3 - Access Control Flashcards
1
Q
- Authorization is often characterized by?a. An audit logb. A biometricc. A security label or classificationd. A challenge response token
A
C: Authorization is often characterized by a security label or classification.
2
Q
- Which of the following can be used as either an identification or authentication factors?a. Employee codeb. Usernamec. Challenge-response tokend. Biometric
A
D: A biometric can be used as either an identification or an authentication factor.
3
Q
- A fingerprint is an example of what type of authentication factor?a. Type 1b. Type 2c. Type 3d. Type 4
A
C: A fingerprint is an example of a Type 3 authentication factor - something you are.
4
Q
- Something you have is what type of authentication factor?a. Type 1b. Type 2c. Type 3d. Type 4
A
B: Something you have is a Type 2 authentication factor.
5
Q
- What are the three fundamental principles of security?a. Confidentiality, Integrity, Availabilityb. Authentication, Authorization, Accountabilityc. Accessibility, Integrity, Secrecyd. Privacy, Control, Prevention
A
A: The three fundamental principles of security are Confidentiality, Integrity, and Availability.
6
Q
- What is the process of verifying the identify of a subject?a. Authorizationb. Authenticationc. Auditingd. Accountability
A
B: The process of identify verification is authentication.
7
Q
- The most secure form of password is which of the following?a. Static passwordb. Dynamic passwordc. One time passwordd. Cognitive password
A
C: A one time password is the most secure type of password, since it is used only once then it becomes invalid. One-time passwords are a form of dynamic passwords. However, not all types of dynamic passwords are as secure as a one-time password.
8
Q
- The False Acceptance Rate (Type II) error of a biometric device indicates what?a. The rate at which authorized users are not granted accessb. The rate at which authorized users are granted accessc. The rate at which unauthorized users are not granted accessd. The rate at which unauthorized users are granted access
A
D: A False Acceptance Rate (a Type II) error of a biometric device indicates the rate at which unauthorized users are granted access.
9
Q
- A secure access control mechanism will default to?a. No accessb. Minimal accessc. Least privileged. Need to know access
A
A: A secure access control mechanism will default to no access.
10
Q
- What is the primary disadvantage of single sign on?a. Password management and administrationb. Users can roam the network without further interactive authenticationc. User work task prohibitived. Length of time required to perform logon
A
B: The primary disadvantage of single sign on is that users can roam the network without further interactive authentication, less security is involved.
11
Q
- A Type 1 authentication factor is also known as?a. Something you knowb. Something you havec. Something you ared. Something you do
A
A: A Type 1 authentication factor is something you know.
12
Q
- Auditing is dependant upon all but which of the following?a. Identificationb. Accountabilityc. Authorizationd. Authentication
A
B: Auditing is not dependant upon accountability. In fact, accountability is dependant upon auditing. Accountability is the result of the mechanisms of identification, authentication, authorization, access control, and auditing which is used to hold people responsible for their online activities.
13
Q
- When two types of authentication are employed to provide improved security, this is known as?a. Challenge-response authenticationb. One-time authenticationc. Single sign-ond. Two-factor authentication
A
D: The use of two forms of authentication is known as two-factor authentication.
14
Q
- What type of password offers the best security possible for password-based authentication?a. One-time passwordsb. Static passwordsc. Dynamic passwordsd. Passphrases
A
A: One-time passwords offer the best security for password based authentication.
15
Q
- Authorization can be illustrated by all but which of the following?a. need to knowb. access control matrixc. security labeld. password
A
D: A password is an example of an authentication factor, not an authorization method.
16
Q
- Which of the following is not an example of a logical access control?a. Perimeter pad locked gatesb. Restricted database interfacesc. Forced logons to the operation systemd. Centralized remote access authentication services
A
A: Perimeter pad locked gates is an example of physical access control.
17
Q
- Which of the following is not typically considered an identification factor?a. account numberb. passwordc. biometric featured. employee identification
A
B: A password is usually considered an authentication factor.
