0
[{"id":427018,"quiz_id":"21675","answer_id":null,"answerType_id":"0","created_at":"2018-04-08 17:38:54","updated_at":"2018-05-13 22:06:45","questionName":"Audit trails produced by auditing activities are which type of security control?","questionTimeSeconds":"0","questionTimeMinutes":"1","questionImagePath":null,"position":5,"explanation":"Audit trails produced by auditing activities are a detective security control. Audit trails are used to detect the occurrence of unwanted or illegal actions by users. Audit trails give administrators the ability to reconstruct historical events and locate aberrant activities. Once an issue is discovered in an audit trail, the collected information can be used to guide the corrective or recovery procedure to restore resources, prevent re-occurrence, and prosecute the perpetrator. The security function of auditing the activities of user accounts on a secured system is considered a preventative or deterrent security control.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":427009,"quiz_id":"21675","answer_id":null,"answerType_id":"0","created_at":"2018-04-08 17:22:14","updated_at":"2018-05-13 22:06:45","questionName":"The Clark-Wilson security model is primarily based on which element?","questionTimeSeconds":"0","questionTimeMinutes":"1","questionImagePath":null,"position":0,"explanation":"The Clark-Wilson model is primarily based on controlled intermediary access applications that prevent direct access to the back-end database. Dynamic access controls are the basis of the Brewer-Nash model. A matrix is the basis for the access matrix. A directed graph is the basis of the Take-Grant model.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":427024,"quiz_id":"21675","answer_id":null,"answerType_id":"0","created_at":"2018-04-08 17:47:24","updated_at":"2018-05-13 22:06:45","questionName":"You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented?","questionTimeSeconds":"0","questionTimeMinutes":"1","questionImagePath":null,"position":8,"explanation":"This is an example of a discretionary access control list (DACL), which uses the Discretionary Access Control (DAC) model. With DAC, individuals use their own discretion (decisions or preferences) for assigning permissions and allowing or denying access. Mandatory access control (MAC) uses labels for both subjects (users who need access) and objects (resources with controlled access). When a subject's clearance lines up with an object's classification, and when the user has a need to know (referred to as a category ), the user is granted access. Role-based access control (RBAC) allows access based on a role in an organization, not individual users. Roles are defined based on job description or a security access level. Users are made members of a role and receive the permissions assigned to the role. Rule-based access control (RBAC) uses characteristics of objects or subjects along with rules to restrict access. Access control entries identify a set of characteristics that are be examined for a match. If all characteristics match, access is either allowed or denied based on the rule.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":427022,"quiz_id":"21675","answer_id":null,"answerType_id":"0","created_at":"2018-04-08 17:45:41","updated_at":"2018-05-13 22:06:45","questionName":"You have implemented an access control method that only allows users who are managers to access specific data. Which type of access control model is used?","questionTimeSeconds":"0","questionTimeMinutes":"1","questionImagePath":null,"position":7,"explanation":"Role-based access control (RBAC) allows access based on a role in an organization, not individual users. Roles are defined based on job description or a security access level. Users are made members of a role and receive the permissions assigned to the role. Discretionary access control (DAC) assigns access directly to subjects based on the discretion (or decision) of the owner. Objects have a discretionary access control list (DACL) with entries for each subject. Owners add subjects to the DACL and assign rights or permissions. The permissions identify the actions the subject can perform on the object. Mandatory access control (MAC) uses labels for both subjects (users who need access) and objects (resources with controlled access). When a subject's clearance lines up with an object's classification and when the user has a need to know (referred to as a category ), the user is granted access.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":427036,"quiz_id":"21675","answer_id":null,"answerType_id":"0","created_at":"2018-04-08 18:17:12","updated_at":"2018-05-13 22:06:45","questionName":"Which access control model manages rights and permissions based on job descriptions and responsibilities?","questionTimeSeconds":"0","questionTimeMinutes":"1","questionImagePath":null,"position":13,"explanation":"Role-based access control (RBAC) is the access control model that manages rights and permissions based on job descriptions. RBAC focuses on job descriptions or work tasks instead of employing user accounts to define access. RBAC is best suited for environments that have a high rate of employee turnover. By defining access based on roles rather than individuals, administration is simplified when granting a new person access to common activities. DAC is based on user accounts. MAC is based on security labels, classifications, or clearances. TBAC is based on work tasks.