Professional Documents
Culture Documents
Corporate Computer Security 4th Edition Boyle Test Bank Download
Corporate Computer Security 4th Edition Boyle Test Bank Download
2) ________ is the process of assessing the identity of each individual claiming to have
permission to use a resource.
A) Authorizations
B) Authentication
C) Accuracy
D) Auditing
Answer: B
Diff: 1
Question: 1b
3) ________ is the process of assessing the identity of each individual claiming to have
permission to use a resource.
A) Authorizations
B) Authentication
C) Both A and B
D) Neither A nor B
Answer: B
Diff: 1
Question: 1b
4) ________ is the process of collecting information about the activities of each individual in log
files for immediate and later analysis.
A) Authorizations
B) Authentication
C) Accuracy
1
Copyright © 2015 Pearson Education, Inc.
D) Auditing
Answer: D
Diff: 1
Question: 1b
5) Authentication is the process of collecting information about the activities of each individual
in log files for immediate and later analysis.
Answer: FALSE
Diff: 1
6) Which of the following is one of the four bases for authentication credentials?
A) What you know
B) What you have
C) Both A and B
D) Neither A nor B
Answer: C
Diff: 1
9) In the military, departments do not have the ability to alter access control rules set by higher
authorities in ________.
A) policy-based access control
B) mandatory access control
C) discretionary access control
D) multilevel access control
Answer: B
Diff: 1
Question: 2a
10) In ________ the department has discretion over giving access to individuals, within policy
2
Copyright © 2015 Pearson Education, Inc.
standards set by higher authorities.
A) policy-based access control
B) mandatory access control
C) discretionary access control
D) delegated access control
Answer: C
Diff: 1
Question: 2a
3
Copyright © 2015 Pearson Education, Inc.
11) In military security, the term multilevel security means multifactor security.
Answer: FALSE
Diff: 2
Question: 2b
15) On loading docks, outgoing shipments should be separated from incoming shipments
________.
A) to ensure the segregation of duties
B) to avoid confusion
C) to reduce the risk of theft
D) All of the above
Answer: C
Diff: 2
Question: 3f
16) Which of the following is not one of the rules for working in secure areas?
A) Unsupervised work in secure areas should be avoided.
B) When no one is in a secure area, it should be locked and verified periodically.
C) No one should be allowed to work in secure areas for more than four hours in a row.
D) Electronic devices that can record or copy mass amounts of information should be forbidden
in secure areas.
Answer: C
Diff: 2
Question: 3h
4
Copyright © 2015 Pearson Education, Inc.
17) Which of the following should be forbidden in secure areas?
A) Cameras
B) USB flash drives
C) Both A and B
D) Neither A nor B
Answer: C
Diff: 1
Question: 3h
18) Placing sensitive equipment in secure areas to minimize potential threats and damage is
called siting.
Answer: TRUE
Diff: 1
Question: 4a
19) ________ can be used to supply power during long power outages.
A) Uninterruptable power supplies
B) Electrical generators
C) Both A and B
D) Neither A nor B
Answer: B
Diff: 2
Question: 4b
21) Buildings should be set back from streets and protected with rolling hill landscaping to
reduce threats from ________.
A) wireless eavesdropping
B) industrial espionage
C) casual observation
D) terrorism
Answer: D
Diff: 2
Question: 5a
5
Copyright © 2015 Pearson Education, Inc.
22) ________ is a social engineering trick where an intruder may follow an authorized user
through a door that the authorized user opens with an access device.
A) Shoulder surfing
B) Shadowing
C) Trailing
D) Piggybacking
Answer: D
Diff: 1
Question: 5b
23) It is illegal to go through a company's trash bins even if the trash bins are outside the
corporation.
Answer: FALSE
Diff: 1
Question: 5e
24) Most users who have access to servers use reusable passwords for authentication.
Answer: TRUE
Diff: 1
Question: 6a
26) Password cracking is usually done over the network by trying many passwords to log into an
account.
Answer: FALSE
Diff: 1
Question: 6b
27) Long passwords that use several types of keyboard characters are called ________
passwords.
A) complex
B) reusable
C) dictionary
D) one-time
Answer: A
Diff: 1
Question: 7a
6
Copyright © 2015 Pearson Education, Inc.
