click below
click below
Normal Size Small Size show me how
CompTIA Serurity +1
Question | Answer |
---|---|
Which control access mechanism provides the owner of an object the opportunity to determine the access control permission for other subjects? | Discretionary access control provides the owner of an object the opportunity to determine the access control permissions for other subjects. |
What is the most common form of authentication used? | Usernamepassword is the single most authenication mechanism in use today. |
A Retinal scan device is an example of authentication mechanism? | A retinal scan is an example of a biometric device, which falls into the category of something about you/something you are. |
Which of the following is true about the security principle of implicit deny? | The basic premise of implicit deny is that an action is allowed only if a specific rule states that it is acceptable. |
From a security standpoint, what are the benefits of job rotation? | It provides everybody with a better perspective of the issues surrounding security and lessons the impact of losing any individual employee since others can assume their duties. |
What was described in the chapter as being essential in order to implement mandatory access controls? | Labels were discussed as being required for both objects and subjects in order to implement mandatory access controls. |
The CIA of security includes? | Confidentiality, Integrity, Availablility. |
Security through obscurity is an approach to security that is sometimes used but that is dangerous to rely on. It attempts to do the following? | Prtotect date by relying on attackers not being able to discover the hidden, confusing, or obscure mechanism being used as opposed to employing any real security practices or devices. |
The fundamental approach to security in which an object has only the necessary rights and privileges to perform its task with no additional permissions is a description of? | Least privilege. |
Which access control technique discussed relies on a set of rules to determine whether access to an object will be granted or not? | Rule-based access control relies on a set of rules to determine whether access to an object will be granted or not. |
The security principle that ensures that no critical function can be executed by any single individual (by dividing the function into multiple tasks that can't all be executed by the same individual) is known as? | The separation of duties principle ensures that no critical function can be executed by any single individual. |
The ability of a subject to interact with an object is described as? | Access is the ability of a subject to interact with an object. |
Information security places the focus of security efforts on? | Information security places the focus of the security efforts on the data (information). |
In role-based access control, which of the following is true? | A set of rules that the user may perform will be assigned to each user, thus controlling what the user can do and what information he or she can access. |
Using different types of firewalls to protect various internal subnets is an example of? | Diversity of defense. The idea is to provide different types of security and not rely too heavily on any one type of product. |