Instant Download with all chapters and Answers
*you will get test bank in PDF in best viewable format after buy*
Chapter 1: introduction
TRUE OR FALSE
T F 1. With the introduction of the computer the need for automated
tools for protecting files and other information stored on the
computer became evident.
T F 2. There is a natural tendency on the part of users and system
managers to perceive little benefit from security investment until a
security failure occurs.
T F 3. There are clear boundaries between network security and internet
T F 4. The CIA triad embodies the fundamental security objectives for
both data and for information and computing services.
T F 5. In developing a particular security mechanism or algorithm one
must always consider potential attacks on those security features.
T F 6. A loss of confidentiality is the unauthorized modification or
destruction of information.
T F 7. Patient allergy information is an example of an asset with a
moderate requirement for integrity.
T F 8. The more critical a component or service, the higher the level of
T F 9. Data origin authentication provides protection against the
duplication or modification of data units.
T F 10. The emphasis in dealing with passive attacks is on prevention
rather than detection.
T F 11. Data integrity is the protection of data from unauthorized
T F 12. Information access threats exploit service flaws in computers to
inhibit use by legitimate users.
T F 13. Viruses and worms are two examples of software attacks.
T F 14. A connection-oriented integrity service deals with individual
messages without regard to any larger context and generally
provides protection against message modification only.
T F 15. Pervasive security mechanisms are not specific to any particular
OSI security service or protocol layer.
- _________ security consists of measures to deter, prevent, detect, and correct security violations that involve the transmission of information.
- Computer B. Internet
- Intranet D. Network
- Verifying that users are who they say they are and that each input arriving at the system came from a trusted source.
- authenticity B. accountability
- integrity D. confidentiality
- __________ assures that systems work promptly and service is not denied to authorized users.
- Integrity B. Availability
- System integrity D. Data confidentiality
- __________ assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
- Data confidentiality B. Availability
- System integrity D. Privacy
- The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity is _________ .
- accountability B. authenticity
- privacy D. integrity
- __________ attacks attempt to alter system resources or affect their operation.
- Active B. Release of message content
- Passive D. Traffic analysis
- A __________ takes place when one entity pretends to be a different entity.
- passive attack B. masquerade
- modification of message D. replay
- 800 defines _________ as a service that is provided by a protocol layer of communicating open systems and that ensures adequate security of the systems or of data transfers.
- replay B. integrity
- authenticity D. security service
- _________ is a professional membership society with worldwide organizational and individual membership that provides leadership in addressing issues that confront the future of the Internet and is the organization home for the groups responsible for Internet infrastructure standards, including the IETF and the IAB.
- ITU-T B. ISO
- FIPS D. ISOC
- The protection of data from unauthorized disclosure is _________ .
- access control B. authentication
- data confidentiality D. nonrepudiation
- __________ is a U.S. federal agency that deals with measurement science, standards, and technology related to U.S. government use and to the promotion of U.S. private sector innovation.
- ISO B. NIST
- ITU-T D. ISOC
- The prevention of unauthorized use of a resource is __________ .
- access control B. authentication
- data confidentiality D. nonrepudiation
- The __________ service addresses the security concerns raised by denial-of-service attacks.
- event detection B. integrity
- availability D. routing control
- _________ is the insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.
- Notarization B. Authentication exchange
- Routing control D. Traffic padding
- _________ is a variety of mechanisms used to assure the integrity of a data unit or stream of data units.
- Data integrity B. Authentication exchange
- Trusted functionality D. Event detection
- _________ is defined as “the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources”.
- Three key objectives that are at the heart of computer security are: confidentiality, availability, and _________ .
- An intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is an __________ .
- A loss of _________ is the disruption of access to or use of information or an information system.
- __________ is the use of mathematical algorithms to transform data into a form that is not readily intelligible, in which the transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys.
- Student grade information is an asset whose confidentiality is considered to be highly important by students and, in the United States, the release of such information is regulated by the __________.
- A possible danger that might exploit a vulnerability, a _________ is a potential for violation of security which exists when there is a circumstance, capability, action, or event that could breach security and cause harm.
- A __________ attack attempts to learn or make use of information from the system but does not affect system resources.
- The common technique for masking contents of messages or other information traffic so that opponents, even if they captured the message, could not extract the information from the message is _________ .
- Active attacks can be subdivided into four categories: replay, modification of messages, denial of service, and __________ .
- X.800 divides security services into five categories: authentication, access control, nonrepudiation, data integrity and __________ .
- In the context of network security, _________ is the ability to limit and control the access to host systems and applications via communications links.
- The __________ is a worldwide federation of national standards bodies that promote the development of standardization and related activities with a view to facilitating the international exchange of goods and services and to developing cooperation in the spheres of intellectual, scientific, technological, and economic activity.
- __________ prevents either sender or receiver from denying a transmitted message; when a message is sent the receiver can prove that the alleged sender in fact sent the message and when a message is received the sender can prove that the alleged receiver in fact received the message.
- A __________ is data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery.
