Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
24 Cards in this Set
- Front
- Back
- 3rd side (hint)
|
Of the following choices what type of control is least privilege?
A. Corrective B. Technical C. Detective D. Preventative |
B. The principle of least privilege is a technical control and ensured that users have only the rights and permissions needed to perform the job, and no more. A corrective control attempts to reverse the affects of the problem. A detective control (such as a sec audit) detects when a vulnerability has been exploited. A preventative control attempts to prevent an incident from happening. |
None |
|
|
Of the following, what type of control is a vulnerability assessment?
A. Corrective B. Management C. Detective D. Technical |
B. A vulnerability assessment is a management control and attempts to discover weaknesses on the system. A corrective control attempts to reverse the effects of a problem. A detective control detects when a vulnerability has been exploited. A technical control (principle of least privileged) enforces security using technical means. |
|
|
|
Which of the following is a preventative control that can prevent outages due to ad-hoc configuration error?
A. Least privilege B. A periodic review of use rights C. Change management plan D. Security audit |
C. A change management strategy can prevent outages by ensuring that configuration changes aren't made in an as needed basis, but instead are examined prior to making the change; also known as an operational control. Periodic review of a persons rights is special type of periodic control. |
None |
|
|
Which of the following is a preventative contol?
A. Least privilege B. Security audit C. Security guard D. Periodic review of user rights |
C. A security guard is a preventative physical security control. |
None |
|
|
Your organization regularly performs routine security audits to assess security posture. What type of control is this.
A. Corrective B. Technical C. Detective D. Preventative |
C. A security audit is a form of detective control, sense it will detect when a vulnerability has been exploited after the fact. |
None |
|
|
Of the following choices, what is a detective security control?
A. Change management B. HVAC C. CCTV D. User Training |
C. Closed-circuit television (CCTV) system can record activity and can detect what occured as a detective security control. |
none |
|
|
An administrator is assigning access to users in different departments based on their job functions. What access control model is the admin using?
A. DAC B. MAC C. RBAC D. CAC |
C. In a role-based access control (RBAC) model, roles are used to define rights and permissions for users. The DAC model specifies that every object has an owner, and the owner has full, explicit control of the object. The MAC modle uses sensitivity labels for users and data. A CAC is an identification card that includes smart-card capabilities. |
none |
|
|
You manage user accounts for a sales department. You have created a sales user account template to compy with the principle of least privilege. What access control model are you following?
A. DAC B. MAC C. RBAC D. DACL |
C. The role-based access control (RBAC) model can use groups (as roles) with a user acount template assigned to a group to ensure new users are granted access only to what they need, and no more. |
|
|
|
Windows Systems protect files and folders with New Technology File System (NTFS). What access control model does NTFS use?
A. Madatory Access Control B. Discretionary Access Control C. Rule-based Access Control D. Implicit allow
|
B. Windows systems use the discretionary access control (DAC) model by default for NTFS files and folders. There is not such access control as implicit allow. |
|
|
|
What is the purpose of a cipher lock system?
A. Control door access with a keypad. B. Control door access with a proximity card. C. Control access to a laptop with biometrics D. Control access to laptop with a smart card. |
A. A cipher lock system is a door access security method and only opens after a user has entered the correct code into the cipher lock. A proximity card uses a proximity card reader, not a cipher lock. |
|
|
|
What can you use to electronically unlok a door for specific users?
A. Token B. Proximity card C. Physical key D. Certificate |
B. Proximity cards are used as an additional access control in some areas to electornically unlock doors. A token (such as an RSA token) can provide a rolling password for a one time use. A cert can be embedded in a smart card but, by itself, it would not electronically unlock a door. |
|
|
|
An organization wants to prevent unauthroized personell from entering a secure workspace. Of the following choics, what can be used. (Choose two)
A. Security Guard B. Piggybacking C. CCTV D. Proximity cards |
A, D. Security guards an proximity cards are valid methods to prevent unauthroized personel from entering a secure workspace, such as a secure datacenter. |
|
|
|
A company hosts a datacenter with highly sensitive data. Of the following choices, what can provide the best type of physical security to prevent unauthorized entry?
