PREVIOUS QUESTION & ANSWER

Q :
A :

 QUESTION 1

 

You are covering the lobby desk and an employee approaches the desk and says, "I forgot my badge?" What must you do?

 

 

Ask the employee to sign in the Guest Book and give them a visitor badge

 

Verify their identity, verify their employment status and record the data

 

Verify their identity, verify their employment status and record the data Call their manager.

 

Deny access and direct them to go home and get their badge

3 points   

QUESTION 2

1.       A valid form of ID would be?

 

Anything with a picture, name and address of the card holder.

 

A state issued driver license or ID; passport or a green card.

 

A state issued driver license or ID and/or passport.

 

A California issued driver license or ID only.

3 points   

QUESTION 3

1.       (True of False)You must always allow access to law enforcement when they request access to the building?

 

True

 

False

3 points   

QUESTION 5

1.       

1.       A Mississippi riverboat casino uses synchronous token devices for authentication. Which does not describe such a device?

 

 

Challenge-based

 

One-time password generator

 

Time-based

 

Authentication mechanism

3 points   

QUESTION 6

1.       

1.       A network-based intrusion detection system (IDS) does not do, or is not what?

 

 

Monitors traffic on a network segment.

 

Computer or network appliance with NIC in promiscuous mode.

 

Sensors communicate with a central management console.

 

None of these answers are correct.

3 points   

QUESTION 7

1.       

1.       Systems that are based on the MAC model can work in different modes. The dedicated security mode requires that the system has all of the following except:

 

 

              Subjects must have direct access to the system only.

 

                Only one classification of information can be running at a time.

 

Users must have a need-to-know for all data within the system.

 

All users must have nondisclosure agreements and access approval clearance.

3 points   

QUESTION 8

1.       What is the first step in the Access Control Process?

 

 

Logging in

 

Authorization

 

Authentication

 

                 Access

3 points   

QUESTION 9

1.       Which of the following is SOMETHING YOU ARE?

 

 

Username

 

Token

 

Password

 

               Retinal Scan

3 points   

QUESTION 10

1.       Which from the list below, is not a threat to an access control system

 

Password Cracking

 

Forgotten Password

 

Heightened Access

 

                Social Engineering

3 points   

QUESTION 11

1.       

1.       You calculate ALE by multiplying SLE by 1.2

 

 True

 False

3 points   

QUESTION 12

1.       

1.       PII may or may not be considered sensitive information

 

 True

 False

3 points   

QUESTION 13

1.       The Gramm-Leach-Bliley Act regulates which Industry

 

 

Energy

 

Health Care

 

Financial

 

            Automobile

3 points   

QUESTION 14

1.       The HIPAA Act regulates which Industry

 

 

Energy

 

Health Care

 

Financial

 

            Automobile

3 points   

QUESTION 15

1.       Sarbanes Oxley regulates

 

 

Energy

 

Health Care

 

Publicly Traded Companies

 

Automobile

3 points   

QUESTION 16

1.       Which of the following are types of security breaches?

 

System Exploits

 

DoS attacks

 

PII

 

Eavesdropping

3 points   

QUESTION 17

1.       Which of the following is an Access Control model where rights are managed by the owner of the object?

 

MAC

 

DAC

 

RBAC

3 points   

QUESTION 19

1.       What element if Human Nature does a Social Engineer exploit?

 

Fear

 

Ambition

 

Greed

 

Trust

3 points   

QUESTION 20

1.       What does SUDO (lowercase) command in Linux/UNIX allow system administrators to do?

 

Login as root

 

Run any process as if they were logged in as another user

 

Disable the root user

 

Disable the user account

3 points   

QUESTION 21

1.       Crackers are defined as 

 

Software programs designed to compromise password and other files

 

People who violate the system for monetary or personal gain

 

Automated scripts used to perform penetration tests on external environments

 

Tools used to exploit online sessions by sniffing packets and obtaining unencrypted information

3 points   

QUESTION 23

1.       

1.       The industry best practice for password selection by clients is:

 

 

6 characters in length, changed every 60 days, frozen after 5 invalid access attempts.

 

8 characters in length, changed every 90 days, frozen after 3 invalid access attempts.

 

6 characters in length, changed every 90 days, frozen after 3 invalid access attempts.

 

                    8 characters in length, changed every 60 days, frozen after 5 invalid access attempts.

3 points   

QUESTION 24

1.        

1.       Access control supports the principles of

 

 

Ownership, need-to-know, and data classification.

 

Authorization, least privilege, and separation of duty.

 

Connectivity, password controls, and session controls.

 

                   Privacy, monitoring, and compliance.

3 points   

QUESTION 25

1.       

1.       The “principle of least privilege” supports which domain implementation method?

 

 

Providing protected entry points into a network.

 

Providing privilege checking within a system or application access.

 

Providing hardware that allows access to certain functions.

 

                 Providing the least access to execute role responsibilities

3 points   

QUESTION 26

1.       Behavior that is unexpected is referred to as an anomaly. An example of an anomaly detection system would be:

 

 

Using statistical profiles to measure behavior.

.

 

Using misuse signatures to measure activity.

 

Using checksums to measure quantity.

 

Using probes to measure traffic

3 points   

QUESTION 27

1.       Cryptography addresses which of the following security issues?

 

 

Confidentiality and availability

 

Integrity and availability

 

Fault tolerance and integrity

 

                   Confidentiality and integrity

3 points   

QUESTION 28

1.       Which is not a component of public key infrastructure?

 

 

Certificate authority

 

Symmetric encryption

 

Digital certificates

 

                  Certificate revocation

3 points   

QUESTION 29

1.       SHA1 and MD5 are two examples of what?

 

Key exchange mechanisms

 

Hashing algorithms

 

Certificates authorities

 

                 Symmetric encryption algorithms

3 points   

QUESTION 30

1.       The Bell-Lapadulla model is designed for: 

 

Access Control

 

Confidentiality

 

Availability

 

Error modeling

3 points   

QUESTION 31

1.       What are the types Access Control List?

 

DACL

 

MACL

 

SACL

 

TACL

3 points   

QUESTION 32

1.       Which IEEE standard defines WLANs? (one answer)

 

802.11

 

802.10

 

802.5

 

802.3

3 points   

QUESTION 33

1.       Which of the following is the most secure encryption method for WLANs?

 

WEP

 

WPA

 

MAC

 

Extended WEP

3 points   

QUESTION 34

1.       Which organization manages RFCs?

 

IEFT

 

NIST

 

FISMA

 

ISO

 


Related Questions & Answer

Get Your Solution Free




Get Your Solution Paid




DEMO