18
Q
- Which of the following is usually not labeled as an entity that serves as a subject and an object?a. userb. databasec. programd. computers
A
A: Users are usually labeled only as subjects.
19
Q
- Which of the follow is the act of providing the who of a subject and is the first step in establishing accountability?a. Authorizationb. Identificationc. Auditingd. Non-repudiation
A
B: Identification establishes the who of a subject and is the first step in establishing accountability.
20
Q
- Which of the following represents the activity of verifying the claimed identity of a subject?a. authorizationb. accountabilityc. authenticationd. availability
A
C: Authentication represents the activity of verifying the claimed identity of a subject.
21
Q
- A password is an example of what type of authentication factor?a. Type 1b. Type 2c. Type 3d. Type 4
A
A: A password is an example of a Type 1: something you know authentication factor.
22
Q
- A Type 3 authentication factor is?a. Something you haveb. Something you arec. Something you knowd. Something you provide
A
B: A fingerprint is an example of a Type 3: something you are authentication factor.
23
Q
- Which form of password may require unique or different interactions or responses from the subject each time they attempt to logon?a. static passwordb. dynamic passwordc. cognitive passwordd. passphrase
A
C: A cognitive password is a collection of question and answers that only the subject will know. A random Selection from the databank of available queries will be employed at each logon.
24
Q
- Which of the following is also a dynamic password?a. passphraseb. PINc. smart cardd. one time password
A
D: A one time password is a form of dynamic password.
25
25. Biometrics can be used directly for all but which of the following purposes? a. Identification b. Physical access control c. Accountability d. Authentication
C: Biometrics cannot be used directly to provide for accountability. Biometrics are used indirectly for accountability if they are employed as a means of identification or authentication.
26
26. When used as an ____________ method, biometrics function as a one to one function. a. identification b. authorization c. impersonation d. authentication
D: When used as an authentication method, biometrics function as a one to one function.
27
27. A Type I biometric error indicates what? a. The rate at which authorized users are not granted access b. The rate at which authorized users are granted access c. The rate at which unauthorized users are not granted access d. The rate at which unauthorized users are granted access
A: A False Rejection Rate (Type I) error of a biometric device indicates the rate at which authorized users are not granted access.
28
28. The primary use of the crossover error rate, when comparing devices, is what? a. sensitivity adjustment b. comparison of similar biometric devices c. configuration control d. reducing enrollment time
B: The primary use of the crossover error rate is to compare similar biometric devices.
29
29. Which of the following is converted to a virtual password before being sent to the authentication server for processing? a. passphrase b. one time password c. fingerprint scan d. cognitive password
A: A passphrase is converted to a virtual password, usually encrypted, before being sent to the authentication server for processing.
30
30. An example of a Type 3 authentication factor is? a. Password b. Typing a passphrase c. Fingerprint d. Smart card
C: A fingerprint is an example of a Type 3: something you are authentication factor.
31
31. What type of authentication token requires the subject to authenticate themselves to the token, then the token authenticates to the system? a. synchronous dynamic password token b. static password token c. asynchronous dynamic password token d. challenge-response token
B: A static password token requires the subject to authenticate themselves to the token, then the token authenticates to the system.
32
32. What type of access control is based on job description? a. group based b. role based c. transaction based d. discretionary based
B: Role based access controls are based on job descriptions.
33
33. Which of the following is the odd element in this set of items? a. need to know b. access based on work tasks c. data classification d. least privilege
C: Data classification is different from the others. Access under data classification controls is based on defined strata of confidentiality for both objects (i.e. assets) and subjects.
34
34. Which of the following is a disadvantage of single sign on from the perspective of security? a. simplified password management and administration b. less time required overall to perform logon and authentication c. stronger passwords are often used d. users can roam the network without additional authentication
D: Being able to roam the network without additional authentication is a disadvantage of single sign on.
35
35. Which of the following is not an example of a single sign on technology? a. TACACS b. Kerberos c. SESAME d. KryptoKnight
A: TACACS is an example of a centralized remote access authentication technology, not single sign on.
