Domain 1

Question 1

What are the three critical areas of security?

a) Authentication, Accreditation, and Authorization
b) Integrity, Confidentiality, and Availability
c) Confidentiality, Integrity, and Authentication
d) Non-repudiation, Availability, and Integrity

Answer 1

Integrity, Confidentiality, and Availability

Question 2

Which of the following critical areas of security represents the unauthorized modification of information?

a) Confidentiality
b) Repudiation
c) Authorization
d) Integrity

Answer 2

Integrity

Question 3

Which formula below accurately represents the equation for calculating the risk associated with your critical assets?

a) Risk = Vulnerability x Likelihood
b) Threat = Risk x Vulnerability
c) Risk = Threat x Vulnerability
d) Vulnerability = Threat x Risk

Answer 3

Risk = Threat x Vulnerability

Question 4

Of the four core principles of network security, which one relates to understanding which services are running on your system?

a) Defense-in-Depth
b) Principle of Least Privilege
c) Prevention is Ideal but Detection is a Must
d) Know Thy System

Answer 4

Know Thy System

Question 5

Giving Bob, the accountant, access only to the Accounting application required for his duties is an example of which core security principle?

a) Defense-in-Depth
b) Principle of Least Privilege
c) Know Thy User
d) Know Thy System

Answer 5

Principle of Least Privilege

Question 6

Which principle is represented by an accountant creating a company’s books and an auditor reviewing the books for accuracy?

a) Separation of Duties
b) Principle of Least Privilege
c) Job Rotation
d) Know Thy System

Answer 6

Separation of Duties

Question 7

Which access control measure method would be affected by an inaccessible system administrator?

a) Preventive
b) Suggestive
c) Incentive
d) Detective

Answer 7

Detective

Question 8

Which of the following concepts relates most closely to the Principle of Least Privilege?

a) Authentication
b) Identity
c) Detection
d) Separation of Duties

Answer 8

Separation of Duties

Question 9

If Dan, a user with level three clearance, attempts to read a document requiring a level four clearance, he is violating which of the following access control techniques?

a) The Star Property of the Bell-LaPadula Model
b) The Simple Security Property of the Bell-LaPadula Model
c) The Simple Integrity Property of the Biba Model
d) The Super Simple Star Property of Biba Model

Answer 9

The Simple Security Property of the Bell-LaPadula Model

Question 10

Which of the following access control techniques requires the user to follow a procedure to access protected data?

a) The Clark-Wilson model
b) The Biba model
c) The Middleman model
d) The Bell-LaPadula model

Answer 10

The Clark-Wilson model

Question 11

Which of the following characteristics makes the BIBA model the opposite of the Bell LaPadula (BLP) model?

a) No write down and no read up
b) Read up but no write down
c) No read down and no write up
d) Write down but no read up

Answer 11

No read down and no write up

Question 12

In the process of employee termination, which access management activity most effectively controls access?

a) Account administration
b) Account maintenance
c) Account monitoring
d) Account revocation

Answer 12

Account revocation

Question 13

Of the four ways a user can be authenticated, which presents the use of physical human attributes in the process?

a) Something you are
b) Something you have
c) Something you know
d) Something you share

Answer 13

Something you are

Question 14

If you had a classified system located in the middle of the desert, which authentication method would serve best?

a) Something you have
b) Something you know and are
c) Something you share
d) Someplace you are

Answer 14

Someplace you are

Question 15

What is the MOST influential factor in determining if a biometric solution is feasible for a system?

a) System size
b) Usability
c) Criticality
d) Cost

Answer 15

Cost

Question 16

Which authentication method negotiates the validity of the user through tickets?

a) Single Sign On (SSO)
b) System Generated Passwords (SGP)
c) Challenge Handshake Authentication Protocol (CHAP)
d) Kerberos

Answer 16

Kerberos

Question 17

Which password cracking technique will eventually figure out Jim’s hard-to-guess password?

a) Hybrid attack
b) Brute force attack
c) Dictionary attack
d) Long-term attack

Answer 17

Brute force attack

Question 18

Stateful inspection of packets is an example of which kind of access control?

