Vikas

CIS 502 Week 1 Chapter 1 Quiz 100 Correct 

CIS 502 Week 1 Chapter Q: Which of the following is an encrypted message that provides proof that a user is authorized to access an object?
  
Password
  
Ticket
  
Biometrics
  
Federated identity

Q: Consider the following scenario:

An administrator has been working within an organization for over 10 years. He has moved between different IT divisions within the company and has retained privileges from each of the jobs that he- had during his tenure. Recently, he has been admonished for making unauthorized changes to systems. He once again made an unauthorized change and this change resulted in an unexpected outage. Management decided to terminate his employment at the company. He was allowed to come back to work the following day to clean out his desk and belongings, and during this time he installed a malicious script that was scheduled to run as a logic bomb on the first day of the following month. The script will change administrator passwords, delete files, and shut down over 100 servers in the data center.

Which of the following basic principles was violated while the administrator was employed?
  
Least privilege
  
Implicit deny
  
Loss of availability
  
Defensive privileges


Q: Consider the following scenario:

An administrator has been working within an organization for over 10 years. He has moved between different IT divisions within the company and has retained privileges from each of the jobs that he- had during his tenure. Recently, he has been admonished for making unauthorized changes to systems. He once again made an unauthorized change and this change resulted in an unexpected outage. Management decided to terminate his employment at the company. He was allowed to come back to work the following day to clean out his desk and belongings, and during this time he installed a malicious script that was scheduled to run as a logic bomb on the first day of the following month. The script will change administrator passwords, delete files, and shut down over 100 servers in the data center.

What could have discovered problems with this user- account while he was employed?
  
Account review
  
Policy requiring strong authentication
  
Multifactor authentication
  
Logging
Q: Which of the following access control models allows the resource owner to control other users' accesses to the resource?
  
Discretionary access control
  
Role-based access control
  
Mandatory access control
  
Rule-based access control


Q: Which of the following is also referred to as non-discretionary access control?
  
WEP
  
WPA2
  
LBAC
  
RBAC

Q: In what manner should an access control model mainly work?
  
Preventive
  
Recovery
  
Corrective
  
Detective


Q: Which of the following is another name for crossover error rate (CER)?
  
False accept rate
  
Equal error rate
  
Failure to enroll rate
  
Failure to capture rate



Q: Which of the following access controls modifies the environment to return systems to normal after an unwanted or unauthorized activity has occurred?
  
Detective
  
Compensation
  
Corrective
  
Preventive


Q: Which of the following is a table that contains subjects, objects, and assigned privileges?
  
Access control list
  
Capability table
  
Capacity table
  
Access control matrix


Q: What does TACACS stand for?
  
Terminal Authorized Control Access Cyber System
  
Terminal Access Controller Access Control System
  
Terminal Adapter Controlling Access Control System
  
Transfer Access Controller Auto Control System

Q: Which of the following is the collection of tasks and duties that are involved in managing accounts, access, and accountability during the life of the account?
  
Account policy
  
User policy
  
Access control administration
  
Buffer overflow
.

Q: Which of the following is the process used to verify that the claimed identity is valid?
  
Authorization
  
Authentication
  
Nonrepudiation
  
Accountability


Q: Which of the following is a small, encrypted identification file with a limited validity period?
  
Federated identity
  
Password
  
Ticket granting ticket
  
Biometrics


Q: Which of the following is also referred to as technical access control?
  
Detective access control
  
Preventive access control
  
Logical access control
  
Deterrent access control


Q: Which of the following is a document that describes the scope of an organization's security requirements?
  
Account policy
  
User policy
  
Security policy
  
Registry policy


Q: Which of the following is the rate at which both accept and reject errors are equal?
  
False match rate
  
False non-match rate
  
Crossover error rate
  
Failure to enroll rate


Q: A large table includes multiple subjects and objects. It identifies the specific access each subject has to different objects. What is this table called?
  
Access control list
  
Access control matrix
  
Federation
  
Creeping privilege


Q: What does RADIUS stand for?
  
Router Authentication Dial-In User Service
  
Router Authentication Dial-In Uninterrupted Service
  
Remote Authentication Dial-In Uninterrupted Service
  
Remote Authentication Dial-In User Service


Q: Which of the following is the activity of gathering system information that will be used for monitoring and auditing to enable early detection of security problems?
  
Logging
  
Authorization
  
Provisioning
  
Encapsulation


Q: Which of the following refers to the creation, maintenance, and deactivation of user objects and attributes as they exist in one or more systems, directories, or applications in response to business processes?
  
Provisioning
  
Identification
  
Authorization
  
Authentication

Q: Which of the following developed the distributed computing environment (DCE) standard that is very similar to Kerberos?
  
Open Group
  
Dennis Ritchie
  
Oracle
  
Microsoft



Q: Consider the following scenario:

An administrator has been working within an organization for over 10 years. He has moved between different IT divisions within the company and has retained privileges from each of the jobs that he- had during his tenure. Recently, he has been admonished for making unauthorized changes to systems. He once again made an unauthorized change and this change resulted in an unexpected outage. Management decided to terminate his employment at the company. He was allowed to come back to work the following day to clean out his desk and belongings, and during this time he installed a malicious script that was scheduled to run as a logic bomb on the first day of the following month. The script will change administrator passwords, delete files, and shut down over 100 servers in the data center.

Which of the following concepts was not adequately addressed for the identity and access provisioning life cycle?
  
Separation of duties
  
Provisioning
  
Authentication methods
  
Revocation



Q: Which of the following controls will you use if you are authorized to access only the information that is essential for your work?
  
Role-based access control
  
Mandatory access control
  
Rule-based access control
  
Discretionary access control


Q: Which of the following access controls modifies the environment to return systems to normal after an unwanted or unauthorized activity has occurred?
  
Preventive
  
Corrective
  
Compensation
  
Detective

Q: Consider the following scenario:

An administrator has been working within an organization for over 10 years. He has moved between different IT divisions within the company and has retained privileges from each of the jobs that he- had during his tenure. Recently, he has been admonished for making unauthorized changes to systems. He once again made an unauthorized change and this change resulted in an unexpected outage. Management decided to terminate his employment at the company. He was allowed to come back to work the following day to clean out his desk and belongings, and during this time he installed a malicious script that was scheduled to run as a logic bomb on the first day of the following month. The script will change administrator passwords, delete files, and shut down over 100 servers in the data center.

Which of the following concepts was not adequately addressed for the identity and access provisioning life cycle?
  
Revocation
  
Authentication methods
  
Provisioning
  
Separation of duties
Answered
Other / Other
09 Jan 2016

Answers (1)

  1. Vikas
    Vikas
    09 Jan 2016
    Download Answer

    CIS 502 Week 1 Chapter 1 Quiz 100 Correct

    CIS 502 Week 1 C ****** ******
    To see full answer buy this answer.
    Answer Attachments

    1 attachments —

    • img
      Week_1Chapter_1194226.docx

Save Time & improve Grades

  • Questions Asked
  • Experts
  • Total Answered

Start Excelling in your courses, Ask an Expert and get answers for your homework and assignments!!

Our Amazing Features

  • Plagiarism Free Work

    Our experts provide 100 % original and customized work On time Delivery

  • 24*7 Customer Support

    We provide 24*7 online customer supports via online chat or email

  • Cover All Subject

    JQA is one stop solution for all subject’s Assignment. We can provide assignment help for almost all subjects.

  • Best Industry experts

    We have 1000+ PHD and Post Graduate experts.

Report As Dispute

Share Your Feedback

Give Review : A+ A B C D F