PREVIOUS QUESTION & ANSWER

Q :
A :

 ·         Question 1

2 out of 2 points

   
 

Data at rest (DAR) is simply data that is in transit, such as on a network.

     

Selected Answer:

False

Answers:

True

 

False

     

·         Question 2

2 out of 2 points

   
 

Only a person with the approved level of access is allowed to view the information. This access is called _____________.

     

Selected Answer:

 clearance

Answers:

 clearance

 

classification

 

disclosure

 

policy

     

·         Question 3

2 out of 2 points

   
 

Which of the following is the definition of authentication factor?

     

Selected Answer:

A way of confirming the identity of a subject. The three authentication factors are something you know, something you have, and something you are.

Answers:

A secret combination of characters known only to the subject.

 

A way of confirming the identity of a subject. The three authentication factors are something you know, something you have, and something you are.

 

The user, network, system, process, or application requesting access to a resource.

 

Something only the subject and the authentication system know.

     

·         Question 4

2 out of 2 points

   
 

IT crimes are generally crimes of opportunity.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 5

2 out of 2 points

   
 

After passing through most of the layers of access control, limiting access to the data itself is your last method of protecting it.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 6

2 out of 2 points

   
 

The number of times per year you expect a compromise to occur is the definition of ________.

     

Selected Answer:

 annualized rate of occurrence (ARO)

Answers:

 annualized rate of occurrence (ARO)

 

exposure factor (EF)

 

defense-in-depth strategy

 

qualitative risk assessment

     

·         Question 7

2 out of 2 points

   
 

In a mandatory access control (MAC) system, rights are assigned based on a user’s role rather than his or her identity.

     

Selected Answer:

False

Answers:

True

 

False

     

·         Question 8

2 out of 2 points

   
 

What term is used to describe the percentage of attempts by legitimate users that are rejected by the system?

     

Selected Answer:

 false rejection rate

Answers:

Type I error

 

failure to enroll rate

 

 false rejection rate

 

failure to capture rate

     

·         Question 9

2 out of 2 points

   
 

____________ refers to give the exact amount of access control to an employee for him to perform his duties.

     

Selected Answer:

 Need to know

Answers:

Separation of duties

 

Collusion

 

Discretionary Access Control (DAC)

 

 Need to know

     

·         Question 10

2 out of 2 points

   
 

________ provides authentication over a PPP link.

     

Selected Answer:

Challenge Handshake Authentication Protocol (CHAP)

Answers:

Extensible Authentication Protocol (EAP)

 

 Challenge Handshake Authentication Protocol (CHAP)

 

Remote Authentication Dial In User Service (RADIUS)

 

Authentication Header (AH)

     

·         Question 11

2 out of 2 points

   
 

Craig likes to work on his computer at his local coffee shop, but people around him may be able to see what he is doing, including entering passwords for his accounts. This method of gaining confidential information is referred to as ________.

     

Selected Answer:

 shoulder surfing

Answers:

phishing

 

 shoulder surfing

 

man-in-the-middle attacks

 

spear phishing

     

·         Question 12

2 out of 2 points

   
 

The term blue team describes a technique designed to probe a network’s open ports looking for a weakness.

     

Selected Answer:

False

Answers:

True

 

False

     

·         Question 13

2 out of 2 points

   
 

Educational institutions are required to protect educational records by adhering to the strict guidelines set in the ________.

     

Selected Answer:

 Family Educational Rights and Privacy Act (FERPA)

Answers:

Communications Assistance for Law Enforcement Act (CALEA)

 

 Family Educational Rights and Privacy Act (FERPA)

 

Sarbanes-Oxley Act(SOX)

 

Gramm-Leach-Bliley Act (GLBA)

     

·         Question 14

2 out of 2 points

   
 

What is meant by mandatory access control ( MAC)?

     

Selected Answer:

 An access control system where rights are assigned by a central authority.

Answers:

Authentication system in which two conditions must be met in order for access to be granted. If one condition is met but not the other, access is denied.

 

 An access control system where rights are assigned by a central authority.

 

Requires that users commonly log into workstations under limited user accounts.

 

The principle in which a subject—whether a user, an application, or another entity—should be given the minimum level of rights necessary to perform legitimate functions.

