| A | B |
|---|
| Which security concept ensures that only authorized parties can access data? | Confidentiality |
| Which form of access control enforces security based on user identities and allows individual users to define access controls over owned resources? | DAC |
| What type of access control focuses on assigning privileges based on security clearance and data sensitivity? | MAC |
| Which of the following principles is implemented in a mandotory access control model to determine access to an object using classification levels? | Need to Know |
| In what form of access control environment is access controlled by rules rather than by identity? | MAC |
| What form of access control is based on job descriptions? | RBAC role based access control |
| You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented | DAC |
| A router access control list uses informantion in a packet such as the destination IP address and port number to make allow or deny forwarding decisions. | RBAC rule based access control |
| You have implemented an access control method that allows only users who are managers to access specfic data. Which type of access control model is used? | RBAC role based access control |
| Which of the following is the most common form of authentication? | Password |
| Is the strongest form of multi-factor authentication? | Password, biometric scan, and token device |
| Which of the following advantages can Single Sign-On (SSO) provide? | The elimination of multiple user accounts and passwords for an individual. Access to all authorized resources with a single instance of authentication |
| Which of the following is an example of a single sign-on authentication solution? | Kerberos |
| Which of the following is an example of three-factor authentication? | Token device, keystroke analysis, congnitive question |
| What are examples of Type II authentication credentials? | Smart Card and Photo ID |
| What best describes one-factor authentication? | Multiple authentication credentials may be required, but they are all of the same type |
| You maintain a network with four servers. Currently, users must provide authentication credentials whenever they access a different server. Which solution allows users to supply authentication credentials once for all servers? | SSO |
| Which of the following terms is used to describe an event in which a person is denied access to a system when they should be allowed to enter? | False Negative |
| What are the disadvantages of biometrics? | When used alone or solely, they are no more secure than a strong password. They have a potential for numerous false negatives. |
| What is mutual authentication? | A process by which each party in an online communication verifies the identity of the other party |
| What is the most important aspect of biometric device? | Accuracy |
| What is the termfor the process of validating a subject's identity? | Authentication |
| What is used for identification? | Username |
| What is a example of identity proofing? | A bank verifies your address and government-issued ID card to create an online account |
| What should be done to a suer account if the user goes on an extended vacation? | Disable the account |
| What is a example of a strong Password? | should include upper, lower-case letters, numbers and, symbols |
| In a variation of the brute force attack, an attacker may use a predefined list(dictionary) of commonly used usernames and passwords to gain access to existing user accounts. Which countermeasure best addresses this issue? | A strong password policy |
| What is the single best rule to enforce when desiging complex passwords? | Longer Passwords |
| For users on your network, you want to automatically lock their accounts if four incorrect passwords are used within 10 minutes. What should you do? | Configure account lockout policies in Group Policy |
| You have hired 10 new tempory workers who will be with the company for 3 months. You want to make sure that after that time the user accounts cannot be used for logon. What should you do? | Configure account expiration in the user accounts |
| You have hired 10 new temporary workers who will be with the company for 3 months. You want to make sure that these users can only log on during regular business hours. What should you do? | Configure day/time restrictions in the user accounts |
| You want to give all managers the ability to view and edit a certain file. To do so, you need to edit the discretionary access control list (DACL) associated with the file. You want to be able to esily add and remove managers as their job poitions change. What is the best way to accomplish this? | Create a security group for the managers. Add all users as members of the group. Add the group to the file's DACL |
| You have multiple users who are computer administrators. You want each administrator to be able to shut down systems and install drivers. | Grant the group the necessary user rights. Create a security group for the administrators: add all user accounts to the group. |
| You have two folders that contain documents used by various departments: The Development group has been givent he Write permission tothe Design folder. The Sales grop has been given the write permission to the Products folder. User Mark Tilman needs to have the Read permission to the Design folder and the Write permission to the Poducts folder. You want to use groups as much as possible. What should you do? | Make mark a member of the Sales group; add Mark's user account directly to the ACL for the Design folder. |
| What security mechanism uses a unique list for each object embedded directly in the object itself that defines which subjects to have access to certain objects and the level or type of access allowed? | User ACL |
| Which of the following solutions would you use to control the actions that users can perform on a computer, such as shutting own the system, logging on through the network, or loading and unloading device drivers? | Group Policys |
| For users who are members of the Sales team, you want to force thier computers to use a specific desktop background and remove access to administrative tools from the Start menu. | Group Policys |
| Which of the following information is typically not included in an access token? | User Account password |
| Marcus White has just been promoted to a manager. To give him access to the files that he needs, you make his user account a member of the Managers group which has access to a special shared folder. Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do? | Have Marcus log off and log back on |
| What is the term that describes the component that is generated following authentication and which is used to gain access to resources following logon? | Access token |
| Are solutions that address physical security? | Escort visitors at all times. Require indentification and name badges for all employees |
| Which of the following is not an example of a physical barrieer access contro mechanism? | One time passwords |
| Which of the following can be sued to stop piggybacking that has been occurring at a front entrance where employees should swipe their smart cards to gain entry? | Deploy a mantrap |
| What is a secure doorway that can be used in coordination with a mantrap to allow easy egress from a secured enviroment but which actively pervents re-entrace through the exit portal? | Turnstiles |
| What is the primary benefit of CCTV? | Expands the area visible by security guards |
| You want to use CCTV to increase your physical security. You want to be able to remotely control the camera position. Which camera type should you choose? | PTZ |
| You want to cuse CCTV to increase the physical security of your building. Which of the following camera types whould offer the sharpest image at the greatest distance under the lowest lighting conditions? | 500 reslution, 50mm, .05 LUX |
| Which of the following CCTV camera types lets you adjust the distance that the camera can see (i.e. zoom in or out)? | Varifocal |
