ISOL 531 ACCESS CONTROL MIDTERM COMBINED EXAM FALL SEMESTER 2024.

UNIVERSITY OF THE CUMBERLANDS ISOL 531 ACCESS CONTROL MIDTERM COMBINED EXAM FALL SEMESTER 2024. 100% VERIFIED QUESTIONS AND ANSWERS EXAM A+ GRADE. • Question 1 Authorization is a set of rights defined for a subject and an object. They are based on the subject’s identity. Selected Answer: Tru e Answers: Tru e False • Question 2 2 out of 2 points Fundamentally, refers to the ability of a subject and an object to interact. Selected Answer: access Answers: authorizat ion access biometrics identificati on • Question 3 0 out of 2 points Identification builds on authentication by requiring that the subject provide proof of its identity. Selected Answer: Tru e Answers: True Fals e • Question 4 0 out of 2 points Which of the following is not a factor of authentication? Selected Answer: What you Answers: know? Where you are? What you know? What you have? Who you are? • Question 5 2 out of 2 points The subject in an access control scenario is a person or another application requesting access to a resource such as the network, a file system, or a printer. Selected Answer: Tru e Answers: Tru e False • Question 6 0 out of 2 points What name is given to the process or mechanism of granting or denying use of a resource typically applied to users or generic network traffic? Selected Answer: authentication Answers: access control authentication biometrics identification password • Question 7 Which of the following is the definition of authentication factor? Selected Answer: A way of confirming the identity of a subject. The three 2 out of 2 points authentication factors are something you know, something you have, and something you are. Answers: A secret combination of characters known only to the subject. A way of confirming the identity of a subject. The three authentication factors are something you know, something you have, and something you are. The user, network, system, process, or application requesting access to a resource. Something only the subject and the authentication system know. • Question 8 2 out of 2 points A good risk assessment takes into account both the value of the assets to be protected and their impact on the overall organization. Selected Answer: Tru e Answers: Tru e False • Question 9 0 out of 2 points A phishing attack targeted at specific, usually high-level, individuals within an organization is the definition of spear phishing. Selected Answer: Fals e Answers: Tru e False • Question 10 0 out of 2 points A scenario with a high probability but low impact is a lower priority risk than one with a high probability and high impact. Selected Answer: Fals e Answers: Tru e False • Question 11 2 out of 2 points Annualized loss expectancy (ALE) means the total cost per year of the threat under assessment. ALE is calculated by multiplying the SLE by the ARO. Selected Answer: Tru e Answers: Tru e False • Question 12 2 out of 2 points In order to correctly prioritize efforts at mitigating threats and vulnerabilities, we perform to accurately decide which threats represent the biggest impact to resources and data. Selected Answer: risk assessment Answers: vulnerability analysis risk assessment single loss expectancy probability of occurrence • Question 13 2 out of 2 points In the risk management strategy known as risk , you offload the risk to a third party. Selected Answer: transfere nce Answers: transfere nce mitigatio n avoidanc e acceptan ce • Question 14 2 out of 2 points In the risk management strategy known as risk ,you implement controls designed to lessen the probability and/or impact of a risk. Selected Answer: mitigatio n Answers: transfere nce mitigatio n avoidanc e acceptan ce • Question 15 2 out of 2 points The number of times per year you expect a compromise to occur is the definition of . Selected Answer: annualized rate of occurrence (ARO) Answers: annualized rate of occurrence (ARO) exposure factor (EF) defense-in-depth strategy qualitative risk assessment • Question 16 2 out of 2 points What term is used to describe a technical, physical, or administrative process designed to reduce risk? Selected Answer: control Answers: defense-in-depth strategy qualitative risk assessment infrastructure control • Question 17 is the relative value, either in monetary terms or in overall impact, of the resource being protected by the access control system. Selected Answer: Asset value (AV) Answers: Cost of replacement Probability of occurrence Asset value (AV) Exposure factor (EF) 2 out of 2 points • Question 18 2 out of 2 points According to the national security classification, information, if disclosed, could reasonably be expected to cause damage to national security. Selected Answer: confident ial Answers: secret confident ial unclassifi ed top secret • Question 19 2 out of 2 points According to the typical corporate security classification scheme, information, if disclosed, could cause serious damage to the firm. Selected Answer: sensitive Answers: sensitive public internal highly sensitive • Question 20 2 out of 2 points Only a person with the approved level of access is allowed to view the information. This access is called . Selected Answer: clearance Answers: clearance classificati on disclosure policy • Question 21 2 out of 2 points The process used to move a classified document into the public domain is the definition of declassification. Selected Answer: Tru e Answers: Tru e False • Question 22 2 out of 2 points The requester of sensitive information should not receive access just because of his or her clearance, position, or rank. The requester must also establish a valid need to see the information. The term for this is . Selected Answer: need to know Answers: least privilege need to know confidential information declassification access control • Question 23 What term is used to describe a method of organizing sensitive 2 out of 2 points information into various access levels? Selected Answer: classification scheme Answers: confidential