36
36. What is the maximum enrollment time required at which a biometric device is generally considered acceptable to most users? a. 30 seconds b. 1 minutes c. 2 minutes d. 10 minutes
C: A maximum of 2 minutes for enrollment will ensure that the majority of users will accept the use of biometric devices for used in a secure environment.
37
37. At what rate of subject processing is a biometric device considered by users to be acceptable? a. 50 subjects per minute b. 2 subjects per minute c. 5 subjects per minute d. 10 subjects per minute
D: Any less than 10 subjects per minute is generally considered unacceptable as a rate of throughput processing.
38
38. ______________ is what allows you to do what you are requesting from the system based on access criteria. a. authorization b. identification c. authentication d. auditing
A: Authorization is what allows you to do what you are requesting from the system based on access criteria.
39
39. What form of access control is not centrally managed? a. Discretionary b. Mandatory c. Nondiscretionary d. Role based
A: Discretionary access control is not centrally managed.
40
40. The most useful form of access control for environments with a high rate of personnel turnover is? a. Interpretive b. Nondiscretionary c. Mandatory d. Discretionary
B: Role based or nondiscretionary access control is the most useful form of access control for environments with a high rate of personnel turnover.
41
41. Which of the following is not considered a technique for controlling access? a. encryption b. rule base access c. restricted interface d. capability table
A: Encryption is not used as an access control technique, rather it is used to prevent disclosure.
42
42. Role based access control is also known as? a. Discretionary b. Mandatory c. Nondiscretionary d. Recursive
C: Role based access control is also known as nondiscretionary.
43
43. ACLs are the most common implementation of what form of access control? a. Role based b. Mandatory c. Nondiscretionary d. Discretionary
D: ACLs are the most common implementation of discretionary access control.
44
44. What form of single sign on technology employs symmetric key cryptography and DES encryption to provide end-to-end security? a. Scripting b. Kerberos c. SESAME d. KryptoKnight
B: Kerberos employs symmetric key cryptography and DES encryption to provide end-to-end security.
45
45. Which form of TACACS (Terminal Access Controller Access Control System) uses tokens for two factor authentication and supports dynamic password authentication? a. TACACS (Terminal Access Controller Access Control System) b. Dual-TACACS (Dual Terminal Access Controller Access Control System) c. XTACACS (Extended Terminal Access Controller Access Control System) d. TACACS+ (Terminal Access Controller Access Control System Plus)
D: TACACS+ (Terminal Access Controller Access Control System Plus) uses tokens for two factor authentication and supports dynamic password authentication.
46
46. Which of the following is not an administrative access control method? a. work area separation b. policies and procedures c. personnel controls d. supervisory structure
A: Work area separation is a physical access control method.
47
47. Which of the following is not a form of a centralized access control mechanism? a. RADIUS (Remote Authentication Dial-in User Service) b. Extended TACACS (XTACACS) c. Security domains d. TACACS (Terminal Access Controller Access Control System)
C: Security domains are decentralized access control mechanisms. Security domains are based on a realm of trust rather than a centralized or single trusted system.
48
48. Which of the following is not a form of access control administration? a. centralized b. delegated c. decentralized d. hybrid
B: Delegation is not a form of access control administration. Delegation is often used to place responsibility for an activity onto another person.
49
49. Which of the following is not an element of personnel controls? a. Separation of duties b. Handling non-compliance c. Stipulating laws and regulations d. Rotation of duties
C: Stipulating laws and regulations is an element of policies and procedures, not personnel controls.
50
50. The primary element in the supervisory structure access control method is? a. Only end users are audited b. All employees need performance reviews c. Senior management is always liable d. Every employee has a boss
D: Every employee has a boss is the primary element of the supervisory structure access control method. Every employee has to report to someone who oversees their activities.
51
51. Which of the following directly protects against physical computer theft? a. computer controls b. work area separation c. lighting d. control zones
A: Computer controls are physical mechanisms to prevent physical computer theft.
