Question 14 Which one of the following is an example of two-factor authenticatio
ID: 3857728 • Letter: Q
Question
Question 14
Which one of the following is an example of two-factor authentication?
A)
Smart card and personal identification number (PIN)
B)
Personal identification number (PIN) and password
C)
Password and security questions
D)
Token and smart card
Question 15
Which type of password attack attempts all possible combinations of a password in an attempt to guess the correct value?
Question 15 options:
A)
Dictionary attack
B)
Rainbow table attack
C)
Social engineering attack
D)
Brute-force attack
Question 16 (1 point)
Which of the following is an example of a hardware security control?
Question 16 options:
A)
NTFS permission
B)
MAC filtering
C)
ID badge
D)
Security policy
Question 17 (1 point)
Gary would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. Which model fits that scenario?
Question 17 options:
A)
Discretionary access control (DAC)
B)
Mandatory access control (MAC)
C)
Rule-based access control
D)
Role-based access control (RBAC)
Question 18 (1 point)
Tomahawk Industries develops weapons control systems for the military. The company designed a system that requires two different officers to enter their access codes before allowing the system to engage. Which principle of security is this following?
Question 18 options:
A)
Least privilege
B)
Security through obscurity
C)
Need to know
D)
Separation of duties
Question 19 (1 point)
Which of the following is NOT a benefit of cloud computing to organizations?
Question 19 options:
A)
On-demand provisioning
B)
Improved disaster recovery
C)
No need to maintain a data center
D)
Lower dependence on outside vendors
Question 20 (1 point)
Biyu is making arrangements to use a third-party service provider for security services. She wants to document a requirement for timely notification of security breaches. What type of agreement is most likely to contain formal requirements of this type?
Question 20 options:
A)
Service level agreement (SLA)
B)
Blanket purchase agreement (BPA)
C)
Memorandum of understanding (MOU)
D)
Interconnection security agreement (ISA)
Question 21 (1 point)
Karen is designing a process for issuing checks and decides that one group of users will have the authority to create new payees in the system while a separate group of users will have the authority to issue checks to those payees. The intent of this control is to prevent fraud. Which principle is Karen enforcing?
Question 21 options:
A)
Job rotation
B)
Least privilege
C)
Need-to-know
D)
Separation of duties
Question 22 (1 point)
What is NOT a goal of information security awareness programs?
Question 22 options:
A)
Teach users about security objectives
B)
Inform users about trends and threats in security
C)
Motivate users to comply with security policy
D)
Punish users who violate policy
Question 23 (1 point)
Ann is creating a template for the configuration of Windows servers in her organization. It includes the basic security settings that should apply to all systems. What type of document should she create?
Question 23 options:
A)
Baseline
B)
Policy
C)
Guideline
D)
Procedure
Question 24 (1 point)
What is the correct order of steps in the change control process?
Question 24 options:
A)
Request, approval, impact assessment, build/test, monitor, implement
B)
Request, impact assessment, approval, build/test, implement, monitor
C)
Request, approval, impact assessment, build/test, implement, monitor
D)
Request, impact assessment, approval, build/test, monitor, implement
Question 25 (1 point)
Bob is preparing to dispose of magnetic media and wishes to destroy the data stored on it. Which method is NOT a good approach for destroying data?
Question 25 options:
A)
Formatting
B)
Degaussing
C)
Physical destruction
D)
Overwriting
Question 26 (1 point)
In what type of attack does the attacker send unauthorized commands directly to a database?
Question 26 options:
A)
Cross-site scripting
B)
SQL injection
C)
Cross-site request forgery
D)
Database dumping
A)
Smart card and personal identification number (PIN)
B)
Personal identification number (PIN) and password
C)
Password and security questions
D)
Token and smart card
Explanation / Answer
14.
A smart card is a card which is used to get the access of any authentication system and a
PIN is a four-digit number which is used to enter the system during the use of the
card so that you can access the system. password and PIN both are the single factor
authentication because both users know by himself/herself. Similarly, the password and
security question is single factor authentication. So, token and password both are
physical entity too and they are single factor authentication too.
Therefore, the correct option is A) Smart card and personal identification number
(PIN)
15.
Brute-force attack is one of the password attack mechanism in which the attacker keep
guessing the password until he/she finds the correct password. For the longer password
it takes times.
Therefore, the correct option is D) Brute-force attack
16.
MAC filtering is basically used for the security purpose in network system whereby the
48-bit address assigned to each network card which is used control the access of the
network.
Therefore, the correct option is B) MAC filtering.
17.
RBAC is a mechanism in which any individual user can access the enterprise with the
permission of the owner. In this, the user can modify the resource per his/her use.
Therefore, the correct option is D) Role-based access control (RBAC)
18.
Separation of duties is the best concept to make any system secure by sharing the
authentication key to more than one person. It means that to access the system it is needed
to take the authentication of all the person related to that system.
Therefore, the correct option is D) Separation of duties
19.
Lower Dependence on outside venders is not the benefit of the cloud computing.
Therefore, the correct option is D) Lower dependence on outside vendors
20.
Service level agreement is the agreement between the third-party resource provider and the
user. It is an agreement which tell the requirement of the user from the provider and the
deadline of meeting the requirements also.
Therefore, the correct option is A) Service level agreement (SLA)
21.
Separation of duties is the best concept to make any system secure by sharing the
authentication key to more than one person. It means that to access the system it is needed
to take the authentication of all the person related to that system.
Therefore, the correct option is D) Separation of duties
22.
Goal of information security awareness program is to give knowledge to the user about the
security system. it means that the user should be informed, teach and motivated about
information security system.
Therefore, the correct option is D) Punish users who violate policy
23.
Template of configuration is also called the procedure.
Therefore, the correct option is D) Procedure.
24.
In change process control, there must be the first operation request then impact assessment, approval then build and then implement and monitor.
Therefore, the correct option is B) Request, impact assessment, approval, build/test, implement, monitor.
25.
Formatting and degaussing is soft technique to destroy the data from the magnetic media. In this there will not be any loss to the user. Physical destruction is the bad idea of destroying the data from the magnetic media.
Therefore, the correct option is C) Physical destruction.
26.
In SQL injection, the attacker send the unauthorized command to the data base.
Therefore, the correct option is B) SQL injection
Related Questions
drjack9650@gmail.com
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.