| Question.6 Which of the following is needed for System Accountability? (A) Audit mechanisms. (B) Documented design as laid out in the Common Criteria. (C) Authorization. (D) Formal verification of system design. |
6. Click here to View Answer
Correct Answer: A
Is a means of being able to track user actions. Through the use of audit logs and other tools the user actions are recorded and can be used at a later date to verify what actions were performed.
Accountability is the ability to identify users and to be able to track user actions.
The following answers are incorrect:
Documented design as laid out in the Common Criteria. Is incorrect because the Common Criteria is an international standard to evaluate trust and would not be a factor in System Accountability.
Authorization. Is incorrect because Authorization is granting access to subjects, just because you have authorization does not hold the subject accountable for their actions.
Formal verification of system design. Is incorrect because all you have done is to verify the system design and have not taken any steps toward system accountability.
References:
OIG CBK Glossary (page 778)
| Question.7 What is Kerberos? (A) A three-headed dog from the egyptian mythology. (B0 A trusted third-party authentication protocol. (C) A security model. (D) A remote authentication dial in user server. |
7. Click here to View Answer
Correct Answer: B
Is correct because that is exactly what Kerberos is.
The following answers are incorrect:
A three-headed dog from Egyptian mythology. Is incorrect because we are dealing with Information Security and not the Egyptian mythology but the Greek
Mythology.
A security model. Is incorrect because Kerberos is an authentication protocol and not just a security model.
A remote authentication dial in user server. Is incorrect because Kerberos is not a remote authentication dial in user server that would be called RADIUS.
| Question.8 The three classic ways of authenticating yourself to the computer security software are by something you know, by something you have, and by something: (A) you need. (B) non-trivial (C) you are. (D) you can get. |
8. Click here to View Answer
Correct Answer: C
This is more commonly known as biometrics and is one of the most accurate ways to authenticate an individual.
The rest of the answers are incorrect because they not one of the three recognized forms for Authentication.
| Question.9 A timely review of system access audit records would be an example of which of the basic security functions? (A) avoidance. (B) deterrence. (C) prevention. (D) detection. |
9. Click here to View Answer
Correct Answer: D
By reviewing system logs you can detect events that have occured.
The following answers are incorrect:
avoidance. This is incorrect, avoidance is a distractor. By reviewing system logs you have not avoided anything. deterrence. This is incorrect because system logs are a history of past events. You cannot deter something that has already occurred. prevention. This is incorrect because system logs are a history of past events. You cannot prevent something that has already occurred.
| Question.10 A confidential number used as an authentication factor to verify a user’s identity is called a: (A) PIN (B) User ID (C) Password (D) Challenge |
10. Click here to View Answer
Correct Answer: A
PIN Stands for Personal Identification Number, as the name states it is a combination of numbers.
The following answers are incorrect:
User ID This is incorrect because a Userid is not required to be a number and a Userid is only used to establish identity not verify it.
Password. This is incorrect because a password is not required to be a number, it could be any combination of characters.
Challenge. This is incorrect because a challenge is not defined as a number, it could be anything.