Quiz about IIS Trial Test

Question 1

Risk analysis is MOST useful when applied during which phase of the system development process?

Accepted Answer

Project identification

Answer

Requirements definition

Answer

Implementation planning

Answer

System construction

Question 2

Which must bear the primary responsibility for determining the level of protection needed for information systems resources?

Accepted Answer

Senior Management

Answer

Seniors security analysts

Answer

System auditors

Answer

IS security specialists

Question 3

Which one of the following describes a covert timing channel?

Accepted Answer

Allows one process to signal information to another by modulating its own use of system resources.

Answer

Provides the timing trigger to activate a malicious program disguised as a legitimate function.

Answer

Used by a supervisor to monitor the productivity of a user without their knowledge.

Answer

Modulated to carry an unintended information signal that can only be detected by special, sensitive receivers.

Question 4

Which of the following is being considered as the most reliable kind of personal identification?

Accepted Answer

Finger print

Answer

Ticket Granting

Answer

Password

Answer

Token

Question 5

What is the main responsibility of the information owner?

Accepted Answer

making the determination to decide what level of classification the information requires

Answer

periodically checking the validity and accuracy for all data in the information system

Answer

running regular backups

Answer

audit the users when they require access to the information

Question 6

What is called the access protection system that limits connections by calling back the number of a previously authorized location?

Accepted Answer

Callback systems

Answer

Sendback forward systems

Answer

Callback forward systems

Answer

Sendback system

Question 7

What is called a type of access control where a central authority determines what subjects can have access to certain objects, based on the organizational security policy?

Accepted Answer

Non-discretionary Access Control

Answer

Rule-based access control

Answer

Mandatory Access Control

Answer

Discretionary Access Control

Question 8

What control is based on a specific profile for each user?

Accepted Answer

ID based access control.

Answer

Lattice based access control.

Answer

Rule based access control.

Answer

Directory based access control.

Question 9

Which of the following implements the authorized access relationship between subjects and objects of a system?

Accepted Answer

Security kernel

Answer

Security model

Answer

Reference kernel

Answer

Information flow model

Question 10

What represents the amount of time you hold down in a particular key?

Accepted Answer

Dwell time

Answer

Systems time

Answer

Dynamic time

Answer

Flight time

Question 11

Which of the following is best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?

Accepted Answer

Fail safe

Answer

Fail resilient

Answer

Fail proof

Answer

Fail soft

Question 12

What Distributed Computing Environment (DCE) component provides a mechanism to ensure that services are made available only to properly designated parties?

Accepted Answer

Directory Service

Answer

Remote Procedure Call Service

Answer

Authentication and Control Service

Answer

Distributed File Service

Question 13

Which of the following is the most reliable authentication device?

Accepted Answer

Smart card system

Answer

Fixed callback system

Answer

Combination of variable and fixed callback system

Answer

Variable callback system

Question 14

Who should determine the appropriate access control of information?

Accepted Answer

Owner

Answer

User

Answer

Server

Answer

Administrator

Question 15

What is the essential difference between a self-audit and an independent audit?

Accepted Answer

Objectivity

Answer

Competence

Answer

Results

Answer

Tools used

Question 16

Which of the following eye scan methods is considered to be more intrusive?

Accepted Answer

Retinal scans

Answer

Iris scans

Answer

Body scans

Answer

Reflective scans

Question 17

Which of the following statements pertaining to the Trusted Computer System Evaluation Criteria (TCSEC) is incorrect?

Accepted Answer

With TCSEC, functionality and assurance are evaluated separately.

Answer

Database management systems are not covered by the TCSEC

Answer

TCSEC provides a means to evaluate the trustworthiness of an information system

Question 18

Why would an information security policy require that communications test equipment be controlled?

Accepted Answer

The equipment can be used to browse information passing on a network

Answer

The equipment is susceptible to damage

Answer

The equipment must always be available for replacement if necessary

Answer

The equipment can be used to reconfigure the network multiplexers

Question 19

What is the PRIMARY component of a Trusted Computer Base?

Accepted Answer

The reference monitor

Answer

The operating system software

Answer

The security subsystem

Answer

The computer hardware

Question 20

Within the Open Systems Interconnection (OSI) Reference Model, authentication addresses the need for a network entity to verify both

Accepted Answer

The identity of a remote communicating entity and the authenticity of the source of the data that are received.

