Home > Articles

Identity and Access Management

In this chapter from CISSP Practice Questions Exam Cram, 4th Edition , author Michael Gregg offers practice questions and answers for the CISSP Exam.

This chapter is from the book

The Identity and Access Management domain tests your knowledge of the large collection of mechanisms available to control authentication, authorization, and accounting. You must not only understand these systems, but also know the advantages and risks of each type as they relate to centralized and decentralized systems. Authentication is but one part of the process; authorization is also a key area of this domain. Individuals should be authorized for only what they need to complete their required tasks. Finally, there is accounting (or accountability). When things go wrong, there must be a way to establish a chain of responsibility. The following list highlights some key areas from the identity and access management domain you need to be aware of for the CISSP exam:

  • Managing identification and authentication

  • Authentication methods (types 1, 2, and 3)

  • Authorization: DAC, MAC, role-based access control, and rule-based access control

  • Integrating identity as a service (for example, cloud identity)

  • Integrating third-party identity services (for example, on-premise)

  • Accounting: Logging, monitoring, auditing

  • Central, decentralized, and hybrid management

  • Single sign-on: Kerberos, RADIUS, Diameter, TACACS

  • Access control attacks: emanations, impersonation, and password cracking

Practice Questions

  1. Which of the following is not one of the three types of access controls?

    • circ.jpg A. Administrative

    • circ.jpg B. Personnel

    • circ.jpg C. Technical

    • circ.jpg D. Physical

    Quick Answer: 192
    Detailed Answer: 194

  2. Your company has just opened a call center in India to handle nighttime operations, and you are asked to review the site’s security controls. Specifically, you are asked which of the following is the strongest form of authentication. What will your answer be?

    • circ.jpg A. Something you know

    • circ.jpg B. Something you are

    • circ.jpg C. Passwords

    • circ.jpg D. Tokens

    Quick Answer: 192
    Detailed Answer: 194

  3. Your organization has become worried about recent attempts to gain unauthorized access to the R&D facility. Therefore, you are asked to implement a system that will require individuals to present a password and enter a PIN at the security gate before gaining access. What is this type of system called?

    • circ.jpg A. Authorization

    • circ.jpg B. Two-factor authentication

    • circ.jpg C. Authentication

    • circ.jpg D. Three-factor authentication

    Quick Answer: 192
    Detailed Answer: 194

  4. Which of the following is not one of the three primary types of authentication?

    • circ.jpg A. Something you remember

    • circ.jpg B. Something you know

    • circ.jpg C. Something you are

    • circ.jpg D. Something you have

    Quick Answer: 192
    Detailed Answer: 194

  5. While working as a contractor for Widget, Inc., you are asked what the weakest form of authentication is. What will you say?

    • circ.jpg A. Passwords

    • circ.jpg B. Retina scans

    • circ.jpg C. Facial recognition

    • circ.jpg D. Tokens

    Quick Answer: 192
    Detailed Answer: 194

  6. You’re preparing a presentation for the senior management of your company. They have asked you to rank the general order of accuracy of the most popular biometric systems, with 1 being the lowest and 5 being the highest. What will you tell them?

    • circ.jpg A. (1) fingerprint, (2) palm scan, (3) hand geometry, (4) retina scan, (5) iris scan

    • circ.jpg B. (1) fingerprint, (2) palm scan, (3) iris scan, (4) retina scan, (5) hand geometry

    • circ.jpg C. (1) palm scan, (2) hand geometry, (3) iris scan, (4) retina scan, (5) fingerprint

    • circ.jpg D. (1) hand geometry, (2) palm scan, (3) fingerprint, (4) retina scan, (5) iris scan

    Quick Answer: 192
    Detailed Answer: 194

  7. Which of the following items is the least important to consider when designing an access control system?

    • circ.jpg A. Risk

    • circ.jpg B. Threat

    • circ.jpg C. Vulnerability

    • circ.jpg D. Annual loss expectancy

    Quick Answer: 192
    Detailed Answer: 195

  8. Today, you are meeting with a coworker who is proposing that the number of logins and passwords be reduced. Another coworker has suggested that you investigate single sign-on technologies and make a recommendation at the next scheduled meeting. Which of the following is a type of single sign-on system?

