111. Which of the following is critical to understanding an access control policy?
a. Reachable-state
b. Protection-state
c. User-state
d. System-state
112. Which of the following should
a. Data encryption standard (DES)
b. Advanced encryption standard (AES)
c. Rivest, Shamir, and Adelman (RSA)
d. Diffie-Hellman (DH)
113. From an access control decision viewpoint, failures due to flaws in permission-based systems tend to do which of the following?
a. Authorize permissible actions
b. Fail-safe with permission denied
c. Unauthorize prohibited actions
d. Grant unauthorized permissions
114. Host and application system hardening procedures are a part of which of the following?
a. Directive controls
b. Preventive controls
c. Detective controls
d. Corrective controls
Directive controls are broad-based controls to handle security incidents, and they include management’s policies, procedures, and directives. Detective controls enhance security by monitoring the effectiveness of preventive controls and by detecting security incidents where preventive controls were circumvented. Corrective controls are procedures to react to security incidents and to take remedial actions on a timely basis. Corrective controls require proper planning and preparation as they rely more on human judgment.
115. From an access control decision viewpoint, fail-safe defaults operate on which of the following?
1. Exclude and deny
2. Permit and allow
3. No access, yes default
4. Yes access, yes default
a. 1 only
b. 2 only
c. 2 and 3
d. 4 only
116. For password management, automatically generated random passwords usually provide which of the following?
1. Greater entropy
2. Passwords that are hard for attackers to guess
3. Stronger passwords
4. Passwords that are hard for users to remember
a. 2 only
b. 2 and 3
c. 2, 3, and 4
d. 1, 2, 3, and 4
117. In biometrics-based identification and authentication techniques, which of the following indicates that security is unacceptably weak?
a. Low false acceptance rate
b. Low false rejection rate
c. High false acceptance rate
d. High false rejection rate