ITN 262 EXAM REVIEW QUESTIONS WITH
CORRECT ANSWERS.
People who interpret event logs do not like administrators to use privileged accounts with a
fixed name, like "root." Which of the following is the best explanation for this?
b) Auditors who review event logs believe they should have the same access rights as other
administrative personnel
a) The "root" user ID is shared by many people; the event log can't easily tell which user
really performed a logged action
d) The "root" user ID can modify event logs, while other privilege mechanisms, like
"sudo," can't modify event logs
c) Overuse of the "root" user ID increases the risk that someone will execute malicious
software by mistake
a) The "root" user ID is shared by many people; the event log can't easily tell which user really
performed a logged action
Which of the following is a formal review of the systems integrity and of the data it
maintains regarding the organization's business.
a) Security event log
c) Information systems audit
d) None of these is correct.
b) Event logging
c) Information systems audit
The security framework that replaced the U.S. DOD Orange Book is called:
c) PCI DSS.
,d) Common Criteria.
a) Common Conduct.
b) Red Book.
d) Common Criteria.
The law that establishes security measures that must be taken on health-related
information is:
c) SOX.
d) FISMA.
b) GLBA.
a) HIPAA.
a) HIPAA.
The phrases below describe Unix commands used for adjusting a file's rights. Match the
command with its description.
Correct!chmod Changes the rights granted to the owner, group, or rest of the world for a
file
Correct!chown Changes the identity of a file's owner
Correct!chgrp Changes the identity of the group associated with a file
Correct!chmod Changes the rights granted to the owner, group, or rest of the world for a file
Correct!chown Changes the identity of a file's owner
Correct!chgrp Changes the identity of the group associated with a file
The following are file-permission situations in Unix. Match the access scenario with the
action taken by a Unix system as a result.
CoCorrect!The root user accesses a file System grants full access to file
Crrect!The root user accesses a file System grants full access to file
Correct!The file's owner accesses a file System applies the owner rights
, Correct!A group member who is not the file's owner accesses a file System applies the
group rights
Correct!A user who is neither the owner nor a group member accesses a file System applies
the world rights
CoCorrect!The root user accesses a file System grants full access to file
Crrect!The root user accesses a file System grants full access to file
Correct!The file's owner accesses a file System applies the owner rights
Correct!A group member who is not the file's owner accesses a file System applies the group
rights
Correct!A user who is neither the owner nor a group member accesses a file System applies
the world rights
We are trying to protect a household computer. We have implemented password-based
authentication to protect sensitive data. Which levels of attacker motivation can this
authentication typically protect against in this situation? Select all that apply.
c) Stealth motivation
a) No motivation
b) Scant motivation
d) Medium motivation
Correct Answer c) Stealth motivation
Correct! a) No motivation
Correct! b) Scant motivation
Are base secrets the same as credentials?
b) Base secrets never serve as credentials.
a) Some base secrets are also credentials, while others are not.
a) Some base secrets are also credentials, while others are not.
CORRECT ANSWERS.
People who interpret event logs do not like administrators to use privileged accounts with a
fixed name, like "root." Which of the following is the best explanation for this?
b) Auditors who review event logs believe they should have the same access rights as other
administrative personnel
a) The "root" user ID is shared by many people; the event log can't easily tell which user
really performed a logged action
d) The "root" user ID can modify event logs, while other privilege mechanisms, like
"sudo," can't modify event logs
c) Overuse of the "root" user ID increases the risk that someone will execute malicious
software by mistake
a) The "root" user ID is shared by many people; the event log can't easily tell which user really
performed a logged action
Which of the following is a formal review of the systems integrity and of the data it
maintains regarding the organization's business.
a) Security event log
c) Information systems audit
d) None of these is correct.
b) Event logging
c) Information systems audit
The security framework that replaced the U.S. DOD Orange Book is called:
c) PCI DSS.
,d) Common Criteria.
a) Common Conduct.
b) Red Book.
d) Common Criteria.
The law that establishes security measures that must be taken on health-related
information is:
c) SOX.
d) FISMA.
b) GLBA.
a) HIPAA.
a) HIPAA.
The phrases below describe Unix commands used for adjusting a file's rights. Match the
command with its description.
Correct!chmod Changes the rights granted to the owner, group, or rest of the world for a
file
Correct!chown Changes the identity of a file's owner
Correct!chgrp Changes the identity of the group associated with a file
Correct!chmod Changes the rights granted to the owner, group, or rest of the world for a file
Correct!chown Changes the identity of a file's owner
Correct!chgrp Changes the identity of the group associated with a file
The following are file-permission situations in Unix. Match the access scenario with the
action taken by a Unix system as a result.
CoCorrect!The root user accesses a file System grants full access to file
Crrect!The root user accesses a file System grants full access to file
Correct!The file's owner accesses a file System applies the owner rights
, Correct!A group member who is not the file's owner accesses a file System applies the
group rights
Correct!A user who is neither the owner nor a group member accesses a file System applies
the world rights
CoCorrect!The root user accesses a file System grants full access to file
Crrect!The root user accesses a file System grants full access to file
Correct!The file's owner accesses a file System applies the owner rights
Correct!A group member who is not the file's owner accesses a file System applies the group
rights
Correct!A user who is neither the owner nor a group member accesses a file System applies
the world rights
We are trying to protect a household computer. We have implemented password-based
authentication to protect sensitive data. Which levels of attacker motivation can this
authentication typically protect against in this situation? Select all that apply.
c) Stealth motivation
a) No motivation
b) Scant motivation
d) Medium motivation
Correct Answer c) Stealth motivation
Correct! a) No motivation
Correct! b) Scant motivation
Are base secrets the same as credentials?
b) Base secrets never serve as credentials.
a) Some base secrets are also credentials, while others are not.
a) Some base secrets are also credentials, while others are not.