分享
访问控制.ppt
下载文档

ID:3320800

大小:200.50KB

页数:36页

格式:PPT

时间:2024-03-02

收藏 分享赚钱
温馨提示:
1. 部分包含数学公式或PPT动画的文件,查看预览时可能会显示错乱或异常,文件下载后无此问题,请放心下载。
2. 本文档由用户上传,版权归属用户,汇文网负责整理代发布。如果您对本文档版权有争议请及时联系客服。
3. 下载前请仔细阅读文档内容,确认文档内容符合您的需求后进行下载,若出现内容与标题不符可向本站投诉处理。
4. 下载文档时可能由于网络波动等原因无法下载或下载错误,付费完成后未能成功下载的用户请联系客服处理。
网站客服:3074922707
访问 控制
1 Which of the following is NOT an advantage password syncronization has over single sign-on?A higher cost B less intrusive C improved security D lower cost,A,2 Which of the following biometric devices offers the lowest CER?A Keystroke dynamics B Voice verification C Iris scan D Fingerprint,C,3 How can an individual best be authenticated?A UserId and password B Smart card and PIN code C Two-factor authentication D Biometrics,D,4 Passwords can be required to change monthly,quarterly,or at other intervals:A depending on the criticality of the information needing protection B depending on the criticality of the information needing protection and the passwords frequency of use.C depending on the passwords frequency of use.D not depending on the criticality of the information needing protection but depending on the passwords frequency of use,B,5 The measures that also apply to areas that are used for storage of the backup data files are:A Preventive/physical B Preventive/administrative C Preventive/technical D Detective/administrative,A,6 Which authentication technique best protects against hijacking?A Static authentication B Continuous authentication C Robust authentication D Strong authentication,B,7 There are parallels between the trust models in Kerberos and in PKI.When we compare them side by side,Kerberos tickets correspond most closely to which of the following?A public keysB private keysC public-key certificatesD private-key certificates,C,8 Which of the following can best eliminate dial-up access through a Remote Access Server as a hacking vector?A Using a TACACS+server.B Installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall.C Setting modem ring count to at least 5.D Only attaching modems to non-networked hosts,B,9 Organizations should consider which of the following first before connecting their LANs to the Internet?A plan for implementing workstation locking mechanismsB plan for protecting the modem poolC plan for providing the user with his account usage informationD plan for considering all authentication options,D,10 Which of the following is required in order to provide accountability?A Authentication B Integrity C Confidentiality D Audit trails,A,11 Which of the following does not apply to system-generated passwords?A Passwords are harder to remember for users.B If the password-generating algorithm gets to be known,the entire system is in jeopardy.C Passwords are more vulnerable to brute force and dictionary attacks.D Passwords are harder to guess for attackers,C,12 Which of the following control pairing places emphasis on soft mechanisms that support the access control objectives?A Preventive/Technical Pairing B Preventive/Administrative Pairing C Preventive/Physical Pairing D Detective/Administrative Pairing,B,13 Which of the following is true of biometrics?A It is used for identification in physical controls and it is not used in logical controls.B It is used for authentication in physical controls and for identification in logical controls.C It is used for identification in physical controls and for authentication in logical controls.D Biometrics has not role in logical controls,C,14 In biometrics,one-to-many search against database of stored biometric images is done in:A Authentication B Identification C Identities D Identity-based access control,B,15 Which of the following statements pertaining to Kerberos is true?A Kerberos uses public key cryptography.B Kerberos uses X.509 certificates.C Kerberos is a credential-based authentication system.D Kerberos was developed by Microsoft,C,16 What is called a key pad which has only a small number of keys that can be selected by the user?A IBM keypads B 84 key Keypad C Limited Keypads D 101 keys Keypads,C,17 Which of the following biometrics devices has the highest Crossover Error Rate(CER)?A Iris scan B Hand geometry C Voice pattern D Fingerprints,C,18 Which of the following biometric parameters are better suited for authentication use over a long period of time?A Iris pattern B Voice pattern C Signature dynamics D Retina pattern,A,19 Which of the following is used by RADIUS for communication between clients and servers?A TCP B SSL C UDP D SSH,C,20 Why should batch files and scripts be stored in a protected area?A Because of the least privilege concept.B Because they cannot be accessed by operators.C Because they may contain credentials.D Because of the need-to-know concept,C,21 A potential problem with an iris pattern biometric system is:A concern that the laser beam may cause eye damage.B the iris pattern changes as a person grows older.C there is a relatively high rate of false accepts.D the optical unit must be positioned so that the sun does not shine into the aperture,A,22 In biometric identification systems,false accept rate is associated with:A Type 2 errors B type 1 and type 2 errors C type 3 errors D type 1 errors,A,23 Ensuring least privilege does not require:A Identifying what the users job is.B Ensuring that the user alone does not have sufficient rights to subvert an important process.C Determining the minimum set of privileges required for a user to perform their duties.D Restricting the user to required privileges and nothing more,B,24 Which of the following is not a complement to an Intrusion Detection System(IDS)?A Honey pots B Firewalls C Padded cells D File integrity checkers,B,The throughput rate is the rate at which individuals,once enrolled,can be processed and identified or authenticated by a system.Acceptable throughput rates are in the range of:A 100 subjects per minute.B 25 subjects per minute.C 10 subjects per minute.D 50 subjects per minute,C,C,26 What is the primary goal of setting up a honeypot?A To lure hackers into attacking unused systems B To entrap and track down possible hackers C To set up a sacrificial lamb on the network D To know when an attack is in progress and to learn about attack techniques so the network can be fortified.,D,27 Which of the following is the least accepted biometric device?A Fingerprint B Iris scan C Retina scan D Voice verification,C,28 Which of the following usually provides reliable,real-time information without consuming network or host resources?A network-based IDS B host-based IDS C application-based IDS D firewall-based IDS,A,29 Which of the following is a trusted,third party authentication protocol that was developed under Project Athena at MIT?A Kerberos B SESAME C KryptoKnight D NetSP,A,30 Which of following is not a service provided by AAA servers(Radius,TACACS and DIAMETER)?A Authentication B Administration C Accounting D Authorization,B,31 The Terminal Access Controller Access Control System(TACACS)employs which of the following?A a user ID and static password for network access.B a user ID and dynamic password for network access.C a user ID and symmetric password for network access.D a user ID and asymmetric password for network access,A,32 How are memory cards and smart cards different?A Memory cards normally hold more memory than smart cards B Smart cards provide a two-factor authentication whereas memory cards dont C Memory cards have no processing power D Only smart cards can be used for ATM cards,C,33 Which type of control would password management classify as?A Compensating control B Detective control C Preventive control D Technical control,C,34 Why would anomaly detection IDSs often generate a large number of false positives?A Because they can only identify correctly attacks they already know about.B Because they are application-based are more subject to attacks.C Because they cant identify abnormal behavior.D Because normal patterns of user and system behavior can vary wildly.,D,35 Which of the following control pairing best describe logical controls or technical controls?A Preventive/Administrative B Preventive/Technical C Preventive/Physical D Detective/Administrative,B,36 A host-based IDS is resident on which of the following?A centralized hosts B decentralized hosts C certified hosts D bastion hosts,A,

此文档下载收益归作者所有

下载文档
你可能关注的文档
收起
展开