    • circ.jpg A. Kerberos

    • circ.jpg B. RBAC

    • circ.jpg C. DAC

    • circ.jpg D. SAML

    Quick Answer: 192
    Detailed Answer: 195

  9. Which style of authentication is not susceptible to a dictionary attack?

    • circ.jpg A. CHAP

    • circ.jpg B. LEAP

    • circ.jpg C. WPA-PSK

    • circ.jpg D. PAP

    Quick Answer: 192
    Detailed Answer: 195

  10. Your organization has decided to use a biometric system to authenticate users. If the FAR is high, what happens?

    • circ.jpg A. Legitimate users are denied access to the organization’s resources.

    • circ.jpg B. Illegitimate users are granted access to the organization’s resources.

    • circ.jpg C. Legitimate users are granted access to the organization’s resources.

    • circ.jpg D. Illegitimate users are denied access to the organization’s resources.

    Quick Answer: 192
    Detailed Answer: 195

  11. Which of the following types of copper cabling is the most secure against eavesdropping and unauthorized access?

    • circ.jpg A. Single-mode fiber

    • circ.jpg B. Multimode fiber

    • circ.jpg C. Category 6 cabling

    • circ.jpg D. 802.11ac wireless

    Quick Answer: 192
    Detailed Answer: 195

  12. Which of the following is not one of the four access control models?

    • circ.jpg A. Discretionary

    • circ.jpg B. Mandatory

    • circ.jpg C. Role-based

    • circ.jpg D. Delegated

    Quick Answer: 192
    Detailed Answer: 195

  13. Auditing is considered what method of access control?

    • circ.jpg A. Preventive

    • circ.jpg B. Technical

    • circ.jpg C. Administrative

    • circ.jpg D. Physical

    Quick Answer: 192
    Detailed Answer: 196

  14. What method of access control system would a bank teller most likely fall under?

    • circ.jpg A. Discretionary

    • circ.jpg B. Mandatory

    • circ.jpg C. Role-based

    • circ.jpg D. Rule-based

    Quick Answer: 192
    Detailed Answer: 196

  15. Which of the following is the easiest and most common form of offline password hash attack used to pick off insecure passwords?

    • circ.jpg A. Hybrid

    • circ.jpg B. Dictionary

    • circ.jpg C. Brute-force

    • circ.jpg D. Man-in-the-middle

    Quick Answer: 192
    Detailed Answer: 196

  16. Your company is building a research facility in Bangalore and is concerned about technologies that can be used to pick up stray radiation from monitors and other devices. Specifically, your boss wants copper shielding installed. Which technology does your boss want to know more about?

    • circ.jpg A. Radon

    • circ.jpg B. Waveguard

    • circ.jpg C. Tempest

    • circ.jpg D. Van Allen

    Quick Answer: 192
    Detailed Answer: 196

  17. Which of the following is an XML-based, open-standard data format for exchanging authentication and authorization data between an identity provider and a service provider?

    • circ.jpg A. SAML

    • circ.jpg B. LDAP

    • circ.jpg C. OAuth

    • circ.jpg D. KryptoKnight

    Quick Answer: 192
    Detailed Answer: 196

  18. Christine, a newly certified CISSP, has offered to help her brother-in-law, Gary, at his small construction business. The business currently has 18 computers configured as a peer-to-peer network. All users are responsible for their own security and can set file and folder privileges as they see fit. Which access control model best describes the configuration at this organization?

    • circ.jpg A. Discretionary

    • circ.jpg B. Mandatory

    • circ.jpg C. Role-based

    • circ.jpg D. Nondiscretionary

    Quick Answer: 192
    Detailed Answer: 196

  19. Which of the following best describes challenge/response authentication?

    • circ.jpg A. It is an authentication protocol in which a salt value is presented to the user, who then returns an MD5 hash based on this salt value.

    • circ.jpg B. It is an authentication protocol in which a system of tickets is used to validate the user’s rights to access resources and services.

    • circ.jpg C. It is an authentication protocol in which the username and password are passed to the server using CHAP.