     

·         Question 15

2 out of 2 points

   
 

A false rejection in a biometric access control system is the definition of ________.

     

Selected Answer:

 Type I error

Answers:

failure to enroll

 

crossover error

 

Type II error

 

 Type I error

     

·         Question 16

2 out of 2 points

   
 

Any good hardware test should pay attention to both normal conditions and________.

     

Selected Answer:

 boundary conditions

Answers:

automated testing

 

 boundary conditions

 

key parameters

 

load testing

     

·         Question 17

2 out of 2 points

   
 

Which of the following is the definition of integration testing?

     

Selected Answer:

 The process of testing how individual components function together as a complete system.

Answers:

 The process of testing how individual components function together as a complete system.

 

A graphically intensive vulnerability scanner.

 

An open source port scanning and host detection utility.

 

In a penetration test, this consists of penetration testers who have been given some background knowledge of the infrastructure.

     

·         Question 18

2 out of 2 points

   
 

_____________ refers to creating multiple layers of security to force an attacker to defeat multiple controls.

     

Selected Answer:

 Defense in depth

Answers:

Biometrics

 

Physical access control

 

Mandatory access control (MAC)

 

 Defense in depth

     

·         Question 19

2 out of 2 points

   
 

What term is used to describe a technical, physical, or administrative process designed to reduce risk?

     

Selected Answer:

 control

Answers:

defense-in-depth strategy

 

qualitative risk assessment

 

infrastructure

 

 control

     

·         Question 20

2 out of 2 points

   
 

In UNIX systems, there are three rights and three classes those rights can be assigned to. The three classes of users are owner, group, and ________ .

     

Selected Answer:

 world

Answers:

super user

 

parent

 

global

 

 world

     

·         Question 21

2 out of 2 points

   
 

A guideline is a collection of requirements that must be met by anyone who performs a given task or works on a specific system.

     

Selected Answer:

False

Answers:

True

 

False

     

·         Question 22

2 out of 2 points

   
 

The percentage of imposters that will be recognized as authorized users is the definition of ________.

     

Selected Answer:

 false acceptance rate

Answers:

false acceptance rate

 

crossover error rate (CER)

 

Type I error

 

Type II error

     

·         Question 23

2 out of 2 points

   
 

In a penetration test, the ________ team comprises testers who are given no knowledge of the infrastructure and are attacking a target that is unaware of their existence until the attack is made.

     

Selected Answer:

 tiger

Answers:

 tiger

 

backdoor

 

boundary conditions

 

load testing

     

·         Question 24

2 out of 2 points

   
 

Port scanning is a technique designed to probe a network’s open ports and lookfor weaknesses.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 25

2 out of 2 points

   
 

A common element in a(n) _____________ is “Sending unsolicited junk e-mail or advertisements is prohibited.”

     

Selected Answer:

 acceptable use policy

Answers:

 acceptable use policy

 

organizational culture

 

ethics program

 

security awareness policy

     

·         Question 26

2 out of 2 points

   
 

A key distribution center (KDC) is the service or server that acts as both the ticket-granting service and the authentication service.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 27

2 out of 2 points

   
 

The subject in an access control scenario is a person or another application requesting access to a resource such as the network, a file system, or a printer.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 28

2 out of 2 points

   
 

Discretionary access control (DAC) is an access control system where rights are assigned by a central authority.

     

Selected Answer:

False

Answers:

True

 

False

     

·         Question 29

2 out of 2 points

   
 

At the ________phase in the software development life cycle, system architects and software engineers can begin to work on the low-level functions that will make up the final product.

     

Selected Answer:

 software design

Answers:

requirements analysis

 

 software design

 

development or coding

 

testing and integration

     

·         Question 30

0 out of 2 points

   
 

Which of the following is NOT one of the three integrity goals?

     

Selected Answer:

 Maintains confidentiality of data 

Answers:

Prevents unauthorized users from making modifications

 

Prevents authorized users from making improper modifications

 

 Maintains confidentiality of data 

 

Maintains internal and external consistency

     

·         Question 31

2 out of 2 points

   
 

Data in motion is data that is in transit, such as on a network.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 32

2 out of 2 points

   
 

Directory information refers to systems utilized to monitor and control telecommunications, water and waste control, energy, and transportation among other industries and utilities.