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":427015,"quiz_id":"21675","answer_id":null,"answerType_id":"0","created_at":"2018-04-08 17:29:55","updated_at":"2018-05-13 22:06:45","questionName":"Which access control type is used to implement short-term repairs to restore basic functionality following an attack?","questionTimeSeconds":"0","questionTimeMinutes":"1","questionImagePath":null,"position":3,"explanation":"Corrective access controls are used for short-term repairs and to restore basic functionality. Following the implementation of corrective controls, an incident might also require recovery access control methods, which are long-term activities that restore full functionality. Compensative access controls are alternatives to primary access controls. Detective access controls search for details about the attack or the attacker.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":427033,"quiz_id":"21675","answer_id":null,"answerType_id":"0","created_at":"2018-04-08 18:10:09","updated_at":"2018-05-13 22:06:45","questionName":"Which of the following is the term for the process of validating a subject's identity?","questionTimeSeconds":"0","questionTimeMinutes":"1","questionImagePath":null,"position":10,"explanation":"Authentication is the process of validating a subject's identity. It includes the identification process, the user providing input to prove identity, and the system accepting that input as valid. Authorization is granting or denying a subject's access to an object based on the level of permissions or the actions allowed on the object. Identification identifies the subject. Examples include a user name or a user ID number. Auditing is maintaining a record of a subject's activity within the information system.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":427035,"quiz_id":"21675","answer_id":null,"answerType_id":"0","created_at":"2018-04-08 18:15:18","updated_at":"2018-05-13 22:06:45","questionName":"Which of the following defines an object as an entity in the context of access control?","questionTimeSeconds":"0","questionTimeMinutes":"1","questionImagePath":null,"position":12,"explanation":"Objects are entities that represent data, applications, systems, networks, and physical space. Subjects are the users, applications, or processes that need access to objects. The access control system includes the policies, procedures, and technologies that are implemented to control a subject's access to an object.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":427020,"quiz_id":"21675","answer_id":null,"answerType_id":"0","created_at":"2018-04-08 17:44:04","updated_at":"2018-05-13 22:06:45","questionName":"Which form of access control enforces security based on user identities and allows individual users to define access controls over owned resources?","questionTimeSeconds":"0","questionTimeMinutes":"1","questionImagePath":null,"position":6,"explanation":"DAC (discretionary access control) uses identities to control resource access. Users can make their own decisions about how much access to grant to other users. RBAC (role-based access control), MAC (mandatory access control), and TBAC (task-based access control) enforce security based on rules. \u2022 The rules of RBAC are job descriptions \u2022 The rules of MAC are classifications \u2022 The rules of TBAC are work tasks","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":427011,"quiz_id":"21675","answer_id":null,"answerType_id":"0","created_at":"2018-04-08 17:24:08","updated_at":"2018-05-13 22:06:45","questionName":"The Brewer-Nash security model is designed primarily to prevent which activity?","questionTimeSeconds":"0","questionTimeMinutes":"1","questionImagePath":null,"position":1,"explanation":"The Brewer-Nash model is designed primarily to prevent conflicts of interest by dynamically adjusting access based on current activity. Brewer-Nash does not address inference attacks, DoS attacks, nor false acceptance.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":427037,"quiz_id":"21675","answer_id":null,"answerType_id":"0","created_at":"2018-04-08 18:18:57","updated_at":"2018-05-13 22:06:45","questionName":"You are the administrator for a small company. You need to add a new group of users to the system. The group's name is sales. Which command will accomplish this?","questionTimeSeconds":"0","questionTimeMinutes":"1","questionImagePath":null,"position":14,"explanation":"Use the groupadd utility to add a group to the system. By default, the group will be added with an incrementing number above those reserved for system accounts. If you use the -r option, it will add the account as a system account (with a reserved group id number). Because this is a group that is created for users, the -r option should not be used.