Answer

The location of a remote communicating entity and the path through which communications are received.

Answer

The authenticity of a remote communicating entity and the path through which communications are received.

Answer

The identity of a remote communicating entity and the level of security of the path through which data are received.

Question 21

Which risk management methodology uses the exposure factor multiplied by the asset value to determine its outcome?

Accepted Answer

Single Loss Expectancy

Answer

Information Risk Management

Answer

Annualized Loss Expectancy

Answer

Annualized Rate of Occurrence

Question 22

Which one of the following is the MOST critical characteristic of a biometrics system?

Accepted Answer

Accuracy

Answer

Acceptability

Answer

Throughput

Answer

Reliability

Question 23

Which of the following are the benefits of Keystroke dynamics?

Accepted Answer

All of the choices

Answer

Transparent

Answer

Low cost

Answer

Unintrusive device

Question 24

The default level of security established for access controls should be

Accepted Answer

No access

Answer

All access

Answer

Read access

Answer

Update access

Question 25

What is the PRIMARY advantage of using a separate authentication server (e.g., Remote Access Dial-In User System, Terminal Access Controller Access Control System) to authenticate dial-in users?

Accepted Answer

C. Audit and access information are not kept on the access server

Answer

A. Each session has a unique (one-time) password assigned to it

Answer

B. Call-back is very difficult to defeat

Answer

Single user longons are easier to manage and audit

Question 26

What security model implies a central authority that determines what subjects can have access to what objects?

Accepted Answer

Non-discretionary access control

Answer

Discretionary access control

Answer

Mandatory access control

Answer

Centralized access control

Question 27

Which of the following is true regarding a secure access model?

Accepted Answer

Secure information cannot flow to a less secure user.

Answer

Secure information can flow to a less secure user.

Answer

None of the choices.

Answer

Secure information cannot flow to a more secure user.

Question 28

Which of the following describes elements that create reliability and stability in networks and systems and which assures that connectivity is accessible when needed?

Accepted Answer

Availability

Answer

Confidentiality

Answer

Integrity

Answer

Acceptability

Question 29

Which of the following choices is NOT part of a security policy?

Accepted Answer

Description of specific technologies used in the field of information security

Answer

Statement of management intend, supporting the goals and principles of information security

Answer

Definition of general and specific responsibilities for information security management

Answer

Definition of overall steps of information security and the importance of security

Question 30

The access matrix model consists of which of the following parts?

Accepted Answer

All of the choices

Answer

A list of subjects.

Answer

A list of objects.

Answer

A function that returns an objects type.

Question 31

Which of the following is not a part of risk analysis?

Accepted Answer

Choose the best countermeasure

Answer

Quantify the impact of potential threats

Answer

Identify risks

Answer

Provide an economic balance between the impact of the risk and the cost of the associated countermeasures

Question 32

According to Common Criteria, what can be described as an intermediate combination of security requirement components?

Accepted Answer

Package

Answer

Security target (ST)

Answer

The Target of Evaluation (TOE)

Answer

Protection profile (PP)

Question 33

Memory only cards work based on:

Accepted Answer

Something you know and something you have.

Answer

Something you know.

Answer

Something you have.

Answer

None of the choices.

Question 34

What access control methodology facilitates frequent changes to data permissions?

Accepted Answer

Rule-based

Answer

Role-based

Answer

List-based

Answer

Ticket-based

Question 35

What is a protocol used for carrying authentication, authorization, and configuration information between a Network Access Server and a shared Authentication Server?

Accepted Answer

RADIUS

Answer

PPTP

Answer

L2TP

Answer

IPSec

Question 36

Which of the following are objectives of an information systems security program?

Accepted Answer

Integrity, confidentiality, and availability

Answer

Authenticity, vulnerabilities, and costs

Answer

Security, information value, and threats

Answer

Threats, vulnerabilities, and risks

Question 37

What best describes this scenario? This is a common security issue that is extremely hard to control in large environments. It occurs when a user has more computer rights, permissions, and privileges that what is required for the tasks the user needs to fulfill.