28) The book recommends that passwords be at least ________ characters long.
A) 6
B) 8
C) 20
D) 100
Answer: B
Diff: 1
Question: 9a
30) It is very important for testers to get permission before running a password cracking program
on their company's computers to check for weak passwords even if such testing is in their job
definitions.
Answer: TRUE
Diff: 1
Question: 9c
31) Users should select very long and complex passwords and use the same password at all sites
for auditability.
Answer: FALSE
Diff: 1
Question: 10a
34) In high-risk environments, password reset risks are reduced by requiring the user's physical
presence.
Answer: TRUE
Diff: 2
Question: 10h
7
Copyright © 2015 Pearson Education, Inc.
35) Passwords offer reasonable security at reasonable cost and will likely continue to increase in
importance in the future.
Answer: FALSE
Diff: 1
Question: 11
36) A ________ card is an access card that has a built-in microprocessor and memory.
A) magnetic stripe
B) smart
C) Both A and B
D) Neither A nor B
Answer: B
Diff: 2
Question: 12a
37) A magnetic stripe card is an access card that has a built-in microprocessor and memory.
Answer: FALSE
Diff: 1
Question: 12a
39) A ________ is a small device with a display that has a number that changes frequently.
A) one-time-password token
B) USB token
C) magnetic stripe card
D) None of the above
Answer: A
Diff: 1
Question: 12b
40) A ________ is a small device that plugs into a standard computer port to identify the owner.
A) one-time-password token
B) USB token
C) magnetic stripe card
D) smart card
Answer: B
Diff: 1
Question: 12c
8
Copyright © 2015 Pearson Education, Inc.
41) A ________ does not require a special reader to be added to a PC for access control.
A) USB token
B) magnetic stripe card
C) smart card
D) All of the above
Answer: A
Diff: 2
Question: 12e
44) During enrollment, the scanner sends ________ to the authentication system.
A) scan data
B) key features
C) Both A and B
D) Neither A nor B
Answer: B
Diff: 2
Question: 15a
45) The template is based on ________ generated during the enrollment scan.
A) scan data
B) key features
C) Both A and B
D) Neither A nor B
Answer: B
Diff: 2
Question: 15d
9
Copyright © 2015 Pearson Education, Inc.
46) In biometric, a match occurs when a ________ meets the decision criteria.
A) set of key features
B) match index
C) Both A and B
D) Neither A nor B
Answer: B
Diff: 1
Question: 16a
49) For computer access, a false ________ means that a legitimate user is denied access to a
resource.
A) rejection
B) acceptance
C) Both A and B
D) Neither A nor B
Answer: A
Diff: 1
Question: 16d
50) From a security viewpoint, a false acceptance is always worse than a false rejection.
Answer: FALSE
Diff: 2
Question: 16f
51) For watch lists of criminals, a false ________ means that an innocent person is identified as a
criminal.
A) acceptance
B) rejection
C) Both A and B
D) Neither A nor B
Answer: A
Diff: 3
Question: 17a
10
Copyright © 2015 Pearson Education, Inc.
52) For watch lists of criminals, a false acceptance is worse than a false rejection from a security
viewpoint.
Answer: FALSE
Diff: 3
Question: 17b
53) Identification is the process where the verifier determines whether the supplicant is a
particular person that the supplicant claims who he or she is.
Answer: FALSE
Diff: 3
Question: 19a
54) Verification is the process where the verifier determines the identity of the supplicant.
Answer: FALSE
Diff: 2
Question: 19a
55) The verifier itself determines the identity of the supplicant in ________.
A) verification
B) identification
C) Both A and B
D) Neither A nor B
Answer: B
Diff: 2
Question: 19a
56) Verification requires more matches against templates than does identification.
Answer: FALSE
Diff: 2
Question: 19b
57) Identification requires more matches against templates than does verification.
Answer: TRUE
Diff: 2
Question: 19b
11
Copyright © 2015 Pearson Education, Inc.
59) ________ is a form of identification that identifies a person as being a member of a group.
