IS3230 Final Exam Answers II

950 words 4 pages
1. Which of the following is not a subject in an access control scenario?
b. Information
2. Which of the following are the elements of a well-defined access control system?
d. Policy, procedure, and tool
3. Which of the following statements best define the purpose of access control?
a. Regulating interaction between a subject and an object
4. Which of the following components can be used to measure the confidence in any authentication system?
d. Type of correlation and the number of authentication factors
5. Which of the following holds true while hardening an organizational network through security controls?
b. 100 percent access control threats cannot be eliminated.
6. Which of the following should be considered while implementing a
…show more content…

a. True
30. Which of the following is not a method to secure DIM?
d. Hash
31. Delegated access rights exist in a mandatory access control environment.
b. False
32. Which of the following is the basis of granting access for an object in MAC?
a. Sensitivity of the object only (NOT SURE)
33. Which of the following aspects is not considered within an RBAC system?
d. Role authentication
34. Kerberos is an example of a single sign-on system providing enterprises with scalability and flexibility.
a. True
35. Which of the following identifies a WLAN’s access point?
36. The two-factor authentication generally combines “something you have” and “something you know” or “something you have” and “something you are.”
a. True
37. Which of the following is not a remote authentication protocol?
b. RAS

38. What is the purpose of accounting in the AAA framework?
d. Enables tracking of system usage
39. Which of the following is the de facto standard for IPSec?
b. IKE
40. RADIUS provides flexibility for network administrators by implementing AAA components in stages as opposed to all at once.
b. False
41. Web authentication is needed in situations where ______________ is not available.
a. virtual private networking
42. Which of the following PKI components provide central digital signing and verification services?
a. Signing server
43. Which of the following does not hold true for PKI?
c. It ensures that the end user can be trusted.
44. Which of the following