Module I Certification Quiz

A Lattice model is the most appropriate terminology to describe a Mandatory Access Control (MAC) model. In a MAC model, access to resources is based on predefined rules and policies that are enforced by the system. A Lattice model represents the different levels of security and access permissions in a hierarchical structure, with each level having a defined set of rules and restrictions. This ensures that access to resources is strictly controlled and only allowed based on the security clearance level of the user. The Bell La-Padula, BIBA, and Clark and Wilson models are also security models but are not specifically related to MAC.

Single Sign-On (SSO) is a strategy that can solve the problem of users having to enter credentials for each server or application they need to access. With SSO, users only need to authenticate once, usually through a central authentication server, and then they can access multiple systems and applications without having to enter their credentials again. This saves time and improves user experience by eliminating the need for repetitive login processes.

Multifactor authentication is the best description for providing a username, password, and undergoing a thumbprint scan to access a workstation. This is because multifactor authentication involves using multiple factors or methods to verify the identity of a user. In this case, the username and password serve as one factor, while the thumbprint scan serves as another factor. By combining these two factors, the authentication process becomes more secure and reliable, as it requires both something the user knows (password) and something the user possesses (thumbprint) to gain access to the workstation.

The given scenario describes a privilege management system in which different roles have different levels of access. Administrators have full access, human resources personnel have slightly less access, and managers have access to their own department files only. This aligns with the concept of Role based access control (RBAC), where access is granted based on the roles individuals have within the organization. RBAC allows for more granular control and is commonly used in hierarchical organizations to manage privileges effectively.

A Multipartite Virus is a type of virus that has the characteristic of attempting to infect the boot sector, executable files, and destroying application files. Unlike other viruses that focus on one specific area, the Multipartite Virus spreads and causes damage in multiple ways. It is a highly destructive virus that can cause significant harm to a computer system by infecting various components and rendering them useless.

Job rotation is an example of cross-training staff in different functional areas. This practice involves periodically rotating employees through different roles and responsibilities within an organization. By doing so, employees gain exposure to various aspects of the business and develop a broader understanding of different processes. This helps in detecting fraud as employees become familiar with different areas and can identify any irregularities or suspicious activities more easily.

The first step in creating a security baseline is to establish a security policy. A security policy outlines the guidelines, procedures, and rules that need to be followed to ensure the security of an organization's systems and data. It provides a framework for implementing security measures and helps in identifying potential risks and vulnerabilities. Once the security policy is in place, other steps like identifying use cases, conducting vulnerability testing, and installing software patches can be carried out based on the policy's guidelines.

The main objective of risk management in an organization is to reduce risk to a level that the organization will accept. This means that the organization acknowledges that there will always be some level of risk, but it aims to minimize it to a level that is deemed acceptable. This approach allows the organization to make informed decisions about which risks to take and which to mitigate, based on their tolerance for potential negative outcomes. By accepting a certain level of risk, the organization can focus its resources on managing the most critical risks and prioritize its risk mitigation efforts accordingly.

The first step in conducting a forensic analysis on a computer system should be to get a binary copy of the system. This is important because it allows the technician to preserve the original state of the system and its data, ensuring that no changes or modifications are made during the analysis process. By obtaining a binary copy, the technician can then proceed with analyzing the system without the risk of altering or damaging any evidence that may be present.

In the Discretionary Access Control (DAC) access control model, the owner of the resource is responsible for establishing access permissions to network resources. This means that the owner has the discretion to determine who can access the resource and what level of access they have. The system administrator may assist in managing and enforcing these permissions, but ultimately it is the owner's responsibility to set them. The user requiring access to the resource does not have the authority to establish access permissions in this model.

not-available-via-ai

The correct answer is that the remote PC has a zombie master application running and the local PCs have a zombie slave application running. This means that the remote PC is controlling the local PCs and using them to send packets to the external PC without the knowledge or consent of the local users. This is a common scenario in a zombie botnet, where a network of compromised computers is controlled by a central server to carry out malicious activities.

Upon evidence seizure, it is crucial to establish the chain of custody immediately. The chain of custody refers to the documentation and tracking of the evidence from the moment it is seized until it is presented in court. This ensures the integrity and admissibility of the evidence, as it provides a clear record of who has had possession of the evidence and any changes or handling it has undergone. Establishing the chain of custody is essential for maintaining the credibility and reliability of the evidence throughout the legal process.

