Module I Certification Quiz

Approved & Edited by ProProfs Editorial Team

The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.

Learn about Our Editorial Process

| By Vtgamer

Vtgamer

Community Contributor

Quizzes Created: 5 | Total Attempts: 3,928

Questions: 114 | Attempts: 196 | Updated: Mar 21, 2023

Questions

Settings

Feedback

During the Quiz End of Quiz

Play as

Quiz Flashcard

Create your own Quiz

Just a try to see if it can be done before Odie wakes up.

Questions and Answers

1.

Who is responsible for establishing access permissions to network resources in the Discretionary Access Control (DAC) access control model?
- A.
  
  The system administrator and the owner of the resource
- B.
  
  The owner of the resource
- C.
  
  The user requiring access to the resource
- D.
  
  The system administrator
Correct Answer
B. The owner of the resource

Explanation
In the Discretionary Access Control (DAC) access control model, the owner of the resource is responsible for establishing access permissions to network resources. This means that the owner has the discretion to determine who can access the resource and what level of access they have. The system administrator may assist in managing and enforcing these permissions, but ultimately it is the owner's responsibility to set them. The user requiring access to the resource does not have the authority to establish access permissions in this model.

Rate this question:
2.

Users need to access their email and several secure applications from any workstation on the network. In addition, an authentication system implemented by the administrator requires the use of a username, password, and a company issued smart card. This is an example of which of the following?
- A.
  
  SSO
- B.
  
  Three factor authentication
- C.
  
  Least privilege
- D.
  
  ACL
Correct Answer
A. SSO

Explanation
This scenario is an example of Single Sign-On (SSO). SSO allows users to access multiple applications and systems with a single set of credentials. In this case, the users need to access their email and secure applications, and the authentication system requires a username, password, and a company-issued smart card. With SSO, users only need to authenticate once, using their smart card, and they can then access all the necessary resources without having to re-enter their credentials for each application or system. This improves convenience and security by reducing the need for multiple passwords and credentials.

Rate this question:
3.

As a network administrator, your company uses the RBAC (Role Based Access Control) model. You must plan the security strategy for user to access resources on the network. These resources include mailboxes and files and printers. The departments in your company are Finance, Sales, Research and Development, and Production. Users access the resources based on the department wherein he/she works. Which roles should you create to support the RBAC (Role Based Access Control) model?
- A.
  
  Create user and workstation roles
- B.
  
  Create mailbox, and file and printer roles
- C.
  
  Create Finance, Sales, Research and Development, and Production roles
- D.
  
  Create allow access and deny access roles.
Correct Answer
C. Create Finance, Sales, Research and Development, and Production roles

Explanation
The RBAC (Role Based Access Control) model is based on assigning roles to users based on their job responsibilities or departments. In this scenario, the company has different departments such as Finance, Sales, Research and Development, and Production. To support the RBAC model, it is necessary to create roles for each department. This will allow users to access resources such as mailboxes, files, and printers based on the department they work in. Therefore, creating Finance, Sales, Research and Development, and Production roles is the correct answer.

Rate this question:
4.

Choose the terminology or concept which best describes a (Mandatory Access Control) MAC model.
- A.
  
  Bell La-Padula
- B.
  
  BIBA
- C.
  
  Clark and Wilson
- D.
  
  Lattice
Correct Answer
D. Lattice

Explanation
A Lattice model is the most appropriate terminology to describe a Mandatory Access Control (MAC) model. In a MAC model, access to resources is based on predefined rules and policies that are enforced by the system. A Lattice model represents the different levels of security and access permissions in a hierarchical structure, with each level having a defined set of rules and restrictions. This ensures that access to resources is strictly controlled and only allowed based on the security clearance level of the user. The Bell La-Padula, BIBA, and Clark and Wilson models are also security models but are not specifically related to MAC.

Rate this question:
5.

Which of the following will restrict access to files according to the identity of the user or group? Choose one answer.
- A.
  
  DAC
- B.
  
  MAC
- C.
  
  PKI
- D.
  
  CRL
Correct Answer
A. DAC

Explanation
DAC stands for Discretionary Access Control, which is a method of restricting access to files based on the identity of the user or group. With DAC, the owner of a file or directory can set permissions to determine who can access it and what actions they can perform. This allows for fine-grained control over access to files, ensuring that only authorized users or groups can access sensitive information. DAC is a commonly used access control mechanism in operating systems and file systems.

Rate this question:
6.

Users would not like to enter credentials to each server or application to conduct their normal work. Which type of strategy can solve this problem?
- A.
  
  Two-factor authentication
- B.
  
  Smart card
- C.
  
  SSO
- D.
  
  Biometrics
Correct Answer
C. SSO

Explanation
Single Sign-On (SSO) is a strategy that can solve the problem of users having to enter credentials for each server or application they need to access. With SSO, users only need to authenticate once, usually through a central authentication server, and then they can access multiple systems and applications without having to enter their credentials again. This saves time and improves user experience by eliminating the need for repetitive login processes.