    • circ.jpg D. It is an authentication protocol in which a randomly generated string of values is presented to the user, who then returns a calculated number based on those random values.

    Quick Answer: 192
    Detailed Answer: 196

  20. Your company has installed biometric access control systems. Your director has mentioned that he thinks the systems will have a high FRR. What does this mean?

    • circ.jpg A. Quite a few valid users will be denied access.

    • circ.jpg B. Employees will accept the system.

    • circ.jpg C. Almost all unauthorized users will be denied.

    • circ.jpg D. The system has a high return rate and will quickly pay for itself.

    Quick Answer: 192
    Detailed Answer: 196

  21. Which of the following is the most time-intensive type of offline password attack to attempt?

    • circ.jpg A. Hybrid

    • circ.jpg B. Plain text

    • circ.jpg C. Brute-force

    • circ.jpg D. Man-in-the-middle

    Quick Answer: 192
    Detailed Answer: 196

  22. You are approached by a junior security officer who wants to know what CVE stands for. What do you tell him?

    • circ.jpg A. Critical Vulnerability and Exploits

    • circ.jpg B. Common Vulnerabilities and Exposures

    • circ.jpg C. Chosen Vulnerabilities and Exploits

    • circ.jpg D. Common Vulnerabilities and Exploits

    Quick Answer: 192
    Detailed Answer: 197

  23. Which of the following protocols is recommended to be turned off because it transmits usernames and passwords in plaintext?

    • circ.jpg A. SSH

    • circ.jpg B. HTTPS

    • circ.jpg C. Telnet

    • circ.jpg D. TFTP

    Quick Answer: 192
    Detailed Answer: 197

  24. Which biometric authentication system is most closely associated with law enforcement?

    • circ.jpg A. Fingerprint recognition

    • circ.jpg B. Iris recognition

    • circ.jpg C. Facial recognition

    • circ.jpg D. Retina pattern recognition

    Quick Answer: 192
    Detailed Answer: 197

  25. What type of access control system doesn’t give users much freedom to determine who can access their files and is known for its structure and use of security labels?

    • circ.jpg A. Discretionary

    • circ.jpg B. Mandatory

    • circ.jpg C. Role-based

    • circ.jpg D. Nondiscretionary

    Quick Answer: 192
    Detailed Answer: 197

  26. As the newly appointed security officer for your corporation, you suggest replacing the password-based authentication system with RSA tokens. Elsa, your chief technology officer, denies your request, citing budgetary constraints. As a temporary solution, Elsa asks that you find ways to increase password security. Which of the following will accomplish this goal?

    • circ.jpg A. Disabling password-protected screensavers

    • circ.jpg B. Enabling account lockout controls

    • circ.jpg C. Enforcing a password policy that requires noncomplex passwords

    • circ.jpg D. Enabling users to use the same password on more than one system

    Quick Answer: 192
    Detailed Answer: 197

  27. Which of the following is a major issue with signature-based IDSs?

    • circ.jpg A. Signature-based IDSs cannot detect zero-day attacks.

    • circ.jpg B. Signature-based IDSs can detect only attacks in which activity deviates from normal behavior.

    • circ.jpg C. Signature-based IDSs are available only as host-based systems.

    • circ.jpg D. Signature-based IDSs are cost-prohibitive.

    Quick Answer: 192
    Detailed Answer: 197

  28. Administrative controls form an important part of security, and although most of us don’t like paperwork, that is a large part of this security control. Which of the following is a high-level document that describes a management plan for how security should be practiced throughout the organization?

    • circ.jpg A. Guidelines

    • circ.jpg B. Policies

    • circ.jpg C. Procedures

    • circ.jpg D. Standards

    Quick Answer: 192
    Detailed Answer: 197

  29. A hacker submits a malicious URL request for a help page from an unpatched Apache server that supports an Oracle9i Application Server. This causes a denial of service. Which of the following would have best protected the corporation from this attack?

    • circ.jpg A. HIDS

    • circ.jpg B. NIPS

    • circ.jpg C. HIPS

    • circ.jpg D. NIDS

    Quick Answer: 192
    Detailed Answer: 198

  30. One of your coworkers has joined a CISSP study group and is discussing today’s list of topics. One of the topics is this: What is an example of a passive attack?