     

Selected Answer:

False

Answers:

True

 

False

     

·         Question 33

2 out of 2 points

   
 

Kerberos is an example of a ___________ system, providing enterprises with scalability and flexibility.

     

Selected Answer:

 single sign-on

Answers:

 single sign-on

 

access control entry

 

commercial off-the-shelf

 

single-factor authentication

     

·         Question 34

2 out of 2 points

   
 

There are two primary causes of access control failures: _____________ and technological factors.

     

Selected Answer:

 people

Answers:

institutional

 

 people

 

administrative

 

organizational

     

·         Question 35

2 out of 2 points

   
 

In order to correctly prioritize efforts at mitigating threats and vulnerabilities, we perform ________ to accurately decide which threats represent the biggest impact to resources and data.

     

Selected Answer:

 risk assessment

Answers:

vulnerability analysis

 

 risk assessment

 

single loss expectancy

 

probability of occurrence

     

·         Question 36

2 out of 2 points

   
 

A scenario with a high probability but low impact is a lower priority risk than one with a high probability and high impact.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 37

2 out of 2 points

   
 

In high-security environments, administrators may choose to use a ______________ model, where only the administrator grants access.

     

Selected Answer:

 mandatory access control (MAC)

Answers:

discretionary access control (DAC)

 

 mandatory access control (MAC)

 

role-based access control (RBAC)

 

administrator access model (AAM)

     

·         Question 38

2 out of 2 points

   
 

RADIUS encrypts the password only, whereas TACACS+ encrypts the entire body of the packet.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 39

2 out of 2 points

   
 

This model is known for "No read up. No write down."

     

Selected Answer:

 Bell-LaPadula

Answers:

Biba

 

Clark-Wilson

 

 Bell-LaPadula

 

Graham-Denning

     

·         Question 40

2 out of 2 points

   
 

All employees should receive training to fully understand the value of security to the organization.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 41

2 out of 2 points

   
 

The NIST National Vulnerability Database (NVD) is a U.S. repository maintained by the government that providesinformation on standards-based vulnerability management data.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 42

2 out of 2 points

   
 

The ________ is a law that requires telecommunications carriers and equipmentmakers to take steps to facilitate the electronic surveillance activities of law enforcement agencies.

     

Selected Answer:

 Communications Assistance to Law Enforcement Act (CALEA)

Answers:

 Communications Assistance to Law Enforcement Act (CALEA)

 

Sarbanes-OxleyAct (SOX)

 

Gramm-Leach-Bliley Act (GLBA)

 

Homeland Security Presidential Directive 12 (HSPD 12)

     

·         Question 43

2 out of 2 points

   
 

A threat is any weakness in a system that can be exploited.

     

Selected Answer:

False

Answers:

True

 

False

     

·         Question 44

2 out of 2 points

   
 

What name is given to systems utilized to monitor and control telecommunications, water and waste control, energy, and transportation among other industries and utilities?

     

Selected Answer:

 supervisory control and data acquisition (SCADA) process control systems

Answers:

 supervisory control and data acquisition (SCADA) process control systems

 

directory information

 

human machine interface

 

critical infrastructure

     

·         Question 45

2 out of 2 points

   
 

A ______________ is a set of specific steps to be taken to achieve a desired result.

     

Selected Answer:

 procedure

Answers:

guideline

 

 procedure

 

standard

 

policy

     

·         Question 46

2 out of 2 points

   
 

The requester of sensitive information should not receive access just because of his or her clearance, position, or rank. The requester must also establish a valid need to see the information. The term for this is ________.

     

Selected Answer:

 need to know

Answers:

least privilege

 

 need to know

 

confidential information declassification

 

access control

     

·         Question 47

2 out of 2 points

   
 

________ is the act of simulating an attack on an organization’s resources to assess an infrastructure’s true vulnerability.

     

Selected Answer:

 Penetration testing

Answers:

Code injection

 

Gap analysis

 

 Penetration testing

 

Integration testing

     

·         Question 48

2 out of 2 points

   
 

_____________ is a set of rights defined for a subject and an object. They are based on the subject’s identity.

     

Selected Answer:

 Authorization

Answers:

Authentication

 

 Authorization

 

Credentials

 

Passwords

     

·         Question 49

2 out of 2 points

   
 

An access control list (ACL) is a list of security policies associated with an object.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 50

2 out of 2 points

   
 

What is Remote Authentication Dial-In User Service (RADIUS)?

