Who publishes the list of cryptographic modules validated according to the Federal Information Processing Standard (FIPS) 140-2?

D. The National Institute of Standards and Technology (NIST)

A. The U.S. Office of Management and Budget (OMB)

B. The International Standards Organization (ISO)

C. International Information System Security Certification Consortium, or (ISC) 2

Who performs the review process for hardware security modules (HSMs) in accordance with the Federal Information Processing Standard (FIPS) 140-2?

C. Independent (private) laboratories

A. The National Institute of Standards and Technology (NIST)

B. The National Security Agency (NSA)

D. The European Union Agency for Network and Information Security (ENISA)

The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is created by a member-driven OWASP committee of application development experts and published approximately every 24 months. The OWASP Top Ten list often includes “security misconfiguration.” Which of these is an example of a security misconfiguration?

C. Leaving default accounts unchanged

A. Not providing encryption keys to untrusted users

B. Having a public-facing website

D. Using turnstiles instead of mantraps

The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is created by a member-driven OWASP committee of application development experts and published approximately every 24 months. The OWASP Top Ten list often includes “security misconfiguration.” Which of these is an example of a security misconfiguration?

A. Having unpatched software in the production environment

B. Leaving unprotected portable media in the workplace

C. Letting data owners determine the classifications/categorizations of their data

D. Preventing users from accessing untrusted networks

The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is created by a member-driven OWASP committee of application development experts and published approximately every 24 months. The OWASP Top Ten list sometimes includes “missing function level access control.” Which of these is a technique to reduce the potential for a missing function-level access control?

A. Set the default to deny all access to functions, and require authentication/ authorization for each access request.

B. HTML escape all HTML attributes.

C. Restrict permissions based on an access control list (ACL).

D. Refrain from including direct access information in URLs.

Which of the following protocols is most applicable to the identification process aspect of t identity and access management (IAM)?

C. Lightweight Directory Access Protocol (LDAP)

B. Internet Protocol Security (IPSec)

D. Amorphous ancillary data transmission (AADT)

Why are platform as a service (PaaS) environments at a higher likelihood of suffering backdoor vulnerabilities?

B. They are often used for software development.

A. They rely on virtualization.

Alice is staging an attack against Bob’s website. She is able to introduce a string of command code into a database Bob is running, simply by entering the command string into a data field. This is an example of which type of attack?

A. Insecure direct object reference

Alice is staging an attack against Bob’s website. She has discovered that Bob has been storing cryptographic keys on a server with a default admin password and is able to get access to those keys and violate confidentiality and access controls. This is an example of which type of attack?

C. Using components with known vulnerabilities

Which of the following is a management risk that organizations migrating to the cloud will have to address?

C. Distributed denial of service (DDoS) attacks

Which kind of hypervisor is the preferred target of attackers, and why?

D. Type 2, because it has a greater attack surface

A. Type 1, because it is more straightforward

B. Type 1, because it has a greater attack surface

C. Type 2, because it is less protected

From an academic perspective, what is the main distinction between an event and an incident?

C. Events are anything that can occur in the IT environment, whereas incidents are unscheduled events.

A. Incidents can last for extended periods (days or weeks), whereas an event is momentary.

B. Incidents can happen at the network level, whereas events are restricted to the system level.

D. Events occur only during processing, whereas incidents can occur at any time.

Which of the following database encryption techniques can be used to encrypt specific tables within the database?

C. Application-level encryption

Which of the following database encryption techniques makes it difficult to perform database functions (searches, indexing, etc.)?

C. Application-level encryption

Event monitoring tools (security information and event management [SIEM]/security information management [SIM]/security event management [SEM]) can aid in which of the following efforts?

B. Prediction of physical device theft

C. Data classification/categorization issues

_____________is a direct identifier, and_______________ is an indirect identifier.

C. User’s IP address; user’s media access control (MAC) address

Bit-splitting also provides security against data breaches by_____________ .

B. Ensuring that an unauthorized user only gets a useless fragment of data

A. Removing all access to unauthorized parties

C. Moving data across jurisdictional boundaries

D. Tracking all incoming access requests

If bit-splitting is used to store data sets across multiple jurisdictions, how may this enhance security?

A. By making seizure of data by law enforcement more difficult

B. By hiding it from attackers in a specific jurisdiction

C. By ensuring that users can only accidentally disclose data to one geographic area

D. By restricting privilege user access

In protections afforded to personally identifiable information (PII) under the U.S. Health Information Portability and Accountability Act (HIPAA), the subject must in order to allow the vendor to share their personal data.

D. Provide a biometric template

Digital rights management (DRM) tools can be combined with to enhance security capabilities.

B. Egress monitoring solutions (DLP)

A. Roaming identity services (RIS)

C. Internal hardware settings (BIOS)

Data destruction in the cloud is difficult because__________ .

C. The hardware belongs to the provider

A. Cloud data doesn’t have substance

D. Most of the data is subterranean

What does nonrepudiation mean?