Rate this question:
7.

Giving each user or group of users only the access they need to do their job is an example of which of the following security principals?
- A.
  
  Least privilege
- B.
  
  Access control
- C.
  
  Defense in depth
- D.
  
  Separation of duties
Correct Answer
A. Least privilege

Explanation
The principle of least privilege states that users should only be given the minimum level of access necessary to perform their job functions. By giving each user or group of users only the access they need, organizations can minimize the risk of unauthorized access or misuse of sensitive information. This principle helps to limit the potential damage that can be caused by a compromised account or insider threat.

Rate this question:
8.

Which security measure should be used while implementing access control?
- A.
  
  Time of day restrictions
- B.
  
  Password complexity requirements
- C.
  
  Disabling SSID broadcast
- D.
  
  Changing default passwords
Correct Answer
B. Password complexity requirements

Explanation
Password complexity requirements should be used while implementing access control because they help ensure that passwords are strong and not easily guessable. By requiring users to create passwords that include a combination of uppercase and lowercase letters, numbers, and special characters, the likelihood of unauthorized access is reduced. Password complexity requirements also encourage users to regularly update their passwords, further enhancing security.

Rate this question:
9.

Which of the following is correct about an instance where a biometric system identifies unauthorized users and allows them access? Choose one answer.
- A.
  
  False acceptance
- B.
  
  False positive
- C.
  
  False rejection
- D.
  
  False negative
Correct Answer
A. False acceptance

Explanation
False acceptance refers to a situation where a biometric system incorrectly identifies unauthorized users as authorized and grants them access. In other words, the system fails to accurately distinguish between authorized and unauthorized individuals, leading to false acceptance of unauthorized users.

Rate this question:
10.

Which of the following access control models uses subject and object labels? Choose one answer.
- A.
  
  Rule Based Access Control (RBAC)
- B.
  
  Mandatory Access Control (MAC)
- C.
  
  Role Based access Control (RBAC)
- D.
  
  Discretionary Access Control (DAC)
Correct Answer
B. Mandatory Access Control (MAC)

Explanation
Mandatory Access Control (MAC) is the correct answer because it is an access control model that uses subject and object labels. In MAC, each subject and object is assigned a label, and access decisions are based on these labels. The labels determine the level of sensitivity or classification of the subject or object, and access is granted or denied based on the rules defined by the system administrator. This ensures that only subjects with the appropriate labels can access objects with matching labels, providing a high level of security and control.

Rate this question:
11.

Which password management system best provides for a system with a large number of users? Choose one answer.
- A.
  
  Locally saved passwords management systems
- B.
  
  Synchronized passwords management systems
- C.
  
  Self service password reset management systems
- D.
  
  Multiple access methods management systems
Correct Answer
C. Self service password reset management systems

Explanation
Self service password reset management systems are the best option for a system with a large number of users because they allow users to reset their passwords on their own without the need for assistance from IT support. This helps to reduce the workload on IT staff and improves efficiency. Additionally, self service password reset systems often include security measures such as multi-factor authentication to ensure the security of the password reset process.

Rate this question:
12.

Which of the following types of authentication BEST describes providing a username, password and undergoing a thumb print scan to access a workstation?
- A.
  
  Biometric
- B.
  
  Kerberos
- C.
  
  Mutual
- D.
  
  Multifactor
Correct Answer
D. Multifactor

Explanation
Multifactor authentication is the best description for providing a username, password, and undergoing a thumbprint scan to access a workstation. This is because multifactor authentication involves using multiple factors or methods to verify the identity of a user. In this case, the username and password serve as one factor, while the thumbprint scan serves as another factor. By combining these two factors, the authentication process becomes more secure and reliable, as it requires both something the user knows (password) and something the user possesses (thumbprint) to gain access to the workstation.

Rate this question:
13.

Which of the following access decisions are based on a Mandatory Access control (MAC) environment?
- A.
  
  Sensitivity labels
- B.
  
  Ownership
- C.
  
  Group membership
- D.
  
  Access control lists
Correct Answer
A. Sensitivity labels

Explanation
Sensitivity labels are a characteristic of Mandatory Access Control (MAC) environments. MAC is a security model where access to resources is determined by the sensitivity labels assigned to both the resources and the users. Sensitivity labels define the level of sensitivity or classification of the information, and access is granted or denied based on the comparison of these labels. Therefore, sensitivity labels are a key component of MAC environments and are used to make access decisions. Ownership, group membership, and access control lists are more commonly associated with discretionary access control (DAC) environments.

Rate this question:
14.

Which of the following access control models uses roles to determine access permissions?
- A.
  
  RBAC
- B.
  
  DAB
- C.
  
  None of the above
- D.
  
  MAC
Correct Answer
A. RBAC

Explanation
RBAC (Role-Based Access Control) is an access control model that uses roles to determine access permissions. In RBAC, users are assigned specific roles, and these roles define the permissions and privileges that the users have within the system. By assigning roles to users, access can be easily managed and controlled, as permissions are granted based on the roles assigned to the user. This model provides a more efficient and scalable way to manage access control compared to individually assigning permissions to each user.