52
52. Which of the following is a physical access control method? a. System and network access b. encryption c. security awareness training d. Computer controls
D: Computer controls is a physical access control method.
53
53. Which of the following is not a technical/logical access control method? a. network segregation b. network architecture c. encryption d. control zones
D: Control zones is a physical access control method.
54
54. Which of the following is an administrative access control method? a. data backups b. security awareness training c. network architecture d. auditing
B: Security awareness training is an administrative access control method.
55
55. Which of the following is a technical/logical access control method? a. Work area separation b. Auditing c. Data backups d. Policies and procedures
B: Auditing is a technical/logical access control method.
56
56. Which of the following is not an example of a preventative access control? a. backups b. locks c. lighting d. security guards
A: Backups are not considered a form of preventative access control. Backups are a form of recovery access control.
57
57. Which of the following is not considered a detective security control? a. monitoring b. separation of duties c. job rotation d. intrusion detection
B: Separation of duties is not a detective security control, rather it is a preventative and deterrent security control.
58
58. Which of the following is an example of a corrective security control? a. intrusion detection b. encryption c. anti-virus software d. smart cards
C: Anti-virus software is an example of a recovery security control.
59
59. What method is used to ensure confidentiality and integrity? a. network access control b. encryption c. data backups d. perimeter security
B: Encryption is used to ensure confidentiality and integrity.
60
60. What types of access controls serve as a deterrent? a. detective b. corrective c. preventative d. recovery
C: Preventative access controls serve as a deterrent.
61
61. A biometric scanner for facility access is considered all but which of the follow type of access control? a. Preventative b. Detective c. Inhibits unauthorized access d. Recovery
D: A biometric scanner for facility access is not considered a type of recovery access control.
62
62. Which of the following is used to ensure that users are held responsible for their actions? a. auditing b. authentication c. identification d. non-repudiation
A: Auditing is used to ensure that users are held responsible for their actions.
63
63. Auditing allows for all but which of the following? a. controlling data classifications b. reconstruction of events c. evidence for legal action d. producing problem reports
A: Auditing is not related to controlling data classifications. Data classification is assigned by the data owner.
64
64. What is a clipping level? a. The threshold of unauthorized activity b. A baseline of normal activity c. The collection of abnormal activity d. The saturation point above which only violations occur
B: A clipping level is the baseline of normal activity. Events above the clipping level are more likely to be abnormal or unauthorized.
65
65. Which of the following is not an example of a preventative administrative access control? a. background checks b. controlled termination process c. data classification d. alarms
D: Alarms are an example of a preventative physical access control.
66
66. Which of the following is not an example of a preventative physical access control? a. clipping levels b. badges c. dogs d. mantraps
A: Clipping levels is a preventative logical/technical access control that is the baseline of normal activity on a system.
67
67. Which of the following is not an example of a preventative technical/logical access control? a. passwords b. motion detectors c. constrained user interfaces d. firewalls
B: Motion detectors are an example of a preventative physical access control.
68
68. Which of the following is not a preventative physical access control? a. biometrics b. fences c. call back systems d. CCTV
C: Call back systems are preventive technical access controls.
69
69. The act of a hacker cleaning out all traces of their activities from audit logs is known as? a. spoofing b. masquerading c. scrubbing d. data diddling
C: Scrubbing is the act of cleaning out all traces of activities from audit logs.
70
70. Which of the following methods is effective in maintaining the integrity of audit logs? a. real-time recording b. periodic manual inspection c. storage in binary rather than text format d. hash values
D: Hash values provide a means to maintain the integrity of audit logs.
71
71. What means can be used to protect the confidentiality of audit logs? a. encryption b. storage on write-once media c. redundant event recording d. digital signatures
A: Encryption can be used to protect the confidentiality of audit logs.
72
72. Which of the following will not exceed clipping levels? a. Exceeding the authority of a user account b. Too many users with unrestricted access c. Repeated high-volume intrusion attempts d. Failing to submit logon credentials to access resources
D: Failing to submit logon credentials to access resources is a failure to transmit anything. The absence of activity will not exceed the clipping level.