Repudiation is not a step in the incident response process. Incident response typically involves steps such as containment, eradication, and recovery. Containment refers to isolating the incident to prevent further damage, eradication involves removing the threat or vulnerability, and recovery involves restoring systems and data to their normal state. Repudiation, on the other hand, refers to denying or disowning an action or responsibility, which is not directly related to incident response.

Discretionary Access Control (DAC) is an access control method that gives the owner of a resource the control over granting or denying permissions to other users. In DAC, the owner has the discretion to determine who can access the resource and what level of access they have. This means that the owner can assign specific permissions to individuals or groups based on their needs and responsibilities. Unlike other access control methods, DAC allows for flexibility and customization in granting permissions, as it puts the control in the hands of the owner.

False rejection is the correct answer because it refers to a situation where a biometric system incorrectly identifies legitimate users as unauthorized. This means that the system is rejecting valid users, which can occur due to various reasons such as technical errors, incorrect calibration, or mismatched biometric data. False acceptance, on the other hand, would describe a scenario where unauthorized users are mistakenly identified as legitimate. False negative is a broader term that can refer to both false rejection and false acceptance, but in this specific context, false rejection is the most accurate description.

A logic bomb is a type of malicious code that is designed to lay dormant within a target system until a specific condition is met, in this case, when a user opens a certain program. Once triggered, the logic bomb executes its destructive payload, which in this case is deleting the contents of attached network drives and removable storage devices. Unlike a worm or a Trojan horse, a logic bomb does not actively spread itself to other systems. It remains hidden within the target system, waiting for the predetermined condition to be met before causing harm.

An end-to-end traffic performance guarantee made by a service provider to a customer is referred to as an SLA, which stands for Service Level Agreement. This agreement outlines the level of service that the provider promises to deliver, including performance metrics such as uptime, response time, and reliability. SLAs are commonly used in the telecommunications and IT industries to ensure that customers receive the agreed-upon level of service and to establish accountability between the service provider and the customer.

False acceptance refers to a situation where a biometric system incorrectly identifies unauthorized users as authorized and grants them access. In other words, the system fails to accurately distinguish between authorized and unauthorized individuals, leading to false acceptance of unauthorized users.

The MAC (Mandatory Access Control) method allows access control determinations to be performed based on the security labels associated with each user and each data item. In this method, access decisions are based on predefined rules and policies set by the system administrator or security administrator. These security labels define the sensitivity and classification of the data and the clearance level of the user. The MAC method ensures that access is granted or denied based on the security labels, regardless of the user's role or permissions.

Authentication is the process of verifying the identity of a user requesting credentials, such as a username and password. It ensures that the user is who they claim to be. On the other hand, identification is the process of verifying the identity of the user requesting the credentials. It confirms the user's identity before granting them access. Therefore, the correct answer is that authentication verifies a set of credentials while identification verifies the identity of a user requesting credentials.

A virus is a type of malicious code or program that is designed to spread from file to file, typically through human interaction such as downloading or sharing infected files. Unlike a botnet, which is a network of compromised computers controlled by a central server, a virus does not automatically spread from one system to another. Instead, it relies on users unknowingly executing or opening infected files, allowing the virus to replicate and spread to other files on the same system. This distinguishes it from a worm, which is capable of self-replicating and spreading automatically across multiple systems. Adware, on the other hand, is a type of software that displays unwanted advertisements, and is not designed to spread from file to file.

Enabling scanning of all email attachments is the most effective method of preventing computer viruses from spreading throughout the network. By scanning all email attachments, any potential viruses or malware can be detected and quarantined before they have a chance to infect the network. This helps to ensure that any malicious files are not able to enter the network through email communications, thus reducing the risk of virus spread. It is important to regularly update and maintain the antivirus software used for scanning to ensure its effectiveness against new and emerging threats.

A Distributed Denial of Service (DDoS) attack involves the use of multiple computers to overwhelm and disrupt the services of a single organization. These computers, often compromised by malware, are coordinated to flood the target's network or website with an overwhelming amount of traffic, rendering it inaccessible to legitimate users. This type of attack is aimed at causing disruption and denying access to the targeted organization's resources.

The SYN (Synchronize) attack is the correct answer because it specifically targets the TCP three-way handshake process to overload network servers. In this attack, the attacker sends a large number of SYN requests to the target server, but does not respond to the server's SYN-ACK response. This causes the server to keep waiting for the final ACK response, tying up server resources and preventing legitimate users from establishing connections. This is a form of denial-of-service (DoS) attack where the server becomes overwhelmed with half-open connections and is unable to serve legitimate users.

