Professional Documents
Culture Documents
A) Authentication B) identification C) integrity D) confidentiality Feedback: See page 206. Correct Answer(s): A 2. Which access model is appropriate for companies with high turnover rates? A) role-based access control B) manditory access control C) lattice-based access control D) discretionary access control Feedback: See pages 208 and 209. Correct Answer(s): A 3. Which access control model is also called non-discretionary access control? A) rule-based access control B) mandatory access control C) role-based access control D) label-based access control Feedback: See page 208. Correct Answer(s): B 4. An access control policy for a bank teller is an example of the implementation o f which of the following? A) rule-based policy B) identity-based policy C) user-based policy D) role-based policy Feedback: See page 208 Correct Answer(s): D 5. What security model is based upon security labels? A) discretionary access control B) label-based access control C) mandatory access control D) role-based access control Feedback: See page 208. Correct Answer(s): C 6. What can be defined as a table of subjects and objects indicating what actions i ndividual subjects can take upon individual objects? A) a capacity table
B) an access control list C) an access control token D) a capability table Feedback: See page 207 and the lecture slides. Correct Answer(s): B 7. Which of the following is the weakest authentication mechanism. A) pass-phases B) passwords C) one-time passwords D) token devices Feedback: See page 211 and the lecture slides. Correct Answer(s): B 8. Which of the following would be the most secure password? A) golf001 B) Elizabeth C) t1me4g0lf D) password Feedback: See page 211. Correct Answer(s): C 9. The three classic ways of authenticating yourself to computer security software are something you know, something you have, and something A) you need. B) you read. C) you are. D) you do. Feedback: See page 213. Correct Answer(s): C 10. The use of technologies such as fingerprints, retina, and iris scans to authenti cate the people requesting access to recourses is called A) micrometrics. B) macrometrics. C) biometrics. D) microbiometrics. Feedback: See page 213. Correct Answer(s): C 11. Verification of one's identification credential is done with the ____________. A) Authentication credentials B) Information owner C) Access control list D) Discretionary access control
Feedback: See page 206. Correct Answer(s): A 12. Which of the following is NOT true for Kerberos? A) It is a network authentication protocol B) It is free from MIT C) It uses symmetric-key cryptography D) Users only log in twice for major resources to check for currency and validit y Feedback: See page 215. Correct Answer(s): D 13. Problems associated with passwords include all of the following except: A) Passwords might be insecure B) Passwords might be duplicated C) Passwords are easily broken D) Passwords are inconvenient Feedback: See page 211. Correct Answer(s): B 14. All of the following are biometric methods of identification except: A) Fingerprint recognition B) Face recognition C) Bone scan D) Retina scan Feedback: See pages 213 and 214. Correct Answer(s): C 15. Which of the following is NOT true for RADIUS? A) It uses remote access Dial-In User Service B) It was used by AOL to authenticate users C) A private tunnel between end points is created D) The policy can be applied at a single administered network point Feedback: See page 220. Correct Answer(s): C