Mixed Subject Flashcards

1
Q

a potential problem related to the physical installation of the iris scanner in regards to the usage of the iris pattern within a biometric system is:
a. concern the laser beam may cause eye damage
b. the iris pattern changes as a person grows older
c. there is a relatively high rate of false accepts
d. the optical unit must be positioned so that the sun does not shine into the aperture

A

d. the optical unit must be positioned so that the sun does not shine into the aperture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

In MAC (MANDATORY ACCESS CONTROL) sensitivity labels attached to object contain what information?
a. items classification
b. items classification and category set
c. items category
d. items need to know

A

b. items classification and category set

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How do we identify an organizations assets?
a. by its business drivers
b. its business mission
c. its business processess
d. all of the above

A

d. without knowing every aspect of the business it is almost impossible to correctly identify all of an organizations assets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Who makes decisions as to who should be allowed what kind of access to data. They must also ensure that data quality, integrity, and protection procedures are in place and working correctly.

subject, owner, controller, processor, data steward, data custodian or data protection officer?

A

owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Who is described by, identified by, or otherwise related to the data in question?

subject, owner, controller, processor, data steward, data custodian or data protection officer?

A

the subject

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Who determines the purposes and means for any actions involved with the use of personal data, either for an employee, customer, or any other person. Is held accountable to ensure that all actions required by the GDPR (or sim laws) are completed effectively and completely.

subject, owner, controller, processor, data steward, data custodian or data protection officer?

A

the controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Who performs the tasks necessary to acquire or generate, use, modify or properly dispose of the data.

subject, owner, controller, processor, data steward, data custodian or data protection officer?

A

the processor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Who is commonly responsible for data content, context and associated business rules within the organization.

subject, owner, controller, processor, data steward, data custodian or data protection officer?

A

the data steward

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Who is responsible for the protection of the data while it’s in their custody. That would mean safe custody, transport, storage and processing of the data and the understanding and compliance of polices in regard to the protection of the data.

subject, owner, controller, processor, data steward, data custodian or data protection officer?

A

data custodian

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

This role is appointed to advise the organization regarding all compliance aspects to process data regarding a subject also acts as interface to government agencies.

subject, owner, controller, processor, data steward, data custodian or data protection officer?

A

DPO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

We say that everyone is responsible for information security but who is ultimately responsible.
a. Everyone in the organization
b. IT security dept.
c. chief security information officer
d. senior leadership and management

A

d. senior leadership and management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the components of an objects sensitivity label
a. a classification set and single compartment
b. single classification and single compartment
c. classification set and user credentials
d. a single classification and a compartment set

A

d. a single classification and a compartment set

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

what does it mean to say that sensitivity labels are “incomparable”
a. the number of classifications in the two labels is different
b. neither label contains all the classifications of the other
c. the number of categories in the two labels are different.
d. neither label contains the categories of the other.

A

d. neither label contains the categories of the other.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

which of the following is true about kerberos?
a. it utilizes public key cryptography
b. it encrypts data after a ticket is granted, but passwords are exchanged in plain text.
c. it depends on symmetric ciphers.
d. it is a secondary party authentication system.

A

c. it depends on symmetric ciphers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

which of the following is needed for system accountability?
a. audit mechanisms
b. documented design as laid out in the common criteria.
c. authorization
d. formal verification of the system design.

A

a. audit mechanisms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

what is kerberos

A

a trusted third party authentication protocol

17
Q

The 3 classic ways of authenticating yourself to the computer security software are: something you _______, something you _________, and something you ________. KHA

A

know, have and are

18
Q

A timely review of system access audit records would be an example of which of the basic security functions?
a. avoidance
b. deterrence
c. prevention
d. detection

A

d. detection

19
Q

Which of the following exemplifies proper separation of duties?
a. operators are not permitted to modify the system time.
b. programmers are permitted to use the system console.
c. console operators are permitted to mount tapes and disks.
d. tape operators are permitted to use the system console.

A

a. operators are not permitted to modify the system time.

20
Q

Which of the following is not a logical control when implementing logical access security.
a. access profiles
b. userids
c. employee badges
d. passwords

A

c. employee badges

21
Q

Which of the following authentication mechanisms creates a problem for mobile users?
a. mechanisms based on IP addys
b. mechanism with reusable passwords.
c. one time password mechanism
d. challenge response mechanism.

A

a. mechanisms based on IP addys

22
Q

Organizations should consider which of the following first before allowing external access to their LANS via the internet.
a. plan for implementing workstation locking mechanisms
b. plan for protecting the modern pool.
c. plan for providing the user with his account usage information
d. plan for considering proper authentication protocols.

A

d. plan for considering proper authentication protocols.