Bookmark and Share

Front Back
1. What is derived from a passphrase? A. A personal password B. A virtual password C. A user ID D. A valid password
1. B
2. Which access control method is user-directed? A. Nondiscretionary B. Mandatory C. Identity-based D. Discretionary
2. D
3. Which item is not part of a Kerberos authentication implementation? A. A message authentication code B. A ticket-granting ticket C. Authentication service D. Users, programs, and services
3. A
4. If a company has a high turnover rate, which access control structure is best? A. Role-based B. Decentralized C. Rule-based D. Discretionary
4. A
5. In discretionary access control, who/what has delegation authority to grant access to data? A. A user B. A security officer C. A security policy D. An owner
5. D
6. Remote access security using a token one-time password generation is an example of which of the following? A. Something you have B. Something you know C. Something you are D. Two-factor authentication
6. A
7. What is a crossover error rate (CER)? A. A rating used to rank a biometric system B. The number of Type I errors C. The number of Type II errors D. The number reached when Type I errors exceed the number of Type II errors
7. A
8. What does a retina scan biometric system do? A. Examines the pattern, color, and shading of the area around the cornea B. Examines the patterns and records the similarities between an individual’s eyes C. Examines the pattern of blood vessels at the back of the eye D. Examines the geometry of the eyeball
8. C
9. If you are using a synchronous token device, what does this mean? A. The device synchronizes with the authentication service by using internal time or events. B. The device synchronizes with the user’s workstation to ensure the credentials it sends to the authentication service are correct. C. The device synchronizes with the token to ensure the timestamp is valid and correct. D. The device synchronizes by using a challenge-response method with the authentication service.
9. A
10. What is a clipping level? A. The threshold for an activity B. The size of a control zone C. Explicit rules of authorization D. A physical security mechanism
10. A
11. Which intrusion detection system would monitor user and network behavior? A. Statistical B. Signature-based C. Static D. Host-based
11. A
12. When should a Class C fire extinguisher be used instead of a Class A? A. When electrical equipment is on fire B. When wood and paper are on fire C. When a combustible liquid is on fire D. When the fire is in an open area
12. A
13. How does Halon suppress fires? A. It reduces the fire’s fuel intake. B. It reduces the temperature of the area. C. It disrupts the chemical reactions of a fire. D. It reduces the oxygen in the area.
13. C
14. What is the problem with high humidity in a data processing environment? A. Corrosion B. Fault tolerance C. Static electricity D. Contaminants
14. A
15. What is the definition of a power fault? A. Prolonged loss of power B. Momentary low voltage C. Prolonged high voltage D. Momentary power outage
15. D
16. Who has the primary responsibility of determining the classification level for information? A. The functional manager B. Middle management C. The owner D. The user
16. C
17. Which best describes the purpose of the ALE calculation? A. It quantifies the security level of the environment. B. It estimates the loss potential from a threat. C. It quantifies the cost/benefit result. D. It estimates the loss potential from a threat in a one-year time span.
17. D
18. How do you calculate residual risk? A. Threats × risks × asset value B. (Threats × asset value × vulnerability) × risks C. SLE × frequency = ALE D. (Threats × vulnerability × asset value) × control gap
18. D
19. What is the Delphi method? A. A way of calculating the cost/benefit ratio for safeguards B. A way of allowing individuals to express their opinions anonymously C. A way of allowing groups to discuss and collaborate on the best security approaches D. A way of performing a quantitative risk analysis
19. B
20. What are the necessary components of a smurf attack? A. Web server, attacker, and fragment offset B. Fragment offset, amplifying network, and victim C. Victim, amplifying network, and attacker D. DNS server, attacker, and web server
20. C
21. In phone phreaking, what is red boxing? A. Voltage manipulation B. Replaying the noise that coins make when dropping into a pay phone C. Using a handheld device attached to a live phone wire to intercept calls D. Tone manipulation
21. B
22. What do the reference monitor and security kernel do in an operating system? A. Intercept and mediate a subject attempting to access objects B. Point virtual memory addresses to real memory addresses C. House and protect the security kernel D. Monitor privileged memory usage by applications
22. A
x of y cards