D430 Fundamentals of Information Security

Correct Answer

A. Malware from phishing attempts

Explanation

Phishing is a type of social engineering attack where malicious emails are crafted to appear as if they are from trusted sources. In this scenario, the employee clicked on a link in an unsolicited email, which is a classic example of a phishing attempt that leads to malware installation, such as ransomware.

Why other options are wrong

B. Malware from untrusted sources

This option is incorrect because the attack in question uses a trusted vendor's name to deceive the employee. While the source might appear trusted, the actual vector is phishing, not from a completely untrusted source.

C. Malware from legitimate software

This option is incorrect. In this case, the ransomware was installed via phishing, not from legitimate software. Malware from legitimate software typically refers to malicious code that hides within trusted software applications, which is not the scenario described here.

D. Malware from social engineering tactics

This option is partially correct but not as precise as option A. Social engineering tactics are involved in phishing, but the specific threat vector being exploited is phishing, which is more precise and directly related to the method of attack.

Correct Answer

D. privilege delegation

Explanation

In SQL, privilege delegation refers to the ability of an owner to grant specific access rights to other users. This enables the owner to control who has permission to perform certain actions on database objects, such as tables or views, without giving full control to others. Privilege delegation helps in maintaining security and proper access control within the database system.

Why other options are wrong

A. rights delegation

This is incorrect because the term "rights delegation" is not commonly used in the context of SQL access control. The correct term is "privilege delegation," which specifically refers to granting privileges.

B. administrator delegation

This is incorrect because administrator delegation refers to delegating administrative tasks to other users, such as assigning roles or managing user permissions. This does not specifically refer to granting privileges to perform actions on database objects.

C. none of the above

This is incorrect because "privilege delegation" is the correct term, making "none of the above" an inaccurate choice.

Correct Answer

C. OAuth2

Explanation

OAuth2 is the framework commonly used for granting third-party applications access to a user's resources on a social media platform without exposing the user's credentials. It allows for secure delegation of access rights, making it ideal for social media applications requesting access.

Why other options are wrong

A. OpenID Connect

OpenID Connect is an identity layer that sits on top of OAuth2, often used for authentication. It is typically used for single sign-on (SSO) scenarios rather than simple access delegation, which is more the role of OAuth2.

B. SAML

SAML is a protocol primarily used for Single Sign-On (SSO) in enterprise environments. It is not typically used for granting third-party applications access to social media accounts.

D. Shibboleth

Shibboleth is an identity federation and Single Sign-On system used mainly in academic and research environments. It is not commonly used for social media applications requesting access.

Correct Answer

B. BruteForce attack

Explanation

A brute-force attack is the most effective and exhaustive method against passwords because it involves trying all possible combinations of characters until the correct one is found. While other methods such as dictionary attacks may only try commonly used words or combinations, brute-force attacks do not rely on any preselected list and will attempt every possible password, making them the most thorough way to crack passwords.

Why other options are wrong

A. Dictionary Attack

This is incorrect because a dictionary attack uses a predefined list of words, such as common passwords or dictionary entries, to attempt to break a password. While it is faster than brute force for weak passwords, it is not as effective because it does not cover all possible character combinations, only those that are likely to be used.

C. Targeted Attack

A targeted attack is more focused, often based on social engineering or personal information to guess passwords. While it can be effective in specific cases, it is less exhaustive and typically requires more information about the target than a brute-force attack.

D. Manual password Attack

This is incorrect because a manual password attack generally involves an attacker trying to guess a password through human effort, often with prior knowledge of the victim's habits or preferences. It is slower and less effective than a brute-force attack, which systematically checks all combinations.

Correct Answer

A. Acceptability

Explanation

Acceptability refers to the user's willingness to undergo biometric verification, which is influenced by factors such as privacy concerns, comfort, and cultural considerations. In this case, Devaki is considering how users may not want to undergo retinal scans due to the potential invasion of privacy, which is a key factor in determining the acceptability of a biometric system.

Why other options are wrong

B. Dynamism

Dynamism refers to the ability of a biometric system to handle changes over time in a person's biometric traits, such as aging or physical changes. While this is important, it is not related to user concerns about privacy or comfort.