    • circ.jpg A. Dumpster diving

    • circ.jpg B. Sniffing

    • circ.jpg C. Installing SubSeven

    • circ.jpg D. Social engineering

    Quick Answer: 192
    Detailed Answer: 198

  31. What is one of the major reasons why separation of duties should be practiced?

    • circ.jpg A. Reduced cross-training

    • circ.jpg B. Legal

    • circ.jpg C. Union policies and procedures

    • circ.jpg D. To force collusion

    Quick Answer: 192
    Detailed Answer: 198

  32. There are two basic types of access control policies. Which of the following describes the best approach for a CISSP?

    • circ.jpg A. Begin with deny all.

    • circ.jpg B. Allow some based on needs analysis.

    • circ.jpg C. Begin with allow all.

    • circ.jpg D. Deny some based on needs analysis.

    Quick Answer: 192
    Detailed Answer: 198

  33. Your manager asks you to set up a fake network to identify contractors who may be poking around the network without authorization. What is this type of system called?

    • circ.jpg A. Trap-and-trace

    • circ.jpg B. Honeypot

    • circ.jpg C. Snare

    • circ.jpg D. Prison

    Quick Answer: 192
    Detailed Answer: 198

  34. Various operating systems such as Windows use what to control access rights and permissions to resources and objects?

    • circ.jpg A. RBAC

    • circ.jpg B. MITM

    • circ.jpg C. ABS

    • circ.jpg D. ACL

    Quick Answer: 192
    Detailed Answer: 198

  35. While hanging around the watercooler, you hear that your company, Big Tex Bank and Trust, is introducing a new policy. The company will require periodic job rotation and will force all employees to use their vacation time. From a security standpoint, why is this important?

    • circ.jpg A. Job rotation is important because it reduces employee burnout.

    • circ.jpg B. Job rotation is important because employees need to be cross-trained in case of man-made or natural disasters.

    • circ.jpg C. Job rotation ensures that no one can easily commit fraud or other types of deception without risking exposure.

    • circ.jpg D. Forcing employees to use their vacation time ensures time away from work, which results in healthy, more productive employees.

    Quick Answer: 192
    Detailed Answer: 198

  36. Your manager persists in asking you to set up a fake network to identify contractors who may be poking around the network without authorization. What legal issue pertaining to these devices should you be most concerned with?

    • circ.jpg A. Enticement

    • circ.jpg B. Federal Statute 1029

    • circ.jpg C. Entrapment

    • circ.jpg D. Liability

    Quick Answer: 192
    Detailed Answer: 198

  37. Your brother-in-law, Mario, is studying for the CISSP exam. He text-messages you with what he believes is an important question: What is a major disadvantage of access control lists? How do you answer him?

    • circ.jpg A. Overhead of the auditing function

    • circ.jpg B. Burden of centralized control

    • circ.jpg C. Independence from resource owners

    • circ.jpg D. Lack of centralized control

    Quick Answer: 192
    Detailed Answer: 198

  38. Table 5.1 provides an example of some types and categories of access control. Which of the following is the best example of a technical deterrent?