A) RBAC
B) Watch list matching
C) Group ID matching
D) Group acceptance
Answer: B
Diff: 1
Question: 19d
60) When an attacker deliberately attempts to fool the system, this is called ________.
A) deception
B) a false acceptance
C) a false rejection
D) All of the above.
Answer: A
Diff: 1
Question: 21a
61) Fingerprint scanning, which is often deceived, may be acceptable for entry into a non-
sensitive supplies cabinet.
Answer: TRUE
Diff: 2
Question: 21b
62) Because fingerprint scanning is often deceived, it should never be used as a security
measure.
Answer: FALSE
Diff: 3
Question: 21b
12
Copyright © 2015 Pearson Education, Inc.
65) Fingerprint recognition should be used as a security measure for access to ________.
A) a non-essential supply cabinet
B) a notebook containing sensitive information
C) Both A and B
D) Neither A nor B
Answer: A
Diff: 2
Question: 22c
13
Copyright © 2015 Pearson Education, Inc.
70) The most widely used form of biometrics is ________.
A) retinal scanning
B) iris scanning
C) fingerprint scanning
D) face recognition
Answer: C
Diff: 1
Question: 23f
73) A firm can be its own certificate authority for internal users.
Answer: TRUE
Diff: 1
Question: 24c
14
Copyright © 2015 Pearson Education, Inc.
76) In the context of PKI, ________ is the process of accepting public keys and providing new
digital certificates to the users.
A) provisioning
B) reflection
C) coordination
D) certification
Answer: A
Diff: 1
Question: 24g
77) The ________ authentication problem is that unless individuals are carefully vetted before
being allowed in a system, imposters can simply enroll through social engineering.
A) core
B) prime
C) final
D) human
Answer: B
Diff: 1
Question: 24h
80) The principle of ________ states that each person should only get the permissions that he or
she absolutely needs to do his or her job.
A) appropriate authorizations
B) least permissions
C) minimization
D) All of the above.
Answer: B
Diff: 1
Question: 25c
15
Copyright © 2015 Pearson Education, Inc.
81) When assigning initial permissions, it is good to add more permissions than strictly
necessary and then remove permissions if appropriate.
Answer: FALSE
Diff: 2
Question: 25d
82) When assigning initial permissions, it is good to give the least permissions believed to be
necessary and then add permissions if appropriate.
Answer: TRUE
Diff: 2
Question: 25d
83) If a firewall lacks the processing power to handle incoming traffic, it will drop any packets it
cannot process. This is ________.
A) a security failure
B) failing safely
C) Both A and B
D) Neither A nor B
Answer: B
Diff: 3
Question: 25f
84) ________ record(s) and analyzes what a person or program actually did.
A) Authentication
B) Authorizations
C) Auditing
D) All of the above
Answer: C
Diff: 1
Question: 26a
16
Copyright © 2015 Pearson Education, Inc.
86) Which of the following is not one of the devices in RADIUS central authentication?
A) The supplicant
B) The verifier
C) The authenticator
D) The RADIUS central authentication server
Answer: B
Diff: 2
Question: 27a
87) In Kerberos, the ________ is the supplicant's proof that it has already authenticated itself
with the Kerberos Server.
A) ticket granting ticket
B) service ticket
C) Both A and B
D) Neither A nor B
Answer: A
Diff: 2
Question: 28a
88) In Kerberos, the ________ is an encrypted session key that only the verifier can decrypt.
A) ticket granting ticket
B) service ticket
C) Both A and B
D) Neither A nor B
Answer: B
Diff: 3
Question: 28a
89) In Kerberos, the ________ is sent from the Kerberos server to the supplicant.
A) ticket granting ticket
B) service ticket
C) Both A and B
D) Neither A nor B
Answer: C
Diff: 2
Question: 28a
90) In Kerberos, the ________ is sent from the Kerberos server to the verifier.
A) ticket granting ticket
B) service ticket
C) Both A and B
D) Neither A nor B
Answer: D
Diff: 3
Question: 28a
17
Copyright © 2015 Pearson Education, Inc.
91) The ________ gives the verifier a symmetric session key.
A) ticket-granting ticket
B) service ticket
C) Both A and B
D) Neither A nor B
Answer: B
Diff: 2
Question: 28b
92) In Kerberos, the Kerberos server sends the Service Ticket directly to the supplicant rather
than directly to the verifier.
