D430 Fundamentals of Information Security

Correct Answer

C. OAuth2

Explanation

OAuth2 is the framework commonly used for granting third-party applications access to a user's resources on a social media platform without exposing the user's credentials. It allows for secure delegation of access rights, making it ideal for social media applications requesting access.

Why other options are wrong

A. OpenID Connect

OpenID Connect is an identity layer that sits on top of OAuth2, often used for authentication. It is typically used for single sign-on (SSO) scenarios rather than simple access delegation, which is more the role of OAuth2.

B. SAML

SAML is a protocol primarily used for Single Sign-On (SSO) in enterprise environments. It is not typically used for granting third-party applications access to social media accounts.

D. Shibboleth

Shibboleth is an identity federation and Single Sign-On system used mainly in academic and research environments. It is not commonly used for social media applications requesting access.

Correct Answer

C. Continuous authentication

Explanation

Location-based authentication can be used to continuously verify a user's identity based on their geographic location, ensuring that access to systems or services remains valid while the user is within an acceptable location. This form of authentication helps maintain security without requiring the user to reauthenticate repeatedly, providing continuous security as long as the user's location matches the expected parameters.

Why other options are wrong

A. Static authentication

Static authentication is a one-time verification process, often based on credentials like passwords or PINs. Location-based authentication, by its nature, is dynamic and doesn't fit the concept of static authentication.

B. Intermittent authentication

Intermittent authentication would involve checking the user's identity at irregular intervals. Location-based authentication is more suited to continuous verification, rather than being checked intermittently.

D. Robust authentication

Robust authentication refers to using multiple factors or layers of security to ensure strong identification. While location-based authentication can be part of a robust authentication system, the primary characteristic of location-based authentication is continuous verification rather than merely robustness.

Correct Answer

B. It provides a unique identifier for data while maintaining confidentiality.

Explanation

Cryptographic hashing is primarily used to ensure data integrity and maintain confidentiality. Given its irreversible nature, hashing provides a unique identifier (hash value) for the original data, which can be used to verify the data's integrity without revealing the original content. This feature is essential for securing sensitive information like passwords or data verification, as the original data cannot be reconstructed from the hash.

Why other options are wrong

A. It allows for the original data to be easily retrieved.

This is incorrect because cryptographic hashing is designed to be irreversible, meaning the original data cannot be retrieved from the hash. This feature is what provides its security.

C. It enables the encryption of data for secure transmission.

Hashing is not the same as encryption. While encryption transforms data to make it unreadable without a key, hashing is meant to generate a fixed-size hash value that represents the data. Encryption is reversible, whereas hashing is not.

D. It ensures that data can be modified without detection.

This is incorrect because cryptographic hashing helps detect data modification. If the data is altered, the hash will change, signaling a potential integrity issue.

Correct Answer

A. Acceptability

Explanation

Acceptability refers to the user's willingness to undergo biometric verification, which is influenced by factors such as privacy concerns, comfort, and cultural considerations. In this case, Devaki is considering how users may not want to undergo retinal scans due to the potential invasion of privacy, which is a key factor in determining the acceptability of a biometric system.

Why other options are wrong

B. Dynamism

Dynamism refers to the ability of a biometric system to handle changes over time in a person's biometric traits, such as aging or physical changes. While this is important, it is not related to user concerns about privacy or comfort.

C. Accuracy

Accuracy refers to how well a biometric system correctly identifies individuals or rejects imposters. While accuracy is important in choosing a biometric system, Devaki's concern is focused on the users' willingness to use the system, which is related to acceptability.

D. Reaction time

Reaction time refers to how quickly a biometric system can process and return a result after a user presents their biometric trait. While important for user experience, it is not related to the privacy concerns Devaki is considering.

Correct Answer

A. Certificate Revocation List (CRL)

Explanation

The Certificate Revocation List (CRL) is used to notify clients about the status of suspended or revoked cryptographic keys. A CRL is a list maintained by a Certificate Authority (CA) that identifies certificates that are no longer valid, typically due to being revoked before their expiration date. This allows clients to check whether a particular certificate has been revoked and is therefore unsafe to trust.

Why other options are wrong

B. Public Key Infrastructure (PKI)

PKI is the overall system that manages public key encryption, including key generation, storage, and certificate management. It involves elements like certificate authorities and digital certificates, but it is not the specific mechanism for notifying clients about revoked keys.

