Which one of the following is an example of a logical access control?
A. Key for a lock
B. Password
C. Access card
D. Fence
answer
B. Password
Logical access controls restrict access to a computer system or network and a password is the most common example. Physical keys, access cards, and fences are all examples of physical access controls.
question
During which phase of the access control process does the system answer the question, "What can the requestor access?"
A. Identification
B. Authentication
C. Authorization
D. Accountability
answer
C. Authorization
During the authorization phase of access control, the system answers the questions: "What, exactly, can the requestor access?" and "What can they do?"
question
Ed wants to make sure that his system is designed in a manner that allows tracing actions to an individual. Which phase of access control is Ed concerned about?
A. Identification
B. Authentication
C. Authorization
D. Accountability
answer
D. Accountability
The process of associating actions with users for later reporting and research is known as accountability. It ensures that a person who access or makes changes to data or systems can be identified.
question
The ___________ is the central part of a computing environment's hardware, software, and firmware that enforces access control.
A. security kernel
B. CPU
C. memory
D. co-processor
answer
A. security kernel
The security kernel provides a central point of access control and implements the reference monitor concept. It mediates all access requests and permits access only when the appropriate rules or conditions are met.
question
Which type of authentication includes smart cards?
A. Knowledge
B. Ownership
C. Location
D. Action
answer
B. Ownership
Ownership authentication methods fit the criteria of "something you have." These include smart cards, keys, badges, and tokens.
question
Which one of the following is an example of two-factor authentication?
A. Smart card and personal identification number (PIN)
B. Personal identification number (PIN) and password
C. Password and security questions
D. Token and smart card
answer
A. Smart card and personal identification number (PIN)
Authentication using smart cards and PINs is two-factor authentication because it combines ownership and knowledge. Using PINs, passwords, and security questions in any combination is single-factor authentication because all three are knowledge-based. Tokens and smart cards are both ownership-based.
question
Which type of password attack attempts all possible combinations of a password in an attempt to guess the correct value?
A. Dictionary attack
B. Rainbow table attack
C. Social engineering attack
D. Brute-force attack
answer
D. Brute-force attack
Brute force attacks involve trying every possible combination of characters. They test low entropy words first followed by passwords with higher entropy
question
Which one of the following is NOT a commonly accepted best practice for password security?
A. Use at least six alphanumeric characters.
B. Do not include usernames in passwords.
C. Include a special character in passwords.
D. Include a mixture of uppercase characters, lowercase characters, and numbers in passwords.
answer
A. Use at least six alphanumeric characters.
Best practices for passwords dictate the use of passwords containing at least eight alphanumeric characters. Six-character passwords are insufficient to defeat modern attacks.
question
Which characteristic of a biometric system measures the system's accuracy using a balance of different error types?
A. False acceptance rate (FAR)
B. False rejection rate (FRR)
C. Crossover error rate (CER)
D. Reaction time
answer
C. Crossover error rate (CER)
The CER is the point at which the FAR and FRR are equal. It provides a balanced look at the accuracy of a biometric system
question
Alan is evaluating different biometric systems and is concerned that users might not want to subject themselves to retinal scans due to privacy concerns. Which characteristic of a biometric system is he considering?
A. Accuracy
B. Reaction time
C. Dynamism
D. Acceptability
answer
D. Acceptability
The measure of user comfort is the acceptability of the system. Certain biometric measurements, such as retinal scans, are more objectionable to some users than other biometric measurements, such as signature dynamics. It's important to note that if users are not comfortable using a system, they may refuse to submit to it.
question
Which one of the following is NOT an advantage of biometric systems?
A. Biometrics require physical presence.
B. Biometrics are hard to fake.
C. Users do not need to remember anything.
D. Physical characteristics may change.
answer
D. Physical characteristics may change.
The fact that physical characteristics of a user may change is a disadvantage of biometric systems because significant changes that affect the access profile will result in false rejections that require reenrollment of the user.
question
What is a single sign-on (SSO) approach that relies upon the use of key distribution centers (KDCs) and ticket-granting servers (TGSs)?
A. Secure European System for Applications in a Multi-Vendor Environment (SESAME)
B. Lightweight Directory Access Protocol (LDAP)
C. Security Assertion Markup Language (SAML)
D. Kerberos
answer
D. Kerberos
Kerberos uses both KDCs and TGSs in the authentication and authorization process to provide legitimate users with access to systems appropriate to their authorization level.
question
Which of the following is an example of a hardware security control?
A. NTFS permission
B. MAC filtering
C. ID badge
D. Security policy
answer
B. MAC filtering
Hardware controls include equipment that checks and validates IDs, such as MAC filtering on network devices, smart card use for two-step authentication, and security tokens such as radio frequency identification (RFID) tags.
question
Gary would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. Which model fits that scenario?
A. Discretionary access control (DAC)
B. Mandatory access control (MAC)
C. Rule-based access control
D. Role-based access control (RBAC)
answer
A. Discretionary access control (DAC)
In a DAC system, the owner of the resource decides who gets in and changes permissions as needed. The owner can delegate that responsibility to others.
question
Tomahawk Industries develops weapons control systems for the military. The company designed a system that requires two different officers to enter their access codes before allowing the system to engage. Which principle of security is this following?
A. Least privilege
B. Security through obscurity
C. Need to know
D. Separation of duties
answer
D. Separation of duties
Separation of duties is the process of dividing a task into a series of unique activities performed by different people, each of whom is allowed to execute only one part of the overall task.
question
Which security model does NOT protect the integrity of information?