73
73. Which of the following is not considered an audit analysis tool? a. malicious code scanning tool b. data reduction tool c. variance detection tool d. intrusion detection tool
A: A malicious code scanning tool, such as anti-virus or anti-trojan software, is not a type of audit analysis tool.
74
74. Which of the following is a method by which accountability can be enforced? a. data backups b. keystroke logging c. bandwidth throttling d. trusted recovery
B: Keystroke logging is a method by which accountability can be enforced.
75
75. The act of using a bad sector on a hard drive to store data which can be located and used by an unauthorized recipient is known as? a. data remanance b. data diddling c. data hiding d. data reduction
C: Data hiding is the use of a covert channel, such as a fake bad sector on a hard drive, to store and transmit data.
76
76. TEMPEST is what? a. a centralized remote access authentication service b. a security domain authorization system c. A vulnerability scanner d. the study and control of stray electrical signals
D: TEMPEST is the study and control of stray electrical signals.
77
77. What type of token requires the owner to authenticate to the token itself and then allows the token to authenticate with the system? a. Synchronous Dynamic Password Token b. Static Password Token c. Asynchronous Password Token d. Challenge-response Token
B: A static password token requires the owner to authenticate to the token itself and then allows the token to authenticate with the system.
78
78. What token generates unique passwords at fixed time intervals which must be provided to the authenticating system with the appropriate PIN within a valid time window? a. Asynchronous Dynamic Password Token b. Challenge-response Token c. Synchronous Dynamic Password Token d. Static Password Token
C: A Synchronous Dynamic Password Token generates unique passwords at fixed time intervals that must be provided to the authenticating system with the appropriate PIN within a valid time window.
79
79. Audit logs can be used for all but which of the following? a. Legal evidence b. Predicting the source of the next intrusion attempt c. Demonstrate the means by which an attack was waged d. Corroborate and verify a story
B: Audit logs may provide clues, but they cannot accurately predict the source of the next intrusion attempt.
80
80. Which of the following is not a means by which data is disclosed unintentionally? a. social engineering b. malicious code c. espionage d. object/media reuse
C: Espionage is the deliberate and intentional act of gathering and disclosing confidential data.
81
81. The process of removing data from a media so it can be re-used within the same security environment is known as? a. clearing b. purging c. overwriting d. destruction
A: Clearing is the process of removing data from a media so it can be re-used within the same security environment.
82
82. Which of the following will never result in data remanance a. erasing the data using the native OS tools b. cremation of media c. degaussing media d. performing a single format of the media
B: Cremation of media (i.e. complete destruction) is the only assured means to prevent remanance.
83
83. The act of recycling a backup tape for another purpose is known as? a. disclosure b. remanance c. cost effective resource management d. object reuse
D: The act of recycling a backup tape for another purpose is known as object reuse.
84
84. Which of the following does not represent a reason a biometric device would be rejected by a majority of users? a. Invasion of privacy b. A high level of invasiveness c. A low enrollment time d. A moderate degree of physical discomfort
C: A low enrollment time is typically not a reason to reject a biometric device.
85
85. What aspect of access control is responsible for verifying that you are allowed to perform the activities or actions you request on a system? a. Auditing b. Authentication c. Administration d. Authorization
D: Authorization is the aspect of access control that is responsible for verifying that you are allowed to perform the activities or actions you request on a system.
86
86. Which of the following is not true in regards to roles? a. Similar users are placed within a role and access to resources is granted or restricted to that role. b. A role has a pre-assigned classification. c. Roles are assigned to users who perform specific activities or tasks. d. Roles are often based on job descriptions or work tasks.
A: This does not describe roles, it describes groups.
87
87. When a biometric is used and a valid user is rejected, what type of error has occurred? a. Type I error b. Type II error c. Authorization error d. Accountability error
A: A Type 1 error or False Rejection error fails to authenticate a valid user.
