Question

QUESTION 1

1. The C-I-A Triad (confidentiality, availability, and integrity) make up the three:

   		exposures to a threat.
   		most common types of security controls.
   		assurances that requested information is available to authorized users upon request.
   		tenets of information security.

1 points   

QUESTION 2

1. What name is given to the assurance that requested information is available to authorized users upon request?

   		Detective control
   		Availability
   		Confidentiality
   		Integrity

1 points   

QUESTION 3

1. Which of the following refers to the assurance that information can be accessed and viewed only by authorized users?

   		Integrity
   		Confidentiality
   		Availability
   		Control

1 points   

QUESTION 4

1. What name is given to a security strategy that relies on multiple layers of security that require attackers to defeat multiple controls to access any protected resource?

   		Detective control
   		Defense in depth
   		Logical control
   		Corrective control

1 points   

QUESTION 5

1. Smoke detectors, log monitors, and system audits are examples of:

   		corrective controls.
   		detective controls.
   		logical controls.
   		physical controls.

1 points   

QUESTION 6

1. The assurance that information can be modified only by authorized users is referred to as:

   		availability.
   		confidentiality.
   		integrity.
   		security.

1 points   

QUESTION 7

1. Technical controls are also referred to as:

   		logical controls.
   		physical controls.
   		preventive controls.
   		corrective controls.

1 points   

QUESTION 8

1. A device (such as a fence, door, lock, or fire extinguisher) that limits access or otherwise protects a resource is a:

   		preventive control.
   		detective control.
   		physical control.
   		corrective control.

1 points   

QUESTION 9

1. Controls (such as locked doors, firewall rules, and user passwords) that stop an action before it occurs are referred to as:

   		logical controls.
   		preventive controls.
   		physical controls.
   		detective controls.

1 points   

QUESTION 10

1. A device or process (such as user authentication, antivirus software, and firewalls) that limits access to a resource is referred to as a:

   		preventive control.
   		physical control.
   		detective control.
   		technical control.

1 points   

QUESTION 11

1. Which of the following refers to the highest privilege at which programs can run, allowing access to the physical hardware and kernel resources?

   		Kernel mode
   		Hardware mode
   		Supervisor mode
   		User mode

1 points   

QUESTION 12

1. Using three or more types of authentication is referred to as:

   		triangle-factor authentication.
   		three-factor authentication.
   		triple-factor authentication.
   		multi-factor authentication.

1 points   

QUESTION 13

1. An access control method based on the subject’s clearance and the object’s classification is referred to as:

   		mandatory access control (MAC).
   		discretionary access control (DAC).
   		role based access control (RBAC).
   		owner based access control (OBAC).

1 points   

QUESTION 14

1. An access control method based on an object’s owner and permissions granted by the owner is referred to as:

   		discretionary access control (DAC).
   		mandatory access control (MAC).
   		role based access control (RBAC).
   		owner based access control (OBAC).

1 points   

QUESTION 15

1. Any mechanism or action that prevents, detects, or addresses an attack is referred to as a(n):

   		object.
   		subject.
   		control.
   		right.

1 points   

QUESTION 16

1. Which of the following refers to a level of sensitivity (such as top secret, secret, confidential, restricted, or unclassified) assigned to an object by its owner?

   		Authentication
   		Identification
   		Classification
   		Permission

1 points   

QUESTION 17

1. The process of proving that provided identity credentials are valid and correct is referred to as:

   		exploiting.
   		kerneling.
   		identification.
   		authentication.

1 points   

QUESTION 18

1. The collection of all possible vulnerabilities that could provide unauthorized access to computer resources is called the:

   		threat pool.
   		attack surface.
   		exposures.
   		targets.

1 points   

QUESTION 19

1. The process of providing and denying access to objects is called:

   		access control.
   		objects control.
   		multifactor control.
   		supervision control.

1 points   

QUESTION 20

1. Windows stores access rules, or permissions, for resources (objects) in:

   		access control lists.
   		kernels.
   		workgroups.
   		rights directories.

Answer 1

1a)

tenets of information security.

The fundamental principles (tenets) of information security are confidentiality, integrity, and availability.

2a)

availability.

The assurance that requested information is available to authroized uses upon request

3a)

Confidentiality

The assurance that information can be accessed and viewed only by authorized users.

4a)

Defense in depth.

A security strategy that relies on multiple layers of security that require attackers to defeat multiple controls to access any protected resource.

5a)

detective controls.

A control that detects when an action has occurred, includes smoke detectors, log monitors, and system audits.

6a)

Integrity.

The assurance that information can be modified only by authorized users.

7a)

Logical Controls.

An alternate term for technical control is Logical Controls.

8a)

Physical controls.

A device that limits access or otherwise protects a resource, such as a fence, door, lock, or fire extinguisher.

9a)

Preventive control.

A control that stops an action before it occurs, include locked doors, firwall rules, and user passwords.

10a)

Technical control.

A device or process that limits access to a resource. Examples include user authentication, antivirus software, and firewalls.

11a)

supervisor mode.

The highest privilege at which programs can run, allowing access to the physical hardware and kernel resources. Also called kernel mode.

12a)

multi-factor authentication.

Authentication process tha requires multiple types of authentication credentials.

13a)

mandatory access control (MAC).

An access control method based on the subject's clearance and the object's classification. implementations often also require demonstration of a subject's "need to know" to receive access.

14a)

discretionary access control (DAC)

An access control method based on an object's owner and permissions granted by the owner.

15a)

control.

Any mechanism or action that prevents, detects, or addresses an attack.

16a)

classification.

A level of sensitivity assigned to an object by its owner. An example object could be assigned as top secret, secret, confidential, restricted, or unclassified.

17a)

Authentication.

the Authentication process of proving that provided identity credentials are valid and correct.

18a)

attack surface.

The collection of all possible vulnerabilities that could provide unauthorized access to computer resources; all of the software a computer runs that is vulnerable to attack.

19a)

Access control.

The process of providing and denying access to objects.

20a)

Access control list.

Windows stores access rules or permissions for resources in this.