Question

In: Computer Science

23. Question 23 Granting access to a user based upon how high up he is in...

23.

Question 23

Granting access to a user based upon how high up he is in an organization violates what basic security premise?

1 point

The principle of least privileges.

Role Based Access Control (RBAC).

The principle of top-down control.

The principle of unified access control.

26.

Question 26

Which of the following practices helps assure the best results when implementing encryption?

1 point

Choose a reliable and proven published algorithm.

Change the cryptographic algorithm used monthly.

Hard-code encryption keys into your applications to assure consistent use.

Develop a unique cryptographic algorithm for your organization and keep them secret.

28.

Question 28

Which of the following practices will help assure the confidentiality of data in transit?

1 point

Implement HTTP Strict Transport Protocol (HSTS).

Accept self-signed certificates.

Always compress files before sending if you are using TLS.

Disable certificate pinning.

Solutions

Expert Solution

Answer to question 23:

Granting Access to user based on how high he is in an organization violates " the principle of least privileges ". As the principle of least privileges states that a person should be given only those privileges that are needed to complete the task. If he does not require that access right, he should not be given that right because rights are not given based on how high you are in the organization rather it depends on the task you are engaged in. Thus, giving rights based on high position violates the principle of least privileges.

Answer to question 26:

" Choose a reliable and proven published algorithm " is the best way to implement encryption. The best encryption techniques are :

Advanced Encryption Algorithm (AES)

IDEA Encryption Algorithm

RSA Security

Selecting any one of such algorithm will help you to implement a strong encrpytion algorithm thus protecting your confidential data from being hacked by attackers and hackers. Also it will protect all kinds of data that is data in motion, data in use and data at rest.

Answer to question 28:

To assure the confidentality of data in transit, it is of great importance to " implement HTTP Strict Transport Protocol (HSTS) " because it helps to avoid Man-In-The-Middle-Attack (MITM) as it uses SSL stripping. SSL stripping is a technique that are used by attackers where in they force the browser to connect to a site using HTTP. HTTP is insecure unlike HTTP which is secure.

I hope this helps you. Thankyou.


Related Solutions

Question 5. Set up the game for AYK model for bargaining and explain how access to...
Question 5. Set up the game for AYK model for bargaining and explain how access to abortions changes the Nash equilibrium and we would observe an increase in nonmarital fertility in the society.
IN C++. Objective: Create a Singly linked list of numbers based upon user input. Program logic:...
IN C++. Objective: Create a Singly linked list of numbers based upon user input. Program logic: Ask for a number, add that number to the front of the list, print the list. Repeat until they enter -1 for the number. . Sample Input: 10, 15, 5, 2, 4, -1 Output: 4, 2, 5, 15, 10. Next sort all the numbers using selection sort and display them. Next give the user option to search for a specific number in the list....
IN C++. Objective: Create a Singly linked list of numbers based upon user input. Program logic:...
IN C++. Objective: Create a Singly linked list of numbers based upon user input. Program logic: Ask for a number, add that number to the front of the list, print the list. Repeat until they enter -1 for the number. . Sample Input: 10, 15, 5, 2, 4, -1 Output: 4, 2, 5, 15, 10. Next sort all the numbers using selection sort and display them. Next give the user option to search for a specific number in the list....
HIPAA security , physical safeguard give examples of the following : 1) user-based access control 2)...
HIPAA security , physical safeguard give examples of the following : 1) user-based access control 2) role-based access control 3) context-based access control
Consider a multi-user system running a database server, with a role-based access control (RBAC) system. One...
Consider a multi-user system running a database server, with a role-based access control (RBAC) system. One role in this system is Database Developer, for those responsible for creating and populating new databases and database applications. A second role is Database Administrator, responsible for managing the configuration of the database server and database user accounts. Make two lists, one for each of these two roles, with names of permissions that might be assigned to each role. Be as specific as possible....
THIS QUESTION IS BASED UPON JAVA PROGRAMMING. Exercise 1 In this exercise, you will add a...
THIS QUESTION IS BASED UPON JAVA PROGRAMMING. Exercise 1 In this exercise, you will add a method swapNodes to SinglyLinkedList class. This method should swap two nodes node1 and node2 (and not just their contents) given references only to node1 and node2. The new method should check if node1 and node2 are the same nodes, etc. Write the main method to test the swapNodes method. Hint: You may need to traverse the list. Exercise 2 In this exercise, you will...
Based upon extensive data from a national high school educational testing​ program, the mean score of...
Based upon extensive data from a national high school educational testing​ program, the mean score of national test scores for mathematics was found to be 605 and the standard deviation of national test scores for mathematics was found to be 98 points. What is the probability that a random sample of 196 students will have a mean score of more than 610? Less than 591​? a) The probability that a random sample of 196 students will have a mean score...
Based on "Access to Clinical Information" and "Patient Follow-Up/Recalls" from the list of potential clinical impacts...
Based on "Access to Clinical Information" and "Patient Follow-Up/Recalls" from the list of potential clinical impacts of the EHR. -Define the relationship of these two benefits to the Triple Aim -List specifically how the EHR can create this particular benefit. -Identify factors that could affect or limit attainment of each clinical benefit.
Please answer the following question: 1) Based upon the knowledge relating to fraud examination and the...
Please answer the following question: 1) Based upon the knowledge relating to fraud examination and the fraud triangle, “Understand the Person, Understand the Fraud” concept, means to you. 2) Discuss how you, a fraud examiner, would approach and conduct an interview of a fraud suspect(s) in a case you have been assigned. Remember to include techniques, theory and approaches in your answer. Make sure your answer demonstrates your understanding of the fraud triangle and fraud examination.
This simulation question available sources is based upon a true set of facts. The information contained...
This simulation question available sources is based upon a true set of facts. The information contained in the simulation question was What is the Relationship Between the Fraud Triangle and Financial Statement Fraud? - Required First, search the Internet or refer to textbooks to learn as much as you can about the Fraud Triangle. Then, answer the following: 2. How can the Fraud Triangle detect/prevent financial statement fraud? Discuss how each of the three elements of the Fraud Triangle can...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT