1.Which of the following access control models allows object creators and owners to assign permissions to users? Role-based access control Mandatory access control Discretionary access control Rule-based access control 2.What type of malware can look like legitimate software but then performs negative actions to manipulate your system? None of the answers. Trojan Ransomware Worm

1.Which of the following access control models allows object creators and owners to assign permissions to users? Role-based access control Mandatory access control Discretionary access control Rule-based access control 2.What type of malware can look like legitimate software but then performs negative actions to manipulate your system? None of the answers. Trojan Ransomware Worm

Management Of Information Security

6th Edition

ISBN:9781337405713

Author:WHITMAN, Michael.

Publisher:WHITMAN, Michael.

Chapter7: Risk Management: Treating Risk

Section: Chapter Questions

Problem 7E

See similar textbooks

Similar questions

1.Marty is designing a new access control system for his organization. He created groups for each type of user: engineers, managers, designers, marketers, and sales. Each of these groups has different access permissions. What type of access control scheme is Marty using? Discretionary access control Role-based access control Rule-based access control Mandatory access control 2.What type of malware is self-replicating? Botnet Trojan Worm Spam 3. A ______________ is an encrypted hash.
</o:p> Which of the following describes an evil twin?</o:p> A. A device infected with malware that an attacker uses to control the device remotely.</o:p> B. A normal looking yet fraudulent Wi-Fi network that allows hackers to capture personal information users transmit using it.</o:p> C. A type of malware that disguises itself as or hides itself in a legitimate file, and then causes damage to programs and data when opened.</o:p> D. An identified risk that gains administrator-level access to a computer or network without the system or users detecting its presence.</o:p> </o:p>
1. What type of availability loss might the webserver experience in a DOS attack? 2. If the impacted website in this workout were an online store, describe the effect of this attack. 3. If the impacted website were a school, describe the effect of this attack. 4. Read through the following guide on Denial of Service attacks from the Department of Homeland Security: https://www.cisa.gov/sites/default/files/publications/DDoS%20Quick%20Guide.pdf Which type of Denial of Service attack is most effective?
QUESTION 6 Which access control type would be used to grant permissions based on the specific duties that must be performed? Discretionary access control Rule-based access control Role-based access control Mandatory access control QUESTION 7 Which term refers to a process by which the user escalates their privilege level, bypassing the operating system's controls and limitations? Jailbreaking BYOD Off-boarding Segmentation QUESTION 8 Wireless Transport Layer Security (WTLS) is a lightweight protocol designed for mobile devices. True False QUESTION 9 What does a host-based IDS monitor? Activity on an individual system Activity on the network itself A digital sandbox A honeynet QUESTION 10 Hostile activity that does not match an IDS signature and goes undetected is called a false positive. True False
3.Which of the following is a computer-based security control for a multiuser environment?( ) Authentication system with login and password( ) Encryption.( ) Backup and recovery.( ) All of the above.
what is the liklihood percatnge for these vulnerabilities? with references threat : Acts of human error or failure vulnerabilities : Inappropriate sharing of account information likllihood: ???? threat : Technical Software Failures or errors vulnerabilities : Server suffer from unreported bug or errors likllihood: ???? threat : Technical Software Failures or errors vulnerabilities : Improper firewall configuration. likllihood: ????
13. _________ is the practice of identifying a user name. Group of answer choices Account harvesting Password cracking Authentication Authorization A functional access control An intrusion detection system 14. When performing security tests for an e-commerce website, which of the following are examples of structural security risks? Choose ALL which apply. Group of answer choices account harvesting password cracking SQL injection buffer overflow encryption levels 19. Fill in the blank for the secure coding practice provided below: Proven session management _____________________ are used to create random session identifiers.
1.Which of the following is a security concern in cloud deployments? Authentication methods Identity management All of these answers are correct. Encryption 2.Which of the following are the best ways to ensure that user accounts are being used appropriately and securely? (Choose two.) Continuously monitor accounts, through auditing, to ensure accountability and security. Periodically review assigned privileges. Ensure that users’ permissions stay cumulative, regardless of which group or job role they occupy. Allow users to maintain their privileges indefinitely, even during promotion or transfer. 3.Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source is called a ______________.
Which of the following are examples of PREVENTIVE controls? [SELECT ALL THAT APPLY] a) Software patching b) encryption c) Monthly access control review d) Network segmentation e) A unique user ID and password
22. Which of the following description about firewall is not true? A. firewalls can separate corporate network from Internet, but can not segment a corporate network into secure zones. B. each firewall in the organization must follow the same security policy. C. organizations should remove from their firewalls any unnecessary software. D. organizations often install intrusion detection systems as part of their firewalls.
1.What’s the minimum number of computers needed for a DDoS attack? 2 1 10 1000 2.The attack that bombards web servers with HTTP requests is called ____________. HTTP Flood TCP Flood UDP Flood ICMP Flood 3.Which of the following threat actors typically aims to cause denial-of-service conditions or deface websites due to a political or social belief? Hacktivists Authorized Hackers Script Kiddies Organized Crime 4.What are the requirements of an IDS? All of them. Be fault tolerant Configured according to system security policies Resist subversion
Multiple chocie related to AWS: Question 1: An AWS Identity and Access Management (IAM) administrator determines what users need to do, determines the correct set of permissions, and then crafts policies that allow the users to perform only those tasks. Which principle is the administrator adhering to? a. Principle of authentication b. Principle of availability c. Principle of least privilege d. Principle of managed policy Question 2 : Your team has decided to use Amazon ElastiCache in your application development. Which benefits will your application have with this service? (Select all that apply) a. Lower latency b. Automatic updates c. Increased security d. Predictable performance Question 3: Which statement is true about using AWS CloudTrail and Amazon CloudWatch together? a. Custom CloudTrail alarms can be configured for specific CloudWatch events. b. Resource and application performance can be monitored, but user, group, or role actions cannot be…