Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
20 Cards in this Set
- Front
- Back
- 3rd side (hint)
|
1 CH 6
As part of your training program, you’re trying to educate users on the importance of security. You explain to them that not every attack depends on implementing advanced technological methods. Some attacks, you explain, take advantage of human shortcomings to gain access that should otherwise be denied. What term do you use to describe attacks of this type? |
1
A) Social engineering B) IDS system C) Perimeter security D)Biometrics |
1 A
Social engineering uses the inherent trust in the human species, as opposed to technology, to gain access to your environment. |
|
|
2 CH 6
Which classification of information designates that information can be released on a restricted basis to outside organizations? |
2
A) Private information B) Full distribution C) Restricted information D) Limited distribution |
2 D
Limited distribution information can be released to select individuals and organizations, such as financial institutions, governmental agencies, and creditors. |
|
|
3 CH 6
You’ve recently been hired by ACME to do a security audit. The managers of this company feel that their current security measures are inadequate. Which information access control model prevents users from writing information down to a lower level of security and prevents users from reading above their level of security? |
3
A) Bell-LaPadula model B) Biba model C) Clark-Wilson model D) Noninterference model |
3 A
The Bell-LaPadula model is intended to protect confidentiality of information. This is accomplished by prohibiting users from reading above their security level and preventing them from writing below their security level. |
|
|
4 CH 6
The Cyberspace Security Enhancement Act gives law enforcement the right to: |
4
A) Fine ISPs who host rogue sites B) Gain access to encryption keys C) Restrict information from public view D) Stop issuance of .gov domains |
4 B
The Cyberspace Security Enhancement Act gives law enforcement the right to gain access to encryption keys. |
|
|
5 CH 6
For which U.S. organization was the Bell-LaPadula model designed? |
5
A) Military B) Census Bureau C) Office of Management and Budget D)Executive Office of the President |
5 A
The Bell-LaPadula model was originally designed for use by the military. |
|
|
6 CH 6
Which of the following is another name for social engineering? |
6
A) Social disguise B) Social hacking C) Wetware D) Wetfire |
6 C
Wetware is another name for social engineering. |
|
|
7 CH 6
The Clark-Wilson model must be accessed through applications that have predefined capabilities. This process prevents all except: |
7
A) Modification B) Spam C) Errors D) Fraud |
7 B
The Clark-Wilson model must be accessed through applications that have predefined capabilities. This process prevents all the choices listed except spam. |
|
|
8 CH 6
There are two types of implicit denies. One of these can be configured so that only users specifically named can use the service and is known as: |
8
A) at.deny B) at.allow C) at.open D) at.closed |
8 B
at.allow configurations allow only users specifically named to use the service. |
|
|
9 CH 6
_____ information is made available to either large public or specific individuals, while _____ information is intended for only those internal to the organization. |
9
A) Private; Restricted B) Public; Private C) Limited distribution; Internal D) Public; Internal |
9 B
Public information is made available to either large public or specific individuals, while Private information is intended for only those internal to the organization. |
|
|
10 CH 6
Which of the following actions would not be allowed in the Bell-LaPadula model? |
10
A) General with Top Secret clearance writing at the Top Secret level B) Corporal with Confidential clearance writing at the Confidential level C) General with Top Secret clearance reading at the Confidential level D) General with Top Secret clearance writing at the Confidential level |
10 D
The first three actions would be allowed since you can write to your level and read at your level (or below). The situation that would not be allowed is the General with Top Secret clearance writing at the Confidential level. |
|
|
11 CH 6
Which of the following is the best description of tailgating? |
11
A) Following someone through a door they just unlocked B) Figuring out how to unlock a secured area C) Sitting close to someone in a meeting D) Stealing information from someone’s desk |
11 A
Tailgating is best defined as following someone through a door they just unlocked. |
|
|
12 CH 6
An NDA (nondisclosure agreement) is typically signed by? |
12
A) Alpha testers B) Customers C) Beta testers D) Focus groups |
12
An NDA (nondisclosure agreement) is typically signed by beta testers. |
|
|
13 CH 6
What is the form of social engineering in which you simply ask someone for a piece of information that you want by making it look as if it is a legitimate request? |
13
A) Hoaxing B) Swimming C) Spamming D) Phishing |
13 D
Phishing is the form of social engineering in which you simply ask someone for a piece of information that you want by making it look as if it is a legitimate request. |
|
|
14 CH 6
Users should be educated in the correct way to close pop-up ads in the workplace. That method is to: |
14
A) Click the word Close B) Click the “X” in the top right C) Press Ctrl+Alt+Del D) Call IT |
14 B
Pop-up ads should be closed by clicking the “X” in the top right. |
|
|
15 CH 6
Which act mandates national standards and procedures for the storage, use, and transmission of personal medical information? |
15
A) CFAA B) HIPAA C) GLBA D) FERPA |
15 B
HIPAA mandates national standards and procedures for the storage, use, and transmission of personal medical information. |
|
|
16 CH 6
When you combine phishing with Voice over IP, it is known as: |
16
A) Spoofing B) Spooning C) Whaling D) Vishing |
16 D
Vishing involves combining phishing with Voice over IP. |
|
|
17 CH 6
Which of the following is the highest classification level in the government? |
17
A) Top Secret B) Secret C) Classified D) Confidential |
17 A
Top Secret is the highest classification level in the government. |
|
|
18 CH 6
at.allow is an access control that allows only specific users to use the service. What is at.deny? |
18
A) It does not allow users named in the file to access the system. B) It ensures that no one will ever be able to use that part of your system. C) It opens up the server only to intranet users. D) It blocks access to Internet users. |
18 A
The at.deny file does not allow users named in the file to access the system. |
|
|
19 CH 6
Which of the following is the best description of shoulder surfing? |
19
A) Following someone through a door they just unlocked B) Figuring out how to unlock a secured area C) Watching someone enter important information D)Stealing information from someone’s desk |
19 C
Shoulder surfing is best defined as watching someone enter important information. |
|
|
20 CH 6
Which concept does the Bell-LaPadula model deal most accurately with? |
20
A) Integrity B) Trustworthiness C) Confidentiality D) Accuracy |
20 C
The Bell-LaPadula model deals most accurately with confidentiality. |