Rate this question:
15.

The ability to logon to multiple systems with the same credentials is typically known as:
- A.
  
  Role Based Access Control (RBAC)
- B.
  
  Decentralized management
- C.
  
  Centralized management
- D.
  
  Single sign-on
Correct Answer
D. Single sign-on

Explanation
Single sign-on refers to the ability to log in to multiple systems or applications using the same set of credentials. This eliminates the need for users to remember and enter different usernames and passwords for each system, improving convenience and user experience. With single sign-on, users only need to authenticate once, and their credentials are then used to access multiple systems seamlessly. This reduces the risk of password fatigue and simplifies the management of user accounts.

Rate this question:
16.

The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option that describes this flaw.
- A.
  
  The DAC (Discretionary Access Control) model uses only the identity of the user or specific process to control access to a resource. This creates a security loophole for Trojan horse attacks.
- B.
  
  The DAC (Discretionary Access Control) model uses certificates to control access to resources. This creates an opportunity for attackers to use your certificates
- C.
  
  The DAC (Discretionary Access Control) model does not use the identity of a user to control access to resources. This allows anyone to use an account to access resources.
- D.
  
  The DAC (Discretionary Access Control) model does not have any known security flaws.
Correct Answer
A. The DAC (Discretionary Access Control) model uses only the identity of the user or specific process to control access to a resource. This creates a security loopHole for Trojan horse attacks.

Explanation
The correct answer is that the DAC (Discretionary Access Control) model uses only the identity of the user or specific process to control access to a resource, which creates a security loophole for Trojan horse attacks. This means that if a user or process is compromised by a Trojan horse, the attacker can gain unauthorized access to resources that the compromised user or process has access to. This flaw in the DAC model highlights the risk of relying solely on user or process identity for access control, as it can be easily exploited by attackers.

Rate this question:
17.

Choose the access control model that allows access control determinations to be performed based on the security labels associated with each user and each data item.
- A.
  
  RBACs (Role Based Access Control) method
- B.
  
  LBACs (List Based Access Control) method
- C.
  
  DACs (Discretionary Access Control) method
- D.
  
  MACs (Mandatory Access Control) method
Correct Answer
D. MACs (Mandatory Access Control) method

Explanation
The MAC (Mandatory Access Control) method allows access control determinations to be performed based on the security labels associated with each user and each data item. In this method, access decisions are based on predefined rules and policies set by the system administrator or security administrator. These security labels define the sensitivity and classification of the data and the clearance level of the user. The MAC method ensures that access is granted or denied based on the security labels, regardless of the user's role or permissions.

Rate this question:
18.

Which of the following authentication methods increases the security of the authentication process because it must be in your physical possession?
- A.
  
  CHAP
- B.
  
  Certificate
- C.
  
  Kerberos
- D.
  
  Smart Cards
Correct Answer
D. Smart Cards

Explanation
Smart cards increase the security of the authentication process because they must be in your physical possession. Smart cards are small, portable devices that contain an embedded microchip. They require a user to insert the card into a card reader and provide a personal identification number (PIN) to access the information stored on the card. This two-factor authentication method adds an extra layer of security by requiring both something you have (the physical card) and something you know (the PIN) to authenticate. This makes it more difficult for unauthorized individuals to gain access to sensitive information or systems.

Rate this question:
19.

Which access control system allows the system administrator to establish access permissions to network resources? Choose one answer.
- A.
  
  MAC
- B.
  
  DAC
- C.
  
  RBAC
- D.
  
  None of the above
Correct Answer
A. MAC

Explanation
MAC (Mandatory Access Control) is the correct answer because it is an access control system that allows the system administrator to establish access permissions to network resources. MAC enforces access control based on predefined security policies, where each user and resource is assigned a security label. The system administrator can then define rules and permissions based on these labels, determining who can access which network resources.

Rate this question:
20.

Which access control method gives the owner control over providing permissions?
- A.
  
  Rule-based Access Control (RBAC)
- B.
  
  Mandatory Access Control (MAC)
- C.
  
  Role-based Access Control (RBAC)
- D.
  
  Discretionary Access Control (DAC)
Correct Answer
D. Discretionary Access Control (DAC)

Explanation
Discretionary Access Control (DAC) is an access control method that gives the owner of a resource the control over granting or denying permissions to other users. In DAC, the owner has the discretion to determine who can access the resource and what level of access they have. This means that the owner can assign specific permissions to individuals or groups based on their needs and responsibilities. Unlike other access control methods, DAC allows for flexibility and customization in granting permissions, as it puts the control in the hands of the owner.

Rate this question:
21.

The authentication process where the user can access several resources without the need for multiple credentials is known as:
- A.
  
  Single sign-on
- B.
  
  Decentralized management
- C.
  
  Discretionary Access Control (DAC)
- D.
  
