QUESTION 1 Which one of the following is an example of a logical access control?
ID: 3585304 • Letter: Q
Question
QUESTION 1
Which one of the following is an example of a logical access control?
Key for a lock
Password
Access card
Fence
0.5 points
QUESTION 2
During which phase of the access control process does the system answer the question,"What can the requestor access?"
Identification
Authentication
Authorization
Accountability
0.5 points
QUESTION 3
Ed wants to make sure that his system is designed in a manner that allows tracing actions to an individual. Which phase of access control is Ed concerned about?
Identification
Authentication
Authorization
Accountability
0.5 points
QUESTION 4
The ___________ is the central part of a computing environment's hardware, software, and firmware that enforces access control.
security kernel
CPU
memory
co-processor
0.5 points
QUESTION 5
Which type of authentication includes smart cards?
Knowledge
Ownership
Location
Action
0.5 points
QUESTION 6
Which one of the following is an example of two-factor authentication?
Smart card and personal identification number (PIN)
Personal identification number (PIN) and password
Password and security questions
Token and smart card
0.5 points
QUESTION 7
Which type of password attack attempts all possible combinations of a password in an attempt to guess the correct value?
Dictionary attack
Rainbow table attack
Social engineering attack
Brute-force attack
0.5 points
QUESTION 8
Which one of the following is NOT a commonly accepted best practice for password security?
Use at least six alphanumeric characters.
Do not include usernames in passwords.
Include a special character in passwords.
Include a mixture of uppercase characters, lowercase characters, and numbers in passwords.
0.5 points
QUESTION 9
Which characteristic of a biometric system measures the system's accuracy using a balance of different error types?
False acceptance rate (FAR)
False rejection rate (FRR)
Crossover error rate (CER)
Reaction time
0.5 points
QUESTION 10
Alan is evaluating different biometric systems and is concerned that users might not want to subject themselves to retinal scans due to privacy concerns. Which characteristic of a biometric system is he considering?
Accuracy
Reaction time
Dynamism
Acceptability
0.5 points
QUESTION 11
Which one of the following is NOT an advantage of biometric systems?
Biometrics require physical presence.
Biometrics are hard to fake.
Users do not need to remember anything.
Physical characteristics may change.
0.5 points
QUESTION 12
What is a single sign-on (SSO) approach that relies upon the use of key distribution centers (KDCs) and ticket-granting servers (TGSs)?
Secure European System for Applications in a Multi-Vendor Environment (SESAME)
Lightweight Directory Access Protocol (LDAP)
Security Assertion Markup Language (SAML)
Kerberos
0.5 points
QUESTION 13
Which of the following is an example of a hardware security control?
NTFS permission
MAC filtering
ID badge
Security policy
0.5 points
QUESTION 14
Gary would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. Which model fits that scenario?
Discretionary access control (DAC)
Mandatory access control (MAC)
Rule-based access control
Role-based access control (RBAC)
0.5 points
QUESTION 15
Tomahawk Industries develops weapons control systems for the military. The company designed a system that requires two different officers to enter their access codes before allowing the system to engage. Which principle of security is this following?
Least privilege
Security through obscurity
Need to know
Separation of duties
0.5 points
QUESTION 16
Which security model does NOT protect the integrity of information?
Bell-LaPadula
Clark-Wilson
Biba
Brewer and Nash
0.5 points
QUESTION 17
Which one of the following principles is NOT a component of the Biba integrity model?
Subjects cannot read objects that have a lower level of integrity than the subject.
Subjects cannot change objects that have a lower integrity level.
Subjects at a given integrity level can call up only subjects at the same integrity
level or lower.
A subject may not ask for service from subjects that have a higher integrity level.
0.5 points
QUESTION 18
Which of the following does NOT offer authentication, authorization, and accounting (AAA) services?
Remote Authentication Dial-In User Service (RADIUS)
Terminal Access Controller Access Control System Plus (TACACS+)
Redundant Array of Independent Disks (RAID)
DIAMETER
0.5 points
QUESTION 19
What is an XML-based open standard for exchanging authentication and authorization information and is commonly used for web applications?
Security Assertion Markup Language (SAML)
Secure European System for Applications in a Multi-Vendor Environment (SESAME)
User Datagram Protocol (UDP)
Password Authentication Protocol (PAP)
0.5 points
QUESTION 20
Which of the following is NOT a benefit of cloud computing to organizations?
On-demand provisioning
Improved disaster recovery
No need to maintain a data center
Lower dependence on outside vendors
Key for a lock
Password
Access card
Fence
Explanation / Answer
1. Which one of the following is an example of a logical access control?
Password
To access the software, we require password. Hence it is logical access control.
2. During which phase of the access control process does the system answer the question,"What can the requestor access?"
Authorization
Authentication is what logical access control is. When we come to lower lever, we will have different rights for the different type of users and it is known as Authorization.
3. Ed wants to make sure that his system is designed in a manner that allows tracing actions to an individual. Which phase of access control is Ed concerned about?
Accountability
Counting the actions is Accountability.
4. The _security_kernel_ is the central part of a computing environment's hardware, software, and firmware that enforces access control.
Related Questions
drjack9650@gmail.com
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.