Access Control and Data Security Assures
1. Which property of data security assures that only authorized users can modify data?
a. Availability
b. Integrity
c. Confidentiality
d. Non-repudiation
2. Which property of data would a successful denial-of-service (DoS) attack most affect?
a. Availability
b. Integrity
c. Confidentiality
d. Non-repudiation
3. Which of the following is a stand-alone malicious software program that actively transmits itself, generally over networks, to infect other computers?
a. Virus
b. Trojan horse
c. Worm
d. Backdoor
4. Which description below best describes a physical control?
a. A device that limits access or otherwise protects a resource, such as a fence, door, lock, or fire extinguisher.
b. A control that repairs the effects of damage from an attack.
c. A device or process that limits access to a resource. Examples include user authentication, antivirus software, and firewalls.
d. A management action, written policy, procedure, guideline, regulation, law, or rule of any kind.
5. Which term means any exposure to a threat?
a. Risk
b. Vulnerability
c. Attack
d. Control
6. Which term means the collection of all possible vulnerabilities that could provide unauthorized access to computer resources?
a. Vulnerability universe
b. Risk exposure
c. Threat model
d. Attack surface
7. Which of the following terms mean the act of granting and/or denying access to resources based on the authenticated user?
a. Identification
b. Authentication
c. Validation
d. Authorization
8. Which of the following terms is an access control method based on the subject’s clearance and the object’s classification?
a. Discretionary Access Control (DAC)
b. Mandatory Access Control (MAC)
c. Role Based Access Control (RBAC)
d. Line Driver Access Control (LDAC)
9. Which type of authentication is based on a physical object that contains identity information, such as a token, card, or other device?
a. Type IV
b. Type III
c. Type II
d. Type I
10.
a. Availability
b. Integrity
c. Confidentiality
d. Non-repudiation
2. Which property of data would a successful denial-of-service (DoS) attack most affect?
a. Availability
b. Integrity
c. Confidentiality
d. Non-repudiation
3. Which of the following is a stand-alone malicious software program that actively transmits itself, generally over networks, to infect other computers?
a. Virus
b. Trojan horse
c. Worm
d. Backdoor
4. Which description below best describes a physical control?
a. A device that limits access or otherwise protects a resource, such as a fence, door, lock, or fire extinguisher.
b. A control that repairs the effects of damage from an attack.
c. A device or process that limits access to a resource. Examples include user authentication, antivirus software, and firewalls.
d. A management action, written policy, procedure, guideline, regulation, law, or rule of any kind.
5. Which term means any exposure to a threat?
a. Risk
b. Vulnerability
c. Attack
d. Control
6. Which term means the collection of all possible vulnerabilities that could provide unauthorized access to computer resources?
a. Vulnerability universe
b. Risk exposure
c. Threat model
d. Attack surface
7. Which of the following terms mean the act of granting and/or denying access to resources based on the authenticated user?
a. Identification
b. Authentication
c. Validation
d. Authorization
8. Which of the following terms is an access control method based on the subject’s clearance and the object’s classification?
a. Discretionary Access Control (DAC)
b. Mandatory Access Control (MAC)
c. Role Based Access Control (RBAC)
d. Line Driver Access Control (LDAC)
9. Which type of authentication is based on a physical object that contains identity information, such as a token, card, or other device?
a. Type IV
b. Type III
c. Type II
d. Type I
10.