell-LaPadula model ensure while handling classified information?

You cannot read any higher than your clearance level (B)

What is the confused deputy problem?

A problem that occurs when software misuses its level of authority (D)

What is the main difference between access control lists (ACLs) and capabilities?

Capabilities are oriented around the use of a token that controls access (B)

If the Web servers in our environment are based on Microsoft's Internet Information Server (IIS) and a new worm is discovered that attacks Apache Web servers, what do we not have to worry about?

Threat (A)

Why is it important to identify your critical information?

To determine the value of your information assets (B)

What part did George Washington play in the creation of operations security?

He created America's first intelligence community (B)

When you have cycled through the entire operations security process, are you finished?

No, you need to update and reapply OPSEC regularly (C)

From where did the first formal OPSEC methodology arise?

Vietnam War (A)

Which US law protects the privacy of minors younger than 13 by restricting organizations from collecting their Personally Identifiable Information (PII)?

COPPA (A)

Flashcards are hidden until you start studying

Study Notes

Data Protection

• Data Exfiltration is the concept used to secure against someone removing confidential data from an environment on a USB flash drive.

Parkerian Hexad

• The Parkerian Hexad is a model used to identify the owner or creator of data, considering aspects such as possession, control, and ownership.

Access Control

• Authorization is the process of determining what a user can do with a resource, while access control is the process of controlling access to resources.
• Authentication should take place before authorization.
• Access control is implemented at the perimeter security layer to deny or allow access to resources.

Multilevel Access Control

• The Bell-LaPadula and Biba models are multilevel access control models that focus on confidentiality and integrity, respectively.
• The Bell-LaPadula model ensures that no read up or write down occurs, protecting confidentiality.
• The Biba model ensures that no write up or read down occurs, protecting integrity.
• Both models can be used together.

Encryption

• Encryption is used to protect confidential data on a USB flash drive.

Authenticaction

• Authentication is the process of verifying the identity of a user or device in the context of information security.

Capabilities and ACLs

• Access Control Lists (ACLs) and Capabilities are both access control models, with ACLs focusing on resources and Capabilities focusing on user permissions.

Web Server Security

• Since the worm attacks Apache Web servers, it does not affect Microsoft's Internet Information Server (IIS) environments.

Operations Security

• Identifying critical information is crucial in operations security to prioritize protection efforts.
• George Washington did not play a role in the creation of operations security.
• The operations security process is continuous, and cycling through the process does not mean it is finished.
• The first formal OPSEC methodology arose from the US Military.

Privacy Law

• The Children's Online Privacy Protection Act (COPPA) is a US law that protects the privacy of minors younger than 13 by restricting organizations from collecting their Personally Identifiable Information (PII).

Confused Deputy Problem

• The confused deputy problem occurs when a program is given more privileges than necessary to perform a task, leading to potential security risks.