Question

23.

Question 23

Granting access to a user based upon how high up he is in an organization violates what basic security premise?

1 point

The principle of least privileges.

Role Based Access Control (RBAC).

The principle of top-down control.

The principle of unified access control.

26.

Question 26

Which of the following practices helps assure the best results when implementing encryption?

1 point

Choose a reliable and proven published algorithm.

Change the cryptographic algorithm used monthly.

Hard-code encryption keys into your applications to assure consistent use.

Develop a unique cryptographic algorithm for your organization and keep them secret.

28.

Question 28

Which of the following practices will help assure the confidentiality of data in transit?

1 point

Implement HTTP Strict Transport Protocol (HSTS).

Accept self-signed certificates.

Always compress files before sending if you are using TLS.

Disable certificate pinning.

Answer 1

Answer to question 23:

Granting Access to user based on how high he is in an organization violates " the principle of least privileges ". As the principle of least privileges states that a person should be given only those privileges that are needed to complete the task. If he does not require that access right, he should not be given that right because rights are not given based on how high you are in the organization rather it depends on the task you are engaged in. Thus, giving rights based on high position violates the principle of least privileges.

Answer to question 26:

" Choose a reliable and proven published algorithm " is the best way to implement encryption. The best encryption techniques are :

Advanced Encryption Algorithm (AES)

IDEA Encryption Algorithm

RSA Security

Selecting any one of such algorithm will help you to implement a strong encrpytion algorithm thus protecting your confidential data from being hacked by attackers and hackers. Also it will protect all kinds of data that is data in motion, data in use and data at rest.

Answer to question 28:

To assure the confidentality of data in transit, it is of great importance to " implement HTTP Strict Transport Protocol (HSTS) " because it helps to avoid Man-In-The-Middle-Attack (MITM) as it uses SSL stripping. SSL stripping is a technique that are used by attackers where in they force the browser to connect to a site using HTTP. HTTP is insecure unlike HTTP which is secure.

I hope this helps you. Thankyou.