    Table 5.1 Sample Access Types and Categories

    Attribute

    Deterrent

    Preventive

    Detective

    Corrective

    Recovery

    Compensating

    Administrative

    -

    -

    Audit Policy

    -

    Incident Response Plan

    -

    Technical

    -

    ACLs

    -

    -

    -

    -

    Physical

    -

    -

    -

    Fire Extinguisher

    -

    Defense in depth

    • circ.jpg A. AUP

    • circ.jpg B. Warning banner

    • circ.jpg C. Anti-virus

    • circ.jpg D. Hot site

    Quick Answer: 192
    Detailed Answer: 199

  39. What does TACACS+ use as its communication protocol?

    • circ.jpg A. TCP

    • circ.jpg B. UDP

    • circ.jpg C. ICMP

    • circ.jpg D. TCP and UDP

    Quick Answer: 192
    Detailed Answer: 199

  40. Which of the following attributes does not apply to MAC?

    • circ.jpg A. Multilevel

    • circ.jpg B. Label-based

    • circ.jpg C. Universally applied

    • circ.jpg D. Discretionary

    Quick Answer: 192
    Detailed Answer: 199

  41. Which of the following is not part of physical access control?

    • circ.jpg A. CCTV

    • circ.jpg B. Mantraps

    • circ.jpg C. Data classification and labeling

    • circ.jpg D. Biometrics

    Quick Answer: 192
    Detailed Answer: 199

  42. During a weekly staff meeting, your boss reveals that some employees have been allowing other employees to use their passwords. He is determined to put a stop to this and wants you to install biometric access control systems. He has asked about some basic attributes, such as type I errors, type II errors, and the CER, as shown in Figure 5.1. What’s so important about the CER? How do you respond?

    Figure 5.1

    Figure 5.1 Crossover error rate.

    • circ.jpg A. Speed typically is determined by calculating the CER.

    • circ.jpg B. The CER has to do with the customer acceptance rate because some systems are more user-friendly than others.

    • circ.jpg C. Accuracy typically is determined by calculating the CER.

    • circ.jpg D. The CER has to do with the cost per employee because some biometric access control systems are very good, but also very expensive.

    Quick Answer: 192
    Detailed Answer: 199

  43. Kerberos has some features that make it a good choice for access control and authentication. One of these items is a ticket. What is a ticket used for?

    • circ.jpg A. A ticket is a block of data that allows users to prove their identity to an authentication server.

    • circ.jpg B. A ticket is a block of data that allows users to prove their identity to a service.

    • circ.jpg C. A ticket is a block of data that allows users to prove their identity to a ticket-granting server.

    • circ.jpg D. A ticket is a block of data that allows users to prove their identity to the Kerberos server.

    Quick Answer: 192
    Detailed Answer: 199

  44. What is the best definition of identification?

    • circ.jpg A. The act of verifying your identity

    • circ.jpg B. The act of claiming a specific identity

    • circ.jpg C. The act of finding or testing the truth

    • circ.jpg D. The act of inspecting or reviewing a user’s actions

    Quick Answer: 192
    Detailed Answer: 199

  45. What term means that a user cannot deny a specific action because there is positive proof that he or she performed it?

    • circ.jpg A. Accountability

    • circ.jpg B. Auditing

    • circ.jpg C. Nonrepudiation

    • circ.jpg D. Validation

    Quick Answer: 192
    Detailed Answer: 199

  46. What type of cryptography does SESAME use to distribute keys?

    • circ.jpg A. Public key

    • circ.jpg B. Secret key

    • circ.jpg C. SHA hashing algorithm

    • circ.jpg D. None; it uses plaintext

    Quick Answer: 192
    Detailed Answer: 199

  47. Which of the following is a category of security controls that job rotation fits into?

    • circ.jpg A. Recovery

    • circ.jpg B. Corrective

    • circ.jpg C. Detective

    • circ.jpg D. Compensation

    Quick Answer: 192
    Detailed Answer: 199

  48. What does RADIUS use for its transport protocol?

    • circ.jpg A. UDP

    • circ.jpg B. TCP

    • circ.jpg C. TCP and UDP

    • circ.jpg D. ICMP

    Quick Answer: 192
    Detailed Answer: 200

  49. Your chief information officer (CIO) needs your recommendation for a centralized access control system to maintain all the users and associated permissions. He also wants to be able to use this system for a wireless local area network (LAN). In addition to the wireless LAN requirement, the network administrator has stated that it is not important to the CIO to have a system that will split the authentication, authorization, and accounting processes up; however, having the option to use UDP, SCTP, or TCP is a must. The CIO also requires a SSO technology that can support non-repudiation and authenticity. The CIO has stated he is willing to purchase more than one system to meet the specified requirements. Which of the following is the best recommendation you would give?

    • circ.jpg A. Purchase a Diameter for centralized access control and SESAME for SSO.

    • circ.jpg B. Purchases a RADIUS for centralized access control and Kerberos because it is most commonly used and, most importantly, has been around a long time and many organizations trust it.

