bobomb 2
During which phase of access control process does the system answer the question, "What can the requestor access?"
Authorization
Which security model does NOT protect the integrity of information?
Bell-LaPadula
Which type of password attack attempts all possible combination of a password in an attempt to guess the correct value?
Brute-force attack
Curtis is conducting an audit of an identity management system. Which question is NOT likely to be in the scope of his audit?
Does the firewall properly block unsolicited network connection attempts?
A report indicating that a system's disk is at 80 percent full is a good indication that something is wrong with that system.
False
Passphrases are less secure than passwords.
False
You should use easy-to-remember personal information to create secure passwords.
False
Which of the following is an example of hardware security control?
MAC filtering
Which of the following is NOT an advantage of biometric systems?
Physical characteristics may change
Which activity is an auditor least likely to conduct during the information gathering phase of an audit?
Report Writing
Gina is preparing to monitor network activity using packet sniffing. Which technology is most likely to interfere with this effort if used on the network?
Secure Sockets Layer (SSL)
What is an XML-based open standard of exchanging authentication and authorization information and is commonly used for web applications?
Security Assertion Markup Language (SAML)
Tomahawk Industries develops weapon control systems for the military. The company designed a system that requires two different officers to enter their access codes before allowing the system to engage. Which principle of security is this following?
Separation of duties
What is NOT generally a section in an audit report?
System configurations
During and audit, an auditor compares the current setting of a computer or device with a benchmark to help identify differences.
True
In security testing data collection, observation is the input used to differentiate between paper procedures and the way the job is really done.
True
Many jurisdictions require audits by law.
True
After audit activities are completed, auditors perform data analysis.
True
Which audit data collection method helps ensure that the information-gathering process covers all relevant areas?
Checklist
Which characteristic of a biometric system measures the system's accuracy using a balance of different error types?
Crossover error rate (CER)
Anthony is responsible for turning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time than an administrator connects to a server using Secure Shell(SSH). What type of error is occurring?
False Positive error
Performing security testing includes vulnerability testing and penetration testing.
True
An auditing benchmark is the standard by which a system is compared to determine whether it is securely configured.
True
What type of security monitoring tool would be most likely to identify an authorization change to a computer system?
System integrity monitoring
An example of a threat to access control is in a peer-to-peer (P2P) arrangement in which users share their My Documents folder with each other by accident.
True
Common methods used to identify a user to a system include username, smart card, and biometrics.
True
Regarding an intrusion detection system (IDS), stateful matching looks for specific sequences appearing across several packets in a traffic stream rather than just individual packets.
True
What type of authentication includes smart cards?
Ownership
A dictionary attack works by hashing all the words in a dictionary and then comparing the hashed value with the system password file to discover a match.
True
A trusted operating system (TOS) provides features that satisfy specific government requirements for security.
True