C. Accuracy

Accuracy refers to how well a biometric system correctly identifies individuals or rejects imposters. While accuracy is important in choosing a biometric system, Devaki's concern is focused on the users' willingness to use the system, which is related to acceptability.

D. Reaction time

Reaction time refers to how quickly a biometric system can process and return a result after a user presents their biometric trait. While important for user experience, it is not related to the privacy concerns Devaki is considering.

Correct Answer

C. Continuous authentication

Explanation

Location-based authentication can be used to continuously verify a user's identity based on their geographic location, ensuring that access to systems or services remains valid while the user is within an acceptable location. This form of authentication helps maintain security without requiring the user to reauthenticate repeatedly, providing continuous security as long as the user's location matches the expected parameters.

Why other options are wrong

A. Static authentication

Static authentication is a one-time verification process, often based on credentials like passwords or PINs. Location-based authentication, by its nature, is dynamic and doesn't fit the concept of static authentication.

B. Intermittent authentication

Intermittent authentication would involve checking the user's identity at irregular intervals. Location-based authentication is more suited to continuous verification, rather than being checked intermittently.

D. Robust authentication

Robust authentication refers to using multiple factors or layers of security to ensure strong identification. While location-based authentication can be part of a robust authentication system, the primary characteristic of location-based authentication is continuous verification rather than merely robustness.

Correct Answer

C. It should be revoked.

Explanation

If John accidentally discloses his private key, the associated certificate should be revoked immediately. The private key is critical to the security of the certificate, and if it becomes compromised, anyone who obtains it can impersonate John or decrypt messages intended for him. Revoking the certificate ensures that it is no longer trusted for secure communications, protecting the integrity of the system.

Why other options are wrong

A. Nothing

This is incorrect because if a private key is disclosed, it poses a security risk, and action should be taken immediately. Doing nothing could allow unauthorized access or data breaches, which is unacceptable in secure communication systems.

B. Only use it for internal messages.

This is incorrect because the disclosure of a private key renders it unsafe for any use, not just external messages. Allowing internal use would still expose the system to potential security risks, such as unauthorized access or impersonation.

D. It should be suspended.

This is incorrect because suspending a certificate does not fully address the risk of a compromised private key. Revocation, on the other hand, ensures that the certificate is no longer trusted or valid. Suspension may only temporarily disable the certificate, but it doesn't completely eliminate the risk.

Correct Answer

B. Employing user's phone geolocation data to verify their credentials to access a secure website

Explanation

Using geolocation data from a user's phone to verify their credentials provides a more precise and practical method for location-based authentication. This technique is effective in confirming that the user is physically located in a trusted location, such as their home or workplace, before granting access to sensitive systems. It leverages a readily available technology that is secure and has minimal disadvantages compared to other methods.

Why other options are wrong

A. Pinpointing an individual user's terminal by tracing their IP address back to their physical location

This method has several disadvantages, including inaccuracies in pinpointing a user's physical location due to the use of VPNs or proxy servers. It also doesn't consider situations where the user may be traveling or using a different device, making it less reliable for authentication purposes.

C. Enforcing a mandatory "check in" policy on social media for users on remote access calls

This approach is not secure because it relies on social media platforms, which could be compromised or exploited. It also places a significant burden on users and opens up potential privacy issues, making it less practical for authentication purposes.

D. Activating location-based technology to operate a Virtual Private Network (VPN) gateway to restrict access to users from foreign countries

While this could prevent access from unauthorized locations, it is a restrictive and blunt approach. It limits access for legitimate users who may be traveling internationally or using mobile devices, and it could cause legitimate users to be blocked, making it a less efficient solution compared to using phone geolocation data.

Correct Answer

A. Principle of least privilege

Explanation

The Principle of Least Privilege dictates that users, programs, and systems should only be given the minimum privileges necessary to perform their tasks. This minimizes the potential damage in case of an attack or error, and helps in securing systems from unauthorized actions.

Why other options are wrong

B. Principle of process scheduling

This refers to the management of processes by an operating system, and it is not related to the principle of limiting privileges to the minimum necessary for task performance.

C. None of the mentioned

This is incorrect because the Principle of Least Privilege is indeed mentioned as option A.

D. Principle of operating system

This is a vague term and does not specifically refer to the concept of limiting user privileges or actions, which is what the Principle of Least Privilege addresses.