Directive controls are broad-based controls to handle security incidents, and they include management’s policies, procedures, and directives. Detective controls enhance security by monitoring the effectiveness of preventive controls and by detecting security incidents where preventive controls were circumvented. Corrective controls are procedures to react to security incidents and to take remedial actions on a timely basis. Corrective controls require proper planning and preparation as they rely more on human judgment.
137. What is using two different passwords for accessing two different systems in the same session called?
a. One-factor authentication
b. Two-factor authentication
c. Three-factor authentication
d. Four-factor authentication
138. What is using a personal identity card with attended access (e.g., a security guard) and a PIN called?
a. One-factor authentication
b. Two-factor authentication
c. Three-factor authentication
d. Four-factor authentication
139. A truck driver, who is an employee of a defense contractor, transports highly sensitive parts and components from a defense contractor’s manufacturing plant to a military installation at a highly secure location. The military’s receiving department tracks the driver’s physical location to ensure that there are no security problems on the way to the installation. Upon arrival at the installation, the truck driver shows his employee badge with photo ID issued by the defense contractor, enters his password and PIN, and takes a biometric sample of his fingerprint prior to entering the installation and unloading the truck’s content. What does this described scenario represents?
a. One-factor authentication
b. Two-factor authentication
c. Three-factor authentication
d. Four-factor authentication
140. Which of the following is achieved when two authentication proofs of something that you have is implemented?
a. Least assurance
b. Increased assurance
c. Maximum assurance
d. Equivalent assurance