D. Preventing any party that participates in a transaction from claiming that it did not

A. Prohibiting certain parties from a private conversation

B. Ensuring that a transaction is completed before saving the results

C. Ensuring that someone cannot turn off auditing capabilities while performing a function

________________is the most prevalent protocol used in identity federation.

B. Security Assertion Markup Language (SAML)

A. Hypertext Transfer Protocol (HTTP)

C. File Transfer Protocol (FTP)

In which cloud service model does the customer lose the most control over governance? t

C. Software as a service (SaaS)

A. Infrastructure as a service (IaaS)

B. Platform as a service (PaaS)

Which of these does the cloud customer need to ensure protection of intellectual property created in the cloud?

A. Digital rights management (DRM) solutions

B. Identity and access management (IAM) solutions

Which of the following is not true about risk mitigation? t

D. Risk mitigation is always the best means to address risk.

A. A given control/countermeasure should never cost more than the impact of the risk it mitigates.

B. Risk cannot be reduced to zero.

C. The end state of risk mitigation is risk at a tolerable level.

You work for a government research facility. Your organization often shares data with other government research organizations. You would like to create a single sign-on experience across the organizations, where users at each organization can sign in with the user ID/authentication issued by that organization, then access research data in all the other organizations. Instead of replicating the data stores of each organization at every other organization (which is one way of accomplishing this goal), you instead want every user to have access to each organization’s specific storage resources. What is the term for this kind of arrangement?

A. Public-key infrastructure (PKI)

CCSP-P1-F

Authored by kalki disuza

English

1st Grade

Used 1+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

51 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the major difference between authentication and authorization?

A. Code verification/code implementation

B. Identity validation/access permission

C. Inverse incantation/obverse instantiation

D. User access/privileged access

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Access should be based on .

A. Regulatory mandates

B. Business needs and acceptable risk

C. User requirements and management requests

D. Optimum performance and security provision

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

All of the following are identity federation standards commonly found in use today except _______.

WS-Federation

OpenID

OAuth (Open Authorization)

Pretty Good Privacy (PGP)

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following is a federation standard/protocol that does not rely on Simple t Object Access Protocol (SOAP), Security Assertion Markup Language (SAML), or Extensible Markup Language (XML)?

A. WS-Federation

B. OpenID Connect

C. Service Organization Control (SOC) 2

D. Open Web Application Security Project (OWASP)

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Authentication mechanisms typically include any or all of the following except .

A. Something you know

B. Someone you know

C. Something you have

D. Something you are

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following constitutes a multifactor authentication process or procedure?

A. Using an automated teller machine (ATM) to get cash with your credit or debit card

B. Using a password and personal identification number (PIN) to log into a website

C. Presenting a voice sample and fingerprint to access a secure facility

D. Displaying a birth certificate and a credit card

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A web application firewall (WAF) can understand and act on traffic.

A. Malicious

B. Simple Mail Transfer Protocol (SMTP)

C. Internet Control Message Protocol (ICMP)

D. Hypertext Transfer Protocol (HTTP)

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

50 questions

f1.7.1

Quiz

•

1st - 5th Grade

47 questions

Theme 7 (Smart Start 5)

Quiz

•

1st - 5th Grade

50 questions

Проверка уровня языка

Quiz

•

1st Grade - Professio...

51 questions

Иностранный язык для студентов

Quiz

•

1st Grade

49 questions

homes, family, food

Quiz

•

1st - 5th Grade

50 questions

Quiz: There is, There are, Prepositions of Place

Quiz

•

1st Grade

50 questions

PREPARE 5 UNIT 8 AMAZING ARCHITECTURE

Quiz

•

KG - 9th Grade

50 questions

SPEAKING SKILLS

Quiz

•

1st - 12th Grade

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

10 questions

Probability Practice

Quiz

•

4th Grade

15 questions

Probability on Number LIne

Quiz

•

4th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

6 questions

Appropriate Chromebook Usage

Lesson

•

7th Grade

10 questions

Greek Bases tele and phon

Quiz

•

6th - 8th Grade

Discover more resources for English

17 questions

Reading Comprehension

Quiz

•

1st - 4th Grade

20 questions

VOWEL TEAMS: AI and AY

Quiz

•

1st Grade

20 questions

Nonfiction Text Features

Quiz

•

1st - 3rd Grade

10 questions

Exploring Natural Resources

Interactive video

•

1st - 5th Grade

18 questions

Phonics long vowels

Quiz

•

1st Grade

15 questions

Author's Purpose

Quiz

•

1st - 3rd Grade

16 questions

Blends and Digraphs

Quiz

•

KG - 1st Grade

20 questions

Capitalization in sentences

Quiz

•

KG - 4th Grade

CCSP-P1-F

What is the major difference between authentication and authorization?

Access should be based on .

All of the following are identity federation standards commonly found in use today except _______.

Which of the following is a federation standard/protocol that does not rely on Simple t Object Access Protocol (SOAP), Security Assertion Markup Language (SAML), or Extensible Markup Language (XML)?

Authentication mechanisms typically include any or all of the following except .

Which of the following constitutes a multifactor authentication process or procedure?

A web application firewall (WAF) can understand and act on traffic.

Who publishes the list of cryptographic modules validated according to the Federal Information Processing Standard (FIPS) 140-2?

Who performs the review process for hardware security modules (HSMs) in accordance with the Federal Information Processing Standard (FIPS) 140-2?

In terms of the number of security functions offered, which is the highest Federal Information Processing Standard (FIPS) 140-2 security level a cryptographic module can achieve in certification?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for English