    • circ.jpg C. Purchase a Diameter for centralized access control and Kerberos for SSO.

    • circ.jpg D. Purchase Extended Terminal Access Controller System for centralized access control and use SESAME for SSO.

    Quick Answer: 192
    Detailed Answer: 200

  50. You have been promoted to security officer for a Fortune 500 company and are performing an audit of elevated privileges for the network. You observe that there are many members from the help desk that have privileges to various systems that they do not require to do their job on a daily basis. What best business practice does your company lack?

    • circ.jpg A. Separation of duties

    • circ.jpg B. Principle of least privilege

    • circ.jpg C. Need to know

    • circ.jpg D. Privilege creep

    Quick Answer: 192
    Detailed Answer: 200

  51. What does strong authentication require?

    • circ.jpg A. Public/private keys

    • circ.jpg B. Using two different methods of identification

    • circ.jpg C. Using a method of identification from at least two of type I, II, or III

    • circ.jpg D. Authenticating inside an encrypted tunnel

    Quick Answer: 192
    Detailed Answer: 200

  52. You have a homogeneous environment with multiple application servers. Your users are having difficulty remembering all their passwords as they complete their daily activities. What would be the best solution?

    • circ.jpg A. Lower the passwords’ complexity requirements

    • circ.jpg B. Implement harsher penalties

    • circ.jpg C. Add assisted user reset capabilities

    • circ.jpg D. Use single sign-on

    Quick Answer: 192
    Detailed Answer: 200

  53. How do you lower type 1 errors on biometric devices?

    • circ.jpg A. By increasing type 2 errors

    • circ.jpg B. By decreasing type 2 errors

    • circ.jpg C. By increasing precision

    • circ.jpg D. By decreasing CER

    Quick Answer: 192
    Detailed Answer: 200

  54. When you log into your remote server from home, your server sends you a nonce that you enter into a token device that you were issued when you were hired. Your token device responds with a value you enter at the prompt. What have you entered?

    • circ.jpg A. A single sign-on using synchronous authentication

    • circ.jpg B. A one-time password using synchronous authentication

    • circ.jpg C. A single sign-on using asynchronous authentication

    • circ.jpg D. A one-time password using asynchronous authentication

    Quick Answer: 192
    Detailed Answer: 200

  55. Which of the following describes a distinction between Kerberos and SESAME?

    • circ.jpg A. Kerberos supplies SSO; SESAME does not.

    • circ.jpg B. Kerberos uses symmetric encryption; SESAME uses asymmetric encryption.

    • circ.jpg C. Kerberos can be used for nonrepudiation; SESAME cannot.

    • circ.jpg D. SESAME can be accessed using GSS-API; Kerberos cannot.

    Quick Answer: 192
    Detailed Answer: 201

  56. What type of physical control is a mantrap?

    • circ.jpg A. Deterrent

    • circ.jpg B. Corrective

    • circ.jpg C. Preventive

    • circ.jpg D. Detective

    Quick Answer: 192
    Detailed Answer: 201

  57. What is the best way to store passwords?

    • circ.jpg A. In a one-way encrypted file

    • circ.jpg B. Using symmetric encryption

    • circ.jpg C. Using asymmetric encryption

    • circ.jpg D. By means of a digital signature

    Quick Answer: 192
    Detailed Answer: 201

  58. The act of professing to be a specific user is

    • circ.jpg A. Validation

    • circ.jpg B. Authorization

    • circ.jpg C. Authentication

    • circ.jpg D. Identification

    Quick Answer: 192
    Detailed Answer: 201

  59. Which of the following best describes a Zephyr chart?

    • circ.jpg A. A means of establishing the accuracy of a biometric system

    • circ.jpg B. A means of comparing different biometric systems

    • circ.jpg C. A means of comparing type II and type III authentication systems

    • circ.jpg D. A chart used to examine the accuracy of IDSs and IPSs

    Quick Answer: 192
    Detailed Answer: 201

  60. What is authentication?

    • circ.jpg A. Supplying a username

    • circ.jpg B. Using criteria to determine what a user can do

    • circ.jpg C. Verifying identification

    • circ.jpg D. Reviewing audit logs

    Quick Answer: 192
    Detailed Answer: 201

  61. Being asked what your maiden name is, what city you were born in, and what your pet’s name is an example of what?

    • circ.jpg A. Single sign-on (SSO)

    • circ.jpg B. Self-service password reset

    • circ.jpg C. Centralized authentication

    • circ.jpg D. Assisted passwords

    Quick Answer: 192
    Detailed Answer: 201

  62. Which of the following best describes a federated identity?

    • circ.jpg A. Simply another term for SSO.

