Chapter Exercises (ALL) questions with verified
answers
A key would be described as which type of authentication factor? Ans✓✓✓-
Something you have
Based on the Parkerian hexad, what principles are affected if you lose a shipment
of encrypted backup tapes that contain personal and payment information for
your customers? Ans✓✓✓-Confidentiality (someone unauthorized has this
data)Integrity (your backups)Availability (you no longer have access to safe
backups)Possession (obvs you don't have it anymore)Utility (payment info can be
very useful to malicious threats)
Can you give an example of how a living organism might constitute a threat to
your equipment? Ans✓✓✓-Insects and small animals that have gained access to
our equipments may cause electrical shorts, interfere with cooling fans, chew on
wiring, and generally wreak havoc.
Can you give three examples of physical controls that work as deterrents?
Ans✓✓✓-Cable Locks.
Hardware Locks.
Video surveillance & guards.
Considering the CIA triad and the Parkerian hexad, what are the advantages and
disadvantages of each model? Ans✓✓✓-CIA considers unauthorized access to
the data. Parkerian Hexad allows more depth with the addition of
possession/control, utility and authenticity.
,Define competitive counterintelligence. Ans✓✓✓-Competitive intelligence is the
process of gathering and analyzing information about competitors to gain insights
into their strategies, strengths, weaknesses, and market positioning. It involves
monitoring competitors' online presence, marketing campaigns, pricing, product
offerings, and customer feedback.
Define tailgating. Why is it a problem? Ans✓✓✓-Physical tailgating, or
piggybacking, is the act of following someone through an access control point,
such as secure door, instead of using the credentials, badge, or key normally
needed to enter. The authorized person may let you in intentionally or
accidentally.
Describe nonrepudiation. Ans✓✓✓-The term nonrepudiation refers to a situation
in which an individual is unable to successfully deny that they have made a
statement or taken an action, generally because we have sufficient evidence that
they did it.
You may be able to produce proof of the activity directly from system or network
logs or recover such proof through the use of digital forensic examination of the
system or devices involved.
Another example is when a system digitally signs every email that is sent from it,
making it impossible for someone to deny the fact that the email came from that
system.
Discuss the difference between authorization and access control. Ans✓✓✓-
Authorization specifies what a user can do, and access control enforces what a
user can do
, Discuss the difference between authorization and accountability. Ans✓✓✓-
Authorization is the process of determining exactly what an authenticated party
can do. You typically implement authorization using access controls, which are the
tools and systems you use to deny or allow access.
To hold people accountable for their actions, you have to trace all activities in
your environment back to their sources. That means you have to use
identification, authentication, and authorization processes so you can know who a
given event is associated with and what permissions allowed them to carry it out.
Authorization is what an individual or party can do or access.
Accountability is holding an individual or party accountable for an event which
occurred using their access or "what they can do."
ECC is classified as which type of cryptographic algorithm? Ans✓✓✓-Asymmetric.
Elliptic curve cryptography (ECC) is a class of cryptographic algorithms, although
people sometimes refer to is as though it were a simple algorithm. Named for the
type of mathematical problem on which its cryptographic functions are based,
elliptic curve cryptography has several advantages over other types of algorithms.
Explain how 3DES differs from DES. Ans✓✓✓-3DES is simply DES used to encrypt
each block three times, with three different keys.
Explain how the confused deputy problem could allow users to carry out activities
for which they are not authorized. Ans✓✓✓-The confused deputy problem
allows privilege escalation to take place because when there is software with
access to a resource that has a greater level of permission to access the resource
than the user who is controlling the software, the user can trick the software into