Exploring Control Types and Methods Flashcards

1
Q
Of the following choices, what type of control is least privilege?      
A. Corrective      
B. Technical      
C. Detective      
D. Preventative
A

B. The principle of least privilege is a technical control and ensures that users have only the rights and permissions needed to perform the job, and no more. A corrective control attempts to reverse the effects of a problem. A detective control (such as a security audit) detects when a vulnerability has been exploited. A preventative control attempts to prevent an incident from occurring.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
Of the following choices, what type of control is a vulnerability assessment?      
A. Corrective      
B. Management      
C. Detective      
D. Technical 3. Which of the
A

B. A vulnerability assessment is a management control and attempts to discover weaknesses in systems. A corrective control attempts to reverse the effects of a problem. A detective control (such as a security audit) detects when a vulnerability has been exploited. A technical control (such as the principle of least privilege) enforces security using technical means.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following is a preventative control that can prevent outages due to ad-hoc configuration errors?
A. Least privilege
B. A periodic review of user rights
C. Change management plan
D. Security audit

A

C. A change management strategy can prevent outages by ensuring that configuration changes aren’t made on an as-needed (ad-hoc) basis, but instead are examined prior to making the change; change management is also known as an operational control. The principle of least privilege is a technical control and ensures that users have only the rights and permissions needed to perform the job, and no more. A security audit is a detective control and a periodic review of user rights is a specific type of detective control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
Which of the following is a preventative control? 
A. Least privilege      
B. Security audit      
C. Security guard      
D. Periodic review of user rights
A

C. A security guard (armed or not armed) is a preventative physical security control. The principle of least privilege is a technical control and ensures that users have only the rights and permissions needed to perform the job, and no more. A security audit is a detective control and a periodic review of user rights is a specific type of detective control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
Your organization regularly performs routine security audits to assess the security posture. What type of control is this?      
A. Corrective      
B. Technical      
C. Detective     
D. Preventative
A

C. A security audit is a form of detective control, since it will detect when a vulnerability has been exploited after the fact. A corrective control attempts to reverse the effects of a problem. A technical control (such as the principle of least privilege) enforces security using technical means. A preventative control attempts to prevent an incident from occurring.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
Of the following choices, what is a detective security control?      
A. Change management      
B. HVAC      
C. CCTV      
D. User training
A

C. A closed-circuit television (CCTV) system can record activity and can detect what occurred as a detective security control. Change management is a preventative control. HVAC is an environmental control that is preventative. User training is preventative.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
An administrator is assigning access to users in different departments based on their job functions. What access control model is the administrator using?      
A. DAC      
B. MAC      
C. RBAC      
D. CAC
A

C. In a role-based access control (RBAC) model, roles are used to define rights and permissions for users. The DAC model specifies that every object has an owner, and the owner has full, explicit control of the object. The MAC model uses sensitivity labels for users and data. A CAC is an identification card that includes smart-card capabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
You manage user accounts for a sales department. You have created a sales user account template to comply with the principle of least privilege. What access control model are you following?      
A. DAC      
B. MAC      
C. RBAC      
D. DACL
A

C. The role-based access control (RBAC) model can use groups (as roles) with a user account template assigned to a group to ensure new users are granted access only to what they need, and no more. The DAC model specifies that every object has an owner, and the owner has full, explicit control of the object. The MAC model uses sensitivity labels for users and data. A DACL is an access control list used in the DAC model.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Windows systems protect files and folders with New Technology File System (NTFS). What access control model does NTFS use?
A. Mandatory access control (MAC)
B. Discretionary access control (DAC)
C. Rule-based access control (RBAC)
D. Implicit allow

A

B. Windows systems use the discretionary access control (DAC) model by default for NTFS files and folders. The MAC model uses labels. Rule-based access control uses rules to determine access. There is no such access control model as implicit allow. However, implicit deny is commonly used as the last rule in a firewall to indicate that all traffic not explicitly allowed is implicitly denied.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the purpose of a cipher lock system?
A. Control door access with a keypad
B. Control door access with a proximity card C. Control access to a laptop with biometrics D. Control access to laptop with a smart card

