D430 Fundamentals of Information Security

Correct Answer

B. Operational

Explanation

Operational security controls involve the activities and procedures carried out by people to protect the information system. These controls are typically executed on a day-to-day basis by personnel and may include activities such as monitoring, incident response, and user training. The emphasis is on human actions and processes rather than technological solutions.

Why other options are wrong

A. Implementation

Implementation refers to the process of putting a security control into action, including the installation of technologies or systems. It is more focused on the deployment aspect, rather than ongoing human-driven activities that fall under operational controls.

C. Organizational

Organizational controls are policies and procedures set by the management to guide the overall security strategy. While they are critical, they do not focus primarily on people’s actions in daily operational activities like operational controls do.

D. Technical

Technical controls rely on technological systems and solutions, such as encryption, firewalls, and access control systems. They are not based on the actions of people but rather on the automation of security processes.

Correct Answer

D. Diffie-Hellman key exchange (DHE)

Explanation

The Diffie-Hellman key exchange (DHE) protocol generates temporary session keys for each communication, providing forward secrecy. This ensures that even if a long-term key is compromised, past communications remain secure because session keys cannot be derived from previous keys. This protects both past and future communications.

Why other options are wrong

A. Perfect Forward Secrecy (PFS)

While Perfect Forward Secrecy (PFS) is related to the concept of securing session keys and preventing the compromise of past communications, it refers to a broader security property rather than a specific protocol. DHE is one implementation of PFS.

B. Secure Hashing Algorithm (SHA)

SHA is a cryptographic hash function used for data integrity verification and generating secure hash values, not for generating temporary session keys for communication. It does not provide forward secrecy.

C. Pretty Good Privacy (PGP)

PGP is a protocol for encrypting emails and files, but it is not focused on session-based key exchanges that provide forward secrecy. It uses different mechanisms for public-key encryption and authentication.

Correct Answer

C. Hacktivist

Explanation

Hacktivists are individuals or groups who use hacking techniques to promote political causes or social change. Their primary motivation is not financial gain, but to advance a political agenda, raise awareness, or protest against organizations, governments, or institutions they view as unethical or oppressive.

Why other options are wrong

A. Nation-state

While nation-states may conduct cyber-attacks, their primary motivation is typically related to espionage, military advantage, or geopolitical objectives rather than social or political causes. Nation-state actors often target other governments or strategic infrastructure rather than promoting political beliefs or social change directly.

B. Unskilled attacker

Unskilled attackers, often referred to as script kiddies, typically engage in cyber-attacks for personal amusement, to gain notoriety, or to cause harm, rather than for political or social motives. They lack the skill and motivation to conduct attacks based on political beliefs or social change.

D. Insider threat

Insider threats involve individuals within an organization, such as employees or contractors, who misuse their access for malicious purposes. While insider threats can sometimes be motivated by personal grievances or financial gain, they are not typically driven by political beliefs or social change, which is the domain of hacktivists.

Correct Answer

C. A user sends a digitally signed email to the entire finance department about an upcoming meeting.

Explanation

Non-repudiation ensures that the sender of a message cannot deny having sent it. In this case, the user sending a digitally signed email provides proof of the origin of the message, as digital signatures can be traced back to the sender’s private key. This prevents the sender from later denying they were the author of the email, as the digital signature serves as irrefutable evidence of their involvement in sending the message.

Why other options are wrong

A. A user logs into a domain workstation and accesses network file shares for another department.

This scenario does not demonstrate non-repudiation because simply logging into a workstation and accessing files does not ensure proof of action or prevent the user from later denying their access. Non-repudiation requires a form of verification, such as digital signatures or logs that conclusively link the user to specific actions, which is not provided in this case.

B. A user remotely logs into the mail server with another user's credentials.

While this scenario is a violation of security protocols, it does not involve non-repudiation. The act of using someone else’s credentials can be traced, but it doesn’t prove non-repudiation since the real user could later deny their involvement, and the unauthorized user could escape identification without proper logging or auditing mechanisms.

D. A user accesses the workstation registry to make unauthorized changes to enable functionality within an application.

This action demonstrates unauthorized activity but does not provide any form of non-repudiation. Non-repudiation requires clear proof that the user performed a specific action, such as digital signatures or logging mechanisms that can’t be easily denied by the user, which is not implied in this scenario.

Correct Answer

C. It generates a unique password for each session, minimizing the risk of password reuse

Explanation

The primary benefit of using a one-time password (OTP) is that it generates a unique password for each authentication session. This minimizes the risk of password reuse and makes it more difficult for attackers to compromise accounts, even if an OTP is intercepted.

