Chapter 16 Quiz

Chapter 16 Quiz

Instructions: Select the best answer for each question. Answers and explanations follow at the end.

1. Which SIT parameter enables CICS to call the External Security Manager for all security decisions?

A) XTRAN=YES B) XRES=YES C) SEC=YES D) XCMD=YES

2. A CICS region has SEC=YES and XTRAN=YES, but XFCT=NO. Which of the following is TRUE?

A) Users cannot access any CICS files B) CICS checks transaction authority but not file-level authority C) RACF file profiles are evaluated but not enforced D) File security is delegated to the COBOL application program

3. What does the DFHXS module do in CICS security?

A) Manages the CICS System Definition file B) Handles all security domain processing including SAF calls and ACEE management C) Encrypts data transmitted between CICS regions D) Generates SMF Type 80 audit records

4. In an MRO environment, where should transaction security be checked for maximum protection?

A) At the TOR only B) At the AOR only C) At both the TOR and AOR D) At neither — MRO handles security automatically

5. What is the correct RACF class for CICS transaction security profiles?

A) CCICSCMD B) FCICSFCT C) TCICSTRN D) MCICSPPT

6. A CICS region has XTRAN=YES and XDFTRAN=YES with no generic default profile defined. A user enters a transaction for which no specific RACF profile exists. What happens?

A) The transaction is denied with DFHAC2030 B) The transaction is allowed because no profile means no restriction C) CICS abends with a security error D) The user is forced to sign on again

7. Which RACF command refreshes the in-storage RACLIST profiles after a change?

A) SETROPTS RACLIST(classname) REFRESH B) RALTER RACLIST(classname) C) RDEFINE RACLIST(classname) REFRESH D) PERMIT RACLIST(classname) REFRESH

8. What is the purpose of the RESSEC attribute on a CICS transaction definition?

A) It enables resource-level security checking for resources accessed by that transaction B) It restricts the transaction to a specific CICS region C) It defines the response time SLA for the transaction D) It enables transaction restart after a security failure

9. A RACF profile for a CICS file has ACCESS(READ) granted to group TELLERS. A teller executes a transaction that issues EXEC CICS WRITE to that file. What happens?

A) The write succeeds because the teller has file access B) The write fails with a NOTAUTH condition C) The write succeeds but an audit record flags it D) CICS converts the write to a read operation

10. What is surrogate user processing in CICS?

A) A backup userid that takes over when the primary userid is locked B) A mechanism allowing one userid to execute transactions under another userid's security context C) A process that creates temporary userids for web service connections D) A CICS feature that caches security decisions for offline users

11. Which RACF class controls surrogate user authority?

A) TCICSTRN B) SURROGAT C) FCICSFCT D) CCICSCMD

12. The SURROGAT profile name format for CICS surrogate user processing is:

A) CICSPROD.surrogate-userid.DFHSTART B) target-userid.DFHSTART C) SURROGAT.service-userid.target-userid D) DFHSTART.target-userid.service-userid

13. What CICS SIT parameter must be set to enable surrogate user checking?

A) XSUR=YES B) XUSER=YES C) SURROGAT=YES D) SEC=SURROGATE

14. Which SMF record type contains CICS transaction performance and exception data?

A) SMF Type 30 B) SMF Type 80 C) SMF Type 110 D) SMF Type 120

15. PCI-DSS Requirement 10 mandates audit trail retention for a minimum of:

A) 90 days B) 6 months C) 1 year D) 7 years

16. The EXEC CICS QUERY SECURITY command with LOGMESSAGE(NOLOG) is used for:

A) Suppressing security error messages on the user's terminal B) Checking authorization without generating audit records C) Disabling security for the current transaction D) Querying RACF database statistics

17. For SOX compliance, which CICS access combination represents a separation-of-duties violation?

A) A teller executing inquiry transactions and deposit transactions B) An operator issuing CEMT INQUIRE and CEMT SET commands C) A developer having CEDA DEFINE authority in the production CICS region D) An auditor having READ access to all production files

18. In CICS SSL/TLS configuration, the AUTHENTICATE(CERTIFICATE) option on a TCPIPSERVICE definition causes CICS to:

A) Encrypt all data with the server's certificate B) Request and validate the client's digital certificate (mutual TLS) C) Authenticate users using their RACF password only D) Generate a self-signed certificate for each session

19. What happens to a user's security context (ACEE) when a transaction is routed from a TOR to an AOR via MRO?

A) A new ACEE is created at the AOR using the CICS default userid B) The TOR's ACEE is propagated to the AOR with the user's identity C) The AOR creates an ACEE by re-authenticating the user's password D) MRO links do not support security context propagation

20. Which of the following is the most critical security configuration for a File-Owning Region (FOR) in an MRO environment?

