CNIT 270 Exam |Verified Questions and Answers

CNIT 270 Exam |Verified Questions and
Answers
Confidentiality - -the act of holding information in confidence, not to be
released to unauthorized individuals

- Integrity - -Guarding against improper information modification or
destruction

- Availability - -Ensuring timely and reliable access to and use of information

- Authentication - -Has two pieces - who am I, and proof I am who I say I am

- New NIST Guidelines for Passwords - Should Do's - --Favor user
-Size matters
-Allow all printable ASCII characters
-Check against a dictionary
-Hashing, salting, and stretching

- New NIST Guidelines for Passwords - Should NOT Do's - --Should not have
composition rules
-No password hints
-No Knowledge-Based Authentication
-No more expiration without reason
-No SMS in two-factor authentication

- Read-only memory (ROM) - -Stores data that does not change during the
card's life

- Electrically erasable programmable ROM (EEPROM) - -Holds application
data and programs

- Random access memory (RAM) - -Holds temporary data generated when
applications are executed

- Two-factor and Multifactor Authorization - -Use two or more (for multi)
different methods of verifying you are who you say you are

- Discretionary Access Control (DAC) - -Controls access based on the id of
the requestor and on access rules stating what requestors are and are not
allowed to do.

- Mandatory Access Control (MAC) - -Controls access based on comparing
labels indicating sensitivity of resources with security clearances.

, - Role-Based Access Control (RBAC) - -Controls access based on the roles
that users have within the system and on rules stating what accesses are
allowed to users in given roles

- Attribute-Based Access Control (ABAC) - -Controls access based on
attributes of the user, the resource, and current environmental conditions

- Subject - -An entity capable of accessing objects

- Object - -A resource to which access is

- Access right - -Describes the way in which a subject may access an object

- 12 protection bits - -9 bits Specify read, write, and execute permission for
the owner of the file, members of the group and all other users.
The remaining 3 are special bits.

- Sticky bit - -When applied to a directory it specifies that only the owner of
any file in the directory can rename, move, or delete that file

- Procedural Access Control
Four main methods: - -1. Separation of Duties
2. Job Rotation 3. Mandatory Vacations
4. Principle of Least Privilege

- Separation of Duties - -If a fraudulent process is going to be put into
action, it should be divided between two or more individuals

- Job Rotation - -Limits the amount of time that individuals can manipulate
security configurations

- Mandatory Vacation - -For sensitive positions, individuals are mandated to
take vacation and security audits are conducted while they are away.

- Least Privilege - -Limit access to the minimum required to do the job.

- Active attack - -attempts to alter system resources or affect their
operation.

- Passive Attack - -attempts to learn or make use of information from a
system but does not affect system resources of that system.

- Symmetric key means... - -The same key is used to encrypt as to decrypt

- Vigenère cipher (Vee-zha-nair) - -a method of encrypting text by applying
a series of Caesar ciphers based on the letters of a keyword.