Overview
A flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy is a(n) __________.
Vulnerability
What is one derived authentication requirements?
multifactor, timeout, prevent reuse, minimum password complexity, prohibit password reuse obscure auth info, password policy
what is the granting of a right or permission to a system entity to access a system resource.
Authorization
this is also referred to as single key encryption
symmetric
Incorrect handling of program _____ is one of the most common failings in software security
Input
A(n) _________ is an attempt to learn or make use of information from the system that does not affect system resources.
Passive Attack
This is the data structure that authorivately binds an indentity & attributes to a token
Credential
The three types of attributes in the ABAC model are subject attributes, object attributes, and _________ attributes.
environment
Public-key algorithms are based on simple operations on bit patterns
False, based on mathematical functions such as RSA, Diffie, and Elliptic Curve
This is when multiple processes and threads compete to gain uncontrolled access to some resource.
Race Conditions
A what is a threat that if carried out and successful leads leads to an undesirable violation of security, or threat consequence
attack
A __________ attack involves an adversary repeating a previously captured user response.
replay attack
___________ refers to setting a maximum number with respect to roles.
Cardinality
Why are passwords stored using hash functions rather than encryption
hashing is a one way irreversible process, protects agains rainbow tables and brute force
“Incorrect Calculation of Buffer Size” is in the __________ software error category.
Risky Resource Management
The assets of a computer system can be categorized as hardware, software, communication lines and networks, and _________.
data
How does OTP improve security
single use codes, protect against replay attacks
The purpose of access control is to implement a security policy that limits access to who? given their ?
Authorized Users & Access Type
The Hash Property, Given only black x, it is compuytlationally infeasible to find y != x such that H(x) = H(y). This is known as?
second Preimage resistant
A _________ attack occurs when the input is used in the construction of a command that is subsequently executed by the system with the privileges of the Web server.
Command Injection
Name 3 security principles
Economy of mech, fail safe defaults, complete mediation, open design, separation of privacy, least common mech, psychological acceptability Isolation, Encapsulation, Modularity, Layering, least astonishment
Smart tokens have 3 authentication protocol types which are?
static, dynamic challenge response
An access Control List Contains?
users and their access rights
Digital signatures and key management are the two most important applications of __________ encryption.
public key
If a program flaw allows an attacker to execute code with privileges greater than those already available to the attacker, the result is a _________.
Privilege Escalation