A. Bell-LaPadula
B. Clark-Wilson
C. Biba
D. Brewer and Nash
answer
A. Bell-LaPadula
The Bell-LaPadula mode focuses on the confidentiality, not the integrity, of data and helps govern access to classified information.
question
Which one of the following principles is NOT a component of the Biba integrity model?
A. Subjects cannot read objects that have a lower level of integrity than the subject.
B. Subjects cannot change objects that have a lower integrity level.
C. Subjects at a given integrity level can call up only subjects at the same integrity
level or lower.
D. A subject may not ask for service from subjects that have a higher integrity level.
answer
B. Subjects cannot change objects that have a lower integrity level.
The Biba integrity model does not allow subjects to change objects that have a higher integrity level than the subject.
question
Which of the following does NOT offer authentication, authorization, and accounting (AAA) services?
A. Remote Authentication Dial-In User Service (RADIUS)
B. Terminal Access Controller Access Control System Plus (TACACS+)
C. Redundant Array of Independent Disks (RAID)
D. DIAMETER
answer
C. Redundant Array of Independent Disks (RAID)
RAID is a business continuity technology, not an authentication, authorization, and accounting service. RADIUS, TACACS+, and DIAMETER are all AAA services.
question
What is an XML-based open standard for exchanging authentication and authorization information and is commonly used for web applications?
A. Security Assertion Markup Language (SAML)
B. Secure European System for Applications in a Multi-Vendor Environment (SESAME)
C. User Datagram Protocol (UDP)
D. Password Authentication Protocol (PAP)
answer
A. Security Assertion Markup Language (SAML)
SAML is an open standard used for exchanging both authentication and authorization data. SAML is based on XML and was designed to support access control needs for distributed systems. SAML is often used in web application access control.
question
Which of the following is NOT a benefit of cloud computing to organizations?
A. On-demand provisioning
B. Improved disaster recovery
C. No need to maintain a data center
D. Lower dependence on outside vendors
answer
D. Lower dependence on outside vendors
Cloud computing increases the need to rely upon outside vendors. Releasing private data to a cloud service provider requires some level of trust in that provider.
question
A trusted operating systems (TOS) provides features that satisfy specific government requirements for security.
A. True
B. False
answer
A. True
question
The four central components of access control are users, resources, actions, and features.
A. True
B. False
answer
B. False
The four central components of access control are users, resources, actions, and relationships, not features.
question
Common methods used to identify a user to a system include username, smart card, and biometrics.
A. True
B. False
answer
A. True
question
A dictionary attack works by hashing all the words in a dictionary and then comparing the hashed value with the system password file to discover a match.
A. True
B. False
answer
A. True
question
Passphrases are less secure than passwords.
A. True
B. False
answer
B. False
A passphrase is longer and generally harder to guess, so it's considered more secure than a password.
question
The number of failed logon attempts that trigger an account action is called an audit logon event.
A. True
B. False
answer
B. False
The number of failed logon attempts that trigger an account action is called the threshold. Audit logon events provide you with a record of when every user logs on or off a computer.
question
You should use easy-to-remember personal information to create secure passwords.
A. True
B. False
answer
B. False
Passwords must never use an employee's ID number, Social Security number, birth date, telephone number, or any personal information that can be easily guessed.
question
A smart card is a token shaped like a credit card that contains one or more microprocessor chips that accept, store, and send information through a reader.
A. True
B. False
answer
A. True
question
Voice pattern biometrics are accurate for authentication because voices can't easily be replicated by computer software.
A. True
B. False
answer
B. False
Voice pattern is NOT accurate for authentication because voices can be too easily replicated by computer software
question
Fingerprints, palm prints, and retina scans are types of biometrics.
A. True
B. False
answer
A. True
question
Single sign-on (SSO) can provide for stronger passwords because with only one password to remember, users are generally willing to use stronger passwords.
A. True
B. False
answer
A. True
question
DIAMETER is a research and development project funded by the European Commission.
A. True
B. False
answer
B. False
question
Log files are records that detail who logged on to a system, when they logged on, and what information or resources they used.
A. True
B. False
answer
A. True
question
A degausser creates a magnetic field that erases data from magnetic storage media.
A. True
B. False
answer
A. True
question
User-based permission levels limit a person to executing certain functions and often enforces mutual exclusivity.
A. True
B. False
answer
B. False
User-based permission levels are where the permissions granted to a user are often specific to that user. In this case, the rules are set according to a user ID or other unique identifier. Task-based access control limits a person to executing certain functions and often enforces mutual exclusivity.
question
Temporal isolation is commonly used in combination with rule-based access control.
A. True
B. False
answer
B. False
Temporal isolation restricts access to specific times and is commonly used in combination with role-based access control, not rule-based access control.
question
Content-dependent access control requires the access control mechanism to look at the data to decide who should get to see it.
A. True
B. False
answer
A. True
question
A Chinese wall security policy defines a barrier and develops a set of rules that makes sure no subject gets to objects on the other side.
A. True
B. False
answer
A. True
question
An example of a threat to access control is in a peer-to-peer (P2P) arrangement in which users share their My Documents folder with each other by accident.
A. True
B. False
answer
A. True
question
Terminal Access Controller Access Control System Plus (TACACS+) is an authentication server that uses client and user configuration files.
A. True
B. False
answer
B. False
Haven't found what you need?
Search for quizzes and test answers now
Quizzes.studymoose.com uses cookies. By continuing you agree to our cookie policy
