1 Which of the following is NOT an advantage password
syncronization has over single sign-on?
A higher cost
B less intrusive
C improved security
D lower cost
每时每刻
可信安全
A
2 Which of the following biometric devices offers the lowest
CER?
A Keystroke dynamics
B Voice verification
C Iris scan
D Fingerprint
C
每时每刻
可信安全
3 How can an individual best be authenticated?
A UserId and password
B Smart card and PIN code
C Two-factor authentication
D Biometrics
D
每时每刻
可信安全
4 Passwords can be required to change monthly, quarterly, or at
other intervals:
A depending on the criticality of the information needing protection
B depending on the criticality of the information needing protection
and the password's frequency of use.
C depending on the password's frequency of use.
D not depending on the criticality of the information needing
protection but depending on the password's frequency of use
B
每时每刻
可信安全
5 The measures that also apply to areas that are used for
storage of the backup data files are:
A Preventive/physical
B Preventive/administrative
C Preventive/technical
D Detective/administrative
A
每时每刻
可信安全
6 Which authentication technique best protects against
hijacking?
A Static authentication
B Continuous authentication
C Robust authentication
D Strong authentication
B
每时每刻
可信安全
7 There are parallels between the trust models in Kerberos
and in PKI. When we compare them side by side,
Kerberos tickets correspond most closely to which of the
following?
A public keys
B private keys
C public-key certificates
D private-key certificates
C
每时每刻
可信安全
8 Which of the following can best eliminate dial-up access
through a Remote Access Server as a hacking vector?
A Using a TACACS+ server.
B Installing the Remote Access Server outside the firewall and
forcing legitimate users to authenticate to the firewall.
C Setting modem ring count to at least 5.
D Only attaching modems to non-networked hosts
B
每时每刻
可信安全
9 Organizations should consider which of the following first
before connecting their LANs to the Internet?
A plan for implementing workstation locking mechanisms
B plan for protecting the modem pool
C plan for providing the user with his account usage
information
D plan for considering all authentication options
每时每刻
可信安全
D
10 Which of the following is required in order to provide
accountability?
A Authentication
B Integrity
C Confidentiality
D Audit trails
A
每时每刻
可信安全
11 Which of the following does not apply to systemgenerated passwords?
A Passwords are harder to remember for users.
B If the password-generating algorithm gets to be known,
the entire system is in jeopardy.
C Passwords are more vulnerable to brute force and
dictionary attacks.
D Passwords are harder to guess for attackers
C
每时每刻
可信安全
12 Which of the following control pairing places emphasis
on "soft" mechanisms that support the access control
objectives?
A Preventive/Technical Pairing
B Preventive/Administrative Pairing
C Preventive/Physical Pairing
D Detective/Administrative Pairing
B
每时每刻
可信安全
13 Which of the following is true of biometrics?
A It is used for identification in physical controls and it is
not used in logical controls.
B It is used for authentication in physical controls and for
identification in logical controls.
C It is used for identification in physical controls and for
authentication in logical controls.
D Biometrics has not role in logical controls
C
每时每刻
可信安全
14 In biometrics, "one-to-many" search against database of
stored biometric images is done in:
A Authentication
B Identification
C Identities
D Identity-based access control
B
每时每刻
可信安全
15 Which of the following statements pertaining to
Kerberos is true?
A Kerberos uses public key cryptography.
B Kerberos uses X.509 certificates.
C Kerberos is a credential-based authentication system.
D Kerberos was developed by Microsoft
C
每时每刻
可信安全
16 What is called a key pad which has only a small
number of keys that can be selected by the user?
A IBM keypads
B 84 key Keypad
C Limited Keypads
D 101 keys Keypads
C
每时每刻
可信安全
17 Which of the following biometrics devices has the
highest Crossover Error Rate (CER)?
A Iris scan
B Hand geometry
C Voice pattern
D Fingerprints
C
每时每刻
可信安全
18 Which of the following biometric parameters are better
suited for authentication use over a long period of time?