88
88. In regards to biometric devices, what is the crossover error rate (CER) used for? a. Tuning the device for efficiency b. Comparing performance between similar devices c. Adjusting the sensitivity of the device d. Reducing the enrollment time
B: The crossover error rate is most useful as a comparison point between similar devices.
89
89. What authentication technology was developed to address weaknesses in Kerberos? a. RADIUS b. TACACS c. SESAME d. KrytoKnight
C: SESAME was designed to address weaknesses in Kerberos.
90
90. Role based access control is also known as? a. Mandatory access control b. Discretionary access control c. Dynamic access control d. Nondiscretionary access control
D: Role based access control is also known as nondiscretionary access control.
91
91. Which of the following is not one of the three mechanisms that must be in place in order to audit the activity of subjects? a. Identification b. Authorization c. Accountability d. Authentication
C: Accountability is available only after auditing is established, it is not a prerequisite for auditing.
92
92. The security principle or axiom that restricts a person's access to resources or data even if they have sufficient security clearance is known as? a. Principle of least privilege b. Accountability c. Clark-Wilson control d. Need to know
D: Need to know is the security principle or axiom that restricts a person's access to resources or data even if they have sufficient security clearance.
93
93. What is the primary disadvantage of a single sign-on? a. Users can rove the network without re-authenticating b. Stronger passwords can be enforced c. Simpler password administration d. Scripts may be used that contain logon credentials
A: Users can rove the network without re-authenticating is the primary disadvantage of single sign-on.
94
94. Which of the following is the golden rule of access control? a. If access control is not explicitly denied, it should be implicitly granted. b. If access control is denied implicitly, only role assignments can be used to grant access explicitly. c. If access is not explicitly granted, it should be implicitly denied. d. Access controls should default to minimal read access if access is not explicitly granted or denied.
C: If access is not explicitly granted, it should be implicitly denied.
95
95. Which of the following is not an example of a single sign-on technology? a. Kerberos b. TACACS c. SESAME d. KryptoKnight
B: TACACS is not a single sign-on technology, it is a centrally managed remote access authentication service.
96
96. Which of the following is not a weakness of Kerberos? a. The KDC (Key Distribution Center) is a single point of failure b. Secret keys are temporarily stored on the client system c. A one-way hash is used to generate the client's secret key d. Kerberos only protects authentication traffic
C: This is a strength of Kerberos.
97
97. What type of area on a network is created so that it would attract intruders but which no valid user would enter? a. Padded cell b. Honey pot c. DMZ d. Extranet
B: A honey pot is designed to attract intruders, but since it holds no real or useful data or resources, valid users don't enter it.
98
98. Audit logs can be used for all but which of the following? a. Patch systems by re-playing the audit trail b. Forensic evidence in cyber crime prosecution c. Rebuilding the process of an attack d. Track down the perpetrator of an intrusion
A: Audit logs can be used to create a safeguard against a recorded intrusion, but playing back an audit trail against another system will not patch it, more likely it will cause the same security violation.
99
99. Which of the following is not true regarding clipping levels? a. Activity below a clipping level is considered normal and expected. b. When the clipping level is exceeded, a violation record may be recorded c. All abnormal activity, including intrusions, will cross a clipping level. d. The use of clipping levels is considered a detective technical access control method.
C: This is incorrect. Many abnormal activities, including intrusions, will not generate sufficient effect to cross a clipping level.
100
100. What is a capability table? a. The list of roles within a no discretionary access control system b. A column of an access control matrix c. The services supported by a specific object d. A row of an access control matrix
D: A capability table is a single row of an access control matrix.
101
101. Which of the following is the action of overwriting media that is intended for use outside of the protected environment to prevent remanence gathering? a. Purging b. Cleaning c. Formatting d. Erasing
A: Purging is the action of overwriting media that is intended for use outside of the protected environment to prevent remanence gathering.
102
102. Which of the following is not a physical access control method? a. Segmentation of the network b. Filters/Rules on firewall c. Parking lot access controls d. Security guards
B: Filter or Rules of a firewall is an example of a technical not physical access control method.
