Security Pro 6.1.8 Section Quiz

Audit trails produced by auditing activities are which type of security control? Detective Deterrent Preventative Directive

Detective

You have implemented an access control method that only allows users who are managers to access specific data. Which type of access control model is being used? DACL MAC DAC RBAC

RBAC

Which of the following is an example of rule-based access control? A member of the accounting team that is given access to the accounting department documents. Router access control lists that allow or deny traffic based on the characteristics of an IP packet. A computer file owner who grants access to the file by adding other users to an access control list. A subject with a government clearance that allows access to government classification labels of Confidential, Secret, and Top Secret.

Router access control lists that allow or deny traffic based on the characteristics of an IP packet.

Which access control model is based on assigning attributes to objects and using Boolean logic to grant access based on the attributes of the subject? Rule-Based Access Control Role-Based Access Control (RBAC) Mandatory Access Control (MAC) Attribute-Based Access Control (ABAC)

Attribute-Based Access Control (ABAC)

A remote access user needs to gain access to resources on the server. Which of the following processes are performed by the remote access server to control access to resources? Authentication and authorization Identity proofing and authorization Authentication and accounting Authorization and accounting Identity proofing and authentication

Authentication and authorization

Which of the following principles is implemented in a mandatory access control model to determine object access by classification level? Separation of duties Need to Know Clearance Ownership Principle of least privilege

Need to Know

What is the primary purpose of separation of duties? Inform managers that they are not trusted Prevent conflicts of interest Grant a greater range of control to senior management Increase the difficulty of performing administrative duties

Prevent conflicts of interest

You assign access permissions so that users can only access the resources required to accomplish their specific work tasks. Which security principle are you complying with? Cross-training Need to know Job rotation Principle of least privilege

Principle of least privilege

Which of the following is an example of privilege escalation? Privilege creep Separation of duties Principle of least privilege Mandatory vacations

Privilege creep

Which of the following is used for identification? PIN Password Username Cognitive question

Username