ECE Fund of Cybersecurity and Info Security: Ch 5 and 6
Janet is identifying the set of privileges that should be assigned to a new employee in her organization. Which phase of the access control process is she performing? Identification Authorization Accountability Authentication
Authorization
In an accreditation process, who has the authority to approve a system for implementation? Authorizing official (AO) System owner System administrator Certifier
Authorizing official (AO)
Ann is creating a template for the configuration of Windows servers in her organization. It includes the basic security settings that should apply to all systems. What type of document should she create? Guideline Policy Procedure Baseline
Baseline
Passphrases are less secure than passwords. True or False
False
Configuration changes can be made at any time during a system life cycle and no process is required. True or False
False
Procedures do NOT reduce mistakes in a crisis. True or False
False
Which security model does NOT protect the integrity of information? Clark-Wilson Biba Bell-LaPadula Brewer and Nash
Bell-LaPadula
Gary would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. Which model fits that scenario? Role-based access control (RBAC) Rule-based access control Mandatory access control (MAC) Discretionary access control (DAC)
Discretionary access control (DAC)
You should use easy-to-remember- personal information to create passwords. True or False
False
Which type of authentication includes smart cards? Knowledge Location Ownership Action
Ownership
Which one of the following is an example of a logical access control? Password Fence Key for a lock Access card
Password
Which one of the following is NOT an advantage of biometric systems? Biometrics are hard to fake Physical characteristics may change Biometrics require physical presence Users do not need to remember anything
Physical characteristics may change
Marguerite is creating a budget for a software development project. What phase of the system lifecycle is she undertaking? Functional requirements and definition Project initiation and planning System design specification Operations and maintenance
Project initiation and planning
Biyu is making arrangements to use a third-party service provider for security services. She wants to document a requirement for timely notification of security breaches. What type of agreement is most likely to contain formal requirements of this type? Memorandum of understanding (MOU) Service level agreement (SLA) Blanket purchase agreement (BPA) Interconnection security agreement (ISA)
Service level agreement (SLA)
Which one of the following principles is NOT a component of the Biba integrity model? Subjects cannot read objects that have a lower level of integrity than the subject. Subjects cannot change objects that have a lower integrity level. A subject may not ask for service from subjects that have a higher integrity level. Subjects at a given integrity level can call up only subjects at the same integrity level or lower.
Subjects cannot change objects that have a lower integrity level.
Aditya is attempting to classify information regarding a new project that his organization will undertake in secret. Which characteristic is NOT normally used to make these type of classification decisions? Threat Criticality Value Sensitivity
Threat
A functional policy declares an organization's management direction for security in such specific functional areas as email, remote access, and Internet surfing. True or False
True
Single sign-on (SSO) can provide for stronger passwords because with only one password to remember, users are generally willing to use stronger passwords. True or False
True
With proactive change management, management initiates the change to achieve a desired goal. True or False
True
Which one of the following is NOT a commonly accepted best practice for password security? Do not include usernames in passwords. Include a mixture of uppercase characters, lowercase characters, and numbers in passwords. Use at least six alphanumeric characters. Include a special character in passwords.
Use at least six alphanumeric characters.