A

A. A cipher lock system is a door access security method and only opens after a user has entered the correct code into the cipher lock. A proximity card uses a proximity card reader, not a cipher lock. Biometric readers (such as a fingerprint reader) and smart cards can be used as authentication for systems such as laptop systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
What can you use to electronically unlock a door for specific users?      
A. Token      
B. Proximity card      
C. Physical key      
D. Certificate
A

B. Proximity cards are used as an additional access control in some areas to electronically unlock doors. A token (such as an RSA token) provides a rolling password for one-time use. A physical key does not electronically unlock a door. A certificate can be embedded in a smart card but, by itself, it would not electronically unlock a door.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
An organization wants to prevent unauthorized personnel from entering a secure workspace. Of the following choices, what can be used? (Choose two).      
A. Security guard      
B. Piggybacking      
C. CCTV     
D. Proximity cards
A

A, D. Security guards and proximity cards are valid methods to prevent unauthorized personnel from entering a secure workspace, such as a secure datacenter. Piggybacking (also called tailgating) occurs when one user follows closely behind another user without using credentials; it can be prevented with a mantrap. A CCTV can detect if an unauthorized entry occurred and provide reliable proof of the entry, but it can’t prevent it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
A company hosts a datacenter with highly sensitive data. Of the following choices, what can provide the best type of physical security to prevent unauthorized entry?      
A. Proximity card      
B. CCTV      
C. ID badges      
D. Mantrap
A

D. A mantrap is highly effective at preventing unauthorized entry and can also be used to prevent tailgating. A proximity card is useful as an access control mechanism, but it won’t prevent tailgating so it isn’t as useful as a mantrap. CCTV provides video surveillance, and it can record unauthorized entry, but it can’t prevent it. ID badges are useful if the entry is staffed with security guards, but won’t prevent unauthorized entry if used without security guards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
Two employees have entered a secure datacenter. However, only one employee provided credentials. How did the other employee gain entry?      
A. Mantrap      
B. HVAC      
C. Vishing      
D. Tailgating
A

D. Tailgating (also called piggybacking) occurs when one user follows closely behind another user without using credentials. A mantrap prevents tailgating. A heating, ventilation, and air-conditioning (HVAC) system can increase availability by ensuring that equipment doesn’t fail due to overheating. Vishing is a variant of phishing techniques and often combines social engineering tactics with Voice over IP (VoIP).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
Your organization has several portable USB drives that users are able to use to transfer large video files instead of copying them over the network. What should be used to prevent the theft of these drives when they are not being used?    
A. HSM      
B. TPM      
C. Video surveillance      
D. Locked cabinet
A

D. A locked cabinet should be used to help prevent the theft of unused assets. A hardware security module (HSM) is used to create and store encryption keys. A TPM is used for hardware encryption of entire drives. Video surveillance is useful to provide proof of someone entering or exiting a secure space, but is not needed to protect unused assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
Your organization requires users to create passwords of at least ten characters for their user accounts. Which of the following is being enforced?      
A. Password length      
B. Password complexity      
C. Password masking      
D. Password history
A

A. Requiring passwords of a specific number of characters is the password length element of a password policy. Password complexity requires the characters to be different types, such as uppercase, lowercase, numbers, and special characters. Password masking displays a special character, such as *, when users type in their password, instead of showing the password in clear text. Password history prevents users from reusing passwords.

17
Q
Your password policy includes a password history. What else should be configured to ensure that users aren’t able to easily reuse the same password?      
A. Maximum age      
B. Minimum age      
C. Password masking      
D. Password complexity
A

B. The minimum password age prevents users from changing the password again until some time has passed, such as one day. The maximum age forces users to periodically change their password, such as after sixty or ninety days. Password masking displays a special character, such as *, when users type in their password instead of showing the password in clear text. Password complexity ensures the password has a mixture of different character types and is sufficiently long.