     

Selected Answer:

 A client/server protocol that provides authentication, authorization, and accounting for a remote dial-in system.

Answers:

A protocol that sets up a point-to-point connection between two computer systems over an Internet Protocol (IP) network.

 

As part of AAA, it provides the ability of a system to collect statistics on networks or users for auditing and billing purposes. This enables the tracking of systems usage, start and stop times of resources, and number of packets, as well as other metrics that identify what was used and for how long.

 

 A client/server protocol that provides authentication, authorization, and accounting for a remote dial-in system.

 

A tunneling protocol that encapsulates packets inside Internet Protocol (IP) tunnels.

     

·         Question 51

2 out of 2 points

   
 

Human nature is the sum of qualities and traits shared by all humans.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 52

2 out of 2 points

   
 

The ________ allowed banks, investment firms, and insurance companies to consolidate. It also introduced some consumer protections, such as requiring creditagencies to provide consumers with one free credit report per year.

     

Selected Answer:

 Gramm-Leach-Bliley Act (GLBA)

Answers:

Sarbanes-Oxley Act(SOX)

 

 Gramm-Leach-Bliley Act (GLBA)

 

21 CFR Part 11

 

Homeland Security Presidential Directive 12 (HSPD 12)

     

·         Question 53

2 out of 2 points

   
 

A phishing attack targeted at specific, usually high-level, individuals within an organization is the definition of spear phishing.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 54

2 out of 2 points

   
 

Which of the following is not one of the sides of the information security triad (CIA triangle)?

     

Selected Answer:

 access control

Answers:

 access control

 

integrity

 

availability

 

confidentiality

     

·         Question 55

2 out of 2 points

   
 

RADIUS uses TCP as its transport protocol, and TACACS+ uses UDP.

     

Selected Answer:

False

Answers:

True

 

False

     

·         Question 56

2 out of 2 points

   
 

Hand geometry is more accurate than retinal or iris scanning, and many users consider it less intrusive.

     

Selected Answer:

False

Answers:

True

 

False

     

·         Question 57

2 out of 2 points

   
 

Passwords, tokens, and fingerprint scans are all examples of ________.

     

Selected Answer:

 authentication

Answers:

identification

 

 authentication

 

authorization

 

credentials

     

·         Question 58

2 out of 2 points

   
 

________ is the relative value, either in monetary terms or in overall impact, of the resource being protected by the access control system.

     

Selected Answer:

 Asset value (AV)

Answers:

Cost of replacement

 

Probability of occurrence

 

 Asset value (AV)

 

Exposure factor (EF)

     

·         Question 59

2 out of 2 points

   
 

________ is a type of security breach that exploits human nature and human error.

     

Selected Answer:

 Social engineering

Answers:

 Social engineering

 

Eavesdropping

 

System exploit

 

Physical attack

     

·         Question 60

2 out of 2 points

   
 

The benefits associated with AAA are increased security, increased control over the network, and the capability of auditing your network.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 61

2 out of 2 points

   
 

This model covers all of CIA

     

Selected Answer:

 Graham-Denning

Answers:

 Graham-Denning

 

Biba

 

Bell-LaPadula

 

Brewer-Nash

     

·         Question 62

2 out of 2 points

   
 

Authorization is a set of rights defined for a subject and an object. They are based on the subject’s identity.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 63

2 out of 2 points

   
 

According to the typical corporate security classification scheme, ________ information, if disclosed, could cause serious damage to the firm.

     

Selected Answer:

 sensitive

Answers:

 sensitive

 

public

 

internal

 

highly sensitive

     

·         Question 64

2 out of 2 points

   
 

Separation of responsibilities refers to an authentication system in which two conditions must be met in order for access to be granted. If one condition is met but not the other, access is denied.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 65

2 out of 2 points

   
 

What name is given to the process or mechanism of granting or denying use of a resource typically applied to users or generic network traffic?

     

Selected Answer:

 access control

Answers:

 access control

 

authentication

 

biometrics

 

identification password

     

·         Question 66

2 out of 2 points

   
 

A _______________ is a person who is angry or dissatisfied, usually with some aspect of his or her employment.

