bobomb 2

During which phase of access control process does the system answer the question, "What can the requestor access?"

Authorization

Which security model does NOT protect the integrity of information?

Bell-LaPadula

Which type of password attack attempts all possible combination of a password in an attempt to guess the correct value?

Brute-force attack

Curtis is conducting an audit of an identity management system. Which question is NOT likely to be in the scope of his audit?

Does the firewall properly block unsolicited network connection attempts?

A report indicating that a system's disk is at 80 percent full is a good indication that something is wrong with that system.

False

Passphrases are less secure than passwords.

False

You should use easy-to-remember personal information to create secure passwords.

False

Which of the following is an example of hardware security control?

MAC filtering

Which of the following is NOT an advantage of biometric systems?

Physical characteristics may change

Which activity is an auditor least likely to conduct during the information gathering phase of an audit?

Report Writing

Gina is preparing to monitor network activity using packet sniffing. Which technology is most likely to interfere with this effort if used on the network?

Secure Sockets Layer (SSL)

What is an XML-based open standard of exchanging authentication and authorization information and is commonly used for web applications?

Security Assertion Markup Language (SAML)

Tomahawk Industries develops weapon control systems for the military. The company designed a system that requires two different officers to enter their access codes before allowing the system to engage. Which principle of security is this following?

Separation of duties

What is NOT generally a section in an audit report?

System configurations

During and audit, an auditor compares the current setting of a computer or device with a benchmark to help identify differences.

True

In security testing data collection, observation is the input used to differentiate between paper procedures and the way the job is really done.

True

Many jurisdictions require audits by law.

True

After audit activities are completed, auditors perform data analysis.

True

Which audit data collection method helps ensure that the information-gathering process covers all relevant areas?

Checklist

Which characteristic of a biometric system measures the system's accuracy using a balance of different error types?

Crossover error rate (CER)

Anthony is responsible for turning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time than an administrator connects to a server using Secure Shell(SSH). What type of error is occurring?

False Positive error

Performing security testing includes vulnerability testing and penetration testing.

True

An auditing benchmark is the standard by which a system is compared to determine whether it is securely configured.

True

What type of security monitoring tool would be most likely to identify an authorization change to a computer system?

System integrity monitoring

An example of a threat to access control is in a peer-to-peer (P2P) arrangement in which users share their My Documents folder with each other by accident.

True

Common methods used to identify a user to a system include username, smart card, and biometrics.

True

Regarding an intrusion detection system (IDS), stateful matching looks for specific sequences appearing across several packets in a traffic stream rather than just individual packets.

True

What type of authentication includes smart cards?

Ownership

A dictionary attack works by hashing all the words in a dictionary and then comparing the hashed value with the system password file to discover a match.

True

A trusted operating system (TOS) provides features that satisfy specific government requirements for security.

True