  Need to know
Correct Answer
A. Single sign-on

Explanation
Single sign-on is the correct answer because it refers to the authentication process where a user can access multiple resources without having to enter separate credentials for each resource. This streamlines the user experience and improves efficiency by eliminating the need for multiple logins. With single sign-on, users only need to authenticate once, and then they can seamlessly access various resources and applications without the need for additional credentials.

Rate this question:
22.

What does the DAC access control model use to identify the users who have permissions to a resource?
- A.
  
  The role or responsibilities users have in the organization
- B.
  
  Predefined access privileges
- C.
  
  Access Control Lists
- D.
  
  None of the above
Correct Answer
C. Access Control Lists

Explanation
The DAC access control model uses Access Control Lists (ACLs) to identify the users who have permissions to a resource. ACLs are a list of permissions attached to an object that specify which users or groups are granted access rights to that object. This allows the system to control and manage access to resources based on user identities and their corresponding permissions listed in the ACL.

Rate this question:
23.

Access controls based on security labels associated with each data item and each user are known as:
- A.
  
  Role Based Access Control (RBAC)
- B.
  
  Discretionary Access Control (DAC)
- C.
  
  Mandatory Access Control (MAC)
- D.
  
  List Based Access Control (LBAC)
Correct Answer
C. Mandatory Access Control (MAC)

Explanation
Mandatory Access Control (MAC) is a type of access control that uses security labels associated with each data item and each user to determine access permissions. In MAC, access decisions are based on predefined rules and policies set by the system administrator, rather than the discretion of individual users or their roles. This ensures a higher level of security as access is strictly controlled and enforced based on the sensitivity of the data and the clearance level of the user.

Rate this question:
24.

An organization has a hierarchical-based concept of privilege management with administrators having full access, human resources personnel having slightly less access and managers having access to their own department files only. This is BEST described as:
- A.
  
  Rule based access control (RBAC)
- B.
  
  Mandatory access control (MAC)
- C.
  
  Discretionary access control (DAC)
- D.
  
  Role based access control (RBAC)
Correct Answer
D. Role based access control (RBAC)

Explanation
The given scenario describes a privilege management system in which different roles have different levels of access. Administrators have full access, human resources personnel have slightly less access, and managers have access to their own department files only. This aligns with the concept of Role based access control (RBAC), where access is granted based on the roles individuals have within the organization. RBAC allows for more granular control and is commonly used in hierarchical organizations to manage privileges effectively.

Rate this question:
25.

The difference between identification and authentication is that:
- A.
  
  Authentication verifies a set of credentials while identification verifies the identity of the network
- B.
  
  Authentication verifies the identity of a user requesting credentials while identification verifies a set of credentials
- C.
  
  Authentication verifies a set of credentials while identification verifies the identity of a user requesting credentials
- D.
  
  Authentication verifies a user ID belongs to a specific user while identification verifies the identity of a user group
Correct Answer
C. Authentication verifies a set of credentials while identification verifies the identity of a user requesting credentials

Explanation
Authentication is the process of verifying the identity of a user requesting credentials, such as a username and password. It ensures that the user is who they claim to be. On the other hand, identification is the process of verifying the identity of the user requesting the credentials. It confirms the user's identity before granting them access. Therefore, the correct answer is that authentication verifies a set of credentials while identification verifies the identity of a user requesting credentials.

Rate this question:
26.

What does the MAC access control model use to identify the users who have permissions to a resource?
- A.
  
  Access Control Lists
- B.
  
  The role or responsibilities user have in the organization
- C.
  
  Predefined access privileges
- D.
  
  None of the above
Correct Answer
C. Predefined access privileges

Explanation
The MAC access control model uses predefined access privileges to identify the users who have permissions to a resource. This means that access to resources is granted based on predetermined levels of access that are assigned to users. These access privileges determine what actions a user can perform on a resource, such as read, write, or delete. By using predefined access privileges, the MAC access control model ensures that only authorized users with the appropriate level of access can access a resource.

Rate this question:
27.

How is access control permissions established in the RBAC access control model?
- A.
  
  The role or responsibilities users have in the organization
- B.
  
  The system administrator
- C.
  
  The owner of the resource
- D.
  
  None of the above
Correct Answer
A. The role or responsibilities users have in the organization

Explanation
Access control permissions in the RBAC access control model are established based on the role or responsibilities that users have in the organization. This means that users are granted specific permissions based on their assigned roles, allowing them to access certain resources and perform certain actions. The RBAC model focuses on managing access based on user roles rather than individual user identities, making it easier to administer and control access rights in large organizations.

Rate this question:
28.

Both the server and the client authenticate before exchanging data. This is an example of which of the following?
- A.
  
  SSO
- B.
  
  Biometrics
- C.
  
  Mutual authentication
- D.
  