     

Selected Answer:

 disgruntled employee

Answers:

 disgruntled employee

 

social engineer

 

terminated employee

 

loner

     

·         Question 67

2 out of 2 points

   
 

What term is used to describe a method of organizing sensitive information into various access levels?

     

Selected Answer:

 classification scheme

Answers:

confidential information

 

secret information

 

automatic classification

 

 classification scheme

     

·         Question 68

2 out of 2 points

   
 

A good physical security strategy is designed in layers.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 69

2 out of 2 points

   
 

Every form of authentication is based on something you have, something you are, or something you know.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 70

2 out of 2 points

   
 

Under the Health Insurance Portability and Accountability Act, the _____________________ includes an administrative safeguard that restricts access to EPHI to only those employees who need the information for their job functions.

     

Selected Answer:

 Security Rule

Answers:

Privacy Rule

 

 Security Rule

 

Transactions and Codes Set Rule

 

Enforcement Rule

     

·         Question 71

2 out of 2 points

   
 

The process used to move a classified document into the public domain is the definition of declassification.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 72

2 out of 2 points

   
 

A biometric system must be able to analyze the sample data and perform a database lookup extremely efficiently to avoid issues that will produce a bottleneck effect on an organization’s operations. This parameter is referred to as ________.

     

Selected Answer:

 performance

Answers:

acceptability

 

 performance

 

anti-circumvention

 

collectability

     

·         Question 73

2 out of 2 points

   
 

A ________ is a comprehensive process for determining the privacy, confidentiality, and security risks associated with the collection, use, and disclosure of personal information.

     

Selected Answer:

 privacy impact assessment

Answers:

data encryption standard encryption

 

 privacy impact assessment

 

NTLM hash

 

penetration test

     

·         Question 74

2 out of 2 points

   
 

In the risk management strategy known as risk ________, you offload the risk to a third party.

     

Selected Answer:

 transference

Answers:

 transference

 

mitigation

 

avoidance

 

acceptance

     

·         Question 75

2 out of 2 points

   
 

One distinct advantage to nonintrusive testing is the fact that it is performed manually.

     

Selected Answer:

False

Answers:

True

 

False

     

·         Question 76

2 out of 2 points

   
 

A(n) ________________ is a high-level document that defines how an organization will assign and enforce access control rights.

     

Selected Answer:

 authorization policy

Answers:

best practice

 

 authorization policy

 

critical infrastructure

 

disclosure

     

·         Question 77

2 out of 2 points

   
 

All employees should receive training to fully understand the value of security to the organization.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 78

2 out of 2 points

   
 

What is meant by failure to enroll rate?

     

Selected Answer:

The percentage of failed attempts to create a sample data set for an individual, divided by the total number of attempts to enroll users.

Answers:

The percentage of imposters that will be recognized as authorized users.

 

The percentage of an individual’s authentication attempts that fail because the system is unable to obtain the information necessary to make an authentication decision

 

A false rejection in a biometric access control system.

 

The percentage of failed attempts to create a sample data set for an individual, divided by the total number of attempts to enroll users.

     

·         Question 79

2 out of 2 points

   
 

In the risk management strategy known as risk ________,you implement controls designed to lessen the probability and/or impact of a risk.

     

Selected Answer:

 mitigation

Answers:

transference

 

 mitigation

 

avoidance

 

acceptance

     

·         Question 80

2 out of 2 points

   
 

Which of the following is not a factor of authentication?

     

Selected Answer:

 Where you are?

Answers:

 Where you are?

 

Who you are?

 

What you know?

 

What you have?

     

·         Question 81

2 out of 2 points

   
 

Which of the following is the definition of baseline?

     

Selected Answer:

 A normal level of measurement.

Answers:

 A normal level of measurement.

 

A process that performs a sequence of operations.

 

Provides services for connecting network resources across network domains.

 

Activities that occur between two or more businesses.

     

·         Question 82

2 out of 2 points

   
 

Access control list (ACL) means a list of security policies that is associated with an object.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 83

2 out of 2 points

   
 

In practice, the principle of least privilege is usually implemented as least user access (LUA), which requires that users commonly log onto workstations under limited user accounts.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 84

2 out of 2 points

   
 

In a(n) __________________ environment, users have the ability to delegate access rights to the objects under their ownership.

