Chapter 13 – Managing Identity and Authentication

Question 1

1. Which of the following would not be an asset that an organization would want to protect with access controls?
   None of the above

Answer 1

None of the above

Question 2

2. Which of the following is true related to a subject?

The subject is always the entity that receives information about or data from an object.

Answer 2

The subject is always the entity that receives information about or data from an object.

Question 3

3. Which of the following types of access control uses fences, security policies, security awareness training, and antivirus software to stop an unwanted or unauthorized activity from occurring?
   Preventive

Answer 3

Preventive

Question 4

4. What type of access controls are hardware or software mechanisms used to manage access to resources and systems, and provide protection for those resources and systems?
   Logical/technical

Answer 4

Logical/technical

Question 5

5. Which of the best expresses the primary goal when controlling access to assets?
   Preserve confidentiality, integrity, and availability of systems and data.

Answer 5

Preserve confidentiality, integrity, and availability of systems and data.

Question 6

6. A user logs in with a login ID and a password. What is the purpose of the login ID?
   Identification

Answer 6

Identification

Question 7

7. Accountability requires all of the following items except one. Which item is not required for accountability?
   Authorization

Answer 7

Authorization

Question 8

8. What can you use to prevent users from rotating between two passwords?
   Password history

Answer 8

Password history

Question 9

9. Which of the following best identifies the benefit of a passphrase?
   It is easy to remember.

Answer 9

It is easy to remember.

Question 10

10. Which of the following is an example of a Type 2 authentication factor?
    Something you have

Answer 10

Something you have