The correct answer is "Items which are not specifically given access are denied by default". This is an example of an implicit deny because it states that any item that is not specifically allowed access will be denied by default. Implicit deny is a security measure that blocks any traffic or access that is not explicitly permitted, ensuring that only authorized items are allowed through the firewall.

The correct answer is that the DAC (Discretionary Access Control) model uses only the identity of the user or specific process to control access to a resource, which creates a security loophole for Trojan horse attacks. This means that if a user or process is compromised by a Trojan horse, the attacker can gain unauthorized access to resources that the compromised user or process has access to. This flaw in the DAC model highlights the risk of relying solely on user or process identity for access control, as it can be easily exploited by attackers.

Before access is given to the network, the security action that should be finished is the process of identification and authentication. Identification involves providing a unique identifier, such as a username, to establish the user's identity. Authentication, on the other hand, verifies the user's claimed identity by validating credentials, such as a password or biometric information. This two-step process ensures that only authorized individuals are granted access to the network, enhancing overall security.

A Trojan horse is a type of malicious software that disguises itself as a legitimate program or file, tricking users into downloading and installing it. Once installed, it carries out unauthorized actions, such as renaming and deleting random files, without the user's knowledge or consent. Unlike viruses and worms, which can self-replicate and spread to other systems, a Trojan horse relies on the user's actions to spread and cause harm. Therefore, a Trojan horse would be the best description for the program in this scenario.

This scenario is an example of Single Sign-On (SSO). SSO allows users to access multiple applications and systems with a single set of credentials. In this case, the users need to access their email and secure applications, and the authentication system requires a username, password, and a company-issued smart card. With SSO, users only need to authenticate once, using their smart card, and they can then access all the necessary resources without having to re-enter their credentials for each application or system. This improves convenience and security by reducing the need for multiple passwords and credentials.

The form used while transferring evidence is called the "chain of custody." This form documents the chronological history of the evidence, including who has had possession of it, when it was transferred, and any changes or alterations that may have occurred. The chain of custody is crucial in maintaining the integrity and admissibility of evidence in legal proceedings, as it ensures that the evidence has not been tampered with or compromised in any way.

The correct answer is a quantitative measurement of risk, impact, and asset value. This is because risk assessments should be based on a systematic and objective analysis of the potential risks, their potential impact on the organization or project, and the value of the assets that could be affected. By quantitatively measuring these factors, organizations can prioritize risks and allocate resources effectively to manage and mitigate them. This approach allows for a more informed decision-making process in risk management.

The DAC access control model uses Access Control Lists (ACLs) to identify the users who have permissions to a resource. ACLs are a list of permissions attached to an object that specify which users or groups are granted access rights to that object. This allows the system to control and manage access to resources based on user identities and their corresponding permissions listed in the ACL.

Token-based identification systems use tokens as a form of authentication mechanism. Tokens can be physical devices, such as key fobs or smart cards, or they can be virtual tokens generated by software applications. These tokens are used to verify the identity of the user and grant access to the system or resources. This is different from other authentication mechanisms like username/password, certificates, biometrics, or Kerberos, which do not specifically rely on tokens for authentication.

A botnet can be used to perform a denial of service (DoS) attack. A botnet is a network of infected computers that are controlled by a central command and control server. The attacker can use this network to send a massive amount of traffic or requests to a target computer or network, overwhelming its resources and making it unavailable to its intended users. This is a common method used in DDoS attacks, where multiple computers in the botnet are used to amplify the attack and make it even more powerful.

The document that describes the methods of and purposes for accessing the company's IT systems is called an Acceptable Use Policy. This policy outlines the rules and guidelines that employees must follow when using the company's IT systems, ensuring that they use them responsibly and for authorized purposes. It helps to protect the company's IT infrastructure and sensitive information by setting clear expectations for employee behavior and defining what is considered acceptable and unacceptable use of the systems.

Mandatory Access Control (MAC) is the correct answer because it is an access control model that uses subject and object labels. In MAC, each subject and object is assigned a label, and access decisions are based on these labels. The labels determine the level of sensitivity or classification of the subject or object, and access is granted or denied based on the rules defined by the system administrator. This ensures that only subjects with the appropriate labels can access objects with matching labels, providing a high level of security and control.

Self service password reset management systems are the best option for a system with a large number of users because they allow users to reset their passwords on their own without the need for assistance from IT support. This helps to reduce the workload on IT staff and improves efficiency. Additionally, self service password reset systems often include security measures such as multi-factor authentication to ensure the security of the password reset process.

