Download IT 223 - Exam 2 Study Guide 2026 and more Study Guides, Projects, Research Information Technology in PDF only on Docsity!
1 /
IT 223 - Exam 2 Study Guide 2026
1. access control: Controlling access for authorized entities for resources they are allowed to use and when they can use them.
2. How is policy related to it?: Policy driven control of access to systems, data and dialogues. Policies are important. Examples of access
control include physical and technical controls barriers, passwords, and biometrics.
3. authentication in access control: Verifying an entity is real and have access, supplicant vs verifier
4. authorization in access control: Giving an entity permission to access network services
5. auditing in access control: Analysis of data collected of individual's activities, making sure everyone is compliant
6. What are 4 different ways to authenticate a claim of identity?: Something you know (password), something
you have (door key), something you are (fingerprint), and something you do (pronounce a phrase)
7. multi-factor authentication: Use two or more types of factors, decreases possibility of authorizing
access to unauthorized user
8. How does it impact the probability of a false negative result?: Have to have compromised more than
one factor, more difficult
9. How does it impact the probability of a false positive result?: Have to remember or be in possession of extra
information
2 /
10. mandatory access control: Enforced in classified environments, most strict, access control barriers to gain entry, no
variation allowed, system owner can't change it
11. discretionary access control: Department can decide what access to allow for each individual, weakest
12. How does a multi-level security (MLS) system work?: Classified information requires complex layers of
control, might have to have a need to know access
13. Can you give examples of common policy requirements for physical secu- rity?: First do risk
analysis and equipment siting
14. Why is it important to consider utilities?: If power goes out, need UPS and backup generator,
electricity/water/HVAC needs to be inspected/tested
15. What are important issues to remember when disposing of computer equipment?: Has
to be wiped, remove all important data
16. What is the role of a password in access control?: May prove identity, give access if correct
17. Can you give examples of common policy requirements for passwords?: -
Mandatory changes regularly, include what specific characters are needed, have expire over a certain amount of time
18. How do users sometimes misuse passwords?: Sharing it, reuse same one
4 /
28. How can a cryptographic process support authentication? What service/s can it provide?: MS-
CHAP, Microsoft challenge and response protocol, used on websites, authenticates origin
29. What is a PKI? What are its components? What is its purpose?: Public Key Infrastructure,
asymmetric cryptography, requesting certificates and generating private and sending public keys
30. How might an attacker compromise a PKI?: Deceive the provisioning authority, need to control who has
access credentials
31. What is a very important issue related to enrolling users in an authentica- tion process?:
Imposters can simply enroll through social engineering, need strong procedures for who is approved/authorized
32. How does the principle of least permissions relate to authorization?: Each person gets least
amount to perform job
33. What is the purpose of auditing? When does auditing occur?: Regularly audited, make sure
everyone that is using system is supposed to be using it and using it right
34. What is federated identity management?: For use between two companies or organizations, one business has
users authenticated and other business trusts it as well
35. Site selection: based on physical location (political situations, geographic situations, vulnerabilities to
hacking/damage/visibility, try to make perimeter or protect entrance)
5 /
36. Three groups of physical security implementation: administrative, technical, physical
37. Four focuses of physical security: deterrence, denial, detection, delay
38. Mean time to fail: average lifetime for something to fail
39. Mean time to repair: average time it will take for something to be fixed
40. Replacement plans: vendor levels of support, etc. predict how long things will last
41. Wiring closets: restrict access, keep them clean/organized, surveillance, no flammables, monitor
42. Server rooms: one-hour min fire rating, cooled adequately, raised floors, disaster recovery plan
43. Media storage facilities: locked, managed, check-in/checkout process, wipe data off reusables
44. Evidence storage: dedicated, separate from production networks, keep system offline, disconnected from internet, track
movement of files/accesses, limited access
45. Ops centers: not equal access to all locations, server rooms strictly controlled, escorted access
46. Datacenters: smartcards, proximity readers, intrusion detection
47. Fault: momentary loss of power
7 /
59. Four types of motion detectors: infrared, heat-based, wave pattern, passive audio
60. Intrusion Detection: deterrent, repellant, and notification alarms
61. 3 A's of Forensics: Acquire, Authenticate, Analyze
62. Principle of Exchange: when a person commits a crime, something is always left at the scene of the crime that was not
present when the person arrived
63. 3 Types of Digital Forensic Analysis: media analysis(hardware), code analysis(software), network analysis(traffic)
64. Types of communities within Digital Forensics: Law Enforcement, Military, Business/Industry, Academia
65. Explain where computer forensics fits into DFS: secure collection, identification, examination, presentation,
presentation, and application
66. Digital forensics: scientifically derived, preserve, collect, validate, identify, analyze, interpret, document, and present digital
evidence that must be handled in accordance with rules of evidence
67. File carving: recovering deleted content from system
68. What are the origins of the word "cryptography"?: Latin/Greek, to hide or conceal + describing how to
69. Cryptography: Process of encrypting important data
8 /
70. Cryptanalysis: Process of defeating encrypted systems, cracking/breaking it
71. Plaintext: Meaningful data, what people try to steal
72. Ciphertext: Meaningless data, when plaintext is encrypted and protected
73. code: System for representing data using a set of symbols (like ASCII)
74. Cipher: Process for concealing the meaning of a message or a message concealed by encryption
75. encryption: Cryptography, concealing the meaning of a message
76. Decryption: Cryptanalysis, revealing the meaning of a concealed message
77. Key: crypto-variable is fed into the algorithm, strength relies on length of key, how key is generated, and how its protected