103
103. Which of the following is an example of an administrative access control method? a. Policies and procedures b. Perimeter lighting c. CCTV d. Encryption
A: Policies and procedures are examples of an administrative access control method.
104
104. The act of an intruder erasing their tracks by tampering with audit logs is known as? a. Entrapment b. Using covert channels c. Superzapping d. Scrubbing
D: Modifying audit logs to hide access trails is known as scrubbing.
105
105. The standards for overwriting media before re-use outside of the secured environment is to format or overwrite the media ________ times? a. 1 b. 3 c. 7 d. 12
: The standard is to overwrite media 7 times before re-use.
106
106. Which of the following is an example of data hiding? a. Causing the light on a monitor to blink in Morris code b. Employing the use of time to communicate information c. Storing data in a sector marked as bad d. Communicating a message through the byte size of a file stored on a publicly accessible server
C: This is an example of data hiding since the data is hidden. This is also an example of a covert channel.
107
107. The aspect of access control that holds subjects responsible for the activities they perform within a secured environment is known as? a. Integrity b. Accountability c. Authorization d. Auditing
B: Accountability is the aspect of access control that holds subjects responsible for the activities they perform within a secured environment.
108
108. Which of the following is labeled as a technical or logical access control method but which does not prevent attacks but is used to pinpoint weaknesses in a system? a. DMZ b. Awareness training c. TACACS d. Auditing
D: Auditing is labeled as a technical or logical access control method but which does not prevent attacks but is used to pinpoint weaknesses in a system.
109
109. Discretionary access control is most often implemented using what mechanism? a. Access Control Lists b. Biometrics c. Roles d. Subject classification
A: Discretionary access control is most often implemented using ACLs.
110
110. Mandatory access controls relies on what mechanism? a. Access control lists b. Security labels c. Role assignments d. Data format
B: Mandatory access control relies on security labels (i.e. classifications)
111
111. The greatest security is maintained by organizations that perform which of the following? a. Media purging before re-use b. Media destruction, no re-use of media c. Media cleaning before re-use d. Media formatting before re-use
B: The greatest security is maintained if no media is ever re-used and all used media are destroyed.
112
112. Which one of the following examples of access control methods is of a different type than the other three? a. Controlling access to network components throughout a facility b. Routing cables through walls to prevent tapping c. Segmenting the network with subnets d. Installing a mantrap
C: This is a logical or technical access control method. It differs that the other three which are physical access control methods.
113
113. Which of the following is not a characteristic of network based IDS? a. Actively scans the network for intrusions b. Monitors in real time. c. Can respond to some types of attacks while they are in progress. d. Cannot detect attacks committed on a system by a subject logged into that system.
A: Network based IDS is passive.
114
114. What is TEMPEST? a. A tool used to hide data in an image or audio file b. A VPN protocol encryption scheme c. A centralized remote access authentication system d. The study and control of EM signals.
D: TEMPEST is the study and control of EM signals.
115
115. What type of IDS has the most number of false detections? a. Signature based IDS b. Statistical Anomaly based IDS c. Network based IDS d. Host based IDS
B: Statistical Anomaly based IDS have the most false detections.
116
116. What access control method is best suited for an organization with a high rate of personnel turnover and change? a. Access control lists b. Mandatory access controls c. Role based access controls d. Discretionary access controls
C: Role based access controls is best suited for high-turnover organizations.
117
117. Unauthorized or unintentional disclosure can occur when all but which of the following take place? a. Execution of malicious code b. Social engineering c. Use of a covert channel d. Requiring encryption on traffic
D: Encryption is a security mechanism to protect confidentiality.
118
118. What authentication mechanism supports two factor authentication for remote access clients? a. TACACS+ b. Kerberos c. RADIUS d. XTACACS
A: TACACS+ supports two-factor authentication for remote access clients.
119
119. The act of providing the opportunity for a person to commit a crime without coercion is known as? a. Entrapment b. Accountability c. Enticement d. Superzapping
C: Enticement is the act of providing the opportunity for a person to commit a crime without coercion.
