Scribd
Upload
8 views

Security Practice Test 1

Uploaded by

ktaylorjr415
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
8 views

Security Practice Test 1

Uploaded by

ktaylorjr415
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

What describes technical security controls?

3 descriptions-----Sometimes called logical security controls


Executed by computer systems
Implemented with technology
What are examples of technical security controls?
3 examples-----Encryption
IDS's
FIrewalls
What refers to characteristic features of managerial security controls?-----Also known
as administrative controls
Focused on reducing the risk of security incidents
Documented in written policies
3 examples of managerial security controls-----Organizational security policy
Risk assessment
Security awareness training
Describe operational security-----Focused on the day–to–day procedures of an organization
Used to ensure the equipment continues to work as specified
Primarily implemented and executed by people ( as opposed to computers)
Examples of operational security controls-----Configuration management
system backups
Patch management
Security controls designed to deter, detect, and prevent unauthorized access, theft, damage, or
destruction of material assets-----Physical Security Controls
Data backups, Firewalls, and Asset Management are physical security controls. T/F-----False
Encryption, Firewalls, and AV software are examples of preventive security controls. T/F-----
True
Warning signs, lighting, and fencing/bollards are examples of deterrent security controls. T/F-----
True
Which two are not detective security control?
Lighting
Log monitoring
sandboxing
security audits
cctv
ids
Vulnerability scanning-----Lighting
Sandboxing
Recovering data from backup copies
Applying software updates and patches to fix vulnerabilites
Developing and implementing IRP's to respond and recover from security incidents
Activating and executing DRPS are all corrective security controls. T/F-----True
Which is not a compensating security control?
Backup power systems
video surveillance
MFA
Application sandboxing
network Segmentation-----Video surveillance
(Compensating controls are controls used to replace something that is too complex to
implement)
Directive security controls refer to the category of security controls that are implemented
through policies and procedures.-----True
Which terms fall into the category of directive controls?
IRP
AUP
IDS
MFA
IPS-----IRP Incident response plan
AUP acceptable use policy
Which term describes the basic principles of information security?
PKI
AAA
GDPR
CIA-----CIA
The term Non–repudiation describes the inability to deny responsibility for preforming a specific
action. In the context of data security, non–repudiation ensures data confidentiality, provides
proof of data integrity, and proof of data orgin.
T/F-----False
Non–repudiation is a principle that ensures that a user cannot deny preforming a transaction or
action such as sending a message or creating information
Which applies to the concept of non–repudiation?
Digital certificate
MFA
Hashing
Encryption-----Digital Certificate
Which type of account violates the concept of non–repudiation?
Standard user account
Shared account
Guest user account
Service account-----Shared account
Which part of the AAA security architecture deals with the verification of the identity of a person
or process?-----Authentication
Which part of the AAA Security architecture is the process of granting or denying access to
resources?-----Authorization
Which part of the AAA security architecture is the process of tracking accessed services as well
as the amount of consumed resources?-----Accounting
Which of the following provides the AAA functionality?
CHAP (Challenge–Handshake Authentication)
TACACS+ (Terminal Access Controller Access–Control System +)
PAP (Password Authentication Protocol)
RADIUS (Remote Authentication Dial–In User Service)
MS–CHAP (Microsoft Challenge Handshake Authentication Protocol)-----TACACS+

RADIUS
In the context of the AAA framework, common methods for authenticating people don't include?
IP addresses
Usernames and passwords
Mac addresses
Biometrics
MFA-----Mac addresses
IP addresses
Which refer to common methods of device authentication used within the AAA Framework? (3)
Usernames and passwords
Digital certificates
IP addresses
MFA
Biometric authentication
MAC addresses-----Digital certificates
IP addresses
MAC addresses

You might also like