CertiGuide to Security+  9  Chapter 5:  Operational/Organizational Security (Domain 5.0; 15%)

5.10  Summary 1 5.12  Success Answers

1. What principle requires that a user be given no more privilege than necessary to perform a job?

A. Principle of aggregate privilege

B. Principle of effective privilege

C. Principle of most privilege

D. Principle of least privilege

2. Which of the following are potential firewall problems that should be logged?

A. Reboot

B. Proxies restarted

C. Changes to the configuration file.

D. No Answer is Correct

3. Logs must be secured to prevent:

A. Creation modification and destruction

B. Modification, deletion, and destruction

C. Modification, deletion, and initialization

D. Modification, deletion, and inspection

4. If the computer system being used contains confidential information, users must not:

A. Share their desks

B. Encrypt their passwords

C. Leave their computer without first logging off

D. All choices are correct

5. Which of the following user items can be shared?

A. Home directory

B. ID card

C. Password

D. No Answer is Correct

6. With RBAC, each user can be assigned:

A. A token role

B. Only one role

C. A security token

D. One or more roles

7. The Lattice Based Access Control model was developed MAINLY to deal with:

A. Integrity

B. Confidentiality

C. Affinity

D. No Answer is Correct

8. Under MAC, who can change the category of a resource?

A. All users

B. All managers

C. Administrator only

D. No Answer is Correct

9. A method for a user to identify and present credentials only once to a system is known as:

A. SEC

B. IPSec

C. SSL

D. SSO

10. Prosecution of illegal break-ins to computer systems fails most often because of a failure of:

A. Chain of Supported Facts

B. Chain of Custody

C. Chain of Electrons

D. Chain of Witnesses

5.10  Summary 1 5.12  Success Answers