Why other options are wrong

A. It allows users to create complex passwords

While OTPs can be complex, their primary benefit is the one-time use for each session rather than allowing users to create complex, reusable passwords. OTPs solve the problem of reusing the same password across multiple sessions.

B. It eliminates the need for a password altogether

This is incorrect because OTPs are still used as part of a password-based authentication system. They supplement traditional passwords rather than replacing them entirely.

D. It stores passwords securely in an encrypted format

OTPs are temporary and are not stored for future use. They are designed to expire after a single use, making it unnecessary to store them securely in the same way as traditional passwords.

Correct Answer

C. Password, fingerprint scan, and physical token

Explanation

Three-factor authentication (3FA) requires three different types of factors: something you know (e.g., password or PIN), something you have (e.g., a physical token), and something you are (e.g., a fingerprint scan). Option C satisfies these three factors: a password (knowledge), a fingerprint scan (biometric), and a physical token (possession).

Why other options are wrong

A. Password, PIN, and physical token

This is only two factors (something you know and something you have). A third factor is needed, such as a biometric factor like a fingerprint or retina scan.

B. PIN, fingerprint scan, and ID scan

This includes a PIN (something you know), a fingerprint scan (something you are), and an ID scan (something you have). However, the ID scan is not typically considered a valid factor for 3FA, as it’s not as secure or dynamic as a physical token.

D. PIN, physical token, and ID card

This includes a PIN (something you know), a physical token (something you have), and an ID card (which is also something you have). While ID cards are important for identification, they don’t meet the full 3FA criteria since they don’t fall under the “something you are” category, and an additional biometric factor is required.

Correct Answers

A. It is used to securely store public and private keys for log on, e-mail signing and encryption, and file encryption.

D. It is a device that contains a microprocessor and permanent memory.

Explanation

Smart cards are commonly used to store sensitive information, such as public and private keys, for tasks such as logging into systems, email signing and encryption, and file encryption. These cards also contain a microprocessor and permanent memory to store and process information securely, ensuring that data is encrypted and cannot be easily extracted or altered.

Why other options are wrong

B. It is a device that works as an interface between a computer and a network.

This describes a network interface device or adapter, not a smart card. Smart cards interact directly with systems for authentication and data storage but do not act as a network interface.

C. It is a device that routes data packets between computers in different networks.

This describes a router, not a smart card. Smart cards are used for authentication and storing cryptographic data, not for routing network traffic.

Correct Answer

C. Authentication verifies identity; authorization determines access rights

Explanation

Authentication and authorization are two distinct processes in security systems. Authentication is the process of verifying a user's identity, typically through methods like passwords, biometrics, or tokens. Authorization, on the other hand, determines the access rights or permissions a user has after their identity has been authenticated. These processes work together to ensure that users are who they claim to be and that they are only able to access resources they are permitted to use.

Why other options are wrong

A. There is no difference between the two

This is incorrect because authentication and authorization serve different purposes. Authentication verifies identity, while authorization determines access levels. They are not the same and have distinct roles in securing systems.

B. Authentication determines access rights; authorization verifies identity

This is incorrect because the definitions are reversed. Authentication verifies identity, not access rights. Authorization is responsible for determining the access rights after identity verification.

D. None of the above

This option is incorrect because option C provides the correct distinction between authentication and authorization. The statement "None of the above" does not apply in this case.

Correct Answer

C. Cybercriminal

Explanation

Cybercriminals are individuals or groups who engage in illegal activities, often for financial gain. These activities can include data theft, identity theft, fraud, and other forms of cybercrime. Their primary motivation is financial, and they may target individuals, businesses, or organizations to steal money or sensitive information for personal gain.

Why other options are wrong

A. Hacktivist

Hacktivists are motivated by political or ideological goals rather than financial gain. They often engage in cyberattacks to promote a social or political cause, such as disrupting government systems or exposing corruption, rather than seeking financial profit.

B. Nation-state actor

Nation-state actors typically engage in cyber espionage or attacks for political, military, or strategic reasons, rather than seeking immediate financial gain. Their goals are related to national interests, intelligence gathering, or geopolitical influence.

D. Insider threat

Insider threats are individuals within an organization who misuse their access to systems and data. While they can engage in financially motivated actions, their primary focus is often related to personal grievances, espionage, or sabotage, rather than the pursuit of financial gain through traditional cybercrime.