1. Which of the following is not a subject in an access control scenario?
2. Which of the following are the elements of a well-defined access control system?
d. Policy, procedure, and tool
3. Which of the following statements best define the purpose of access control?
a. Regulating interaction between a subject and an object
4. Which of the following components can be used to measure the confidence in any authentication system?
d. Type of correlation and the number of authentication factors
5. Which of the following holds true while hardening an organizational network through security controls?
b. 100 percent access control threats cannot be eliminated.
6. Which of the following should be considered while implementing a…show more content…
d. Operational efficiency
16. Which of the following is a key requirement of HIPAA for health organizations?
b. Encryption of private health information on public networks
17. In which of the following forms may FERPA data appear?
a. 3, 2, 1, 4
18. What does an IT security policy framework consist of?
d. Policies, guidelines, standards, and procedures
19. Which of the following is a purely damaging attack, meant to render a system unusable?
c. DoS attacks
20. What do Federal and State laws concerning unauthorized access serve as?
b. Deterrents to data theft
21. Which of the following holds true for DMCA?
b. Disallows unauthorized disclosure of data by circumventing an organization’s technology
22. Which of the following features should not be there in an access control system?
c. Allow customers to amend and update the account of their family members
23. To which of the following do the aspects of compartmentalization and dual conditions belong to?
b. Separation of responsibilities
24. Which of the following defines how employees may use IT infrastructure supplied by an organization?
25. Which of the following is not a typical social engineering strategy?
26. Separation of duties, periodic vacation, and job rotation are the ways to reduce human risk factors within an organizational structure.
27. Which of the following manages ACLs in a MS Windows environment?
d. Active Directory
28. Which of the following is