Accepted Answer

Excessive Privileges

Answer

Excessive Permissions

Answer

Excessive Rights

Answer

Excessive Access

Question 38

Which of the following are the types of eye scan in use today?

Accepted Answer

Reflective scans and iris scans.

Answer

Retinal scans and iris scans.

Answer

Retinal scans and reflective scans.

Answer

Retinal scans and body scans.

Question 39

What is an access control model?

Accepted Answer

A formal description of security policy.

Answer

A formal description of access control ID specification.

Answer

A formal description of a sensibility label.

Answer

None of the choices.

Question 40

All of the following are basic components of a security policy EXCEPT the _____.

Accepted Answer

statement of performance of characteristics and requirements.

Answer

statement of roles and responsibilities

Answer

definition of the issue and statement of relevant terms.

Answer

statement of applicability and compliance requirements.

Question 41

Which of the following is a type of mandatory access control?

Accepted Answer

Rule-based access control

Answer

User-directed access control

Answer

Role-based access control

Answer

Lattice-based access control

Question 42

What can be accomplished by storing on each subject a list of rights the subject has for every object?

Accepted Answer

Capabilities

Answer

Key ring

Answer

Object

Answer

Rights

Question 43

What was introduced for circumventing difficulties in classic approaches to computer security by limiting damages produced by malicious programs?

Accepted Answer

Reference Monitor

Answer

Integrity-monitoring

Answer

Non-Interference

Answer

Integrity-preserving

Question 44

What is the act of willfully changing data, using fraudulent input or removal of controls called?

Accepted Answer

Data diddling

Answer

Data trashing

Answer

Data capturing

Answer

Data contaminating

Question 45

Which one of the following risk analysis terms characterizes the absence or weakness of a risk reducing safeguard?

Accepted Answer

Vulnerability

Answer

Probability

Answer

Loss expectancy

Answer

Threat

Question 46

Which one of the following lacks mandatory controls and is NORMALLY AVOIDED for communication?

Accepted Answer

Covert channels

Answer

Object channels

Answer

Timing channels

Answer

Storage channels

Question 47

The absence or weakness in a system that may possibly be exploited is called a(n)?

Accepted Answer

Vulnerability

Answer

Exposure

Answer

Threat

Answer

Risk

Question 48

Data inference violations can be reduced using ____.

Accepted Answer

Polyinstantiation technique.

Answer

Correct-state transformation.

Answer

Multi-level data classification.

Answer

Rules based meditation.

Question 49

In terms of the order of acceptance, which of the following technologies is the MOST accepted?

Accepted Answer

Voice Pattern

Answer

Hand geometry

Answer

Keystroke pattern

Answer

Signature

Question 50

What is an error called that causes a system to be vulnerable because of the environment in which it is installed?

Accepted Answer

Environmental error

Answer

Access validation error

Answer

Exceptional condition handling error

Answer

Configuration error

Question 51

Which access control would a lattice-based access control be an example of?

Accepted Answer

Mandatory access control

Answer

Rule-based access control

Answer

Discretionary access control

Answer

Non-discretionary access control

Question 52

To ensure that integrity is attained through the Clark and Wilson model, certain rules are needed. These rules are:

Accepted Answer

Certification rules and enforcement rules.

Answer

Processing rules and enforcement rules.

Answer

Certification rules and general rules.

Answer

Integrity-bouncing rules.

Question 53

Which of the following prevents, detects, and corrects errors so that the integrity, availability, and confidentiality of transactions over networks may be maintained?

Accepted Answer

Communications security management and techniques

Answer

Clients security management and techniques

Answer

Networks security management and techniques

Answer

Servers security management and techniques

Question 54

Which of the following defines the intent of a system security policy?

Accepted Answer

A definition of the particular settings that have been determined to provide optimum security.

Answer

A listing of tools and applications that will be used to protect the system.

Answer

A definition of those items that must be excluded on the system.

Answer

A brief, high-level statement defining what is and is not permitted during the operation of the system.

Question 55

What is the method of coordinating access to resources based on the listing of permitted IP addresses?

Accepted Answer

ACL

Answer

DAC

Answer

MAC

Answer

None of the choices.

Question 56

Covert channel is a communication channel that can be used for:

Accepted Answer

Violating the security policy.

Answer

Strengthening the security policy.

Answer

Hardening the system.

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Science