Information Security

41. A security manager is setting up resource permissions in an application. The security manager has discovered that he can establish objects that contain access permissions, and then assign individual users to those objects. The access control model that most closely resembles this is:

  1. Access matrix
  2. Mandatory access control (MAC)
  3. Discretionary access control (DAC)
  4. Role based access control (RBAC)

Correct answer: (D)
Role based access control (RBAC)

42. A security manager needs to be able to regularly determine when operating system files change. What kind of tool is needed for this task?

  1. Event logging
  2. Intrusion detection tool
  3. File system integrity monitoring tool
  4. Log analysis tool

Correct answer: (C)
File system integrity monitoring tool

43. A security manager needs to perform a risk assessment on a critical business application in order to determine what additional controls may be needed to protect the application and its databases. The best approach to performing this risk assessment is:

  1. Perform a qualitative risk assessment only
  2. Perform a quantitative risk assessment only
  3. Perform a qualitative risk assessment first, then perform a quantitative risk assessment
  4. Perform a quantitative risk assessment, then perform a qualitative risk assessment

Correct answer: (C)
Perform a qualitative risk assessment first, then perform a quantitative risk assessment

44. A security manager wants to implement barriers that will block the passage of vehicles but freely allow foot traffic. The control that should be implemented is:

  1. Turnstiles
  2. Bollards
  3. Crash gates
  4. Low walls

Correct answer: (B)
Bollards

45. A security manager wishes all new laptops purchased by his organization to include a security cryptoprocessor. What hardware should be required?

  1. Floating point co-processor
  2. Smart card reader
  3. Fingerprint reader
  4. Trusted Platform Module (TPM)

Correct answer: (D)
Trusted Platform Module (TPM)

46. A security manager wishes to objectively measure the maturity of security processes in his organization. Which model should be used for this evaluation?

  1. SSE-CMM
  2. SEI-CMM
  3. Common Criteria
  4. TCSEC

Correct answer: (A)
SSE-CMM

47. A security officer has declared that a new information system must be certified before it can be used. This means:

  1. The system must be evaluated according to established evaluation criteria
  2. A formal management decision is required before the system can be used
  3. Penetration tests must be performed against the system
  4. A code review must be performed against the system

Correct answer: (A)
The system must be evaluated according to established evaluation criteria

48. A security-minded organization is relocating its business office into a shared-tenant building. How should the entrance of personnel be controlled?

  1. One key card system that is jointly operated by all of the tenants
  2. Separate key card systems that are operated by each tenant
  3. Security guards to control who can enter the building
  4. Video surveillance to monitor who enters the building

Correct answer: (B)
Separate key card systems that are operated by each tenant

49. A smart card is a good form of two-factor authentication because:

  1. It contains a certificate on a microchip that is resistant to cloning or cracking
  2. It can double as a proximity card for building entrance key card systems
  3. It does not rely on internal power like a token
  4. A smart card is portable and can be loaned to others

Correct answer: (A)
It contains a certificate on a microchip that is resistant to cloning or cracking

50. A source code review uncovered the existence of instructions that permit the user to bypass security controls. What was discovered in the code review?

  1. Feature
  2. Bot
  3. Logic bomb
  4. Back door

Correct answer: (D)
Back door

Previous
Page 5 of 25
Next
Copyright © EngineeringMCQ.com