CNIT 270 Exam 1 Questions and Answers 100% Pass

CNIT 270 Exam 1 Questions and Answers 100% Pass What are the 3 key security concepts of the CIA triad? Confidentiality, Integrity, and Availabiblity Which concept from the CIA triad preserves authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information? Confidentiality Which concept from the CIA triad guards against improper information modification or destruction, including ensuring information nonrepudiation and authenticity? Integrity Which concept from the CIA triad ensures timely and reliable access to and use of information? Availabiblity In addition to the CIA triad concepts, what 3 extra concepts does the Parkerian Hexad add? Non-repudiation, Possession/Control, Utility/Usefulness What are the 3 types of assets? Hardware, Software, and Data What are the 4 types of harm? Interception, Interruption, Modification, and Fabrication What are the 4 ways to prove authentication? what you know, what you are, what you have, where you are What are "should do" NIST Guidelines for passwords? favor the user, size matters, allow all UNICODE characters, check against a dictionary of known bad choices What are "should not do" NIST Guidelines for passwords? have composition rules, password hints, expiration without reason, SMS in two factor authentication, knowledge-based authentication What is a Smart Card? looks like a credit card but contains an entire microprocessor. a way of authenticating with what you have. What is access control? Technology or procedures that implement a security policy to specify who or what may have access to each specific system resource and the type of access permitted in each instance. What are the 4 types of access control policies? Discretionary (DAC), Mandatory (MAC), Role-based (RBAC), and Attribute-based (ABAC). What does SetGID do? Temporarily uses rights of the file owner/group in addition to real user's rights when making access control decisions. Enables privileged programs to access files/resources not generally accessible. What is a sticky bit? When applied to a directory it specifies that only the owner of any file in the directory can rename, move, or delete that file. What is a superuser? A user that is exempt from usual access control restrictions and has system-wide access. This account can take ownership and change the permissions of all objects in the system. "ROOT" What is Role-based access control?