Security Roundtable Quiz-3
Day 3: Access controls
- 1.
Internal intruders are NOT usually defined as:
- A.
Authorized users exceeding their authority
- B.
Persons who have defeated the physical access controls of a facility
- C.
Employees gaining access to controlled areas
- D.
Users who access unintended areas of the network
Correct Answer
B. Persons who have defeated the physical access controls of a facilityExplanation
Answer b:
Authorized users trying to gain access to data or resources
beyond their need-to-know or access limitations. Authorized users trying
to gain unauthorized physical access to network connections, server
equipment, etc.Rate this question:
-
- 2.
How might an attacker with little systems experience gain privileged systems access?
- A.
Dictionary attack
- B.
Brute-force attack
- C.
Birthday attack
- D.
Shoulder-surfing attack
Correct Answer
D. Shoulder-surfing attackExplanation
Answer d: Shoulder-surfing
, the process of direct visual observation of monitor
displays to obtain access to sensitive information.Rate this question:
-
- 3.
Which of the following is NOT a characteristic of a virus?
- A.
Its primary effect is to consume system resources.
- B.
It may or may not carry a malicious payload.
- C.
It spreads through user action.
- D.
It attaches itself to executable code.
Correct Answer
A. Its primary effect is to consume system resources.Explanation
Answer a:
Worms usually do not cause damage to data; instead, the worm
absorbs the network’s resources causing the damage.Rate this question:
-
- 4.
Requiring approval before granting system access would be:
- A.
A physical control
- B.
A logical control
- C.
A compensating control
- D.
An administrative control
Correct Answer
D. An administrative controlExplanation
Answer d:
Administrative controls consist of management activities such
as organizational policies and procedures.Rate this question:
-
- 5.
Granting of access privileges to certain files is:
- A.
Authentication
- B.
Identification
- C.
Authorization
- D.
Accountability
Correct Answer
C. AuthorizationExplanation
Answer c:
Be careful not to confuse authentication with authorization.
Authentication is the process of verifying the identity of the sender and/or
receiver of information. Authorization establishes what the user is allowed
to do once the user has been identified and authenticated by the system.
Another “A” term sometimes misinterpreted is accountability, which is the
ability to track actions to users.Rate this question:
-
- 6.
Important elements in choosing a biometric system include all of the following EXCEPT:
- A.
User acceptance
- B.
Accuracy
- C.
Productivity
- D.
Processing speed
Correct Answer
C. ProductivityExplanation
Answer c:
Important elements of biometric devices are accuracy, processing
speed, and user acceptability.Rate this question:
-
- 7.
What is a security benefit related to thin-client architecture?
- A.
Reduced total cost of ownership of desktops
- B.
Standardized access control
- C.
Easier training for users
- D.
Wider availability of applications
Correct Answer
B. Standardized access controlExplanation
Answer b:
Access controls can be centrally located on the server.Rate this question:
-
- 8.
Audit logs should record all of the following EXCEPT:
- A.
Successful access attempts
- B.
System performance measurements
- C.
Failed access attempts
- D.
Changes to user permissions
Correct Answer
B. System performance measurementsExplanation
Answer b:
The audit data will reveal that a specific user accessed the file,
the time of access, and the type of access.Rate this question:
-
- 9.
Audit logs should be protected for all of the reasons EXCEPT:
- A.
Modification may impede an investigation
- B.
An attacker may try to alter them.
- C.
They may contain confidential information.
- D.
Standard format is critical for automated processing.
Correct Answer
D. Standard format is critical for automated processing.Explanation
Answer d:
The audit trail data should be protected at the most sensitive system level.Rate this question:
-
- 10.
What is the best method of reducing a brute-force denial-of-service attack against a password file?
- A.
Setting a higher clipping level
- B.
Locking out a user for a set time period
- C.
Establishing a lockout that requires administrator intervention
- D.
Using a stronger cryptographic algorithm
Correct Answer
B. Locking out a user for a set time periodExplanation
Answer b:
Denial-of-service attack, whereby the perpetrator is able to lock out many users by discovering their user identifications and entering a specified number of invalid passwords, is minimized.
Note that answer A could also be correct but is not the best answer from a security perspective.Rate this question:
-
- 11.
Which of the following is NOT a common attack performed against smart cards?
- A.
Etching
- B.
Microprobing
- C.
Fault generation
- D.
Eavesdropping
Correct Answer
A. EtchingExplanation
Answer a:
There are several weaknesses and types of attacks against smart cards, including answers b, c, and d.Rate this question:
-
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 21, 2023Quiz Edited by
ProProfs Editorial Team -
Jul 12, 2009Quiz Created by
Advaiya
- Binary Code Quizzes
- Computer Concept Quizzes
- Computer Essential Quizzes
- Computer Forensics Quizzes
- Computer Hardware Quizzes
- Computer Networking Quizzes
- Computer Parts Quizzes
- Computer Programming Quizzes
- Computer Science Quizzes
- Computer Shortcut Key Quizzes
- Computer Skills Quizzes
- Computer Virus Quizzes
- Data Quizzes
- Data Security Quizzes
- HCI Quizzes
- Internet Quizzes
- Malware Quizzes
- Microprocessor Quizzes
- Operating System Quizzes
- Programming Language Quizzes
- Server Quizzes
- Software Quizzes
Back to top