CMPT 280 EXAM QUESTIONS AND ANSWERS 100% CORRECT
Masquerade - Answer by posing as an authorized entity , an unauthorized entity gains
access to a system or performs a malicious act
Repudiation - Answer An entity deceives another by falsely denying responsibility for an
act
Usurpation - Answer circumstance/event that results in control of system services or
functions by an unauthorized entity
Incapacitation - Answer Prevents or interrupts system operation by disabling a system
component.
Corruption - Answer Undesirably alters system operation by adversely modifying
system functions or data
Obstruction - Answer A threat action that interrupts delivery of system services by
hindering system operation
Misappropriation - Answer An entity assumes unauthorized logical or physical control of
a system resource
Misuse - Answer Causes a system component to perform a function or service that is
detrimental to system security
traffic analysis - Answer type of passive attack watching patterns of messages to
determine nature of communication
, Active attacks - Answer involve some modification of the data stream or the creation of
a false stream
Replay - Answer involves the passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect
Access Control - Answer Limit information system access to authorized users,
processes acting on behalf of authorized users, or devices (including other information
systems) and to the types of transactions and functions that authorized users are
permitted to exercise.
Economy of mechanism - Answer the design of security measures in hardware &
software should be as simple and small as possible
Fail-safe default - Answer access decisions should be based on permission rather than
exclusion - default situation is lack of access
Complete mediation - Answer every access must be checked against the access control
mechanism - don't rely on cache
Open design - Answer design of a security mechanism should be open rather than
secret. For example, although encryption keys must be secret, encryption algorithms
should be open to public scrutiny
Separation of privilege - Answer multiple privilege attributes are required to achieve
access to a restricted resource. ie. multifactor user authentication, which requires the
use of multiple techniques, such as a password and a smart card, to authorize a user
Least privilege - Answer every process and every user of the system should operate
using the least set of privileges necessary to perform the task
Least common mechanism - Answer design should minimize the functions shared by
different users, providing mutual security
Masquerade - Answer by posing as an authorized entity , an unauthorized entity gains
access to a system or performs a malicious act
Repudiation - Answer An entity deceives another by falsely denying responsibility for an
act
Usurpation - Answer circumstance/event that results in control of system services or
functions by an unauthorized entity
Incapacitation - Answer Prevents or interrupts system operation by disabling a system
component.
Corruption - Answer Undesirably alters system operation by adversely modifying
system functions or data
Obstruction - Answer A threat action that interrupts delivery of system services by
hindering system operation
Misappropriation - Answer An entity assumes unauthorized logical or physical control of
a system resource
Misuse - Answer Causes a system component to perform a function or service that is
detrimental to system security
traffic analysis - Answer type of passive attack watching patterns of messages to
determine nature of communication
, Active attacks - Answer involve some modification of the data stream or the creation of
a false stream
Replay - Answer involves the passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect
Access Control - Answer Limit information system access to authorized users,
processes acting on behalf of authorized users, or devices (including other information
systems) and to the types of transactions and functions that authorized users are
permitted to exercise.
Economy of mechanism - Answer the design of security measures in hardware &
software should be as simple and small as possible
Fail-safe default - Answer access decisions should be based on permission rather than
exclusion - default situation is lack of access
Complete mediation - Answer every access must be checked against the access control
mechanism - don't rely on cache
Open design - Answer design of a security mechanism should be open rather than
secret. For example, although encryption keys must be secret, encryption algorithms
should be open to public scrutiny
Separation of privilege - Answer multiple privilege attributes are required to achieve
access to a restricted resource. ie. multifactor user authentication, which requires the
use of multiple techniques, such as a password and a smart card, to authorize a user
Least privilege - Answer every process and every user of the system should operate
using the least set of privileges necessary to perform the task
Least common mechanism - Answer design should minimize the functions shared by
different users, providing mutual security