a) Prevention
b) Detection
c) Suspension
d) Eradication

Answer 18

Prevention

Question 19

Which are the three common methods used in password cracking?

a) Dictionary, hybrid, and brute force
b) Word list, brute force, and distributed
c) John the ripper, LOphtcrack, and hydra
d) SAM, passwd, and shadow

Answer 19

Dictionary, hybrid, and brute force

Question 20

Which of the following are among the primary design types used for access control systems today?

a) Mandatory, discretionary, and role-based
b) Interaction, fixed, and closed
c) Subject-based, object-based, and file-based
d) Mandatory, optional, and discretionary

Answer 20

Mandatory, discretionary, and role-based

Question 21

Which of the following access control techniques associates a group of users and their privileges with each object?

a) Role Based Access Control
b) Token Based Access Control
c) List Based Access Control
d) User Based Access Control

Answer 21

List Based Access Control

Question 22

Which of the following is NOT an example of a Mandatory Access Control (MAC) technique?

a) Secure Communications Processor (SCOMP)
b) SMURF
c) Pump
d) Purple Penelope

Answer 22

SMURF

Question 23

Which of the following access control techniques allows the user to feel empowered and able to change security attributes?

a) Discretionary Access Control
b) Mandatory Access Control
c) Optional Access Control
d) User Access Control

Answer 23

Discretionary Access Control

Question 24

Which of the following control types is used to provide alternatives to other controls?

a) Compensating
b) Deterrent
c) Corrective
d) Recovery

Answer 24

Compensating

Question 25

Your location is one of four commonly accepted items on which authentication can be based. What are the other three? a) Something you say, type, or press b) Something you have, do, or know c) Something you do, know, type d) Something you know, have, or are

Answer 25

Something you know, have, or are

Question 26

What attribute of the Kerberos authentication process makes it so strong? a) Encrypting the Ticket Granting Ticket (TGT) b) Mutual authentication c) Using a Ticket Distribution Center (TDC) and a Key Granting Server (KGS) d) User defined passwords

Answer 26

Mutual authentication

Question 27

Applying which principle represents one of the best ways to thwart internal attacks using access control systems? a) Principle of Open Access b) Principle of Least Privilege c) Principle of Internal Suppression d) Principle of Trust

Answer 27

Principle of Least Privilege

Question 28

There are three primary areas of threat. Of the following items, which is NOT one of those three areas? a) Threats to business goals b) Threats based on validated data c) Threats that are widely known d) Threats combined with risk

Answer 28

Threats combined with risk

Question 29

In terms of information security, what is a vulnerability? a) A weakness in your systems that allows a threat to occur b) A threat to your security that creates a risk condition c) A combining of both a risk and a threat in the same system d) A risk to your system(s) that cannot be eliminated

Answer 29

A weakness in your systems that allows a threat to occur

Question 30

Which are the three generally accepted options for managing risk? a) Eliminate, quarantine, or insure b) Accept, mediate, or delegate c) Accept, eliminate, or transfer d) Transfer, eliminate, or cogitate

Answer 30

Accept, eliminate, or transfer

Question 31

What is the principle that ensures data has not been modified either in transit or while in storage referred to as? a) Non-repudiation b) Assurance c) Integrity d) Reliability

Answer 31

Integrity

Question 32

What is the principle that ensures information is not disclosed to unauthorized users referred to as? a) Encryption b) Confidentiality c) Encapsulation d) Security

Answer 32

Confidentiality

Question 33

The assurance of access to data when it is needed is one of the three key principles in information security. What is this principle called? a) Availability b) Guaranteed delivery c) Accessibility d) Connectivity

Answer 33

Availability

Question 34

Discretionary Access Control (DAC) is one of the many Access Control Models. Which of the following items is NOT part of the Discretionary Access Control (DAC) model? a) An administrator decides whether a user should have access to an object b) Performed at the discretion of any administrator c) Strictly enforced by the system and cannot be overridden d) Owners can change security attributes

Answer 34

Strictly enforced by the system and cannot be overridden