78. What is symmetric cryptography? Why is it called "symmetric"? What key/s is/are used?
What is a challenge in symmetric cryptography? What services can it provide?: the same SHARED key is used in encryption AND decryption, inverse operations in reverse sequence, relatively fast (sharing the key is a challenge)
79. What is asymmetric cryptography? Why is it called "asymmetric"? What key/s is/are
used? What is a challenge in asymmetric cryptography? What services can it provide?: use two ditterent keys but same operation, one key is public other is private, one key can only be decrypted by other (authenticating someone else's public
10 / word in a word list
89. How might statistical analysis be useful in cryptanalysis?: involves attempting to find non-random
patterns in intercepted ciphertext that might reveal the plaintext or even the key
90. side-channel analysis: measures some side-effect of the encryption/decryption in an attempt to learn some or all of the bits in
the key
91. How might public data be useful in cryptanalysis?: Public data is exploited, involves attempting to learn
private data by analyzing public data related to it
92. If large-scale quantum computing becomes feasible how might it affect information security?: It
can passively intercept a message and decode it without anyone knowing and be far away, cryptosystems would be useless
93. social engineering: involves attempting to trick a user into revealing a key, not technical
94. What is a public communications channel? Can you give examples?: Where people can exchange
messages, open communication Two people communicate over public channel to exchange information
11 /
95. What types of attack are possible over a public communications channel?-
: Man-in-the-middle attack, eavesdropping
96. Which information security service/s might each attack violate?: Key loggers defeat non-
repudiation, integrity, authentication of origin, confidentiality
97. Which information security service/s could encryption/decryption provide?-
: Origin and Integrity
98. Which key/s are used in symmetric encryption/decryption?: ONE, same key
99. Which key/s are used in asymmetric encryption/decryption?: One public key and one private key for
each person, two ditterent keys
100. What two things does the recipient of a message want assurance of?: Origin and Integrity
101. How can authentication of the origin of a message be enabled?: the sender of the message must add
some data that a recipient can check and that an attacker could not have created correctly
102. What is/are the inputs to a MAC function? What is the output?: Input is a message and a key and the
output is a message authentication code, a value that has no apparent relationship with the message or key
103. What makes the output of MAC function pseudo-random?: It is hashed
13 /
112. What does the recipient of a message and a hash do with them? Why?: They can get a message to
hash themselves to compare to the hash they received, getting the output can be compared to what they received
113. What does it mean if the recipient's locally generated hash is identical to
the received hash?: We assume a collision has not occurred, it is a valid message
114. What information security service is provided by a MAC but not by a hash?:
Authentication of origin
115. How can a hash algorithm be used in a MAC function?: The recipient of this message can generate a
hash of it and they key they share with the apparent sender
116. What is an HMAC?: Keyed-hash message authentication code is a specific construction for calculating a message
authentication code involving a cryptographic hash function in combination with a secret cryptographic key
117. Who could have created a MAC for a given message?: the sender
118. What information security service is not provided by a MAC?: Non-repudiation
119. What does the sender of a message know that no-one else knows?: Private key
120. What is a digital signature? How is it generated?: A message that is proof of identity, Use our private
key to encrypt so people can use our public key to prove authentication of origin
14 /
121. How is a digital signature verified?: Recipient will use the senders public key
122. Is a hash function reversible?: No, it is a one-way process
123. Why is it important that a password not be transmitted as plaintext?: It can be easily used, no
decrypting even needed, a monkey could do it
124. Why is it important that a password not be transmitted as ciphertext?: Some- one might be able to
decrypt it
125. What is a rainbow table?: A list of likely passwords and the hash for each, search database for a matching hash in a
reasonable amount of time
126. How does "salting" password hashes affect the usefulness of a rainbow table?: They add a
pseudo-random value to a password randomly throughout the text
127. How does MS-CHAP use a hash function?: It holds a user's password as a hash, when someone sends
password it hashes it and then sends to server to see if it matches with what the hash on file is
128. Virtual Private Network: tunnel from current location to the VPN server (but not beyond that), encrypt traffic, anonymous,
not end-to-end encryption
129. Internet-based VPN connections: organization can avoid long-distance charges while taking advantage of the global