A Iris pattern
B Voice pattern
C Signature dynamics
D Retina pattern
A
每时每刻
可信安全
19 Which of the following is used by RADIUS for
communication between clients and servers?
A TCP
B SSL
C UDP
D SSH
C
每时每刻
可信安全
20 Why should batch files and scripts be stored in a
protected area?
A Because of the least privilege concept.
B Because they cannot be accessed by operators.
C Because they may contain credentials.
D Because of the need-to-know concept
C
每时每刻
可信安全
21 A potential problem with an iris pattern biometric system
is:
A concern that the laser beam may cause eye damage.
B the iris pattern changes as a person grows older.
C there is a relatively high rate of false accepts.
D the optical unit must be positioned so that the sun does
not shine into the aperture
A
每时每刻
可信安全
22 In biometric identification systems, false accept rate is
associated with:
A Type 2 errors
B type 1 and type 2 errors
C type 3 errors
D type 1 errors
A
每时每刻
可信安全
23 Ensuring least privilege does not require:
A Identifying what the user's job is.
B Ensuring that the user alone does not have sufficient
rights to subvert an important process.
C Determining the minimum set of privileges required for a
user to perform their duties.
D Restricting the user to required privileges and nothing
more
B
每时每刻
可信安全
24 Which of the following is not a complement to an
Intrusion Detection System (IDS)?
A Honey pots
B Firewalls
C Padded cells
D File integrity checkers
每时每刻
可信安全
B
25 The throughput rate is the rate at which individuals,
once enrolled, can be processed and identified or
authenticated by a system. Acceptable throughput
rates are in the range of:
A 100 subjects per minute.
B 25 subjects per minute.
C 10 subjects per minute.
D 50 subjects per minute
C
C
每时每刻
可信安全
26 What is the primary goal of setting up a honeypot?
A To lure hackers into attacking unused systems
B To entrap and track down possible hackers
C To set up a sacrificial lamb on the network
D To know when an attack is in progress and to learn
about attack techniques so the network can be fortified.
D
每时每刻
可信安全
27 Which of the following is the least accepted biometric
device?
A Fingerprint
B Iris scan
C Retina scan
D Voice verification
C
每时每刻
可信安全
28 Which of the following usually provides reliable, realtime information without consuming network or host
resources?
A network-based IDS
B host-based IDS
C application-based IDS
D firewall-based IDS
A
每时每刻
可信安全
29 Which of the following is a trusted, third party
authentication protocol that was developed under Project
Athena at MIT?
A Kerberos
B SESAME
C KryptoKnight
D NetSP
A
每时每刻
可信安全
30 Which of following is not a service provided by AAA
servers (Radius, TACACS and DIAMETER)?
A Authentication
B Administration
C Accounting
D Authorization
B
每时每刻
可信安全
31 The Terminal Access Controller Access Control System
(TACACS) employs which of the following?
A a user ID and static password for network access.
B a user ID and dynamic password for network access.
C a user ID and symmetric password for network access.
D a user ID and asymmetric password for network access
A
每时每刻
可信安全
32 How are memory cards and smart cards different?
A Memory cards normally hold more memory than smart
cards
B Smart cards provide a two-factor authentication whereas
memory cards don't
C Memory cards have no processing power
D Only smart cards can be used for ATM cards
C
每时每刻
可信安全
33 Which type of control would password management
classify as?
A Compensating control
B Detective control
C Preventive control
D Technical control
C
每时每刻
可信安全
34 Why would anomaly detection IDSs often generate a
large number of false positives?
A Because they can only identify correctly attacks they
already know about.
B Because they are application-based are more subject to
attacks.
C Because they can't identify abnormal behavior.
D Because normal patterns of user and system behavior
can vary wildly.
D
每时每刻
可信安全
35 Which of the following control pairing best describe
logical controls or technical controls?
A Preventive/Administrative
B Preventive/Technical
C Preventive/Physical
D Detective/Administrative
B
每时每刻
可信安全
36 A host-based IDS is resident on which of the following?
A centralized hosts
B decentralized hosts
C certified hosts
D bastion hosts
A
每时每刻
可信安全