A) XTRAN=YES to check transaction authority B) XFCT=YES to enforce file-level security on all file access requests C) XCMD=NO because no operators should use the FOR directly D) XUSER=YES to enable surrogate processing

Answer Key

1. C — SEC=YES is the master switch that enables CICS to use the External Security Manager for all security decisions. XTRAN, XRES, and XCMD are subordinate parameters that control specific security levels, but none of them work unless SEC=YES is set.

2. B — With XTRAN=YES, CICS checks whether users are authorized to execute transactions. With XFCT=NO, CICS does NOT check file-level authority — any user who can execute a transaction can access any file that transaction opens, regardless of RACF file profiles. This is a common security gap.

3. B — DFHXS is the CICS security domain manager. It handles sign-on verification, ACEE creation, SAF calls for authorization, security caching, and audit event generation. It's the central hub of all CICS security processing.

4. C — Both TOR and AOR should check transaction security. The TOR check catches unauthorized attempts before consuming AOR resources. The AOR check provides defense in depth — it catches anything that arrives via non-TOR paths (web services, batch interfaces, internal STARTs). This is the defense-in-depth principle.

5. C — TCICSTRN is the RACF class for CICS transaction security. The 'T' prefix stands for transaction. CCICSCMD is for command security, FCICSFCT is for file security, and MCICSPPT is for program security.

6. B — With XDFTRAN=YES and no generic default profile, when RACF finds no matching profile, it returns "resource not found." CICS interprets this as "no security restriction" and allows the transaction. This is why XDFTRAN=YES without a restrictive default profile is dangerous — it creates an implicit PERMIT for any undefined transaction.

7. A — SETROPTS RACLIST(classname) REFRESH reloads the in-storage RACLIST profiles from the RACF database. This is necessary after defining or modifying profiles to make the changes effective without waiting for the next IPL.

8. A — RESSEC(YES) on a transaction definition tells CICS to perform resource-level security checks for resources (files, queues, etc.) accessed by that transaction. If RESSEC(NO), CICS skips resource checks for that transaction even if XRES=YES in the SIT. This is a per-transaction control.

9. B — READ access allows only READ and BROWSE operations. A WRITE operation requires UPDATE access. CICS will raise a NOTAUTH condition, and the write will fail. This is resource-level security enforcing least privilege at the operation level.

10. B — Surrogate user processing allows a service userid (like a web service connection userid) to execute transactions under another userid's security context. The service userid "assumes" the end user's identity, and all security checks are performed against the end user's RACF profile.

11. B — The SURROGAT class controls surrogate user authority. Profiles in this class determine which userids can act as surrogates for which target userids.

12. B — The SURROGAT profile name format is target-userid.DFHSTART. The PERMIT command grants the service userid (the surrogate) READ access to this profile, authorizing it to start transactions under the target userid's identity.

13. B — XUSER=YES enables surrogate user checking in the CICS SIT. When enabled, CICS checks the SURROGAT class whenever a task attempts to run under a userid different from the signed-on userid.

14. C — SMF Type 110 is the CICS-specific SMF record. It contains transaction performance data (subtype 1) and exception data (subtype 2). SMF Type 80 is the RACF-specific record. Both are important for CICS security auditing.

15. C — PCI-DSS Requirement 10.7 mandates a minimum of one year of audit trail history, with at least three months immediately available for analysis. Many organizations retain for longer based on other regulatory requirements.

16. B — LOGMESSAGE(NOLOG) tells CICS not to generate audit records for the QUERY SECURITY call. This is used in automated security testing so that the test queries don't pollute the audit trail with thousands of check records that aren't actual user access attempts.

17. C — A developer having CEDA DEFINE authority in production violates SOX separation of duties. Developers should be able to write code but not deploy it to production. CEDA DEFINE allows creating resource definitions (including program definitions) in the production environment, effectively allowing a developer to deploy their own code.

18. B — AUTHENTICATE(CERTIFICATE) causes CICS to request the client's digital certificate during the TLS handshake and validate it against the trusted CA certificates in the CICS keyring. This is mutual TLS — both sides authenticate. One-way SSL only authenticates the server to the client.

19. B — When a transaction is routed via MRO, the user's ACEE (security token) is propagated from the TOR to the AOR. The AOR uses this propagated ACEE for all security checks, maintaining the user's identity across region boundaries. This is fundamental to MRO security.

20. B — XFCT=YES is the most critical security setting for a FOR because the FOR is where file access actually occurs. Without file-level security at the FOR, any request routed to the FOR — from any AOR, any user — would have unrestricted access to all files. The FOR is the last line of defense for data access control.