Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

QUESTION DRILL ACCESS CONTROL 020504 - Questions

advertisement 
QUESTION DRILL ACCESS CONTROL 020504 - Questions
1.Authorization is often characterized by?
a. An audit log
b. A biometric
c. A security label or classification
d. A challenge response token
2.Which of the following can be used as either an identification or authentication
factors?
a. Employee code
b. Username
c. Challenge-response token
d. Biometric
3.A fingerprint is an example of what type of authentication factor?
a. Type 1
b. Type 2
c. Type 3
d. Type 4
4.Something you have is what type of authentication factor?
a. Type 1
b. Type 2
c. Type 3
d. Type 4
5.What are the three fundamental principles of security?
a. Confidentiality, Integrity, Availability
b. Authentication, Authorization, Accountability
c. Accessibility, Integrity, Secrecy
d. Privacy, Control, Prevention
6.What is the process of verifying the identify of a subject?
a. Authorization
b. Authentication
c. Auditing
d. Accountability
7.The most secure form of password is which of the following?
a. Static password
b. Dynamic password
c. One time password
d. Cognitive password
8.The False Acceptance Rate (Type II) error of a biometric device indicates what?
a. The rate at which authorized users are not granted access
b. The rate at which authorized users are granted access
c. The rate at which unauthorized users are not granted access
d. The rate at which unauthorized users are granted access
Page 1
9.A secure access control mechanism will default to?
a. No access
b. Minimal access
c. Least privilege
d. Need to know access
10.What is the primary disadvantage of single sign on?
a. Password management and administration
b. Users can roam the network without restrictions
c. User work task prohibitive
d. Length of time required to perform logon
11.A Type 1 authentication factor is also known as?
a. Something you know
b. Something you have
c. Something you are
d. Something you do
12.Auditing is dependant upon all but which of the following?
a. Identification
b. Accountability
c. Authorization
d. Authentication
13.When two types of authentication are employed to provide improved security,
this is known as?
a. Challenge-response authentication
b. One-time authentication
c. Single sign-on
d. Two-factor authentication
14.What type of password offers the best security possible for password-based
authentication?
a. One-time passwords
b. Static passwords
c. Dynamic passwords
d. Passphrases
15.Authorization can be illustrated by all but which of the following?
a. need to know
b. access control matrix
c. security label
d. password
16.Which of the following is not an example of a logical access control?
a. Perimeter pad locked gates
b. Restricted database interfaces
c. Forced logons to the operation system
d. Centralized remote access authentication services
Page 2
17.Which of the following is not typically considered an identification factor?
a. PIN number
b. password
c. biometric feature
d. employee identification
18.Which of the following is usually not labeled as an entity that serves as either a
subject and an object?
a. user
b. database
c. program
d. computers
19.Which of the follow is the act of providing the who of a subject and is the first
step in establishing accountability?
a. Authorization
b. Identification
c. Auditing
d. Non-repudiation
20.Which of the following represents the activity of verifying the claimed identity
of a subject?
a. authorization
b. accountability
c. authentication
d. availability
21.A password is an example of what type of authentication factor?
a. Type 1
b. Type 2
c. Type 3
d. Type 4
22.A Type 3 authentication factor is?
a. Something you have
b. Something you are
c. Something you know
d. Something you do
23.Which form of password may require unique or different interactions or
responses from the subject each time they attempt to logon?
a. static password
b. dynamic password
c. cognitive password
d. passphrase
Page 3
24.Which of the following is also a dynamic password?
a. passphrase
b. PIN
c. smart card
d. one time password
25.Biometrics can be used directly for all but which of the following purposes?
a. Identification
b. Physical access control
c. Accoutability
d. Authentication
26.When used as an ____________ method, biometrics function as a one to one
function. a.
identification
b. authorization
c. impersonation
d. authentication
27.A Type I biometric error indicates what?
a. The rate at which authorized users are not granted access
b. The rate at which authorized users are granted access
c. The rate at which unauthorized users are not granted access
d. The rate at which unauthorized users are granted access
28.The primary use of the crossover error rate is what?
a. sensitivity adjustment
b. comparison of similar biometric devices
c. configuration control
d. reducing enrollment time
29.Which of the following provides the greatest level of authentication security?
