What is an error called that causes a system to be vulnerable because of the environment in which it is installed?
Correct Answer: B
In an environmental error, the environment in which a system is installed somehow causes the system to be vulnerable. This may be due, for example, to an unexpected interaction between an application and the operating system or between two applications on the same host. A configuration error occurs when user controllable settings in a system are set such that the system is vulnerable. In an access validation error, the system is vulnerable because the access control mechanism is faulty. In an exceptional condition handling error, the system somehow becomes vulnerable due to an exceptional condition that has arisen. Source: DUPUIS, Clement, Access Control Systems and Methodology CISSP Open Study Guide, version 10, march 2002 (page 106).
Question 217
Which of the following is more suitable for a hardware implementation?
Correct Answer: A
A stream cipher treats the message as a stream of bits or bytes and performs mathematical functions on them individually. The key is a random value input into the stream cipher, which it uses to ensure the randomness of the keystream data. They are more suitable for hardware implementations, because they encrypt and decrypt one bit at a time. They are intensive because each bit must be manipulated, which works better at the silicon level. Block ciphers operate a the block level, dividing the message into blocks of bits. Cipher Block chaining (CBC) and Electronic Code Book (ECB) are operation modes of DES, a block encryption algorithm. Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 2).
Question 218
What is the maximum length of cable that can be used for a twisted-pair, Category 5 10Base-T cable?
Correct Answer: B
As a signal travels though a medium, it attenuates (loses strength) and at some point will become indistinguishable from noise. To assure trouble-free communication, maximum cable lengths are set between nodes to assure that attenuation will not cause a problem. The maximum CAT-5 UTP cable length between two nodes for 10BASE-T is 100M. The following answers are incorrect: 80 meters. It is only a distracter. 185 meters. Is incorrect because it is the maximum length for 10Base-2 500 meters. Is incorrect because it is the maximum length for 10Base-5
Question 219
Which of the following problems is not addressed by using OAuth (Open Standard to Authorization) 2.0 to integrate a third-party identity provider for a service?
Correct Answer: A
Question 220
A smart Card that has two chips with the Capability of utilizing both Contact and Contactless formats is called:
Correct Answer: C
This is a contactless smart card that has two chips with the capability of utilizing both contact and contactless formats. Two additional categories of cards are dual-interface cards and hybrid cards which is mentioned above. Hybrid Card A hybrid card has two chips, one with a contact interface and one with a contactless interface. The two chips are not interconnected. Dual-Interface card Do not confuse this card with the Hybrid Card. This one has only one chip. A dual-interface card has a single chip with both contact and contactless interfaces. With dual-interface cards, it is possible to access the same chip using either a contact or contactless interface with a very high level of security. Inner working of the cards The chips used in all of these cards fall into two categories as well: microcontroller chips and memory chips. A memory chip is like a small floppy disk with optional security. Memory chips are less expensive than microcontrollers but with a corresponding decrease in data management security. Cards that use memory chips depend on the security of the card reader for processing and are ideal for situations that require low or medium security. A microcontroller chip can add, delete, and otherwise manipulate information in its memory. A microcontroller is like a miniature computer, with an input/output port, operating system, and hard disk. Smart cards with an embedded microcontroller have the unique ability to store large amounts of data, carry out their own on-card functions (e.g., encryption and digital signatures) and interact intelligently with a smart card reader. The selection of a particular card technology is driven by a variety of issues, including: Application dynamics Prevailing market infrastructure Economics of the business model Strategy for shared application cards Smart cards are used in many applications worldwide, including: Secure identity applications - employee ID badges, citizen ID documents, electronic passports, driver's licenses, online authentication devices Healthcare applications - citizen health ID cards, physician ID cards, portable medical records cards Payment applications - contact and contactless credit/debit cards, transit payment cards Telecommunications applications - GSM Subscriber Identity Modules, pay telephone payment cards The following answers are incorrect: Contact Smart Cards A contact smart card must be inserted into a smart card reader with a direct connection to a conductive contact plate on the surface of the card (typically gold plated). Transmission of commands, data, and card status takes place over these physical contact points. Contactless Smart Cards A contactless card requires only close proximity to a reader. Both the reader and the card have antennae, and the two communicate using radio frequencies (RF) over this contactless link. Most contactless cards also derive power for the internal chip from this electromagnetic signal. The range is typically one-half to three inches for non-battery-powered cards, ideal for applications such as building entry and payment that require a very fast card interface. Combi Card Are similar to Hybrid cards only they contain only one set of circuitry as apposed to two. The following reference(s) were/was used to create this question: Smart Card Primer at: http://www.smartcardalliance.org/pages/smart-cards-intro-primer