  Multifactor authentication
Correct Answer
C. Mutual authentication

Explanation
Mutual authentication refers to a process where both the server and the client verify each other's identities before exchanging data. In this case, both the server and the client authenticate themselves, ensuring that they are communicating with the intended party and not an imposter. This helps establish a secure and trusted connection between the two parties, preventing unauthorized access and ensuring data confidentiality and integrity. Mutual authentication is commonly used in secure communication protocols like SSL/TLS to provide a robust level of security.

Rate this question:
29.

Which solution can be used by a user to implement very tight security controls for technicians that seek to enter the users’ datacenter?
- A.
  
  Magnetic lock and pin
- B.
  
  Smartcard and proximity readers
- C.
  
  Biometric reader and smartcard
- D.
  
  Combination locks and key locks
Correct Answer
C. Biometric reader and smartcard

Explanation
Biometric reader and smartcard can be used to implement very tight security controls for technicians that seek to enter the users' datacenter. Biometric reader ensures that only authorized individuals with their unique biometric data can gain access, eliminating the risk of stolen or shared access cards. Smartcards provide an additional layer of security by requiring a physical card to be present, which can be further authenticated through PIN or password. This combination of biometric reader and smartcard ensures a high level of security and prevents unauthorized access to the datacenter.

Rate this question:
30.

Which of the following statements regarding the MAC access control models is TRUE?
- A.
  
  The Mandatory Access Control (MAC) model is a dynamic model
- B.
  
  In the Mandatory Access Control (MAC) users cannot share resources dynamically.
- C.
  
  In the Mandatory Access Control (MAC) the owner of a resource establishes access privileges to that resource.
- D.
  
  The Mandatory Access Control(MAC) is not restrictive
Correct Answer
B. In the Mandatory Access Control (MAC) users cannot share resources dynamically.

Explanation
The statement that "In the Mandatory Access Control (MAC) users cannot share resources dynamically" is true. In MAC, access to resources is determined by the system administrator or owner of the resource, rather than the individual user. Users do not have the ability to dynamically share resources with others without proper authorization. This is one of the key characteristics of the MAC model, where access privileges are strictly controlled and enforced based on predefined rules and policies.

Rate this question:
31.

Which security action should be finished before access is given to the network?
- A.
  
  Identification and authorization
- B.
  
  Authentication and authorization
- C.
  
  Identification and authentication
- D.
  
  Authentication and password
Correct Answer
C. Identification and authentication

Explanation
Before access is given to the network, the security action that should be finished is the process of identification and authentication. Identification involves providing a unique identifier, such as a username, to establish the user's identity. Authentication, on the other hand, verifies the user's claimed identity by validating credentials, such as a password or biometric information. This two-step process ensures that only authorized individuals are granted access to the network, enhancing overall security.

Rate this question:
32.

Which item is not a logical access control method?
- A.
  
  Software token
- B.
  
  ACL
- C.
  
  Biometrics
- D.
  
  Group policy
Correct Answer
C. Biometrics

Explanation
Biometrics is not a logical access control method because it is a physical access control method. Logical access control methods involve the use of software or digital credentials to authenticate and authorize users, while biometrics relies on physical characteristics such as fingerprints, facial recognition, or iris scans. Therefore, biometrics does not fall under the category of logical access control methods like software tokens, ACL, or group policy.

Rate this question:
33.

In a classified environment, a clearance into a Top Secret compartment only allows access to certain information within that compartment. This is known as:
- A.
  
  Acceptable use
- B.
  
  Need to know
- C.
  
  Separation of duties
- D.
  
  Dual control
Correct Answer
B. Need to know

Explanation
In a classified environment, individuals with a clearance into a Top Secret compartment are only granted access to specific information within that compartment based on their "need to know." This means that they are only given access to information that is necessary for them to perform their duties and responsibilities, ensuring that sensitive information is only shared with those who require it. This principle helps to protect classified information and prevent unauthorized access or disclosure.

Rate this question:
34.

Which of the following describes the process by which a single user name and password can be entered to access multiple computer applications?
- A.
  
  Single sign-on
- B.
  
  Constrained user interfaces
- C.
  
  Encryption protocol
- D.
  
  Access control lists
Correct Answer
A. Single sign-on

Explanation
Single sign-on is the process by which a single user name and password can be used to access multiple computer applications. This eliminates the need for users to remember multiple login credentials for different applications, simplifying the authentication process and improving user experience. With single sign-on, users only need to authenticate once, and their credentials are then securely shared across multiple applications, allowing them to seamlessly access various systems without the need for repeated logins.

Rate this question:
35.

A user is assigned access rights explicitly. This is a feature of which of the following control models?
- A.
  
  Rule Based Access Control (RBAC)
- B.
  
  Mandatory Access Control (MAC)
- C.
  
  Discretionary Access Control (DAC)
Correct Answer
C. Discretionary Access Control (DAC)

Explanation
In Discretionary Access Control (DAC), access rights are assigned explicitly by the owner of the resource. This means that the owner has the discretion to grant or revoke access to other users. In contrast, in Rule Based Access Control (RBAC), access rights are assigned based on predefined rules and roles, while in Mandatory Access Control (MAC), access rights are assigned based on system-wide policies and labels. Therefore, the fact that a user is assigned access rights explicitly aligns with the features of Discretionary Access Control (DAC).

