星期二, 5月 17, 2011

Test 2, covers topic 2

Test 2 Topic 2
Authentication & Access Control (Chapters 3 and 4 of the textbook).





Question 1


Which of the following statements best describes issues that need to be considered with respect to using popular words such as "happy" or "hello" as a password? (3.2)



Correct Answer:
 C.  Using a popular word as a password assists in remembering the password, but also means that it is easier for another person to hack that password.




  Question 2


Which of the following statements best describes the dynamics of a Denial-Of-Service (DOS) attack.



Correct Answer:
 B.  A denial of service attack is the result of a flooding of system resources by an excessively high number of simultaneous requests.




  Question 3



Which of the following statements best describes the issues of setting decision thresholds for biometric matching? (3.8)  



Correct Answer:
 C.  In setting the thresholds for biometric matching it is more important to prevent false matches than to prevent false mismatches.




  Question 4



Which of the following statements best describes a general model of access control? (4.4)  



Correct Answer:
 D.  Subject are granted access to Objects determined by a set of defined rules specifying Actions that can be taken.




  Question 5



Which of the following statements best describes Role Based Access Control?  



Correct Answer:
 A.  Role Based Access Control provides access and control over files based upon a "need-to-know" principal associated with each positions duties and tasks.




  Question 6



Which of the following statements best describes Static Seperation of Duty Relations (SSD) and Dynamic Separation of Duty Relations (DSD)?  



Correct Answer:
 C.  Static Separation of Duty Relations (SSD) focus upon preventing any individual user accessing excessive related actions across multiple user sessions, while Dynamic Separation of Duty Relations (DSD) focus upon preventing any individual user accessing excessive related actions within a single user session.