Which of the following terms is used to describe an event in which a person is denied access to a system when they should be allowed to enter?
False Negative
Which form of access control enforces security based on user identities and allows individual users to
define access controls over owned resources?
DAC (Discretionary Access Control)
Discretionary Access Control (DAC) manages access to resources using what primary element or aspect?
What is the star property of Bell-LaPadula?
No write down
What is the simple property of Bell-LaPadula?
No read up
What is the star property of Biba?
No write up
What is the simple property of Biba?
No read down
Which of the following is not an important aspect of password management?
Enable account lockout
Which access control model manages rights and permissions based on job descriptions and responsibilities?
Role Based Access Control
What security mechanism uses a unique list for each object embedded directly in the object itself that defines which subjects have access to certain objects and the level or type of access allowed?
User ACL
What is the most important aspect of a biometric device?
A device which is synchronized to an authentication server is which type of authentication?
Synchronous token
Which of the following is the term for the process of validating a subject’s identity?
What does the Mandatory Access Control (MAC) method used to control access?
Sensitive labels
Which of the following are requirements to deploy Kerberos on a network? (Select two)
-A centralized database of users and passwords
-Time synchronization between devices
Which of the following is not used to oversee and/or improve the security performance of employees?
Exit Interviews
Which form of authentication solution employs a hashed form of the user’s password that has an added
time stamp as a form of identity?
Which of the following conditions is desirable when selecting a bio-metric system? (Select two)
-A low crossover rate
-A high processing rate
Which security principle prevents any one administrator from having sufficient access to compromise
the security of the overall IT solution?
Separation of duties
Need to know is required to access which types of resources?
Compartmentalized resources
Which of the following is the best action to take to make remembering passwords easier so that a
person no longer has to write the password down?
Implement end-user training
You have implemented account lockout with a clipping level of 4. What will be the effect of this setting?
The account will be locked after 4 incorrect attempts
In a variation of a brute force attack, an attacker may use a predefined list (dictionary) of commonly used usernames and passwords to gain access to existing user accounts. Which countermeasures best addresses this issue?
A strong password policy
Which of the following defines the crossover rate for evaluating bio-metric systems?
The point where the number of false positives matches the number of false negatives in the biometric system
Which of the following cloud computing systems will deliver software applications to a client either over the Internet or on a local area network?
SaaS (Security as a Service)
Which of the following is an example of Type 1 authentication?
Pass phrase
In which form of access control environment is access controlled by rules rather than by identity?
MAC (Mandatory Access Control
In an Identity Management System, what is the function of the Identity Vault?
Ensure that each employee has the appropriate level of access in the system
Which of the following is an example of a decentralized privilege management solution?
Which of the following is the strongest form of multi-factor authentication?
A password, a biometric scan, and a token device
Which of the following is stronger than any biometric authentication factor?
A two factor authentication
Which of the following defines an object as used in access control?
Data applications, systems, networks, and physical space
Which form of access control is based on job descriptions?
Role-based access control (RBAC)
What type of password is maryhadalittlelamb?
Pass phrase
In an Identity Management System, what is the function of the Authoritative Source?
Specify the owner of a data item
Which of the following are disadvantages of biometrics? (Select two)
-When used alone or solely, they are no more secure than a strong password
-They require time synchronization
The Brewer-Nash model is designed primarily to prevent?
Conflicts of interest
What is it called if the ACL automatically prevents access to anyone not on the list?
Implicit deny
Which of the following best describes the Platform as a Service (PaaS) cloud computing service model?
PaaS delivers everything a developer needs to build an application onto the cloud infrastructure
What access control type is used to implement short-term repairs to restore basic functionality following an attack?
What is mutual authentication?
A process by which each party in an online communication verifies the identity of the other party
What is another term for the type of logon credentials provided by a token device?
One-time password
Which of the following are examples of single sign-on authentication solutions?
Which of the following is not true regarding cloud computing
Cloud computing requires end user knowledge of the physical location and configuration of the system that delivers the services
You have just configured the password policy and set the minimum password age to ten. What will be the effects of this configuration
User cannot change the password for at least ten days
Which of the following is not an example of a single sign on solution?
Which of the following controls is an example of a physical access control method?
Locks on doors
Which of the following is an example of privilege escalation?
Creeping privileges
Which of the following is not a characteristic of Kerberos?
Peer-to-peer relationships between entities
The Clark-Wilson model is primarily based on?
Controlled intermediary access applications
What should be done to a user account if the user goes on an extended vacation?
Disable the account
Which of the following is a password that relates to things that people know, such as a mother’s maiden name, or the name of a pet?
A router access control list uses information in a packet such as the destination IP address and port number to make allow or deny forwarding decisions. This is an example of what type of access control mode?
RBAC (based on rules)
Which type of access control focuses on assigning privileges based on security clearance and data sensitivity?
MAC (Mandatory access control)
Which of the following advantages can Single Sign-On (SSO) provide? (Select two)
-Access to all authorized resources with a single instance of authentication
-The elimination of multiple user accounts and passwords for an individual
Seperation of duties is an example of which types of access control?
Encryption is what type of access control?
What is the primary goal of separation of duties?
Prevent conflicts of interest