Rate this question:
36.

Most key fob (token) based identification systems use which of the following types of authentication mechanisms?
- A.
  
  Username/password
- B.
  
  Certificates
- C.
  
  Biometrics
- D.
  
  Kerberos
- E.
  
  Token
Correct Answer
E. Token

Explanation
Token-based identification systems use tokens as a form of authentication mechanism. Tokens can be physical devices, such as key fobs or smart cards, or they can be virtual tokens generated by software applications. These tokens are used to verify the identity of the user and grant access to the system or resources. This is different from other authentication mechanisms like username/password, certificates, biometrics, or Kerberos, which do not specifically rely on tokens for authentication.

Rate this question:
37.

During which phase of identification and authentication does proofing occur?
- A.
  
  Testing
- B.
  
  Authentication
- C.
  
  Identification
- D.
  
  Verification
Correct Answer
C. Identification

Explanation
During the phase of identification, proofing occurs. This is the process of verifying the identity of an individual or entity. It involves gathering and validating information such as usernames, passwords, or biometric data to ensure that the claimed identity is legitimate. Proofing helps to establish a reliable link between the identity and the person or entity being authenticated.

Rate this question:
38.

Which item best describes an instance where a biometric system identifies legitimate users as being unauthorized
- A.
  
  False negative
- B.
  
  False acceptance
- C.
  
  False rejection
Correct Answer
C. False rejection

Explanation
False rejection is the correct answer because it refers to a situation where a biometric system incorrectly identifies legitimate users as unauthorized. This means that the system is rejecting valid users, which can occur due to various reasons such as technical errors, incorrect calibration, or mismatched biometric data. False acceptance, on the other hand, would describe a scenario where unauthorized users are mistakenly identified as legitimate. False negative is a broader term that can refer to both false rejection and false acceptance, but in this specific context, false rejection is the most accurate description.

Rate this question:
39.

Which item can be commonly programmed into an application for ease of administration?
- A.
  
  Back door
- B.
  
  Worm
- C.
  
  Zombie
- D.
  
  Trojan
Correct Answer
A. Back door

Explanation
A back door can be commonly programmed into an application for ease of administration. A back door is a hidden entry point in a software or system that allows authorized individuals to bypass normal authentication measures and gain access to the system. It is often used by system administrators or developers to troubleshoot or perform maintenance tasks without going through normal procedures. This can make administration tasks easier and more efficient, as it provides a convenient way to access and manage the application.

Rate this question:
40.

Which of the following definitions BEST suit Buffer Overflow?
- A.
  
  It is used to provide a persistent, customized web experience for each visit
- B.
  
  It receives more data than it is programmed to accept
- C.
  
  It has a feature designed into many email servers that allows them to forward email to other email servers
- D.
  
  It’s an older form of scripting that was used extensively in early web systems
Correct Answer
B. It receives more data than it is programmed to accept

Explanation
Buffer Overflow occurs when a program or process receives more data than it is programmed to accept. This can lead to the excess data overflowing into adjacent memory locations, potentially causing the program to crash, behave unexpectedly, or even allow an attacker to execute malicious code.

Rate this question:
41.

Which description is correct about an application or string of code that could not automatically spread from one system to another but is designed to spread from file to file?
- A.
  
  Botnet
- B.
  
  Worm
- C.
  
  Virus
- D.
  
  Adware
Correct Answer
C. Virus

Explanation
A virus is a type of malicious code or program that is designed to spread from file to file, typically through human interaction such as downloading or sharing infected files. Unlike a botnet, which is a network of compromised computers controlled by a central server, a virus does not automatically spread from one system to another. Instead, it relies on users unknowingly executing or opening infected files, allowing the virus to replicate and spread to other files on the same system. This distinguishes it from a worm, which is capable of self-replicating and spreading automatically across multiple systems. Adware, on the other hand, is a type of software that displays unwanted advertisements, and is not designed to spread from file to file.

Rate this question:
42.

The risks of social engineering can be decreased by implementing: (Select TWO)
- A.
  
  Risk assessment policies
- B.
  
  Identity verification methods
- C.
  
  Operating system patching instructions
- D.
  
  Vulnerability testing technique
- E.
  
  Security awareness training
Correct Answer(s)
B. Identity verification methods
E. Security awareness training

Explanation
Implementing identity verification methods and security awareness training can decrease the risks of social engineering. Identity verification methods require individuals to prove their identity before accessing sensitive information or resources, reducing the chances of unauthorized access. Security awareness training educates individuals about social engineering tactics and how to recognize and respond to them, making them less susceptible to manipulation or deception. Both measures contribute to strengthening an organization's defenses against social engineering attacks.

Rate this question:
43.

Which one of the following options is an attack launched from multiple zombie machines in attempt to bring down a service?
- A.
  
  DDoS
- B.
  
  Man-in-the-middle
- C.
  
