41. A security manager is setting up resource permissions in an application. The security manager has discovered that he can establish objects that contain access permissions, and then assign individual users to those objects. The access control model that most closely resembles this is:
Correct answer: (D)
Role based access control (RBAC)
42. A security manager needs to be able to regularly determine when operating system files change. What kind of tool is needed for this task?
Correct answer: (C)
File system integrity monitoring tool
43. A security manager needs to perform a risk assessment on a critical business application in order to determine what additional controls may be needed to protect the application and its databases. The best approach to performing this risk assessment is:
Correct answer: (C)
Perform a qualitative risk assessment first, then perform a quantitative risk assessment
44. A security manager wants to implement barriers that will block the passage of vehicles but freely allow foot traffic. The control that should be implemented is:
Correct answer: (B)
Bollards
45. A security manager wishes all new laptops purchased by his organization to include a security cryptoprocessor. What hardware should be required?
Correct answer: (D)
Trusted Platform Module (TPM)
46. A security manager wishes to objectively measure the maturity of security processes in his organization. Which model should be used for this evaluation?
Correct answer: (A)
SSE-CMM
47. A security officer has declared that a new information system must be certified before it can be used. This means:
Correct answer: (A)
The system must be evaluated according to established evaluation criteria
48. A security-minded organization is relocating its business office into a shared-tenant building. How should the entrance of personnel be controlled?
Correct answer: (B)
Separate key card systems that are operated by each tenant
49. A smart card is a good form of two-factor authentication because:
Correct answer: (A)
It contains a certificate on a microchip that is resistant to cloning or cracking
50. A source code review uncovered the existence of instructions that permit the user to bypass security controls. What was discovered in the code review?
Correct answer: (D)
Back door