IS3230 Final Exam Answers II
1. Which of the following is not a subject in an access control scenario?
b. Information
2. Which of the following are the elements of a well-defined access control system?
d. Policy, procedure, and tool
3. Which of the following statements best define the purpose of access control?
a. Regulating interaction between a subject and an object
4. Which of the following components can be used to measure the confidence in any authentication system?
d. Type of correlation and the number of authentication factors
5. Which of the following holds true while hardening an organizational network through security controls?
b. 100 percent access control threats cannot be eliminated.
6. Which of the following should be considered while implementing a layered access security approach?
b. Security of each network component (NOT SURE)
7. Which of the following attack strategies has the highest success rate of making a particular system vulnerable?
c. Social engineering
8. Which of the following is the preferred method to reduce risks while managing access security controls within the system/application domain?
d. Patch management software
9. When considering access control security options to mitigate vulnerabilities within the infrastructure, it is ________.
a. unnecessary to place access controls on each asset
10. Defense-in-depth is the concept and strategy of implementing __________.
a. access control systems with a significant degree of overlap between several defensive areas
11. In a data classification scheme, least privilege and need to know ensures that access to data and information is available to __________.
c. users with specific job roles and valid need to access the information
12. Which of the following acts allow anyone to get access to unclassified information through legal means?
b. FOIA
13. To which of the following does the Privacy Act of 1974 apply?
b. Federal government
14. What are the business reasons to classify and protect data?
a. Risk avoidance and
b. Information
2. Which of the following are the elements of a well-defined access control system?
d. Policy, procedure, and tool
3. Which of the following statements best define the purpose of access control?
a. Regulating interaction between a subject and an object
4. Which of the following components can be used to measure the confidence in any authentication system?
d. Type of correlation and the number of authentication factors
5. Which of the following holds true while hardening an organizational network through security controls?
b. 100 percent access control threats cannot be eliminated.
6. Which of the following should be considered while implementing a layered access security approach?
b. Security of each network component (NOT SURE)
7. Which of the following attack strategies has the highest success rate of making a particular system vulnerable?
c. Social engineering
8. Which of the following is the preferred method to reduce risks while managing access security controls within the system/application domain?
d. Patch management software
9. When considering access control security options to mitigate vulnerabilities within the infrastructure, it is ________.
a. unnecessary to place access controls on each asset
10. Defense-in-depth is the concept and strategy of implementing __________.
a. access control systems with a significant degree of overlap between several defensive areas
11. In a data classification scheme, least privilege and need to know ensures that access to data and information is available to __________.
c. users with specific job roles and valid need to access the information
12. Which of the following acts allow anyone to get access to unclassified information through legal means?
b. FOIA
13. To which of the following does the Privacy Act of 1974 apply?
b. Federal government
14. What are the business reasons to classify and protect data?
a. Risk avoidance and