a. Biometric
b. Type 2
c. Something you do
d. Two factor
30.Which of the following is converted to a virtual password before being sent to
the authentication server for processing?
a. passphrase
b. one time password
c. fingerprint scan
d. cognitive password
31.An example of a Type 3 authentication factor is?
a. Password
b. Typing a passphrase
c. Fingerprint
d. Smart card
Page 4
32.What type of authentication token requires the subject to authenticate
themselves to the token, then the token authenticates to the system?
a. synchronous dynamic password token
b. static password token
c. asynchronous dynamic password token
d. challenge-response token
33.What type of access control is based on job description?
a. group based
b. role based
c. transaction based
d. discretionary based
34.Which of the following is the odd element in this set of items?
a. need to know
b. access based on work tasks
c. data classification
d. least privilege
35.Which of the following is a disadvantage of single sign on from the perspective
of security?
a. simplified password management and administration
b. less time required overall to perform logon and authentication
c. stronger passwords are often used
d. users can roam the network without restrictions is an advantage of single
sing on.
36.Which of the following is not an example of a single sign on technology?
a. TACACS
b. Kerberos
c. SESAME
d. KryptoKnight
37.What is the maximum enrollment time required at which a biometric device is
generally considered unacceptable to most users?
a. 30 seconds
b. 1 minutes
c. 2 minutes
d. 10 minutes
38.At what rate of subject processing is a biometric device considered by users to
be unacceptable?
a. 50 subjects per minute
b. 2 subjects per minute
c. 5 subjects per minute
d. 10 subjects per minute
Page 5
39.______________ is what allows you to do what you are requesting from the
system based on access criteria.
a. authorization
b. identification
c. authentication
d. auditing
40.What form of access control is not centrally managed?
a. Discretionary
b. Mandatory
c. Nondiscretionary
d. Role based
41.The most useful form of access control for environments with a high rate of
personnel turnover is?
a. Interpretive
b. Nondiscretionary
c. Mandatory
d. Discretionary
42.Which of the following is not considered a technique for controlling access?
a. encryption
b. rule base access
c. restricted interface
d. capability table
43.Role based access control is also known as?
a. Discretionary
b. Mandatory
c. Nondiscretionary
d. Recursive
44.ACLs are the most common implementation of what form of access control?
a. Role based
b. Mandatory
c. Nondiscretionary
d. Discretionary
45.What form of single sign on technology employs symmetric key cryptography
and DES encryption to provide end-to-end security?
a. Scripting
b. Kerberos
c. SESAME
d. KryptoKnight
Page 6
46.Which form of TACACS (Terminal Access Controller Access Control System)
uses tokens for two factor authentication and supports dynamic password
authentication?
a. TACACS (Terminal Access Controller Access Control System)
b. Dual-TACACS (Dual Terminal Access Controller Access Control System)
c. XTACACS (Extended Terminal Access Controller Access Control System)
d. TACACS+ (Terminal Access Controller Access Control System Plus)
47.Which of the following is not an administrative access control method?
a. work area separation
b. policies and procedures
c. personnel controls
d. supervisory structure
48.Which of the following is not a form of a centralized access control
mechanism?
a. RADIUS (Remote Authentication Dial-in User Service)
b. Extended TACACS (XTACACS)
c. Security domains
d. TACACS (Terminal Access Controller Access Control System)
49.Which of the following is not a form of access control administration?
a. centralized
b. delegated
c. decentralized
d. hybrid
50.Which of the following is not an element of personnel controls?
a. Separation of duties
b. Handling non-compliance
c. Stipulating laws and regulations
d. Rotation of duties
51.The primary element in the supervisory structure access control method is?
a. Only end users are audited
b. All employees need performance reviews
c. Senior management is always liable
d. Every employee has a boss
52.Which of the following directly protects against physical computer theft?
a. computer controls
b. work area separation
c. lighting
d. control zones
Page 7
53.Which of the following is a physical access control method?
a. System and network access
b. encryption
c. security awareness training
d. Computer controls
54.Which of the following is not a technical/logical access control method?
a. network segregation
b. network architecture
c. encryption
d. control zones
55.Which of the following is an administrative access control method?
