Overview
User Auth
Access Control
Intro to Crypto
software Security
100

A loss of what is the unauthorized disclosure of info 

Confidentiality 

100

This is a wide used defense against intruders 

Passwords or password system

100

what is the granting of a right or permission to a system entity to access a system resource.

Authorization

100

this is also referred to as single key encryption

symmetric 

100

Incorrect handling of program _____ is one of the most common failings in software security

Input

200

An example of what threat action is in which sensitive data are directly released to an unauthorized entity?

Exposure 

200

This is the data structure that authorivately binds an indentity & attributes to a token

Credential 

200

Why is the policy DAC, termed as discretionary?


an entity may have access rights that enable another entity to access some resource 

200

The purpose of this is to produce a fingerprint of a file message or block of data

Hash Function

200

This refers to a wide variety of attacks based on the invalid handling of input data

Injection attacks

300

A what is a threat that if carried out and successful leads leads to an undesirable violation of security, or threat consequence

attack

300

what are the 4 means of authenticating?

knows, possess, is, does 

300

The analogy of “who you are” + “what you’re doing” + “where/when you’re doing it” + “when you want to access it” is in reference to which access control that we learned about?

Attribute Based

300

Encryption protects against what kind of attacks?

Passive or eavesdropping

300

This is when multiple processes and threads compete to gain uncontrolled access to some resource.

race conditions



400
  • Misappropriation and misuse are attacks that result in what threat consequences.

Usurpation

400


An organization can choose between a range of user authentication technologies based on a degree of what in the identity proofing and authentication processes.

confidence

400

The purpose of access control is to implement a security policy that limits access to who? given their ?

Authorized Users & Access Type

400

The Hash Property, Given only x,  it must be hard to find y such that H(x) = H(y). This is known as?

second Preimage resistant

400

What are the categories of software security issues?

Insecure Interaction between components, Risky Resource Management, Porous Defenses

500

Name 3 security principles 

Economy of mech, fail safe defaults, complete mediation, open design, separation of privacy, least common mech, psychological acceptability Isolation, Encapsulation, Modularity, Layering, least astonishment

500

one of the simplest hardware tokens is a what device?

One time password


500

In RBAC what are the constraints?

Mutually exclusive roles, cardinality, prerequisites roles

500

protection against active attacks such as falsification is known as what?

Message Authentication

500

Explain one of the security issues we learned about 

must be from the chapter

M
e
n
u