Question 1 (3 points) Reasons people might be reluctant to use biometrics for authentication is: hygiene or fear of personal injury and false negatives (falsely not being allowed into a system). Save Question 2 (3 points) A hash algorithm uses a one-way cryptographic function, whereas both secret-key and public-key systems use two-way (i.e., reversible) cryptographic functions. Save Question 3 (3 points) AES uses the Rijndael algorithm. Save Question 4 (3 points) Encrypting a message with the senders private key ensures proof of receipt of a message. Save Question 5 (3 points) Two purpose of using a salt value in storing (hashed) passwords is to prevent password duplication and thwart guessing whether a user has the same password on multiple systems. Save Question 6 (3 points) In Role-Based Access Control Systems, a user is assigned no more than one role to limit the damage a user can do. Save Question 7 (3 points) If person A uses AES to transmit an encrypted message to person B, which key or keys will A have to use: Save Question 8 (3 points) Which one of the following is not a goal of cryptographic systems? Save Question 9 (3 points) Mia, Ashley, Mark, and Chris are studying at Café Roma. Who may be putting their personal information at risk (select all that apply)? Save Question 10 (3 points) For any organization, understanding the nature of the cybersecurity threat requires knowing at least which of the following elements: (select all that apply) Save Question 11 (3 points) There are basically three categories of rules in control models: Save Question 12 (3 points) To control access by a subject (____________) to an object ( ) requires management to establish access rules. Save Question 13 (3 points) __________ implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance. Save Question 14 (3 points) IT security management functions include: Save Question 15 (3 points) To counter threats to remote user authentication, systems generally rely on some form of ___________ protocol. Save Question 16 (3 points) Each individual who is to be included in the database of authorized users must first be __________ in the system. Save Question 17 (3 points) A __________ is an entity capable of accessing objects. Save Question 18 (3 points) Based on the concept in Chapter 4, the final permission bit is the _________ bit. Save Question 19 (3 points) What is the general term for the process of protecting objects that are part of the multiprocessing environment? Save Question 20 (3 points) __________ defines user authentication as the process of verifying an identity claimed by or for a system entity. Save Question 21 (3 points) Recognition by fingerprint, retina, and face are examples of __________. Save Question 22 (3 points) The __________ strategy is when users are told the importance of using hard to guess passwords and provided with guidelines for selecting strong passwords. Save Question 23 (3 points) To counter threats to remote user authentication, systems generally rely on some form of ___________ protocol. Save Question 24 (3 points) An institution that issues debit cards to cardholders and is responsible for the cardholders account and authorizing transactions is the _________. Save Question 25 (3 points) Any program that is owned by, and SetUID to, the superuser potentially grants unrestricted access to the system to any user executing that program. Save Question 26 (3 points) The main innovation of the NIST standard is the introduction of the RBAC System and Administrative Functional Specification,which defines the features required for an RBAC system. Save Question 27 (3 points) __________ is the traditional method of implementing access control. Save Question 28 (3 points) A concept that evolved out of requirements for military information security is ______ . Save Question 29 (3 points) The default set of rights should always follow the rule of least privilege or read-only access. Save Question 30 (3 points) The principal objectives of computer security are to prevent unauthorized users from gaining access to resources, to prevent legitimate users from accessing resources in an unauthorized manner, and to enable legitimate users to access resources in an authorized manner. Save Question 31 (3 points) __________ implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance. Save Question 32 (3 points) _________ is the granting of a right or permission to a system entity to access a system resource. Save Question 33 (3 points) A __________ is a named job function within the organization that controls this computer system. Save Question 34 (6 points) Can a user cleared for