CI 119 Chapter 5-6 Review Questions

Which of the following is the definition of access control?

What term is used to describe associating actions with users for later reporting and research?

Which of the following adequately defines continuous authentication?

A mechanism that limits access to computer systems and network resources is ________,

________ is used to describe a property that indicates that a specific subject needs access to a specific object. This is necessary to access the object in addition to possessing the proper clearance for the object's classification.

________ is an authentication credential that is generally longer and more complex than a password.

What name is given to an access control method that bases access control approvals on the jobs the user is assigned?

An organization's facilities manager is often responsible for ____________.

An organization's facilities manager might give you a security card programmed with your employee ID number, also known as a ________.

Biometrics is another ________ method for identifying subjects.

Which of the following is not a type of authentication?

Two-factor __________ should be the minimum requirement for valuable resources as it provides a higher level of security than using only one.

Which of these biometric authentication methods is not as accurate as the rest?

_____________is the process of dividing a task into a series of unique activities performed by different people, each of whom is allowed to execute only one part of the overall task.

Access control is the process of proving you are the person or entity you claim to be.

________ is the process of managing changes to computer/device configuration or application software.

________ states that users must never leave sensitive information in plain view on an unattended desk or workstation.

The name given to a group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies, is ________.

The primary task of an organization's __________ team is to control access to systems or resources.

Your organization's __________ sets the tone for how you approach related activities.

When an information security breach occurs in your organization, a __________ helps determine what happened to the system and when.

For all the technical solutions you can devise to secure your systems, the __________remains your greatest challenge.

Because personnel are so important to solid security, one of the best security controls you can develop is a strong security ___________ and awareness program.

security awareness program includes ________.

One of the most popular types of attacks on computer systems involves ___________. These attacks deceive or use people to get around security controls. The best way to avoid this risk is to ensure that employees know how to handle such attacks

From the perspective of a _________ professional, configuration management evaluates the impact a modification might have on security.

_________ ensures that any changes to a production system are tested, documented, and approved.

Enacting changes in response to reported problems is called ________.

What is meant by standard?

An organization must comply with rules on two levels: regulatory compliance and organizational compliance.

The term guideline refers to a group that oversees all proposed changes to systems and networks.