5.12 Success Answers
1. What principle requires that a user be given no more privilege than necessary to perform a job?
A. Principle of aggregate privilege
B. Principle of effective privilege
C. Principle of most privilege
D. Principle of least privilege
Explanation: As described at http://hissa.nist.gov/rbac/paper/node5.html, the principle of least privilege has been described as important for meeting integrity objectives. The principle of least privilege requires that a user be given no more privilege than necessary to perform a job (i.e., that they be given the "least privilege" required). When people are given more privileges than absolutely required, you have needlessly increased the risk that they could violate security policy in additional ways, without receiving any business benefit from those additional privileges.
The other terms are not typically used in the context of computer security.
2. Which of the following are potential firewall problems that should be logged?
B. Proxies restarted
C. Changes to the configuration file.
D. No Answer is Correct
Explanation: The following firewall problems should be logged:
A reboot or proxy restart signals a potential reliability issue, or a cracker restarting the firewall after configuration changes or an attempted attack. Changes to the configuration file may be made under legitimate circumstances (by the network administrator) or might indicate an intrusion by unauthorized individuals. Similarly, system and configuration errors might indicate intrusion attempts, or reliability problems.
3. Logs must be secured to prevent:
A. Creation modification and destruction
B. Modification, deletion, and destruction
C. Modification, deletion, and initialization
D. Modification, deletion, and inspection
Explanation: All logs collected are used in the active and passive monitoring process. All logs are kept on archive for a period of time. This period of time will be determined by your company policies. This allows the use of logs for regular and annual audits if retention is longer then a year. Logs must be secured to prevent modification, deletion, and destruction.
4. If the computer system being used contains confidential information, users must not:
A. Share their desks
B. Encrypt their passwords
C. Leave their computer without first logging off
D. All choices are correct
Explanation: If the computer system being used or to which a user is connected contains sensitive or confidential information, users must not leave their computer, terminal, or workstation without first logging off. Users should be reminded frequently to follow this rule.
Sharing their desk is not necessarily a security risk unless those with access to the desk also have access to information in or near that desk (such as an unlocked computer terminal, open drawers, etc.) Any passwords used should definitely be encrypted (and ideally verified with challenge/response technologies rather than by sending the encrypted password across the network). Working with confidential data does not mean that the user cannot communicate with the network, as long as the network is designed in a way to prevent disclosure of the information, such as through the use of a Virtual Private Network.
5. Which of the following user items can be shared?
A. Home directory
B. ID card
D. No Answer is Correct
Explanation: Each user assigned directory (home directory) should not to be shared with others. Similarly, an ID card and password should not be shared, as these items are used for authentication, and it is important that only one user possess these. Therefore, "No Answer is Correct" is correct.
You should not share the user of your user ID/user account with others, although it is usually fine to share the NAME of your user account with others, so that they can perform activities like sending you electronic mail, or contacting you with net conferencing software.
6. With RBAC, each user can be assigned:
A. A token role
B. Only one role
C. A security token
D. One or more roles
Explanation: With RBAC (Role-based access control), security is managed at a level that corresponds closely to the organization's structure. Each user is assigned one or more roles, and each role is assigned one or more privileges that are permitted to users in that role. Roles can be hierarchical -- such that an Accounts Payable supervisor may have the rights of both AP data entry clerks and AP customer service agents (who work for the AP supervisor) as well as certain other rights granted only to the AP supervisor.
Some users MAY be assigned only one role, but the point of RBAC is that a user can easily be given the privileges associated with all of their roles in the organization. Authentication may be performed through the use of a physical security token, but this is not unique to RBAC. Tokens are not generally associated with roles; they are associated with individual users.
7. The Lattice Based Access Control model was developed MAINLY to deal with:
D. No Answer is Correct
Explanation: The Lattice Based Access Control model was developed to deal mainly with information flow in computer systems. Information flow is clearly central to confidentiality but to some extent it also applies to integrity. The basic work in this area was done around 1970 and was driven mostly by the defense sector. Information flow in computer systems is concerned with flow from one security class (also called security label) to another. These controls are applied to objects. An object is a container of information, and an object can be a directory or file. In summary, this is a model that deals with confidentiality and to limited extent integrity.
Integrity based access control is related to mandatory access control, but it is not the primary use of the Lattice Based Access Control model. Affinity is not primarily related to the Lattice Based Access Control model, and access control is not as concerned with integrity as it is with confidentiality.
8. Under MAC, who can change the category of a resource?
A. All users
B. All managers
C. Administrator only
D. No Answer is Correct
Explanation: MAC (Mandatory Access Control) is defined as follows in the Handbook of Information Security Management: With mandatory controls, only administrators and not owners of resources may make decisions that bear on or derive from policy. Only an administrator may change the category of a resource, and no one may grant a right of access that is explicitly forbidden in the access control policy.
If All users or All managers, could change the category of a resource, then the access control would not be mandatory.
9. A method for a user to identify and present credentials only once to a system is known as:
Explanation: Single Sign-On (SSO) is a method for a users to identify and present credentials only once to a system. Information needed for future system access to resources is forwarded by the initial System. It offers these benefits:
With SSL, each site typically requires a separate SSL transaction. IPSec provides for presenting credentials once per session, but individual applications accessed by that connection may require additional credentials.
10. Prosecution of illegal break-ins to computer systems fails most often because of a failure of:
A. Chain of Supported Facts
B. Chain of Custody
C. Chain of Electrons
D. Chain of Witnesses
Explanation: Chain of custody refers to the audit trail describing when/where/how the evidence was acquired, and how it has been maintained since then. Most countries have strict rules to insure evidence could not have been tampered with.
Evidence Procedures: http://www.usapa.army.mil/pdffiles/r195_5.pdf
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.