     

Selected Answer:

 discretionary access control

Answers:

super administrator

 

 discretionary access control

 

explicitly delegated rights

 

implicitly delegated rights

     

·         Question 85

2out of 2 points

   
 

Separation of duties ensures that a single person handles all crucial decisions and activities as part of a management control policy.

     

Selected Answer:

False

Answers:

True

 

False

     

·         Question 86

2 out of 2 points

   
 

Creating a complete inventory of IT assets is one of the first steps in implementing access controls.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 87

2 out of 2 points

   
 

Access control systems that address human nature, and the problems human nature can introduce, focus on ___________ attacks.

     

Selected Answer:

 social engineering

Answers:

malware

 

phishing

 

fraud

 

 social engineering

     

·         Question 88

2 out of 2 points

   
 

Annualized loss expectancy ( ALE) means the total cost per year of the threat under assessment. ALE is calculated by multiplying the SLE by the ARO.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 89

2 out of 2 points

   
 

A good risk assessment takes into account both the value of the assets to be protected and their impact on the overall organization.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 90

2 out of 2 points

   
 

What is meant by data at rest ( DAR)?

     

Selected Answer:

 Stored data. The data may be in archival form on tape or optical disc, on a hard disk, or sitting in a system’s buffers.

Answers:

A patch to the Linux kernel and a set of administrative tools that attempt to enhance security.

 

 Stored data. The data may be in archival form on tape or optical disc, on a hard disk, or sitting in a system’s buffers.

 

Access rights that are given to a user by the owner of an object.

 

Data as it travels from one place to another, such as over a network.

     

·         Question 91

2 out of 2 points

   
 

False rejection rate means the point at which Type I errors and Type II errors in a biometric access control system are equal.

     

Selected Answer:

False

Answers:

True

 

False

     

·         Question 92

2 out of 2 points

   
 

___________ is also referred to as strong authentication.

     

Selected Answer:

 Two-factor authentication

Answers:

 Two-factor authentication

 

Single-factor authentication

 

Symmetric encryption

 

Temporal Key Integrity Protocol

     

·         Question 93

2 out of 2 points

   
 

Fundamentally, __________ refers to the ability of a subject and an object to interact.

     

Selected Answer:

 access

Answers:

authorization

 

 access

 

biometrics

 

identification

     

·         Question 94

2out of 2 points

   
 

According to the national security classification, ________ information, if disclosed, could reasonably be expected to cause damage to national security.

     

Selected Answer:

 confidential

Answers:

secret

 

confidential

 

unclassified

 

top secret

     

·         Question 95

2 out of 2 points

   
 

Testing should be built into the entire software development ________.

     

Selected Answer:

 life cycle

Answers:

architecture

 

infrastructure

 

design

 

 life cycle

     

·         Question 96

2 out of 2 points

   
 

Identification builds on authentication by requiring that the subject provide proof of its identity.

     

Selected Answer:

False

Answers:

True

 

False

     

·         Question 97

2 out of 2 points

   
 

In a penetration test, a ________ team consists of IT staff who defend against the penetration testers. They are generally aware that a penetration test is happening, but do not know what methods the testers will use.

     

Selected Answer:

 blue

Answers:

 blue

 

boundary conditions

 

load testing

 

hardening

     

·         Question 98

2 out of 2 points

   
 

The point at which Type I errors and Type II errors in a biometric access control system are equal is the definition of ________.

     

Selected Answer:

 crossover error rate (CER)

Answers:

 crossover error rate (CER)

 

Type III error

 

failure to enroll rate

 

failure to capture rate

     

·         Question 99

2 out of 2 points

   
 

Access control is an application of risk ________.

     

Selected Answer:

 mitigation

Answers:

 mitigation

 

transference

 

acceptance

 

avoidance

     

·         Question 100

2 out of 2 points

   
 

Stealing passwords by using software code to run through various password schemes with numbers, symbols, capital letters, and characters until a match occurs is known as ________.

     

Selected Answer:

 brute-force attacks

Answers:

dictionary attacks

 

 brute-force attacks

 

eavesdropping

 

social engineering

     

 


Related Questions & Answer

Get Your Solution Free




Get Your Solution Paid




DEMO