Give us your feedback!
Question:
Match the following control types to their purposes
Response:
Reducing Risk
Preventative
Correcting violations and incidents
Recovery
Corrective controls also help improve existing preventative and detective controls
Discouraging violations
Deterrent
Providing alternate ways of accomplishing a task
Compensating
Restoring systems and information
Which access control protects the entire system?
Firewalls/IPS
Operating System Controls/Policies
System Access Controls
Access Control Lists
Data Access Controls
Which access control includes job rotation?
Technical
Physical
Administrative
Organizational
Match the following terms and definitions
Intended to discourage a potential attacker
Intended to avoid an incident from happening
Preventive
Fixes component or systems after an incident has occurred
Corrective
Intended to bring the environment back to production levels
Identify an incidents activities
Detective
Alternate measures of control
In MAC the access policy is set by:
the GPO
the role
network ACL
the owner
the system
Which of the following is NOT an example of biometric identification?
Voice
Hand shape/pattern
Ear shape/pattern
Retinal imagery
A LAN is
a Local Account Name
a Linear Applebaum Network diagram
a Least Access Notification
a Local Area Network
a Local Authentication Node
Which of the following have the best CER?
Badge Scanning
Finger scanning
Hand scanning
Iris Scanning
Match the following examples to their definitions
Unpatched servers
Vulnerability
A virus that relies on unpatched code or OS levels
Threat
The likelihood a threat will be realized, the frequency of natural disasters
Risk
$1M dollars per day downtime
Exposure
A proxy server
Countermeasure
Which classification of fuel type is grease given?
D
A
B
C
John's computer access changed with his reassignment to a new department. This is an example of:
Mandatory access control
Role-based access control
Owner set access control
Access List Control
Need-to-Know control
Which of the following is immediately above the Transport Layer in the OSI model:
Presentation
Datalink
Network
Session
Clark-Wilson focuses primarily on:
Confidentialty
Address Integrity
Accessibility
Availability
Authentication
Which classification of fuel type is a computer given?
Falsely rejecting an authorized user is:
FAR or Type II error
CER or Type III error
FRR or Type I error
FRA or Type IV error