Sensitivity labels are a characteristic of Mandatory Access Control (MAC) environments. MAC is a security model where access to resources is determined by the sensitivity labels assigned to both the resources and the users. Sensitivity labels define the level of sensitivity or classification of the information, and access is granted or denied based on the comparison of these labels. Therefore, sensitivity labels are a key component of MAC environments and are used to make access decisions. Ownership, group membership, and access control lists are more commonly associated with discretionary access control (DAC) environments.

The correct answer is "Man-in-the-middle." This is because a man-in-the-middle attack involves an attacker intercepting communication between two parties without their knowledge. In this scenario, the product being purchased acts as a man-in-the-middle by decrypting the SSL session, scanning the content, and then repackaging the SSL session without the staff knowing. This allows the company to monitor and control the web browsing activities of its staff.

Active Inception refers to the act of placing a computer system between the sender and receiver in order to capture information. This means that the computer system intercepts and collects data that is being transmitted between the sender and receiver. It does not involve someone looking through files or routine monitoring of network traffic.

Attackers commonly use flattery and assuming a position of authority as techniques to socially engineer people. Flattery involves complimenting and manipulating individuals to gain their trust and cooperation. Assuming a position of authority involves pretending to be someone with power or influence to deceive and manipulate others. These techniques are effective in manipulating individuals into disclosing sensitive information or performing actions that benefit the attacker.

Before implementing the new routine on the production application server, the programmer should follow the process of change management. Change management involves carefully planning, testing, and implementing changes to ensure that they are properly documented, reviewed, and approved. This process helps to minimize the risk of introducing errors or disruptions to the production environment. By following change management, the programmer can ensure that the server variable change is properly tracked, communicated, and implemented in a controlled manner.

In Discretionary Access Control (DAC), access rights are assigned explicitly by the owner of the resource. This means that the owner has the discretion to grant or revoke access to other users. In contrast, in Rule Based Access Control (RBAC), access rights are assigned based on predefined rules and roles, while in Mandatory Access Control (MAC), access rights are assigned based on system-wide policies and labels. Therefore, the fact that a user is assigned access rights explicitly aligns with the features of Discretionary Access Control (DAC).

A birthday attack is a type of network attack where two different messages are crafted intentionally to produce the same hash value or message digest. This attack takes advantage of the birthday paradox, which states that in a random group of people, there is a higher probability of two people sharing the same birthday than one might expect. Similarly, in a hash function, there is a higher probability of finding two different inputs that result in the same output. This vulnerability can be exploited by an attacker to create malicious messages that produce the same hash value, allowing them to bypass security measures or impersonate legitimate messages.

A stealth virus is a type of virus that attempts to avoid detection by masking itself from applications. It may attach itself to the boot sector of the hard drive and form part of the operating system. This allows the virus to hide its presence and avoid detection by antivirus software.

The statement that "In the Mandatory Access Control (MAC) users cannot share resources dynamically" is true. In MAC, access to resources is determined by the system administrator or owner of the resource, rather than the individual user. Users do not have the ability to dynamically share resources with others without proper authorization. This is one of the key characteristics of the MAC model, where access privileges are strictly controlled and enforced based on predefined rules and policies.

Password complexity requirements should be used while implementing access control because they help ensure that passwords are strong and not easily guessable. By requiring users to create passwords that include a combination of uppercase and lowercase letters, numbers, and special characters, the likelihood of unauthorized access is reduced. Password complexity requirements also encourage users to regularly update their passwords, further enhancing security.

Implementing identity verification methods and security awareness training can decrease the risks of social engineering. Identity verification methods require individuals to prove their identity before accessing sensitive information or resources, reducing the chances of unauthorized access. Security awareness training educates individuals about social engineering tactics and how to recognize and respond to them, making them less susceptible to manipulation or deception. Both measures contribute to strengthening an organization's defenses against social engineering attacks.

UDP (User Datagram Protocol) is a connectionless protocol that does not require a synchronization process. It allows packets to be sent without any guarantee of delivery or order. Therefore, if packets are not connection-oriented and do not require the synchronization process, it refers to a UDP attack. In a UDP attack, an attacker can send a large number of UDP packets to overwhelm a target system, causing it to become unresponsive or crash.

Sending a patch through a testing and approval process is an example of change management. Change management is the process of controlling and managing changes to a system or organization in a systematic and structured way. It involves assessing, planning, implementing, and evaluating changes to ensure they are effectively and smoothly integrated into the system. In this case, the patch is being subjected to a testing and approval process to ensure that it is safe and compatible with the existing system before being implemented.

