|
Cell Phones with cameras and data transfer capabilities pose a risk to which security goal? |
Confidentiality |
|
Which of the following is the correct definition of a threat. |
Any potential danger to the confidentiality, integrity, or availability of information or systems |
|
Which of the following is an example of internal threats. |
A user accidently deletes the new product design |
|
What is the greatest threat to the confidentiality of data in most secure organizations? |
USB devices |
|
Which of the following is an example of a vulnerability? |
Misconfigured Server |
|
"A user copies files from her desktop computer to a USB flash device and puts the device |
Confidentiality |
|
Which of the following is not a valid concept to associate with integrity. |
Control access to resource to print unwanted access |
|
"You have a system that allows the owner of a file to identify users and their permissions |
"Discretionary Access Control (DAC) model. With DAC, individual use their own discretion ( decision or preferences) for assigning permissions and allowing or denying access." |
|
What does the MAC method use to control access? |
Sensitivity labels |
|
Which of the following defines an objects as used in access control. |
Data, Applications, systems, networks, and physical space |
|
"What type of access control focuses on assigning privileges based on security clearance |
"MAC (Mandatory Access Control) uses classifications to assign privileges based on a security clearances and data sensitivity." |
|
"Which form of access control enforces security based on user identities and allows |
"DAC(Discretionary Access Control) uses identities to control resource access. Users can make their own decisions about the access to grant to others users." |
|
You have implemented an access control method that allows only users who are managers to access specific data. Which type of access control model is used? |
"Role-based access control (RBAC) allows access based on a role in an organization, not individual users. Roles are defined based on job description or a security access level. Users are made members of a role, and receive the permissions assigned to the role. " |
|
A router access control list uses information in a packet such as the destination IP address and port number to make allow or deny forwarding decisions. |
"Rule based access control (RBAC) uses characteristics of objects or subjects, along with rules, to restrict access,. Access control entries identify a set of characteristics that will be examined for a match. If all characteristics match, access is either allowed or denied based on the rule. An example of a rule-based access control implantation is a router access control list that allows or denies traffic based on characteristics within the packet (such as IP address or port number)." |
|
Which of the following principles is impleneted in a mandatory access control model to detrmine access to an object using classification level? |
Need to know |
|
In what form of access control environment is access controlled by rules rather than by identity? |
A MAC environment controls access based on rules rather then by identify. |
|
Which access control model manages rights and permissions based on job descriptions and responsibilities? |
"Role based access control (RBAC) is the access control model that managers rights and permissions based on job description. RBAC focuses on job description or work task, instead of employing user accounts to define access RBAC are best suited for environments that have a high rate of employees turnover. By defining access base on role that those individuals, it simplifies administration when granting a new person access to common activities. " |
|
Which of the following advantages can Single Sign-On (SSO) prove? |
"The elimination of multiple user accounts and passwords for an individual and access to all authorized resources with a single instance of authentication." |
|
Which of the following terms is used to describe an event in which a person is denied access to a system when they should be allowed to enter? |
False negative (Type I error) occurs when a person who should be allowed access is denied access. |
|
Which of the following is the strongest form of mulch-factor authentication. |
A Password, a biometric scan, and a token device |
|
Which of the following are disadvantages of biometric. |
"When used alone or solely, they are no more secure than a strong password, They have potential for numerous false negatives." |
|
Which of the following is a hardware device that contains identification and which can be used to control building access or computer log on. |
Smart Card |
|
Which of the following is an example to two -factor authentication? |
A token device and a PIN (type II something you have, such as a smart card, token device, or photo ID |
|
Which of the following identification and authentication factors are often well-known or easy to discovery by others on the same network or system? |
Username |
|
What is mutual authentication? |
A process by which each party in an online communication verifies the identity of the other party. |
|
You maintain a network with four servers. Currently, users must provide authentication credential whenever they access a different server. Which solution allows users to supply authentication credentials once for all severs. |
"Singe Sing-on(SSO) is a distributed access method that allows a subject to log in (sing on) once a network and access all authorized resources on the network. The SSO system authenticates the subject against a master system and automatically logs the subject on to all servers the subject is authorized to access. Once authenticated, the subject can request access to additional resources without additional loging credentials or passwords." |
|
What is the most important aspect of a biometric device? |
Accuracy |
|
Which of the following are examples of Type II authentication credentials? |
"Smart Card and Photo ID (Type II authentication uses something you have in your possession, such as a smart card, photo ID, token device, or swipe card." |
|
Which of the following best describes one-factor authentication? |
"Multiple authentication credentials may be required, but they are all of the same type. (something you know, such as a password, PIN, pass phrase, or cognitive question)" |
|
Which of the following is the most common form of authentication? |
Password |
|
Which of the following is an example of three-factor authentication? |
"Token device, keystroke analysis, cognitive question (type III something you are, such as fingerprints, retina scans, voice recognition, or keybo9ard dynamics)" |
|
Which of the following are example of Type II authentication credentials |
Photo ID and smart card. |
|
Which of the following is not a form of biometric? |
Token device |
|
What should be done to a user account if the user goes on an extended vacation? |
Disable the account |
|
Which of the following is an example of a strong password? |
a8bT11$yi (a strong password should not contain dictionary words or any part of the login name. They should include upper-and lower-case letters, and symbols. In addtioin, longer passwords are stronger than shorter passwords. |
|
"You ware configuring the local security policy of a Windows 7 sytem. You want prevent |
Minimum password age and Enforce password history |
|
"You are configuring the local secuirty policy of a Windows 7 system. You want to require |
Minimum password length and account lockout threshold |
|
Which of the following is the single best rule to enforce when designing complex passwords. |
Longer passwords |
|
"You have hired 10 new temporary workers who will be with the company for 3 months. |
Configure day/time restrictions in the user accounts |
|
"You want to make sure that all users have password over 8 characters and that |
Configure account policies in Group Policy |
|
"For users on your network, you want to automatically lock their user accounts if four |
Configure account lockout policies in Group Policy |
|
"You have hired 10 new temporary workers who will be with the company for 3 months. |
Configure account expiration in the user accounts |
|
"What security mechanism uses a unique list for each object embedded directly in the |
User ACL |
|
"You want to give all managers the ability to view and edit a certain file. |
Create a security group for the managers. Add all users as members of the group. Add the group to the file’s DACL |
|
Which of the following information is typically not included in an access token? |
User Account password |
|
"For users who are members of the Sales team, you want to force thier computers to use |
Group Policy |
|
"You have multiple users who are computer administrators. |
Grant the group the necessary user rights. Create a security group for the administrators: add all user accounts to the group. |
|
"Which of the following terms describes the component that is generated following |
Access token |
|
"You have two folders that contain documents used by various departments: |
Make mark a member of the Sales group; add Mark’s user account directly to the ACL for the Design folder. |
|
"Marcus White has just been promoted to a manager. To give him access to the files that he |
Have Marcus log off and log back on |
Share This
Flashcard