a. data backups
b. security awareness training
c. network architecture
d. auditing
56.Which of the follow is not a physical access control method?
a. network segregation
b. perimeter security
c. testing
d. cabling
57.Which of the following is a technical/logical access control method?
a. Work area separation
b. Auditing
c. Data backups
d. Policies and procedures
58.Whih of the following is not an example of a preventative access control?
a. backups
b. locks
c. lighting
d. security guards
59.Which of the following is not considered a detective security control?
a. monitoring
b. separation of duties
c. job rotation
d. intrusion detection
60.Which of the following is an example of a recovery security control?
a. intrusion detection
b. encryption
c. anti-virus software
d. smart cards
Page 8
61.What access control method is used to ensure confidentiality and integrity?
a. network access control
b. encryption
c. data backups
d. perimeter security
62.What types of access controls serve as a deterrent?
a. detective
b. corrective
c. preventative
d. recovery
63.A biometric scanner for facility access is considered all but which of the follow
type of access control?
a. Preventative
b. Detective
c. Corrective
d. Recovery
64.Which of the following is used to ensure that users are held responsible for
their actions?
a. auditing
b. authentication
c. identificaiton
d. accountability
65.Auditing allows for all but which of the following?
a. controlling data classifications
b. reconstruction of events
c. evidence for legal action
d. producing problem reports
66.What is a clipping level?
a. The threshold of unauthorized activity
b. A baseline of normal activity
c. The collection of abnormal activity
d. The saturation point above which only violations occur
67.Which of the following is not an example of a preventative administrative
access control?
a. background checks
b. controlled termination process
c. data classification
d. alarms
Page 9
68.Which of the following is not an example of a preventative physical access
control?
a. clipping levels
b. badges
c. dogs
d. mantraps
69.Which of the following is not an example of a preventative technical/logical
access control?
a. passwords
b. motion detectors
c. constrained user interfaces
d. firewalls
70.Which of the following is not a preventative physical access control?
a. biometrics
b. fences
c. call back systems
d. CCTV
71.The act of a hacker cleaning out all traces of their activities from audit logs is
known as?
a. spoofing
b. masquerading
c. scrubbing
d. data diddling
72.Which of the following methods is effective in maintaining the integrity of
audit logs?
a. real-time recording
b. periodic manual inspection
c. storage in binary rather than text format
d. digital signatures
73.What means can be used to protect the confidentiality of audit logs?
a. encryption
b. storage on write-once media
c. redundant event recording
d. digital signatures
74.Which of the following is not a repetitive mistake that will exceed clipping
levels?
a. Exceeding the authority of a user account
b. Too many users with unrestricted access
c. Repeated high-volume intrusion detection attempts
d. Failing to submit logon credentials to access resources
Page 10
75.Which of the following is not considered an audit analysis tool?
a. malicious code scanning tool
b. data reduction tool
c. variance detection tool
d. attack signature detection tool
76.Which of the following is a method by which accountability can be enforced?
a. data backups
b. keystroke logging
c. bandwidth throttling
d. trusted recovery
77.At what point are violation records recorded?
a. Only below the clipping level
b. At the clipping level
c. When the clipping level is exceeded
d. At all times
78.The act of using a bad sector on a hard drive to store data which can be located
and used by an unauthorized recipient is known as?
a. data remanance
b. data diddling
c. data hiding
d. data reduction
79.TEMPEST is what?
a. a centralized remote access authentication service
b. a security domain authorization system
c. A vulnerability scanner
d. the study and control of stray electrical signals
80.What type of token requires the owner to authenticate to the token itself and
then allows the token to authenticate with the system?
a. Synchronous Dynamic Password Token
b. Static Password Token
c. Asynchronous Password Token
d. Challenge-response Token
81.What token generates unique passwords at fixed time intervals which must be
provided to the authenticating system with the appropriate PIN within a valid
time window?
a. Asynchronous Dynamic Password Token
b. Challenge-response Token
c. Synchronous Dynamic Password Token
d. Static Password Token
Page 11
82.Audit logs can be used for all but which of the following?