  DoS
- D.
  
  TCP/IP hijacking
Correct Answer
A. DDoS

Explanation
A DDoS (Distributed Denial of Service) attack is launched from multiple zombie machines with the intention of overwhelming a service and causing it to become unavailable to legitimate users. This is done by flooding the target server or network with a high volume of traffic, making it unable to handle legitimate requests. Unlike a DoS (Denial of Service) attack, which is launched from a single source, a DDoS attack utilizes multiple sources to amplify its impact and make it more difficult to mitigate. Man-in-the-middle and TCP/IP hijacking are different types of attacks that involve intercepting and manipulating network traffic.

Rate this question:
44.

In addition to bribery and forgery, which of the following are the MOST common techniques that attackers use to socially engineer people? (Select TWO)
- A.
  
  Flattery
- B.
  
  Dumpster diving
- C.
  
  Phreaking
- D.
  
  Whois search
- E.
  
  Assuming a position of authority
Correct Answer(s)
A. Flattery
E. Assuming a position of authority

Explanation
Attackers commonly use flattery and assuming a position of authority as techniques to socially engineer people. Flattery involves complimenting and manipulating individuals to gain their trust and cooperation. Assuming a position of authority involves pretending to be someone with power or influence to deceive and manipulate others. These techniques are effective in manipulating individuals into disclosing sensitive information or performing actions that benefit the attacker.

Rate this question:
45.

Due to a concern about staff browsing inappropriate material on the web, your company is purchasing a product which can decrypt the SSL session, scan the content and then repackage the SSL session without staff knowing. What type of attack is similar to this product?
- A.
  
  Replay
- B.
  
  Man-in-the-middle
- C.
  
  TCP/IP hijacking
- D.
  
  Spoofing
Correct Answer
B. Man-in-the-middle

Explanation
The correct answer is "Man-in-the-middle." This is because a man-in-the-middle attack involves an attacker intercepting communication between two parties without their knowledge. In this scenario, the product being purchased acts as a man-in-the-middle by decrypting the SSL session, scanning the content, and then repackaging the SSL session without the staff knowing. This allows the company to monitor and control the web browsing activities of its staff.

Rate this question:
46.

Which of the following viruses has the characteristic where it may attempt to infect your boot sector, infect all of your executable files, and destroy your applications files form part of?
- A.
  
  Multipartite Virus
- B.
  
  Companion Virus
- C.
  
  Phage Virus
- D.
  
  Armored Virus
Correct Answer
A. Multipartite Virus

Explanation
A Multipartite Virus is a type of virus that has the characteristic of attempting to infect the boot sector, executable files, and destroying application files. Unlike other viruses that focus on one specific area, the Multipartite Virus spreads and causes damage in multiple ways. It is a highly destructive virus that can cause significant harm to a computer system by infecting various components and rendering them useless.

Rate this question:
47.

Which description is correct about a tool used by organizations to verify whether or not a staff member has been involved in malicious activity?
- A.
  
  Implicit deny
- B.
  
  Implicit allow
- C.
  
  Time of day restrictions
- D.
  
  Mandatory vacations
Correct Answer
D. Mandatory vacations

Explanation
Mandatory vacations are a tool used by organizations to verify whether or not a staff member has been involved in malicious activity. By requiring employees to take regular vacations, organizations can ensure that other staff members have the opportunity to step into their roles and perform their duties. This can help to identify any unauthorized or malicious activities that may have been taking place while the employee is away. Additionally, mandatory vacations can also serve as a deterrent for employees who may be tempted to engage in malicious activities, as they know that their absence will be noticed and potentially investigated.

Rate this question:
48.

Which of the following is MOST effective in preventing adware?
- A.
  
  HIDS
- B.
  
  Antivirus
- C.
  
  Firewall
- D.
  
  Pop-up blocker
Correct Answer
C. Firewall

Explanation
A firewall is the most effective in preventing adware because it acts as a barrier between a trusted internal network and an untrusted external network, filtering out malicious traffic and preventing unauthorized access to the system. Adware often enters a system through network connections, and a firewall can block these malicious connections, reducing the risk of adware infections. While antivirus software can also detect and remove adware, a firewall provides an additional layer of protection by blocking the initial entry point. HIDS (Host-based Intrusion Detection System) can detect unauthorized access or malicious activities within a system but may not specifically target adware. A pop-up blocker only prevents unwanted pop-up advertisements, but it may not fully prevent adware infections.

Rate this question:
49.

Choose the most effective method of preventing computer viruses from spreading throughout the network
- A.
  
  You should prevent the execution of .vbs files
- B.
  
  You should enable scanning of all email attachments
- C.
  
  You should require root/administrator access to run programs and applications
- D.
  
  You should install a host based IDS (Intrusion Detection System)
Correct Answer
B. You should enable scanning of all email attachments

Explanation
Enabling scanning of all email attachments is the most effective method of preventing computer viruses from spreading throughout the network. By scanning all email attachments, any potential viruses or malware can be detected and quarantined before they have a chance to infect the network. This helps to ensure that any malicious files are not able to enter the network through email communications, thus reducing the risk of virus spread. It is important to regularly update and maintain the antivirus software used for scanning to ensure its effectiveness against new and emerging threats.

