study5 – Flashcard
Unlock all answers in this set
Unlock answersquestion
Which of the following terms is used to describe an event in which a person is denied access to a system when they should be allowed to enter?
answer
False Negative
question
Which form of access control enforces security based on user identities and allows individual users to define access controls over owned resources?
answer
DAC (Discretionary Access Control)
question
Discretionary Access Control (DAC) manages access to resources using what primary element or aspect?
answer
Identity
question
What is the star property of Bell-LaPadula?
answer
No write down
question
What is the simple property of Bell-LaPadula?
answer
No read up
question
What is the star property of Biba?
answer
No write up
question
What is the simple property of Biba?
answer
No read down
question
Which of the following is not an important aspect of password management?
answer
Enable account lockout
question
Which access control model manages rights and permissions based on job descriptions and responsibilities?
answer
Role Based Access Control
question
What security mechanism uses a unique list for each object embedded directly in the object itself that defines which subjects have access to certain objects and the level or type of access allowed?
answer
User ACL
question
What is the most important aspect of a biometric device?
answer
Accuracy
question
A device which is synchronized to an authentication server is which type of authentication?
answer
Synchronous token
question
Which of the following is the term for the process of validating a subject's identity?
answer
Authentication
question
What does the Mandatory Access Control (MAC) method used to control access?
answer
Sensitive labels
question
Which of the following are requirements to deploy Kerberos on a network? (Select two)
answer
-A centralized database of users and passwords -Time synchronization between devices
question
Which of the following is not used to oversee and/or improve the security performance of employees?
answer
Exit Interviews
question
Which form of authentication solution employs a hashed form of the user's password that has an added time stamp as a form of identity?
answer
Kerberos
question
Which of the following conditions is desirable when selecting a bio-metric system? (Select two)
answer
-A low crossover rate -A high processing rate
question
Which security principle prevents any one administrator from having sufficient access to compromise the security of the overall IT solution?
answer
Separation of duties
question
Need to know is required to access which types of resources?
answer
Compartmentalized resources
question
Which of the following is the best action to take to make remembering passwords easier so that a person no longer has to write the password down?
answer
Implement end-user training
question
You have implemented account lockout with a clipping level of 4. What will be the effect of this setting?
answer
The account will be locked after 4 incorrect attempts
question
In a variation of a brute force attack, an attacker may use a predefined list (dictionary) of commonly used usernames and passwords to gain access to existing user accounts. Which countermeasures best addresses this issue?
answer
A strong password policy
question
Which of the following defines the crossover rate for evaluating bio-metric systems?
answer
The point where the number of false positives matches the number of false negatives in the biometric system
question
Which of the following cloud computing systems will deliver software applications to a client either over the Internet or on a local area network?
answer
SaaS (Security as a Service)
question
Which of the following is an example of Type 1 authentication?
answer
Pass phrase
question
In which form of access control environment is access controlled by rules rather than by identity?
answer
MAC (Mandatory Access Control
question
In an Identity Management System, what is the function of the Identity Vault?
answer
Ensure that each employee has the appropriate level of access in the system
question
Which of the following is an example of a decentralized privilege management solution?
answer
Workgroup
question
Which of the following is the strongest form of multi-factor authentication?
answer
A password, a biometric scan, and a token device
question
Which of the following is stronger than any biometric authentication factor?
answer
A two factor authentication
question
Which of the following defines an object as used in access control?
answer
Data applications, systems, networks, and physical space
question
Which form of access control is based on job descriptions?
answer
Role-based access control (RBAC)
question
What type of password is maryhadalittlelamb?
answer
Pass phrase
question
In an Identity Management System, what is the function of the Authoritative Source?
answer
Specify the owner of a data item
question
Which of the following are disadvantages of biometrics? (Select two)
answer
-When used alone or solely, they are no more secure than a strong password -They require time synchronization
question
The Brewer-Nash model is designed primarily to prevent?
answer
Conflicts of interest
question
What is it called if the ACL automatically prevents access to anyone not on the list?
answer
Implicit deny
question
Which of the following best describes the Platform as a Service (PaaS) cloud computing service model?
answer
PaaS delivers everything a developer needs to build an application onto the cloud infrastructure
question
What access control type is used to implement short-term repairs to restore basic functionality following an attack?
answer
Corrective
question
What is mutual authentication?
answer
A process by which each party in an online communication verifies the identity of the other party
question
What is another term for the type of logon credentials provided by a token device?
answer
One-time password
question
Which of the following are examples of single sign-on authentication solutions?
answer
SESAME Kerberos
question
Which of the following is not true regarding cloud computing
answer
Cloud computing requires end user knowledge of the physical location and configuration of the system that delivers the services
question
You have just configured the password policy and set the minimum password age to ten. What will be the effects of this configuration
answer
User cannot change the password for at least ten days
question
Which of the following is not an example of a single sign on solution?
answer
Workgroup
question
Which of the following controls is an example of a physical access control method?
answer
Locks on doors
question
Which of the following is an example of privilege escalation?
answer
Creeping privileges
question
Which of the following is not a characteristic of Kerberos?
answer
Peer-to-peer relationships between entities
question
The Clark-Wilson model is primarily based on?
answer
Controlled intermediary access applications
question
What should be done to a user account if the user goes on an extended vacation?
answer
Disable the account
question
Which of the following is a password that relates to things that people know, such as a mother's maiden name, or the name of a pet?
answer
Cognitive
question
A router access control list uses information in a packet such as the destination IP address and port number to make allow or deny forwarding decisions. This is an example of what type of access control mode?
answer
RBAC (based on rules)
question
Which type of access control focuses on assigning privileges based on security clearance and data sensitivity?
answer
MAC (Mandatory access control)
question
Which of the following advantages can Single Sign-On (SSO) provide? (Select two)
answer
-Access to all authorized resources with a single instance of authentication -The elimination of multiple user accounts and passwords for an individual
question
Seperation of duties is an example of which types of access control?
answer
Preventice
question
Encryption is what type of access control?
answer
Technical
question
What is the primary goal of separation of duties?
answer
Prevent conflicts of interest
