security

A user copies files from her desktop computer to a USB flash device and puts the device into her pocket. Which of the following security goals is most at risk?

Smart phones with cameras and Internet capabilites pose a risk to which security goal?

By definition, which security concept ensures that only authorized parties can access data?

Your computer system is a participant in an asymmetric cryptography system. You've crafted a message to be sent to another user. Before transmission, you hash the message as a digital signature before sending it to the other user.

In this example, what protection does the hashing activity provide?

Which of the following is and example of an internal threat?

What is the greatest threat to the confidentiality of data in most secure organizations?

which of the following is the correct definition of a threat?

Which of the following is an example of a vulnerability?

Which of the following is not a valid concept to associate with integrity?

When a cryptographic system is used to protect the confidentiality of data, what is actually protected?

By definition, which security concept uses the ability to prove that a sender sent an encrypted message?

The company network is protected by a firewall, an IDS, and tight access controls. All of the files on this protected network are copied to tape every 24 hours.

The backup solution imposed on this network is designed to provide protection for what security service?

Which is the star property of Bell-LaPadula?

The Clark-Wilson model is primarily based on?

The Brewer-Nash model is designed primarily to prevent?

Discretionary Access Control (DAC) manages access to resources using what primary element or aspect?

What form of access control is based on job descriptions?

Which access control type is used to implement short-term repairs to restore basic functionality following an attack?

Encryption is which type of access control?

Which form of access control enforces security based on user identities and allows individual users to define access controls over owned resources?

You have implemented an access control method that allows only users who are managers to access specific data.

You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented?

A router access control list uses information in a packet such as the destination IP address and port number to make allow or deny forwarding decisions.

Which of the following is used for identification?

Which of the following is the term for the process of validation a subject's identity?

What type of password is maryhadalittlelamb?

Which of the following is a password that relates to things that people know, such as mother's maiden name, or the name of pet?

Which of the following defines the crossover rate for evaluating biometric systems?

Which of the following conditions is desirable when selecting a biometric system? (SELECT TWO)

Which of the following is an example of Type 1 (something you know) authentication?

Which of the following are examples of single sign-on authentication solutions? (SELECT TWO)

Which of the following is not a characteristic of Kerberos?

What is another term for the type of logon credentials provided by a token device?

Which of the following is an example of a single sign-on authentication solution?

Which of the following is the most common form of authentication?

Which of the following is the strongest form of multi-factor authentication?

Which of the following is an example of two-factor authentication?

Which of the following are examples of Type II (something you have) authentication credentials? (SELECT TWO)

Which of the following is not a form of biometric?

Which of the following information is typically not included in an access token?

Marcus White has just been promoted to a manager. To give him access to the files that he needs, you make his user account a member of the Managers group which has access to a special shared folder.

Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do?

Which type of media preparation is sufficient for media that will be reused in a different security context within your organization?

Which security principle prevents any one administrator from having sufficient access to compromise the security of the overall IT solution?

By assigning access permissions so that users can only access those resources which are required to accomplish their specific work tasks, you would be in compliance with?

An access control list (ACL) contains a list of users and allowed permissions. What is it called if the ACL automatically prevents access to anyone not on the list?

You are concerned that the accountant in your organization might have the chance to modify the books and steal from the company. You want to periodically have another person take over all accounting responsibilities to catch any irregularities.

Which solution should you implement?

Which of the following principles is implemented in a mandatory access control model to determine access to an object using classification levels?

What should be done to a user account if the user goes on an extended vacation?

What is the effect of the following command?

chage -M 60 -W 10 jsmith

Which of the following is the single best rule to enforce when designing complex passwords?