Rate this question:
50.

Choose the attack of malicious code that cannot be prevented or deterred solely through using technical measures
- A.
  
  Social engineering
- B.
  
  Dictionary attacks
- C.
  
  Man in the middle attacks
- D.
  
  DoS (Denial of Service) attacks
Correct Answer
A. Social engineering

Explanation
Social engineering is a type of attack where the attacker manipulates and deceives individuals into divulging sensitive information or performing actions that they normally wouldn't. Unlike other attacks listed, social engineering relies on human interaction and psychological manipulation rather than technical vulnerabilities. It cannot be prevented solely through technical measures because it exploits human trust and behavior, making it difficult to detect and defend against using traditional security measures such as firewalls or antivirus software.

Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

Current Version
Mar 21, 2023

Quiz Edited by
ProProfs Editorial Team
Feb 19, 2010

Quiz Created by
Vtgamer

Module I Certification Quiz

Who is responsible for establishing access permissions to network resources in the Discretionary Access Control (DAC) access control model?

Users need to access their email and several secure applications from any workstation on the network. In addition, an authentication system implemented by the administrator requires the use of a username, password, and a company issued smart card. This is an example of which of the following?

Choose the terminology or concept which best describes a (Mandatory Access Control) MAC model.

Which of the following will restrict access to files according to the identity of the user or group? Choose one answer.

Users would not like to enter credentials to each server or application to conduct their normal work. Which type of strategy can solve this problem?

Giving each user or group of users only the access they need to do their job is an example of which of the following security principals?

Which security measure should be used while implementing access control?

Which of the following is correct about an instance where a biometric system identifies unauthorized users and allows them access? Choose one answer.

Which of the following access control models uses subject and object labels? Choose one answer.

Which password management system best provides for a system with a large number of users? Choose one answer.

Which of the following types of authentication BEST describes providing a username, password and undergoing a thumb print scan to access a workstation?

Which of the following access decisions are based on a Mandatory Access control (MAC) environment?

Which of the following access control models uses roles to determine access permissions?

The ability to logon to multiple systems with the same credentials is typically known as:

The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option that describes this flaw.

Choose the access control model that allows access control determinations to be performed based on the security labels associated with each user and each data item.

Which of the following authentication methods increases the security of the authentication process because it must be in your physical possession?

Which access control system allows the system administrator to establish access permissions to network resources? Choose one answer.

Which access control method gives the owner control over providing permissions?

The authentication process where the user can access several resources without the need for multiple credentials is known as:

What does the DAC access control model use to identify the users who have permissions to a resource?

Access controls based on security labels associated with each data item and each user are known as:

An organization has a hierarchical-based concept of privilege management with administrators having full access, human resources personnel having slightly less access and managers having access to their own department files only. This is BEST described as:

The difference between identification and authentication is that:

What does the MAC access control model use to identify the users who have permissions to a resource?

How is access control permissions established in the RBAC access control model?

Both the server and the client authenticate before exchanging data. This is an example of which of the following?

Which solution can be used by a user to implement very tight security controls for technicians that seek to enter the users’ datacenter?

Which of the following statements regarding the MAC access control models is TRUE?

Which security action should be finished before access is given to the network?

Which item is not a logical access control method?

In a classified environment, a clearance into a Top Secret compartment only allows access to certain information within that compartment. This is known as:

Which of the following describes the process by which a single user name and password can be entered to access multiple computer applications?

A user is assigned access rights explicitly. This is a feature of which of the following control models?

Most key fob (token) based identification systems use which of the following types of authentication mechanisms?

During which phase of identification and authentication does proofing occur?

Which item best describes an instance where a biometric system identifies legitimate users as being unauthorized

Which item can be commonly programmed into an application for ease of administration?

Which of the following definitions BEST suit Buffer Overflow?

Which description is correct about an application or string of code that could not automatically spread from one system to another but is designed to spread from file to file?

The risks of social engineering can be decreased by implementing: (Select TWO)

Which one of the following options is an attack launched from multiple zombie machines in attempt to bring down a service?

In addition to bribery and forgery, which of the following are the MOST common techniques that attackers use to socially engineer people? (Select TWO)

Due to a concern about staff browsing inappropriate material on the web, your company is purchasing a product which can decrypt the SSL session, scan the content and then repackage the SSL session without staff knowing. What type of attack is similar to this product?

Which of the following viruses has the characteristic where it may attempt to infect your boot sector, infect all of your executable files, and destroy your applications files form part of?

Which description is correct about a tool used by organizations to verify whether or not a staff member has been involved in malicious activity?

Which of the following is MOST effective in preventing adware?

Choose the most effective method of preventing computer viruses from spreading throughout the network

Choose the attack of malicious code that cannot be prevented or deterred solely through using technical measures