[2] CISSP – MCQ – Access Control Systems

CISSP Multiple Choice Questions MCQ With Answers Techhyme

This article offers you a solid foundation for the Certified Information Systems Security Professional (CISSP) exam. This article is designed for readers and students who want to study for the CISSP certification exam.

The CISSP exam is governed by the International Information Systems Security Certification Consortium, Inc. (ISC)2 organization.

  1. CISSP – MCQ – Security Management Practices
  2. CISSP – MCQ – Access Control Systems
  3. CISSP – MCQ – Telecommunications and Network Security
  4. CISSP – MCQ – Cryptography
  5. CISSP – MCQ – Security Architecture and models
  6. CISSP – MCQ – Operations Security
  7. CISSP – MCQ – Applications and Systems Development
  8. CISSP – MCQ – Business Continuity Planning and Disaster Recovery Planning
  9. CISSP – MCQ – Law, Investigation and Ethics
  10. CISSP – MCQ – Physical Security
  11. CISSP – MCQ – Systems Security Engineering
  12. CISSP – MCQ – Certification and Accreditation
  13. CISSP – MCQ – Technical Management
  14. CISSP – MCQ – U.S. Government Information Assurance (IA) Regulations

(ISC)2 is a global not-for-profit organization. It has four primary mission goals:

  • Maintain the Common Body of Knowledge for the field of information systems security
  • Provide certification for information systems security professionals and practitioners
  • Conduct certification training and administer the certification exams
  • Oversee the ongoing accreditation of qualified certification candidates through continued education

In this article, all the questions are related to “Technical Management” and are as follows:

1) The goals of integrity do NOT include:

  • Accountability of responsible individuals
  • Prevention of the modification of information by unauthorized users
  • Prevention of the unauthorized or unintentional modification of information by authorized users
  • Preservation of internal and external consistency

2) Kerberos is an authentication scheme that can be used to implement:

  • Public key cryptography
  • Digital signatures
  • Hash functions
  • Single Sign-On (SSO)

3) The Fundamental entity in a relational database is the:

  • Domain
  • Relation
  • Pointer
  • Cost

4) In a relational database, security is provided to the access of data through:

  • Candidate keys
  • Views
  • Joins
  • Attributes

5) In biometrics, a one-to-one search to verify an individual’s claim of an identity is called:

  • Audit trail review
  • Authentication
  • Accountability
  • Aggregation

6) Biometrics is used for identification in the physical controls and for authentication in the:

  • Detective controls
  • Preventive controls
  • Logical controls
  • Corrective controls

7) Referential integrity requires that for any foreign key attribute, the referenced relation must have:

  • A tuple with the same value for its primary key
  • A tuple with same value for its secondary key
  • An attribute with the same value for its secondary key
  • An attribute with the same value for its other foreign key

8) A password that is the same for each logon is called a:

  • Dynamic password
  • Static password
  • Passphrase
  • One-time pad

9) Which one of the following is NOT an access attack?

  •  Spoofing
  • Back door
  • Dictionary
  • Penetration test

10) An attack that uses a detailed listing of common passwords and words in general to gain unauthorized access to an information system is BEST described as:

  • Password guessing
  • Software exploitation
  • Dictionary attack
  • Spoofing

11) A statistical anomaly-based intrusion detection system:

  • Acquires data to establish a normal system operating profile
  • Refers to a database of known attack signatures
  • Will detect an attack that does not significantly change the system’s operating characteristics
  • Does not report an event that caused a momentary anomaly in the system

12) Which one of the following definitions BEST describes system scanning?

  • An attack that uses dial-up modems or asynchronous external connections to an information system in order to bypass information security control mechanisms.
  • An attack that is perpetrated by intercepting and saving old messages and then sending them later, impersonating one of the communicating parties.
  • Acquisition of information that is discarded by an individual or organization.
  • A process used to collect information about a device or network to facilitate an attack on an information system.

13) In which type of penetration test does the testing team have access to internal system code?

  • Closed box
  • Transparent box
  • Open box
  • Coding box

14) A standard data manipulation and relational database definition language is:

  • OOD
  • SQL
  • SLL
  • Script

15) An attack that can be perpetrated against a remote user’s callback access control is:

  • Call forwarding
  • A Trojan horse
  • A maintenance hook
  • Redialing

16) The definition of CHAP is:

  • Confidential Hash Authentication Protocol
  • Challenge Handshake Authentication Protocol
  • Challenge Handshake Approval Protocol
  • Confidential Handshake Approval Protocol

17) Using symmetric key cryptography, Kerberos authenticates clients to other entities on a network and facilitates communications through the assignment of:

  • Public keys
  • Session keys
  • Passwords
  • Tokens

18) Three things that must be considered for the planning and implementation of access control mechanisms are:

  • Threats, assets, and objectives
  • Threats, vulnerabilities, and risks
  • Vulnerabilities, secret keys, and exposures
  • Exposures, threats, and countermeasures

19) In mandatory access control, the authorization of a subject to have access to an object is dependent upon:

  • Labels
  • Roles
  • Tasks
  • Identity

20) The type of access control that is used in Local, dynamic situations where subjects have the ability to specify what resources certain users can access is called:

  • Mandatory access control
  • Rule-based access control
  • Sensitivity-based access control
  • Discretionary access control

21) Role-based access control is useful when:

  • Access must be determined by the labels on the data.
  • There are frequent personnel changes in an organization.
  • Rules are needed to determine clearances.
  • Security clearances must be used.

22) Clipping levels are used to:

  • Limit the number of letters in a password.
  • Set thresholds for voltage variations.
  • Reduce the amount of data to be evaluated in audit logs.
  • Limit errors in callback systems.

23) Identification is:

  • A user being authenticated by the system
  • A user providing a password to the system
  • A user providing a shared secret to the system
  • A user professing an identity to the system

24) Authentication is:

  • The verification that the claimed identity is valid
  • The presentation of a user’s ID to the system
  • Not accomplished through the use of a password
  • Applied only to remote users

25) An example of two-factor authentication is:

  • A password and an ID
  • An ID and a PIN
  • A PIN and an ATM card
  • A fingerprint

26) In biometrics, a good measure of the performance of a system is the:

  • False detection
  • Crossover Error Rate (CER)
  • Positive acceptance rate
  • Sensitivity

27) In finger scan technology:

  • The full fingerprint is stored.
  • Features extracted from the fingerprint are stored.
  • More storage is required than in fingerprint technology.
  • The technology is applicable to large, one-to-many database searches.

28) An acceptable biometric throughput rate is:

  • One subject per two minutes
  • Two subjects per minute
  • Ten subjects per minute
  • Five subjects per minute

29) Which one of the following is NOT a type of penetration test?

  • Sparse knowledge test
  • Full knowledge test
  • Partial knowledge test
  • Zero knowledge test

30) Object-Oriented Database (OODB) systems:

  • Are ideally suited for text-only information
  • Require minimal learning time for programmers
  • Are useful in storing and manipulating complex data, such as images and graphics
  • Consume minimal system resources

Leave a Reply