15 Questions | By Cindymurray | Last updated: Mar 20, 2022 | Total Attempts: 1493 Settings Feedback During the Quiz End of Quiz Difficulty Sequential Easy First Hard First MAW Prep for CISSP Exam
1. A preliminary step in managing resources is: A. Conducting a risk analysis B. Defining who can access
a given system or information C. Performing a business impact analysis D. Obtaining top management support
2. Which best describes access controls? A. Access controls are a collection of technical controls that permit access to authorized users, systems, and applications. B. Access controls help protect against threats and vulnerabilities by
reducing exposure to unauthorized activities and providing access to information and systems to only those who have been approved. C. Access control is the employment of encryption solutions to protect authentication information during log-on. D. Access controls help protect against vulnerabilities by controlling unauthorized access to systems and information by employees, partners, and customers.
3.
----------- requires that a user or process be granted access to only those resources necessary to perform assigned functions. resources necessary to perform assigned functions. 4. What are the seven main categories of access control? -
A. Detective, corrective, monitoring, logging, recovery, classifi cation, and directive B. Directive, deterrent, preventative, detective, corrective, compensating, and recovery C. Authorization, identifi cation, factor, corrective, privilege, detective, and directive D. Identifi cation, authentication, authorization, detective, corrective, recovery, and directive
5.
What are the three types of access control? A. Administrative, physical, and technical B. Identifi cation, authentication, and authorization C. Mandatory, discretionary, and least privilege D. Access, management, and monitoring
6. Which approach revolutionized the process of cracking passwords? A. Brute force
B. Rainbow table attack C. Memory tabling D. One-time hashing
7. What best describes two-factor authentication? 8. A potential
vulnerability of the Kerberos authentication server is 9. In mandatory access control the system controls access and the owner determines A. Validation B. Need
to know C. Consensus D. Verifi cation
10. Which is the least significant issue when considering biometrics? 11. Which is a fundamental disadvantage of
biometrics? A. Revoking credentials B. Encryption C. Communications D. Placement
12. Role-based access control------------- A. Is unique to mandatory access control B. Is independent of owner input C. Is based on user job functions D. Can
be compromised by inheritance
13. Identity management is A. Another name for access controls B. A set of technologies and processes intended to off er greater effi ciency in the management of a diverse user and technical environment C. A set of technologies and processes focused on the provisioning and decommissioning of user credentials D. A set of
technologies and processes used to establish trust relationships with disparate systems
14. A disadvantage of single sign-on is A. Consistent time-out enforcement across platforms B. A compromised password exposes all authorized resources C. Use of multiple passwords to remember D. Password change control
15.
Which of the following is incorrect when considering privilege management? A. Privileges associated with each system, service, or application, and the defi ned roles within the organization to which they are needed, should be identified and clearly documented. B. Privileges should be managed based on least privilege. Only rights required to perform a job should be provided to a user, group, or role C. An
authorization process and a record of all privileges allocated should be maintained. Privileges should not be granted until the authorization process is complete and validated. D. Any privileges that are needed for intermittent job functions should be assigned to multiple user accounts, as opposed to those for normal system activity related to the job function.
The Certified Information Systems Security
Professional (CISSP) is an information security certification which is allowed by ISC(International Information System Security Certification Consortium). There is a list of...
Questions: 18 | Attempts: 4120 | Last updated: Mar 21, 2022 Sample Question Masquerading is:
Attempting to hack a system through backdoors to an operating system or application Pretending to be an authorized user
Always done through IP spoofing Applying a subnet mask to an internal IP range
Questions: 335 | Attempts: 2365 | Last
updated: Mar 21, 2022 Sample Question Which of the following processes identifies the threats that can impact the business continuity of operations? Function analysis
Risk analysis Requirement analysis
Business impact analysis
Do you know what CISSP is? The CISSP test helps you to identify all aspects of security and evaluate your performance to pay more attention to the areas you are not accustomed to. This quiz is a practive test with a series of...
Questions: 11 | Attempts: 1387 | Last updated: Mar 22, 2022 Sample Question A high profile company has been receiving a high volume of attacks on their web site. The network administrator wants to be able to collect information on the attacker(s) so legal action can be taken. What should be implemented?
DMZ (Demilitarized Zone) A honey pot A firewall
A new subnet
More CISSP Quizzes - Aca Quizzes
-
Acca Quizzes
- Ace Quizzes
- Bcba Quizzes
- Ccp Quizzes
-
Cdc Quizzes
- Cdcs Quizzes
- Ceh Quizzes
- Cisa Quizzes
-
Cisco Quizzes
- Cps Quizzes
- Cpt Quizzes
- Csa Quizzes
-
Cset Quizzes
- Cst Quizzes
- Cswip Quizzes
- Ftce Quizzes
-
Hipaa Quizzes
- Iahcsmm Quizzes
- Istqb Quizzes
- Leed Ga
Quizzes
- MBLEx Quizzes
- Ncidq Quizzes
- Pmp Quizzes
- Praxis
Quizzes
- Ptcb Quizzes
- Six Sigma Quizzes
- Teas Quizzes
+ Show more Back to top
Which of the following best describes what role
Which of the following best describes what role-based access control offers companies in reducing administrative burdens? A. It allows entities closer to the resources to make decisions about who can and cannot access resources.
What is role based access controls quizlet?
What is the Rule/Role Based Access Control (RBAC) Model? The RBAC Model uses roles to grant access by placing users into roles based on their assigned jobs, Functions, or tasks. Rights and permissions are assigned to the roles. A user is placed into a role, thereby inheriting the rights and permissions of the role.
Which of the following is an example of rule
Which of the following is an example of rule-based access control? Router access control lists that allow or deny traffic based on the characteristics of an IP packet. A router access control list that allows or denies traffic based on the characteristics of an IP packet is an example of rule-based access control.
When using role
With RBAC, permissions are associated with roles, and users or groups are assigned to appropriate roles. Roles are defined according to job competency, authority, and responsibility within the enterprise. Users and groups are easily reassigned from one role to another.
|