A. Proximity card B. CCTV C. ID badges D. Mantrap |
D. A mantrap is highly effective at preventing unauthorized entry and can also be used to prevent tailgating. |
|
|
|
Two employees have entered a secure datacenter, However, only one employee provided credintials. How did the other employee gain entry?
A. Mantrap B. HVAC C. Vishing D. Tailgating |
D. |
|
|
|
Your organization has several portable USB drives that users are able to use to transfer large video files intead of copying them over the network. What should be used to prevent the theft of these drives when they are not being used?
A. HSM B. TPM C. Video surveillance D. Locked cabinet |
D. |
|
|
|
Your organization requires users to create passwords of at least 10 characters for their user acounts. Which of the following is being enforced?
A. Password leagth B. Password complexity C. Password masking D. Password history |
A. Password length. Requiring a specific length of characters is the passwrod length element of a password policy. |
|
|
|
Your password policy includes a password history. What else should be configured to ensure that users aren't able to easily reuse the same password?
A. Maximum age B. Minimum age C. Password masking D. Password complexity |
B. The minimum password age prevents users from changing the password again until some time has passed, such as one day. |
|
|
|
Your org. has a password poicy that requires employees to change their passwords at least every forty-five days and prevents users from reusing any of their last 5 pwds. However, when forced to change their pwds, users are changing their pwds 5 more times to keep their original pwd. What can resolve this security vulnerability? A. Modify the pwd policy to prevent users from changing the pwd unti a day has passed. B. Modify the pwd policy to require users to change their pwd after a day has passed. C. modify the pwd policy to remember the last 12 pwds D. modify the pwd policy to remeber the last 24 pwds. |
A. Password policy have a minimum password age setting, and if set to one day it will prevent users from changing their passwords until a day has passed. |
|
|
|
A user has forgotten his pwd and calls the help desk for assistance. The help desk professional will reset the pwd and tell the user the new pwd. What should the help desk professional cofigure to ensure that user immediately resets the password? A. pwd complexity B. pwd masking C. pwd history D. pwd expiration |
D. Pwd expiration. should be configured so that the user is forced to change the pwd the first time he logs on. |
|
|
|
Users in your network are required to change their pwds every 60 days. What is this an example of? A. pwd expiration requirement B. pwd history requirement C. pwd length requirement D. pwd strength requirement |
A. Pwd expiration requirement. A pwd policy can include a pwd expiration requirement (or max age) that ensures that users change their pwd periodically, such as every 60 days or every 90 days. |
|
|
|
Your company has hired a temporary contractor that needs a computer account for 60 days. You want to ensure tha account is automatically disabled after 60 days. What feature would you use? A. account lockout B. account expiration C. deletion through automated script D. Manual Deletion |
B. Account expiration. Most systems include a feature that allows you to set the expiration of an account when a present deadline arrives. |
|
|
|
After an employee is terminated, what should be done to revoke the employee's access? A. Expire the pwd B. Lock out the account C. Delete the account D. Disable the account |
D. Disable the account. An acct disablement policy would ensure that a terminated employee's account is disale to revoke the employee's access. |
|
|
|
Management wants to prevent users in the Marketing Dept. from logging onto network systems between 6 pm and 5 am. How can this be accomplished? A. Use time of day restrictions B. account expirations C. pwd expiration D. implement a detective control |
A. Use time-of-day restrictions. can be used to prevent users from logging n at certain times, or even from making connections t onetwork resourcesat certain times. |
|
|
|
You have recently added a server to your network that will host data used and updated by employees. You want to monitor security events on the system. Of the following, what is the most important security event to monitor? A. Data modifications B. TCP connections C. UDP connections D. Account login attemps |
D. Account login attemps are the most important. |
|
