Security Roundtable Quiz-3

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Advaiya
A
Advaiya
Community Contributor
Quizzes Created: 1 | Total Attempts: 435
Questions: 11 | Attempts: 435

SettingsSettingsSettings
Security Roundtable Quiz-3 - Quiz

Day 3: Access controls


Questions and Answers
  • 1. 

    Internal intruders are NOT usually defined as:

    • A.

      Authorized users exceeding their authority

    • B.

      Persons who have defeated the physical access controls of a facility

    • C.

      Employees gaining access to controlled areas

    • D.

      Users who access unintended areas of the network

    Correct Answer
    B. Persons who have defeated the pHysical access controls of a facility
    Explanation
    Answer b:
    Authorized users trying to gain access to data or resources
    beyond their need-to-know or access limitations. Authorized users trying
    to gain unauthorized physical access to network connections, server
    equipment, etc.

    Rate this question:

  • 2. 

    How might an attacker with little systems experience gain privileged systems access?

    • A.

      Dictionary attack

    • B.

      Brute-force attack

    • C.

      Birthday attack

    • D.

      Shoulder-surfing attack

    Correct Answer
    D. Shoulder-surfing attack
    Explanation
    Answer d: Shoulder-surfing
    , the process of direct visual observation of monitor
    displays to obtain access to sensitive information.

    Rate this question:

  • 3. 

    Which of the following is NOT a characteristic of a virus?

    • A.

      Its primary effect is to consume system resources.

    • B.

      It may or may not carry a malicious payload.

    • C.

      It spreads through user action.

    • D.

      It attaches itself to executable code.

    Correct Answer
    A. Its primary effect is to consume system resources.
    Explanation
    Answer a:
    Worms usually do not cause damage to data; instead, the worm
    absorbs the network’s resources causing the damage.

    Rate this question:

  • 4. 

    Requiring approval before granting system access would be:

    • A.

      A physical control

    • B.

      A logical control

    • C.

      A compensating control

    • D.

      An administrative control

    Correct Answer
    D. An administrative control
    Explanation
    Answer d:
    Administrative controls consist of management activities such
    as organizational policies and procedures.

    Rate this question:

  • 5. 

    Granting of access privileges to certain files is:

    • A.

      Authentication

    • B.

      Identification

    • C.

      Authorization

    • D.

      Accountability

    Correct Answer
    C. Authorization
    Explanation
    Answer c:
    Be careful not to confuse authentication with authorization.
    Authentication is the process of verifying the identity of the sender and/or
    receiver of information. Authorization establishes what the user is allowed
    to do once the user has been identified and authenticated by the system.
    Another “A” term sometimes misinterpreted is accountability, which is the
    ability to track actions to users.

    Rate this question:

  • 6. 

    Important elements in choosing a biometric system include all of the following EXCEPT:

    • A.

      User acceptance

    • B.

      Accuracy

    • C.

      Productivity

    • D.

      Processing speed

    Correct Answer
    C. Productivity
    Explanation
    Answer c:
    Important elements of biometric devices are accuracy, processing
    speed, and user acceptability.

    Rate this question:

  • 7. 

    What is a security benefit related to thin-client architecture?

    • A.

      Reduced total cost of ownership of desktops

    • B.

      Standardized access control

    • C.

      Easier training for users

    • D.

      Wider availability of applications

    Correct Answer
    B. Standardized access control
    Explanation
    Answer b:
    Access controls can be centrally located on the server.

    Rate this question:

  • 8. 

    Audit logs should record all of the following EXCEPT:

    • A.

      Successful access attempts

    • B.

      System performance measurements

    • C.

      Failed access attempts

    • D.

      Changes to user permissions

    Correct Answer
    B. System performance measurements
    Explanation
    Answer b:
    The audit data will reveal that a specific user accessed the file,
    the time of access, and the type of access.

    Rate this question:

  • 9. 

    Audit logs should be protected for all of the reasons EXCEPT:

    • A.

      Modification may impede an investigation

    • B.

      An attacker may try to alter them.

    • C.

      They may contain confidential information.

    • D.

      Standard format is critical for automated processing.

    Correct Answer
    D. Standard format is critical for automated processing.
    Explanation
    Answer d:
    The audit trail data should be protected at the most sensitive system level.

    Rate this question:

  • 10. 

    What is the best method of reducing a brute-force denial-of-service attack against a password file?

    • A.

      Setting a higher clipping level

    • B.

      Locking out a user for a set time period

    • C.

      Establishing a lockout that requires administrator intervention

    • D.

      Using a stronger cryptographic algorithm

    Correct Answer
    B. Locking out a user for a set time period
    Explanation
    Answer b:
    Denial-of-service attack, whereby the perpetrator is able to lock out many users by discovering their user identifications and entering a specified number of invalid passwords, is minimized.
    Note that answer A could also be correct but is not the best answer from a security perspective.

    Rate this question:

  • 11. 

    Which of the following is NOT a common attack performed against smart cards?

    • A.

      Etching

    • B.

      Microprobing

    • C.

      Fault generation

    • D.

      Eavesdropping

    Correct Answer
    A. Etching
    Explanation
    Answer a:
    There are several weaknesses and types of attacks against smart cards, including answers b, c, and d.

    Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 21, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Jul 12, 2009
    Quiz Created by
    Advaiya
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.