    • circ.jpg B. It is restricted to use within a specific domain or area of the network.

    • circ.jpg C. Type I authentication (something you know).

    • circ.jpg D. It is portable and can be used across business boundaries.

    Quick Answer: 192
    Detailed Answer: 201

  63. Which of the following is the most accurate biometric system?

    • circ.jpg A. A CER of 1

    • circ.jpg B. A CER of 2

    • circ.jpg C. A CER of 3

    • circ.jpg D. None of the above because CER is not a numeric rating

    Quick Answer: 192
    Detailed Answer: 201

  64. Which type of control that includes fences, password protection, and CCTV is designed to stop an event from occurring?

    • circ.jpg A. Detective control

    • circ.jpg B. Preventive control

    • circ.jpg C. Corrective control

    • circ.jpg D. Deterrent control

    Quick Answer: 192
    Detailed Answer: 201

  65. Nondiscretionary access control includes which of the following?

    • circ.jpg A. Role- and task-based

    • circ.jpg B. Rule-based and mandatory

    • circ.jpg C. Labeled and mandatory

    • circ.jpg D. None of the above because there are no subcategories

    Quick Answer: 192
    Detailed Answer: 201

  66. What is a trust?

    • circ.jpg A. A one-way-only bridge established between two domains

    • circ.jpg B. A two-way-only bridge established between two domains

    • circ.jpg C. A security bridge that is established after a valid authentication

    • circ.jpg D. A security bridge that is established between two domains

    Quick Answer: 192
    Detailed Answer: 201

  67. What form of authorization is closely associated with labels?

    • circ.jpg A. Rule-based access control

    • circ.jpg B. Discretionary access control

    • circ.jpg C. Mandatory access control

    • circ.jpg D. Role-based access control

    Quick Answer: 192
    Detailed Answer: 201

  68. How can a swipe card, smart card, or USB dongle be described?

    • circ.jpg A. An active token

    • circ.jpg B. A static token

    • circ.jpg C. Type I authentication

    • circ.jpg D. Type III authentication

    Quick Answer: 192
    Detailed Answer: 202

  69. The Equal Error Rate is equivalent to what?

    • circ.jpg A. The point at which false acceptance and false rejection meet

    • circ.jpg B. The crossover error rate minus 10 percent

    • circ.jpg C. The point at which false acceptance is at its highest and false rejection is at its lowest

    • circ.jpg D. The point at which false acceptance is at its lowest and false rejection is at its highest

    Quick Answer: 192
    Detailed Answer: 202

  70. Which of the following is the most expensive means of verifying a user’s identity?

    • circ.jpg A. Single sign-on

    • circ.jpg B. Tokens

    • circ.jpg C. Biometrics

    • circ.jpg D. Passwords

    Quick Answer: 192
    Detailed Answer: 202

  71. Which biometric system examines the colored portion of the eye that surrounds the pupil?

    • circ.jpg A. Iris

    • circ.jpg B. Retina

    • circ.jpg C. Fovea

    • circ.jpg D. Optic disc

    Quick Answer: 192
    Detailed Answer: 202

  72. Which of the following best describes a rainbow table?

    • circ.jpg A. An attack against a biometric system

    • circ.jpg B. An attack against a fingerprint scanner

    • circ.jpg C. A table used for digital signatures

    • circ.jpg D. A table of precomputed password hashes

    Quick Answer: 192
    Detailed Answer: 202

  73. The ticket-granting service is a component of what?

    • circ.jpg A. TACACS

    • circ.jpg B. Kerberos

    • circ.jpg C. RADIUS

    • circ.jpg D. SESAME

    Quick Answer: 192
    Detailed Answer: 202

  74. The Privilege Attribute Certificate (PAC) is a component of what?

    • circ.jpg A. TACACS

    • circ.jpg B. Kerberos

    • circ.jpg C. RADIUS

    • circ.jpg D. SESAME

    Quick Answer: 192
    Detailed Answer: 202

  75. What nontechnical attack attempts to lure the victim into giving up financial data, credit card numbers, or other types of account information?

