SEC571 Midterm
Date Taken: 9/27/2014
Time Spent: 1 h , 52 min , 20 secs
Points (90%)
Received:
Question Type: # Of Questions: #
Correct:
Multiple Choice 1 1
Essay 4 N/A
Question 1. Question :
(TCO A) What are the three types of user authentication?
Name three examples of each type of authentication.
Student Answer: The first type of authentication is physical proof. Meaning the person
is there physically. The second type of authentication is in pin or
password verification. This is someone who has a badge and/or pin
number to gain access to certain areas that other are not allowed to.
The third authentication is documentation. This could be a drivers
licence or other proof of documentation that affirms that person is
genuine and is allowed to gain access to that area. Along those same
lines the other way to determine user authentication is Password
authentication where the person has a pin or password to gain access.
The second being Kerberos Authentication, where a ticket is given to
the user to gain access and an authenticator that verify s legitimacy
of the user. The third being SSL, where when the connection is
established, the server sends its certificate and once it is
authenticated retrieves the client's certificate. The client then gives its
user name before it gains access. Authentication. (2014, September
27). Wikipedia.
Retrieved September 27, 2014, from
http://en.wikipedia.org/wiki/Authentication Pfleeger, C. P. P. a. S. L.
Security in Computing [VitalSouce bookshelf version]. Retrieved from
http://devry.vitalsource.com/books/9781256086666/id/ch07lev3sec72
Instructor Explanation: (Pfleeger Ch 4, p. 219)
Something the user knows password, PIN, passphrase,
answer to password reset question
Something the user has smart card, token, key, ID card, drivers
license
Something the user is fingerprint, iris, voice pattern, face, palmprint
Points Received: 23 of 23
Comments:
This study source was downloaded by 100000861168648 from CourseHero.com on 02-26-2023 23:40:46 GMT -06:00
https://www.coursehero.com/file/10735854/SEC571-Midterm-answers/
, Question 2. Question :
(TCO A) List and define five desirable qualities in a process
designed to
evaluate the trustworthiness of an operating system.
Student Answer: The five areas that are most desirable in determining the
trustworthiness of an operating system are; "1. Suitability of
functionality: whether the chosen functions implement the desired
security features. 2. Binding of functionality: whether the chosen
functions work together synergistically. 3. Vulnerabilities: whether
vulnerabilities exist either in the construction of the TOE or how it will
work in its intended environment. 4. Ease of use 5. Strength of
mechanism: the ability of the TOE to withstand direct attack."
Pfleeger, C. P. P. a. S. L. Security in Computing [VitalSouce bookshelf
version]. Retrieved from
http://devry.vitalsource.com/books/9781256086666/id/ch05lev3sec31
Instructor Explanation: (Pfleeger Ch 5, p. 309)
1) Extensibility – Can the evaluation be extended as the
product is enhanced?
2) Granularity – Does the evaluation look at the product at the
right level of detail?
3) Speed – Can the evaluation be done quickly enough to allow
the product to compete in the marketplace?
4) Thoroughness Does the evaluation look at all relevant
aspects of the product?
5) Objectivity – Is the evaluation independent of the reviewer's
opinions?
6) Portability – Does the evaluation apply to the product no
matter what platform the product runs on?
7) Consistency – Do similar products receive similar ratings?
8) Compatibility – Could a product be evaluated similarly
under different criteria?
9) Exportability – Could an evaluation under one scheme be
accepted as meeting all or certain requirements of another
scheme?
Points Received: 13 of 23
Comments: (Pfleeger Ch 5, p. 309) 1) Extensibility – Can the evaluation be
extended as the product is enhanced? 2) Granularity – Does the
evaluation look at the product at the right level of detail? 3)
Speed – Can the evaluation be done quickly enough to allow the
product to compete in the marketplace? 4) Thoroughness Does
the evaluation look at all relevant aspects of the
This study source was downloaded by 100000861168648 from CourseHero.com on 02-26-2023 23:40:46 GMT -06:00
https://www.coursehero.com/file/10735854/SEC571-Midterm-answers/
Date Taken: 9/27/2014
Time Spent: 1 h , 52 min , 20 secs
Points (90%)
Received:
Question Type: # Of Questions: #
Correct:
Multiple Choice 1 1
Essay 4 N/A
Question 1. Question :
(TCO A) What are the three types of user authentication?