Chapter 5: Network Access Control and Cloud Security
TRUE OR FALSE
T F 1. Network access control authenticates users logging into the
network and determines what data they can access and actions
they can perform.
T F 2. Access requestors are also referred to as clients.
T F 3. A network access server does not include its own authentication
T F 4. VLANs are common NAC enforcement methods.
T F 5. The Extensible Authentication Protocol supports multiple
T F 6. EAPOL operates at the network layers and makes use of an IEEE
802 LAN, such as Ethernet or Wi-Fi, at the link level.
T F 7. There is a decreasing trend in organizations to move information
technology operations to a cloud computing infrastructure.
T F 8. Cloud computing gives you the ability to expand and reduce
resources according to your specific service requirement.
T F 9. The cloud provider in a private cloud infrastructure is responsible
for both the infrastructure and the control.
T F 10. The NIST cloud computing reference architecture focuses on the
requirements of “what” cloud services provide, not a “how to”
design solution and implementation.
T F 11. A cloud broker is useful when cloud services are too complex for a
cloud consumer to easily manage.
T F 12. For many clients, the most devastating impact from a security
breach is the loss or leakage of data.
T F 13. In using cloud infrastructures, the client necessarily cedes control
to the CP on a number of issues that may affect security.
T F 14. The threat of data compromise decreases in the cloud.
T F 15. Data must be secured while at rest, in transit, and in use, and
access to the data must be controlled.
- ___________ is an umbrella term for managing access to a network.
- NAS B. ARC
- NAC D. RAS
- The _________ is the node that is attempting to access the network and may be any device that is managed by the network access control system.
- AR B. RAS
- IP D. PS
- The __________ determines what access should be granted.
- authentication server B. policy server
- supplicant D. access requestor
- The __________ is an Internet protocol that enables dynamic allocation of IP addresses to hosts.
- VLAN B. IEEE 802.1X
- EAPS D. DHCP
- _________ is a client computer that is attempting to access a network.
- EAP peer B. PSK
- NAC D. RAS
- Broad network access, measured service, resource pooling, and rapid elasticity are essential characteristics of ___________.
- PaaS B. network access control
- cloud computing D. EAP-TLS
- _________ saves the complexity of software installation, maintenance, upgrades, and patches.
- IaaS B. SaaS
- EAP D. DHCP
- In effect, ________ is an operating system in the cloud.
- IEEE 802.1X B. PaaS
- IaaS D. DHCP
- _________ enables customers to combine basic computing services, such as number crunching and data storage, to build highly adaptable computer systems.
- IaaS B. EAP peer
- CP D. SaaS
- With a _________ infrastructure, the cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.
- hybrid cloud B. private cloud
C public cloud D. community cloud
- With a _________ infrastructure, the cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns.
- community cloud B. public cloud
- private cloud D. hybrid cloud
- A _________ is a person or organization that maintains a business relationship with, and uses service from, cloud providers.
- cloud auditor B. cloud broker
- cloud carrier D. cloud consumer
- A ________ is a person, organization, or entity responsible for making a service available to interested parties.
- cloud broker B. cloud auditor
- cloud provider D. cloud carrier
- A ________ is a party that can conduct independent assessment of cloud service, information sytem operations, performance, and security of the cloud implementation.
- cloud auditor B. cloud carrier
- cloud broker D. all of the above
- _________ is the provision of security applications and services via the cloud either to cloud-based infrastructure and software or from the cloud to the customers’ on-premise systems.
- IaaS B. PaaS
- SaaS D. SecaaS
- The ___________ functions as an access control point for users in remote locations connecting to an enterprise’s internal network.
- __________ methods are the actions that are applied to ARs to regulate access to the enterprise network.
- A __________ provides a form of NAC by allowing or denying network traffic between an enterprise host and an external user.
- An __________ is a server computer that negotiates the use of a specific EAP method with an EAP peer, validates the EAP peer’s credentials, and authorizes access to the network.
- A _________ is an entity at one end of a point-to-point LAN segment that seeks to be authenticated by an autheticator attached to the other end of that link.
- _________ is a model for enabling ubiquitous, convenient, on-demand network
access to a shared pool of configurable computing resources that can be
rapidly provisioned and released with minimal management effort or service
- NIST defines three service models, which can be viewed as nested service alternatives: software as a service, platform as a service, and _________ as a service.
- With a ________ infrastructure, the cloud infrastructure is a composition of two or more clouds that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability.
- A _________ in an intermediary that provides connectivity and transport of cloud services from CP’s to cloud consumers.
- ___________ includes people, processes, and systems that are used to manage access to enterprise resources by assuring that the identity of an entity is verified, and then granting the correct level of access based on this assured identity.
- __________ are third party audits of cloud services.
- _________ defines how the TLS protocol can be encapsulated in EAP messages.
- ____________ is an EAP method for mutual authentication and session key derivation using a Pre-Shared Key.
- An _________ is an access point or NAS that requires EAP authentication prior to granting access to a network.
- The Cloud Security Alliance defines _______ as the provision of security applications and services via the cloud either to cloud-based infrastructure and software or from the cloud to the customers’ on-premise systems.