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":427014,"quiz_id":"21675","answer_id":null,"answerType_id":"0","created_at":"2018-04-08 17:27:51","updated_at":"2018-05-13 22:06:45","questionName":"What form of access control is based on job descriptions?","questionTimeSeconds":"0","questionTimeMinutes":"1","questionImagePath":null,"position":2,"explanation":"RBAC is based on job descriptions. DAC is based on identity. MAC is based on rules. LBAC is based on geography or logical designations.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":427026,"quiz_id":"21675","answer_id":null,"answerType_id":"0","created_at":"2018-04-08 17:48:54","updated_at":"2018-05-13 22:06:45","questionName":"A router access control list uses information in a packet, such as the destination IP address and port number, to make allow or deny forwarding decisions. This is an example of which kind of access control model?","questionTimeSeconds":"0","questionTimeMinutes":"1","questionImagePath":null,"position":9,"explanation":"Rule set-based access control (RSBAC) uses characteristics of objects or subjects along with rules to restrict access. Access control entries identify a set of characteristics that are examined for a match. If all characteristics match, access is either allowed or denied based on the rule. An example of a rule-based access control implementation is a router access control list that allows or denies traffic based on characteristics within the packet (such as IP address or port number). Discretionary access control (DAC) assigns access directly to subjects based on the discretion (or decision) of the owner. Objects have a discretionary access control list (DACL) with entries for each subject. Owners add subjects to the DACL and assign rights or permissions. The permissions identify the actions the subject can perform on the object. Mandatory access control (MAC) uses labels for both subjects (users who need access) and objects (resources with controlled access). When a subject's clearance lines up with an object's classification and when the user has a need to know (referred to as a category ), the user is granted access. Role-based access control (RBAC) allows access based on a role in an organization, not individual users. Roles are defined based on job description or a security access level. Users are made members of a role and receive the permissions assigned to the role.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":427016,"quiz_id":"21675","answer_id":null,"answerType_id":"0","created_at":"2018-04-08 17:32:05","updated_at":"2018-05-13 22:06:45","questionName":"Encryption is which type of access control?","questionTimeSeconds":"0","questionTimeMinutes":"1","questionImagePath":null,"position":4,"explanation":"Technical controls are computer mechanisms that restrict access. Examples are encryption, one- time passwords, access control lists, and firewall rules. Administrative controls are policies that describe accepted practices. Examples are directive policies and employee awareness training. Physical controls restrict physical access. Examples are perimeter security, site location, networking cables, and employee segregation.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":427034,"quiz_id":"21675","answer_id":null,"answerType_id":"0","created_at":"2018-04-08 18:13:23","updated_at":"2018-05-13 22:06:45","questionName":"A remote access user needs to gain access to resources on the server. Which of the following processes are performed by the remote access server to control access to resources?","questionTimeSeconds":"0","questionTimeMinutes":"1","questionImagePath":null,"position":11,"explanation":"A remote access server performs the following functions: \u2022 Authentication is the process of proving identity. After devices agree on the authentication protocol to use, the login credentials are exchanged and login is allowed or denied. \u2022 Authorization is the process of identifying the resources that a user can access over the remote access connection. Authorization is controlled through the use of network policies (remote access policies) as well as access control lists. \u2022 Accounting is an activity that tracks or logs the use of the remote access connection. Accounting is used to keep track of resource use, but is not typically used to control resource use. If access is allowed or denied based on time limits, information provided by accounting might be used by authorization rules to allow or deny access. Identity proofing occurs during the identification phase as the user proves that they are who they say they are in order to obtain credentials. Identification is the initial process of confirming the identity of a user requesting credentials and occurs when a users types in a user ID to log on.","question_score_id":null,"lang":null,"questionAudioPath":null}]