Name three examples of each type of authentication.
Student Answer: The first type of authentication is physical proof. Meaning the person
is there physically. The second type of authentication is in pin or
password verification. This is someone who has a badge and/or pin
number to gain access to certain areas that other are not allowed to.
The third authentication is documentation. This could be a drivers
licence or other proof of documentation that affirms that person is
genuine and is allowed to gain access to that area. Along those same
lines the other way to determine user authentication is Password
authentication where the person has a pin or password to gain access.
The second being Kerberos Authentication, where a ticket is given to
the user to gain access and an authenticator that verify s legitimacy
of the user. The third being SSL, where when the connection is
established, the server sends its certificate and once it is
authenticated retrieves the client's certificate. The client then gives its
user name before it gains access. Authentication. (2014, September
27). Wikipedia.
Retrieved September 27, 2014, from
http://en.wikipedia.org/wiki/Authentication Pfleeger, C. P. P. a. S. L.
Security in Computing [VitalSouce bookshelf version]. Retrieved from
http://devry.vitalsource.com/books/9781256086666/id/ch07lev3sec72
Instructor Explanation: (Pfleeger Ch 4, p. 219)
Something the user knows password, PIN, passphrase,
answer to password reset question
Something the user has smart card, token, key, ID card, drivers
license
Something the user is fingerprint, iris, voice pattern, face, palmprint
Points Received: 23 of 23
Comments:
This study source was downloaded by 100000861168648 from CourseHero.com on 02-26-2023 23:40:46 GMT -06:00
https://www.coursehero.com/file/10735854/SEC571-Midterm-answers/
, Question 2. Question :
(TCO A) List and define five desirable qualities in a process
designed to
evaluate the trustworthiness of an operating system.
Student Answer: The five areas that are most desirable in determining the
trustworthiness of an operating system are; "1. Suitability of
functionality: whether the chosen functions implement the desired
security features. 2. Binding of functionality: whether the chosen
functions work together synergistically. 3. Vulnerabilities: whether
vulnerabilities exist either in the construction of the TOE or how it will
work in its intended environment. 4. Ease of use 5. Strength of
mechanism: the ability of the TOE to withstand direct attack."
Pfleeger, C. P. P. a. S. L. Security in Computing [VitalSouce bookshelf
version]. Retrieved from
http://devry.vitalsource.com/books/9781256086666/id/ch05lev3sec31
Instructor Explanation: (Pfleeger Ch 5, p. 309)
1) Extensibility – Can the evaluation be extended as the
product is enhanced?
2) Granularity – Does the evaluation look at the product at the
right level of detail?
3) Speed – Can the evaluation be done quickly enough to allow
the product to compete in the marketplace?
4) Thoroughness Does the evaluation look at all relevant
aspects of the product?
5) Objectivity – Is the evaluation independent of the reviewer's
opinions?
6) Portability – Does the evaluation apply to the product no
matter what platform the product runs on?
7) Consistency – Do similar products receive similar ratings?
8) Compatibility – Could a product be evaluated similarly
under different criteria?
9) Exportability – Could an evaluation under one scheme be
accepted as meeting all or certain requirements of another
scheme?
Points Received: 13 of 23
Comments: (Pfleeger Ch 5, p. 309) 1) Extensibility – Can the evaluation be
extended as the product is enhanced? 2) Granularity – Does the
evaluation look at the product at the right level of detail? 3)
Speed – Can the evaluation be done quickly enough to allow the
product to compete in the marketplace? 4) Thoroughness Does
the evaluation look at all relevant aspects of the
This study source was downloaded by 100000861168648 from CourseHero.com on 02-26-2023 23:40:46 GMT -06:00
https://www.coursehero.com/file/10735854/SEC571-Midterm-answers/