    • circ.jpg A. Pretexting

    • circ.jpg B. Social engineering

    • circ.jpg C. Dumpster diving

    • circ.jpg D. Phishing

    Quick Answer: 192
    Detailed Answer: 202

  76. You are asked to work on a project where users need to share credentials across multiple domains without forcing them to log in more than once. What technologies might meet this business need?

    • circ.jpg A. Cookies

    • circ.jpg B. Unique X.509 certificates

    • circ.jpg C. Web access management

    • circ.jpg D. Separate usernames and passwords

    Quick Answer: 192
    Detailed Answer: 202

  77. Your company was initially considering three security models to use to design access rights and controls in its new operating system (OS). These models included Biba, Bell-LaPadula, and Clark Wilson. If the company decided to base its OS on the Biba model, which of the following properties is correct?

    • circ.jpg A. A user cannot write down to a lower level.

    • circ.jpg B. The model makes use of transformational procedures and constrained data items.

    • circ.jpg C. The user cannot write up to a higher level.

    • circ.jpg D. If a user has access to one side of the wall, he does not have access to data on the other side of the wall.

    Quick Answer: 192
    Detailed Answer: 202

  78. Which of the following refers to the process of creation, maintenance, and deletion of user objects?

    • circ.jpg A. Identification

    • circ.jpg B. Verification

    • circ.jpg C. Authentication

    • circ.jpg D. Provisioning

    Quick Answer: 192
    Detailed Answer: 202

  79. Object reuse can be an important issue when considering which of the following?

    • circ.jpg A. RAM scraping attacks

    • circ.jpg B. Authentication method

    • circ.jpg C. Type of biometric system used

    • circ.jpg D. Strength of a password

    Quick Answer: 192
    Detailed Answer: 202

  80. Which form of access control has a many-to-many relationship and makes use of mapping between a user and a subset of goals?

    • circ.jpg A. MAC

    • circ.jpg B. DAC

    • circ.jpg C. Rule-based access control

    • circ.jpg D. Core RBAC

    Quick Answer: 192
    Detailed Answer: 202

  81. Which of the following is the best example of capabilities tables?

    • circ.jpg A. Memory cards

    • circ.jpg B. Kerberos

    • circ.jpg C. Constrained user interface

    • circ.jpg D. Router ACL

    Quick Answer: 192
    Detailed Answer: 202

  82. Which of the following provides an upgrade path from RADIUS?

    • circ.jpg A. Diameter

    • circ.jpg B. TACACS

    • circ.jpg C. Kerberos

    • circ.jpg D. NetSP

    Quick Answer: 192
    Detailed Answer: 203

  83. Investigations are a good example of which of the following?

    • circ.jpg A. Detective control

    • circ.jpg B. Preventive control

    • circ.jpg C. Deterrent control

    • circ.jpg D. Proactive control

    Quick Answer: 192
    Detailed Answer: 203

  84. Although an authorized sniffer has been connected to a network switch, the user can only see traffic directed to the device and some broadcast traffic. What might be the problem?

    • circ.jpg A. An IDS is blocking the traffic.

    • circ.jpg B. The switch port must be spanned.

    • circ.jpg C. The switch detected the sniffer.

    • circ.jpg D. The sniffer is misconfigured.

    Quick Answer: 192
    Detailed Answer: 203

  85. Which type of attack makes use of a time-memory tradeoff?

    • circ.jpg A. Rule-based

    • circ.jpg B. Dictionary

    • circ.jpg C. Rainbow table

    • circ.jpg D. Brute-force

    Quick Answer: 192
    Detailed Answer: 203

Pearson IT Certification Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Pearson IT Certification and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Pearson IT Certification products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by Adobe Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.pearsonitcertification.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020