Answer: TRUE
Diff: 2
Question: 28c
93) In Kerberos, the verifier is explicitly notified that the supplicant has been authenticated.
Answer: FALSE
Diff: 3
Question: 28d
18
Copyright © 2015 Pearson Education, Inc.
97) LDAP can be used ________.
A) to update information in the directory server
B) to retrieve data from the directory server
C) Both A and B
D) Neither A nor B
Answer: C
Diff: 2
Question: 30
102) Microsoft domains can be organized into trees, and trees can be organized into forests.
Answer: TRUE
Diff: 2
Question: 32g
19
Copyright © 2015 Pearson Education, Inc.
103) Replication between a domain controller in a child domain and a domain controller in its
parent domain is ________.
A) total
B) partial
C) nonexistent
D) intransitive
Answer: B
Diff: 2
Question: 32i
104) If Directory Server A trusts Directory Server B and Directory Server B trusts Directory
Server C then Directory Server A MUST trust Directory Server C.
Answer: FALSE
Diff: 3
Question: 33a
105) If Directory Server A trusts Directory Server B, Directory Server B trusts Directory Server
C, and Directory Server A trusts Directory Server C, this is ________ trust.
A) Mutual
B) One-way
C) Transitive
D) Intransitive
Answer: C
Diff: 1
Question: 33b
106) If Directory Server A trusts Directory Server Band Directory Server B trusts Directory
Server A, this is ________ trust.
A) Mutual
B) One-way
C) Transitive
D) Intransitive
Answer: A
Diff: 1
Question: 33b
107) Directory servers from different vendors are synchronized through ________.
A) LDAP
B) central authentication servers
C) AD servers
D) None of the above
Answer: D
Diff: 2
Question: 34a
20
Copyright © 2015 Pearson Education, Inc.
108) ________ servers synchronize directory servers from different vendors.
A) Synchronization
B) LDAP
C) Metadirectory
D) Central authentication
Answer: C
Diff: 1
Question: 34b
109) In federated identity management, firms do not query one another's identity management
databases.
Answer: TRUE
Diff: 1
Question: 35a
111) A(n) ________ is a statement from Firm A that Firm B should accept as true if Firm B
trusts Firm A.
A) certification
B) assertion
C) certificate
D) attribute
Answer: B
Diff: 1
Question: 35e
113) The main standards used by firms to send security assertions to one another is LDAP.
Answer: FALSE
Diff: 1
Question: 35g
21
Copyright © 2015 Pearson Education, Inc.
114) The standard for sending security assertions is ________.
A) LDAP
B) XML
C) SAML
D) None of the above
Answer: C
Diff: 1
Question: 35g
116) ________ is the centralized policy based management of all information required for access
to corporate systems by people, machines, programs, or other resources.
A) Directory service
B) Meta-directory service
C) Identity management
D) Meta-identity management
Answer: C
Diff: 1
Question: 36a
118) ________ allows a user to authenticate him or herself to the identity management server
once; thereafter, whenever the user asks for access to another server, no additional logins are
required.
A) RSO
B) SSO
C) TSO
D) None of the above
Answer: B
Diff: 1
Question: 36a
22
Copyright © 2015 Pearson Education, Inc.
119) ________ is possible today.
A) Single sign-on
B) Reduced sign-on
C) Both A and B
D) Neither A nor B
Answer: B
Diff: 2
Question: 36e
120) A(n) ________ is the set of attributes about a person or resource that must be revealed in a
particular context.
A) template
B) subtemplate
C) identity
D) None of the above
Answer: C
Diff: 2
Question: 36f
121) As far as possible, identities should be managed by people closest to the situation.
Answer: TRUE
Diff: 2
Question: 37b
122) Self-service identity management should be used to change a ________ in the identity
database.
A) password
B) telephone number
C) Both A and B
D) Neither A nor B
Answer: B
Diff: 2
Question: 37d
124) The amount of money companies should spend on identity management can be measured
through risk analysis.
Answer: TRUE
Diff: 1
Question: 38c
23
Copyright © 2015 Pearson Education, Inc.