Access Control Practice Test Questions

Access Control

 You scored %%SCORE%% out of %%TOTAL%%, %%RATING%%
Your answers are highlighted below.
Question 1
What best describes a Trojan Horse?
A fast spreading worm with a destructive payload
Malicious code disguised as or inserted into a legitimate program
A type of macro virus designed to attack Microsoft Office applications
Malicious code inserted into a legitimate program that launches when a specific condition is met
Question 2
When an attacker sends unsolicited communication, it is an example of:
Spoofing
Spamming
Crackers
Sniffers
Question 2 Explanation:Unsolicited email sent by an attacker is called Spam
Question 3
Which access control technique allows security officers to specify access security policies based on an organization's structure?
Lattice
MAC
DAC
RBAC
Question 3 Explanation:Role Based Access Control (RBAC) allows officers to specify access security policies based on an organization's structure.
Question 4
What are three principals of identification and authentication?
Something you are, something you have, something you control
Something you know, something you are, something you control
Something you know, something you are, something you have
Something you have, something you control, something you know
Question 4 Explanation:Something you know (such as passwords), something you are (such as biometrics), and something you have (such as a smart card)
Question 5
Which technique monitors networks and computer systems for signs of intrusion or misuse?
Bell-LaPadula
MAC
TACACS
IDS
Question 5 Explanation:An Intrusion Detection System (IDS) monitors networks and computers for signs of intrusion or misuse?
Question 6
Which remote access protocol sends the user ID and password in clear text?
CHAP
PAP
Kerberos
RADIUS
Question 7
Background checks are what type of control?
Physical
Administrative
Logical
Technical
Question 8
Which access control technique allows a resource owner to control other user's access to an object?
DAC
RBAC
Lattice
MAC
Question 8 Explanation:Discretionary Access Control (DAC) allows a resource owner to control other user's access to an object.
Question 9
A fence is what type of access control?
Administrative
Technical
Logical
Physical
Question 10
What are three methods of performing centralized remote authentication access control?
TACACS, RADIUS, and DIAMETER
TACACS, RADIUS, and Kerboros
SESAME, RADIUS, and TACACS
RADIUS, SSO, and TACACS
Question 10 Explanation:RADIUS, TACACS, and DIAMETER are all considered centralized authentication, authorization, and accounting (AAA) servers.
Question 11
Which of the following access control models is most commonly used by firewalls?
Role-Based Access Control (RBAC)
Rule-Based Access Control (RBAC)
Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
Question 12
Which of the following allows attackers to break passwords?
Spamming
Sniffers
Crackers
Spoofing
Question 12 Explanation:Password cracking involves attackers breaking passwords.
Question 13
Which access control model allows data owners to control access by modifying Access Control Lists which are enforced by the Operating System?
Discretionary Access Control (DAC)
Rule-Based Access Control (RBAC)
Mandatory Access Control (MAC)
Role-Based Access Control (RBAC)
Question 14
Which access control technique is non discretionary?
MAC
DAC
Lattice
RBAC
Question 14 Explanation:Mandatory Access Control (MAC) is non discretionary.
Question 15
Which hierarchical access control model is enforced by the operating system and can be difficult to implement?
Mandatory Access Control (MAC)
Role-Based Access Control (RBAC)
Discretionary Access Control (DAC)
Rule-Based Access Control (RBAC)
Question 16
What type of access control alerts you when an access is violated?
Deterrent
Reactive
Preventative
Detective
Question 16 Explanation:You could make an argument for Detective or Reactive, but Detective is most correct.
Question 17
Which of the following is a centralized access control methodology?
RADIUS
DAC
MAC
Lattice
Question 17 Explanation:In centralized access control, the organization manages userids, permissions, and groups from a central location.
Question 18
Which of the following is a table that identifies user access rights for a particular system object?
MAC
DAC
ACL
Lattice
Question 18 Explanation:An Access Control List (ACL) is a table that identifies user access rights assigned to system objects
Question 19
Which is an example of a decentralized access control methodology?
PAP
NIS
RPC
RADIUS
Question 20
Kerberos certificates are susceptible to what kind of attack?
Man-in-the-middle
Social Engineering
Denial of Service
Replay
Question 21
Which of the following is a knowledge-based authentication mechinism?
Token
Smart card
Biometrics
Password
Question 21 Explanation:Knowledge based authentication mechanisms use something the user knows, such as a password, passphrase, or PIN.
Question 22
Which of the following allows attackers to imitate a different user or system?
Spamming
Sniffers
Crackers
Spoofing
Question 22 Explanation:Spoofing allows an attacker to imitate a different user or system
Question 23
What type of access control avoids access violations?
Reactive
Preventative
Deterrent
Detective
Question 23 Explanation:Preventative controls, prevent (or avoid) the violation
Question 24
Which example is not two factor authentication?
Palm geometry and iris scan
Token and password
Iris scan and token
Smart card and PIN
Question 25
Which attack has victims believe they are communicating directly to their intended host when in reality all their messages are being intercepted?
Replay
Spoofing
Man-in-the-middle
Social engineering
Question 26
What access control model says you can't read up and can't write down?
Bel-LaPadula
Biba
Clark Wilson
Li-BaPadula
Question 26 Explanation:Bel-LaPadula contains the not read up, no write down rule. Biba and Clark Wilson are also security models. Li-BaPadula is a made up word to confuse you.
Question 27
Centralized access control provides remote users with all of the following properties except
Authorization
Authentication
Accountability
Availability
Question 28
What is a type of attack that involves trying all possible combinations to break a code or password?
Dictionary attack
Brute force attack
Word search attack
Penetration attack
Question 28 Explanation:A brute force attack attempts all possible combinations in order to obtain a password
Once you are finished, click the button below. Any items you have not completed will be marked incorrect. Get Results
There are 28 questions to complete.

Comments

  1. Tiki says:
    May 18, 2011 at 8:27 am

    Hi

    I have an objection for the answer of question 27. The answer should be (c) RBAC.

    According to the Official Guide to the ISSAP CBK page 18 on Access Control System and Methodology, non discretionary access control mechanisms are neither DAC nor MAC. Also note that non discretionary access control mechanisms are more DAC than MAC.

    Examples of non discretionary are RBAC, ORCON, DRM, UCON.

    Regards,
    Tiki

    Reply
  2. Ignatius Nwaiwu says:
    October 26, 2011 at 3:15 pm

    Check the naswer marker on number #19 . Marked me WRONG for CORRECT (Last Choice)

    Reply
  3. C Ray says:
    June 27, 2012 at 1:47 pm

    How I Passed the CISSP exam on the 1st Try.

    I read the CISSP All-in-One Guide, 5th Edition by Shon Harris 3 times.
    I used the Practice Tests on the CD that come with the book until I was averaging 75% or better.
    I used the free practice quizzes at https://www.freepracticetests.org/quiz/index.php?page=register
    That’s it I passed.

    Reply

Speak Your Mind

*