a. Legal evidence
b. Predicting the source of the next intrusion attempt
c. Demonstrate the means by which an attack was waged
d. Corroborate and verify a story
83.Which of the following is not a means by which data is disclosed
unintentionally?
a. social engineering
b. malicious code
c. espionage
d. object/media reuse
84.The process of removing data from a media so it can be re-used within the
same security environment is known as?
a. clearing
b. purging
c. overwriting
d. destruction
85.Which of the following will never result in data remanance
a. erasing the data using the native OS tools
b. cremation of media
c. degaussing media
d. performing a single format of the media
86.The act of recycling a backup tape for another purpose is known as?
a. disclosure
b. remanance
c. cost effective resource management
d. object reuse
87.Which of the following does not represent a reason a biometric device would
be rejected by a majority of users?
a. Invasion of privacy
b. A high level of invasiveness
c. A low enrollment time
d. A moderate degree of physical discomfort
88.What aspect of access control is responsible for verifying that you are allowed
to perform the activities or actions you request on a system?
a. Auditing
b. Authentication
c. Administration
d. Authorization
Page 12
89.Which of the following is not true in regards to roles?
a. Similar users are placed within a role and access to resources is granted or
restricted to that role.
b. A role has a pre-assigned classification.
c. Roles are assigned to users who perform specific activities or tasks.
d. Roles are often based on job descriptions or work tasks.
90.Access criteria are used to add need-to-know and trust level to the access
control mechanisms. Which of the following is not a form of access criteria?
a. Type of transaction
b. Authentication factor used
c. Logical location
d. Assigned role
91.When a biometric is used and a valid user is rejected, what type of error has
occurred?
a. Type I error
b. Type II error
c. Authorization error
d. Accountability error
92.In regards to a biometric device, what is the crossover error rate (CER) used
for?
a. Tuning the device for efficiency
b. Comparing performance between similar devices
c. Adjusting the sensitivity of the device
d. Reducing the enrollment time
93.What authentication technology was developed to address weaknesses in
Kerberos?
a. RADIUS
b. TACACS
c. SESAME
d. KrytoKnight
94.Role based access control is also known as?
a. Mandatory access control
b. Discretionary access control
c. Dynamic access control
d. Nondiscretionary access control
95.Which of the following is not one of the three mechanisms that must be in
place in order to audit the activity of subjects?
a. Identification
b. Authorization
c. Accountability
d. Authentication
Page 13
96.The security principle or axiom that restricts a person's access to resources or
data even if they have sufficient security clearance is known as?
a. Principle of least privilege
b. Accountability
c. Clark-Wilson control
d. Need to know
97.What is the primary disadvantage of a single sign-on?
a. Users can rove the network without re-authenticating
b. Stronger passwords can be enforced
c. Simpler password administration
d. Scripts may be used that contain logon credentials
98.Which of the following is the golden rule of access control?
a. If access control is not explicitly denied, it should be implicitly granted.
b. If access control is denied implicitly, only role assignments can be used to
grant access explicitly.
c. If access is not explicating granted, it should be implicitly denied.
d. Access controls should default to minimal read access if access is not
explicitly granted or denied.
99.Which of the following is not an example of a single sign-on technology?
a. Kerberos
b. TACACS
c. SESAME
d. KryptoKnight
100.Which of the following is not a weakness of Kerberos?
a. The KDC (Key Distribution Center) is a single point of failure
b. Secret keys are temporarily stored on the client system
c. A one-way hash is used to generate the client's secret key
d. Kerberos only protects authentication traffic
101.What type of area on a network is created so that it would attract intruders but
which no valid user would enter?
a. Padded cell
b. Honey pot
c. DMZ
d. Extranet
102.Audit logs can be used for all but which of the following?
a. Patch systems by re-playing the audit trail
b. Forensic evidence in cyber crime prosecution
c. Rebuilding the process of an attack
d. Track down the perpetrator of an intrusion
Page 14
103.Which of the following is not true regarding clipping levels?
a. Activity below a clipping level is considered normal and expected.
b. When the clipping level is exceeded, a violation record may be recorded
c. All abnormal activity, including intrusions, will cross a clipping level.
d. The use of clipping levels is considered a preventative technical access
control method.