Biometrics is not a logical access control method because it is a physical access control method. Logical access control methods involve the use of software or digital credentials to authenticate and authorize users, while biometrics relies on physical characteristics such as fingerprints, facial recognition, or iris scans. Therefore, biometrics does not fall under the category of logical access control methods like software tokens, ACL, or group policy.

TCP/IP hijacking refers to the attack where an attacker gains unauthorized access to a host in a network and disconnects it logically. This attack involves the manipulation of TCP/IP packets to bypass security measures and gain control over the targeted host. The attacker can then disrupt the network communication by disconnecting the host, potentially causing service disruptions or unauthorized access to sensitive information.

Buffer overflow is a type of vulnerability that occurs when a program or process tries to store more data in a buffer than it can handle. This can lead to overwriting adjacent memory locations, including the stack and heap. As a result, the integrity of the stack and heap can be compromised, leading to potential crashes, security vulnerabilities, and unauthorized access to sensitive data. Therefore, buffer overflow can directly affect both heaps and stacks.

A security review must be completed before the computer system containing personal identification information can become operational because of the corporate security policy. This policy ensures that all systems and processes within the company adhere to the necessary security measures to protect sensitive information. By conducting a security review, any potential vulnerabilities or weaknesses in the system can be identified and addressed, ensuring that the personal identification information remains secure.

The first step to take would be to enforce the security policy. This is because the security specialist has discovered several security vulnerabilities in the company's network, such as the installation of personal software, default settings, lack of software patches, and no password change requirements. Enforcing the security policy would address these issues by setting clear guidelines and rules for network security, ensuring that all users follow them and take necessary precautions to protect the network. This step would help establish a strong foundation for network security before addressing specific vulnerabilities like installing software patches or disabling non-essential services.

During the phase of identification, proofing occurs. This is the process of verifying the identity of an individual or entity. It involves gathering and validating information such as usernames, passwords, or biometric data to ensure that the claimed identity is legitimate. Proofing helps to establish a reliable link between the identity and the person or entity being authenticated.

not-available-via-ai

Replay attack is the best description for an attacker capturing part of a communication and later sending that communication segment to the server while pretending to be the client. In a replay attack, the attacker intercepts and records the communication between the client and the server. The attacker then replays this captured communication segment to the server, tricking it into believing that it is a legitimate client request. This type of attack can be used to gain unauthorized access or perform malicious actions on the server.

DAC stands for Discretionary Access Control, which is a method of restricting access to files based on the identity of the user or group. With DAC, the owner of a file or directory can set permissions to determine who can access it and what actions they can perform. This allows for fine-grained control over access to files, ensuring that only authorized users or groups can access sensitive information. DAC is a commonly used access control mechanism in operating systems and file systems.

A firewall is the most effective in preventing adware because it acts as a barrier between a trusted internal network and an untrusted external network, filtering out malicious traffic and preventing unauthorized access to the system. Adware often enters a system through network connections, and a firewall can block these malicious connections, reducing the risk of adware infections. While antivirus software can also detect and remove adware, a firewall provides an additional layer of protection by blocking the initial entry point. HIDS (Host-based Intrusion Detection System) can detect unauthorized access or malicious activities within a system but may not specifically target adware. A pop-up blocker only prevents unwanted pop-up advertisements, but it may not fully prevent adware infections.

The MAC access control model uses predefined access privileges to identify the users who have permissions to a resource. This means that access to resources is granted based on predetermined levels of access that are assigned to users. These access privileges determine what actions a user can perform on a resource, such as read, write, or delete. By using predefined access privileges, the MAC access control model ensures that only authorized users with the appropriate level of access can access a resource.

MAC (Mandatory Access Control) is the correct answer because it is an access control system that allows the system administrator to establish access permissions to network resources. MAC enforces access control based on predefined security policies, where each user and resource is assigned a security label. The system administrator can then define rules and permissions based on these labels, determining who can access which network resources.

A buffer overflow is a type of software vulnerability where a program writes more data into a buffer than it can hold, causing the excess data to overwrite adjacent memory locations. In the context of this question, when a buffer overflow occurs, it can overwrite the return address of a function, which is used to determine where the program should continue executing after the function finishes. By overwriting the return address with a malicious code address, an attacker can hijack the program's control flow and execute their own code, potentially causing harm or gaining unauthorized access.