C. Key Management Service (KMS)

Key Management Service (KMS) refers to a service that handles the management of encryption keys for securing data. While it helps with key storage and handling, it does not specifically handle the notification of key revocation status to clients.

D. Digital Signature Algorithm (DSA)

The Digital Signature Algorithm (DSA) is a specific algorithm used for creating digital signatures. It is not responsible for managing the status or revocation of cryptographic keys.

Correct Answer

B. Corrective and detective

Explanation

In this scenario, the IDS is detecting a potential threat (detective function) and then responding by isolating the affected system (corrective function). The detective function refers to the system's ability to identify and alert on potential security issues, while the corrective function involves taking actions to mitigate the impact or prevent further damage, such as isolating the system from the network.

Why other options are wrong

A. Preventive and detective

This option is incorrect because preventive measures involve taking action to prevent an attack from occurring in the first place, such as blocking access or filtering traffic. In this case, the IDS is detecting a threat (detective), not preventing it, and taking corrective action after the detection.

C. Preventive and corrective

This option is incorrect because preventive measures are not being implemented. Preventive measures would involve blocking the threat before it occurs, while in this case, the IDS detects and alerts after the potential threat is identified, and corrective action is taken after detection.

D. Operational and technical

This option is incorrect because the terms "operational" and "technical" are not directly related to the functional categories of security control actions. The correct classification would be preventive, detective, or corrective actions.

Correct Answer

C. Confidentiality

Explanation

Symmetric encryption uses a single key for both encryption and decryption, and its primary goal is to ensure confidentiality. This means that only authorized users with the correct key can decrypt and access the data, keeping it protected from unauthorized parties. While symmetric encryption can contribute to other aspects of security, such as integrity when combined with hash functions, its primary purpose is maintaining confidentiality.

Why other options are wrong

A. Integrity

Integrity is related to ensuring that data has not been altered in an unauthorized manner. Symmetric encryption alone does not guarantee data integrity; this is typically achieved through hashing or digital signatures.

B. Availability

Availability ensures that data is accessible when needed. Symmetric encryption does not directly address availability; it focuses on protecting data confidentiality.

D. Authentication

Authentication verifies the identity of users or systems, which is not the main function of symmetric encryption. While encryption can be part of an authentication process, symmetric encryption itself primarily protects data confidentiality.

Correct Answer

A. Establishing an information security governance committee

Explanation

An information security governance committee helps ensure that information security efforts are aligned with the business's objectives and strategic goals. This committee provides oversight and guidance, ensuring that security policies and practices are in sync with business needs. It also helps to establish priorities, allocate resources, and ensure that security measures are effectively integrated into the business operations.

Why other options are wrong

B. Developing information security policies

While developing information security policies is essential, it alone does not ensure alignment between security and business functions. Policies are a part of the governance framework but do not ensure strategic alignment.

C. Establishing a security awareness program

A security awareness program is important for educating employees about security best practices, but it does not directly ensure alignment between security and business functions. It’s more about fostering a security-conscious culture rather than strategic alignment.

D. Providing funding for information security efforts

Providing funding is crucial for the implementation of security measures, but without a governance structure, it doesn't necessarily guarantee that security efforts are aligned with business functions. Proper alignment requires active management and oversight.

Correct Answer

D. Kerberos

Explanation

Kerberos is an authentication protocol that uses a Key Distribution Center (KDC) to manage the distribution of secret keys between clients and servers in a secure manner. The KDC provides authentication services and ensures that communications between users and services are secure. The other options do not rely on a KDC for authentication.

Why other options are wrong

A. CHAP

CHAP (Challenge-Handshake Authentication Protocol) does not use a Key Distribution Center (KDC). Instead, it involves the client and server exchanging challenge and response messages to authenticate the client, relying on a shared secret rather than key distribution by a KDC.

B. Login and authentication

Login and authentication, as a general process, do not specifically use a Key Distribution Center. This term refers to the process of verifying a user's identity, which can be done using various methods, but not necessarily through a KDC.

C. Identification and authentication

Identification and authentication are processes, but they do not inherently require a Key Distribution Center. This process can involve passwords, biometric data, or other methods of verifying identity, and KDC is not specifically tied to this process.