104.What is a capability table?
a. The list of roles within a no discretionary access control system
b. A column of an access control matrix
c. The services supported by a specific object
d. A row of an access control matrix
105.Which of the following is the action of overwriting media that is intended for
use outside of the protected environment to prevent remanence gathering?
a. Purging
b. Cleaning
c. Formatting
d. Erasing
106.Which of the following is not a physical access control method?
a. Segmentation of the network
b. Separation of duties
c. Parking lot access controls
d. Security guards
107.Which of the following is an example of an administrative access control
method?
a. Policies and procedures
b. Perimeter lighting
c. CCTV
d. Encryption
108.The act of an intruder erasing their tracks by tampering with audit logs is
known as?
a. Entrapment
b. Using covert channels
c. Superzapping
d. Scrubbing
109.The standard requirement to ensure properly purging of media before re-use
outside of the secured environment is to format or overwrite the media
________ times?
a. 1
b. 3
c. 7
d. 12
Page 15
110.Which of the following is an example of data hiding?
a. Causing the light on a monitor to blink in Morris code
b. Employing the use of time to communicate information
c. Storing data in a sector marked as bad
d. Communicating a message through the byte size of a file stored on a
publicly accessible server
111.The aspect of access control that holds subjects responsible for the activities
they perform within a secured environment is known as?
a. Integrity
b. Accountability
c. Authorization
d. Auditing
112.Which of the following is labeled as a technical or logical access control
method but which does not prevent attacks but is used to pinpoint weaknesses
in a system?
a. DMZ
b. Awareness training
c. TACACS
d. Auditing
113.Discretionary access control is most often implemented using what
mechanism?
a. Access Control Lists
b. Biometrics
c. Roles
d. Subject classification
114.Mandatory access controls relies on what mechanism?
a. Access control lists
b. Security labels
c. Role assignments
d. Data format
115.The greatest security is maintained by organizations that perform which of the
following?
a. Media purging before re-use
b. Media destruction, no re-use of media
c. Media cleaning before re-use
d. Media formatting before re-use
116.Which one of the following examples of access control methods is of a
different type than the other three?
a. Controlling access to network components throughout a facility
b. Routing cables through walls to prevent tapping
c. Segmenting the network with subnets
d. Installing EM barriers to prevent interference
Page 16
117.Which of the following is not a benefit or drawback of network based IDS?
a. Actively scans the network for intrusions
b. Monitors in real time.
c. Can respond to some types of attacks while they are in progress.
d. Cannot detect attacks committed on a system by a subject logged into that
system.
118.Which of the following is not a type or classification of access control
methods?
a. Authoritative
b. Preventative
c. Detective
d. Deterrent
119.What is TEMPEST?
a. A tool used to hide data in an image or audio file
b. A VPN protocol encryption scheme
c. A centralized remote access authentication system
d. The study and control of EM signals.
120.What type of IDS has the most number of false detections?
a. Signature based IDS
b. Statistical Anomaly based IDS
c. Network based IDS
d. Host based IDS
121.What access control method is best suited for an organization with a high rate
of personnel turnover and change?
a. Access control lists
b. Mandatory access controls
c. Role based access controls
d. Discretionary access controls
122.Unauthorized or unintentional disclosure can occur when all but which of the
following take place?
a. Execution of malicious code
b. Social engineering
c. Use of a covert channel
d. Requiring encryption on traffic
123.What authentication mechanism supports two factor authentication for remote
access clients?
a. TACACS+
b. Kerberos
c. RADIUS
d. XTACACS
Page 17
124.The act of providing the opportunity for a person to commit a crime without
coercion is known as?
a. Entrapment
b. Accountability
c. Enticement
d. Superzapping
Page 18
Related documents
Chapter 13
Chapter 13
CS 2813 - Loyola College
CS 2813 - Loyola College
How to start Whitepins - AMAS-Team
How to start Whitepins - AMAS-Team
Slide 1
Slide 1
CU*BASE Access Security Policy SAMPLE for use by self
CU*BASE Access Security Policy SAMPLE for use by self
sequence authentication
sequence authentication
EZproxy
EZproxy
TPR O-chem Chapter 2
TPR O-chem Chapter 2
Chapter 11 HW
Chapter 11 HW
Download
advertisement