18
Q

Your organization has a password policy that requires employees to change their passwords at least every forty-five days and prevents users from reusing any of their last five passwords. However, when forced to change their passwords, users are changing their passwords five more times to keep their original password. What can resolve this security vulnerability?
A. Modify the password policy to prevent users from changing the password until a day has passed
B. Modify the password policy to require users to change their password after a day has passed C. Modify the password policy to remember the last twelve passwords
D. Modify the password policy to remember the last twenty-four passwords

A

A. Password policies have a minimum password age setting, and if set to one day it will prevent users from changing their passwords until a day has passed. Requiring users to change their passwords every day wouldn’t resolve the problem and is not reasonable. The password history is currently set to remember the last five passwords. If you change the password history to remember the last twelve or twenty-four passwords, they can do the same thing described in the scenario to get back to their original password.

19
Q
A user has forgotten his password and calls the help desk for assistance. The help-desk professional will reset the password and tell the user the new password. What should the help desk professional configure to ensure the user immediately resets the password?      
A. Password complexity      
B. Password masking      
C. Password history      
D. Password expiration
A

D. Password expiration should be configured so that the user is forced to change the password the first time he logs on. This ensures the help-desk professional doesn’t know the user’s password once the user logs on. Password complexity ensures the password has a mixture of different character types and is sufficiently long. Password masking displays a special character, such as *, when users type in their password instead of showing the password in clear text. Password history prevents users from reusing passwords.

20
Q

Users in your network are required to change their passwords every sixty days. What is this an example of?
A. Password expiration requirement
B. Password history requirement
C. Password length requirement
D. Password strength requirement

A

A. A password policy can include a password expiration requirement (or a maximum age) that ensures that users change their passwords periodically, such as every sixty days or every ninety days. Password history prevents users from using previously used passwords. Password length ensures the password includes a minimum number of characters, such as at least eight characters. Password strength ensures the password uses a mixture of character types.

21
Q

Your company has hired a temporary contractor that needs a computer account for sixty days. You want to ensure the account is automatically disabled after sixty days. What feature would you use?
A. Account lockout
B. Account expiration
C. Deletion through automated scripting
D. Manual deletion

A

B. Most systems include a feature that allows you to set the expiration of an account when a preset deadline arrives. Account lockout locks out an account if an incorrect password is entered too many times. The scenario states you want to disable the account, not delete it.

22
Q
After an employee is terminated, what should be done to revoke the employee’s access?      
A. Expire the password      
B. Lock out the account      
C. Delete the account      
D. Disable the account
A

D. An account disablement policy would ensure that a terminated employee’s account is disabled to revoke the employee’s access. Expiring the password forces the user to change the password at the next logon. An account lockout policy locks out an account if an incorrect password is entered too many times. The account may be needed to access the user’s resources, so it is recommended to disable the account instead of deleting it.

23
Q

Management wants to prevent users in the Marketing Department from logging onto network systems between 6 p.m. and 5 a.m. How can this be accomplished?
A. Use time-of-day restrictions
B. Account expiration
C. Password expiration
D. Implement a detective control

A

A. Time-of-day restrictions can be used to prevent users from logging in at certain times, or even from making connections to network resources at certain times. Account expiration refers to when a temporary account is automatically disabled (such as expiring a temporary account after sixty days). Password expiration refers to the practice of setting a password to immediately expire after resetting it. A detective control won’t prevent a user from logging on but can detect it after it occurred.

24
Q
You have recently added a server to your network that will host data used and updated by employees. You want to monitor security events on the system. Of the following, what is the most important security event to monitor?      
A. Data modifications      
B. TCP connections      
C. UDP connections      
D. Account logon attempts
A

D. Of the choices, account logon attempts are the most important. Since the purpose of the system is to host data that is read and updated by employees, data modifications are not critical because they are expected to occur regularly. TCP and UDP are the primary protocols used when users connect to a server over a network, but it’s not important from a security perspective to monitor these events.