. Читать онлайн книгу.
organization is adopting biometric authentication for its high-security building’s access control system. Use the following chart to answer questions 9–11 about the organization’s adoption of the technology.
1 Ben’s company is considering configuring its systems to work at the level shown by point A on the diagram. To what level is it setting the sensitivity?The FRR crossoverThe FAR pointThe CERThe CFR
2 At point B, what problem is likely to occur?False acceptance will be very high.False rejection will be very high.False rejection will be very low.False acceptance will be very low.
3 What should Ben do if the FAR and FRR shown in this diagram does not provide an acceptable performance level for his organization’s needs?Adjust the sensitivity of the biometric devices.Assess other biometric systems to compare them.Move the CER.Adjust the FRR settings in software.
4 When a subject claims an identity, what process is occurring?LoginIdentificationAuthorizationToken presentation
5 Files, databases, computers, programs, processes, devices, and media are all examples of what?SubjectsObjectsFile storesUsers
6 MAC models use three types of environments. Which of the following is not a mandatory access control design?HierarchicalBracketedCompartmentalizedHybrid
7 Ryan would like to implement an access control technology that is likely to both improve security and increase user satisfaction. Which one of the following technologies meets this requirement?Mandatory access controlsSingle sign-onMultifactor authenticationAutomated deprovisioning
8 The leadership at Susan’s company has asked her to implement an access control system that can support rule declarations like “Only allow access to salespeople from managed devices on the wireless network between 8 a.m. and 6 p.m.” What type of access control system would be Susan’s best choice?ABACRule-based access control (RBAC)DACMAC
9 What is the primary advantage of decentralized access control?It provides better redundancy.It provides control of access to people closer to the resources.It is less expensive.It provides more granular control of access.
10 Which of the following is best described as an access control model that focuses on subjects and identifies the objects that each subject can access?An access control listAn implicit denial listA capability tableA rights management matrix
11 Match each of the numbered authentication techniques with the appropriate lettered category. Each technique should be matched with exactly one category. Each category may be used once, more than once, or not at all.Authentication techniquePasswordID cardRetinal scanSmartphone tokenFingerprint analysisCategorySomething you haveSomething you knowSomething you are
12 Susan wants to integrate her website to allow users to use accounts from sites like Google. What technology should she adopt?KerberosLDAPOpenIDSESAME
13 Ben uses a software-based token that changes its code every minute. What type of token is he using?AsynchronousSmart cardSynchronousStatic
14 How does single sign-on increase security?It decreases the number of accounts required for a subject.It helps decrease the likelihood that users will write down their passwords.It provides logging for each system that it is connected to.It provides better encryption for authentication data.
15 Which of the following multifactor authentication technologies provides both low management overhead and flexibility?BiometricsSoftware tokensSynchronous hardware tokensAsynchronous hardware tokens
16 Tom is planning to terminate an employee this afternoon for fraud and expects that the meeting will be somewhat hostile. He is coordinating the meeting with human resources and wants to protect the company against damage. Which one of the following steps is most important to coordinate in time with the termination meeting?Informing other employees of the terminationRetrieving the employee’s photo IDCalculating the final paycheckRevoking electronic access rights
17 Jim wants to allow a partner organization’s Active Directory forest (B) to access his domain forest’s (A)’s resources but doesn’t want to allow users in his domain to access B’s resources. He also does not want the trust to flow upward through the domain tree as it is formed. What should he do?Set up a two-way transitive trust.Set up a one-way transitive trust.Set up a one-way nontransitive trust.Set up a two-way nontransitive trust.
18 The financial services company that Susan works for provides a web portal for its users. When users need to verify their identity, the company uses information from third-party sources to ask questions based on their past credit reports, such as “Which of the following streets did you live on in 2007?” What process is Susan’s organization using?Identity proofingPassword verificationAuthenticating with Type 2 authentication factorOut-of-band identity proofing
19 Lauren’s team of system administrators each deal with hundreds of systems with varying levels of security requirements and find it difficult to handle the multitude of usernames and passwords they each have. What type of solution should she recommend to ensure that passwords are properly handled and that features such as logging and password rotation occur?A credential management systemA strong password policySeparation of dutiesSingle sign-on
20 What type of trust relationship extends beyond the two domains participating in the trust to one or more of their subdomains?Transitive trustInheritable trustNontransitive trustNoninheritable trust
21 Adam is accessing a standalone file server using a username and password provided to him by the server administrator. Which one of the following entities is guaranteed to have information necessary to complete the authorization process?AdamFile serverServer administratorAdam’s supervisor
22 After 10 years working in her organization, Cassandra is moving into her fourth role, this time as a manager in the accounting department. What issue is likely to show up during an account review if her organization does not have strong account maintenance practices?An issue with least privilegePrivilege creepAccount creepAccount termination
23 Adam recently configured permissions on an NTFS filesystem to describe the access that different users may have to a file by listing each user individually. What did Adam create?An access control listAn access control entryRole-based access controlMandatory access control
24 Questions like “What is your pet’s name?” are examples of what type of identity proofing?Knowledge-based authenticationDynamic knowledge-based authenticationOut-of-band identity proofingA Type 3 authentication factor
25 What access management concept defines what rights or privileges a user has?IdentificationAccountabilityAuthorizationAuthentication
26 Susan has been asked to recommend whether her organization should use a MAC scheme or a DAC scheme. If flexibility and scalability are important requirements for implementing access controls, which scheme should she recommend and why?MAC, because it provides greater scalability and flexibility because you can simply add more labels as neededDAC, because allowing individual administrators to make choices about the objects they control provides scalability and flexibilityMAC, because compartmentalization is well suited to flexibility and adding compartments will allow it to scale wellDAC, because a central decision process allows quick responses and will provide scalability by reducing the number of decisions required and flexibility by moving those decisions to a central authority
27 Which of the following tools is not typically used to verify that a provisioning process was followed in a way that ensures that the organization’s security policy is being followed?Log reviewManual review of permissionsSignature-based detectionReview the audit trail
28 Joe is the security administrator for an ERP system. He is preparing to create accounts for several new employees. What default access should he give to all of the new employees as he creates the accounts?Read onlyEditorAdministratorNo access
29 A new customer at a bank that uses fingerprint scanners to authenticate its users is surprised when he scans his fingerprint and is logged in to another customer’s account. What type of biometric factor error occurred?A registration errorA Type 1 errorA Type 2 errorA time-of-use, method-of-use error
30 Laura