1、1 Which of the following is NOT an advantage password syncronization has over single sign-on?A higher cost B less intrusive C improved security D lower cost,A,2 Which of the following biometric devices offers the lowest CER?A Keystroke dynamics B Voice verification C Iris scan D Fingerprint,C,3 How
2、can an individual best be authenticated?A UserId and password B Smart card and PIN code C Two-factor authentication D Biometrics,D,4 Passwords can be required to change monthly,quarterly,or at other intervals:A depending on the criticality of the information needing protection B depending on the cri
3、ticality of the information needing protection and the passwords frequency of use.C depending on the passwords frequency of use.D not depending on the criticality of the information needing protection but depending on the passwords frequency of use,B,5 The measures that also apply to areas that are
4、used for storage of the backup data files are:A Preventive/physical B Preventive/administrative C Preventive/technical D Detective/administrative,A,6 Which authentication technique best protects against hijacking?A Static authentication B Continuous authentication C Robust authentication D Strong au
5、thentication,B,7 There are parallels between the trust models in Kerberos and in PKI.When we compare them side by side,Kerberos tickets correspond most closely to which of the following?A public keysB private keysC public-key certificatesD private-key certificates,C,8 Which of the following can best
6、 eliminate dial-up access through a Remote Access Server as a hacking vector?A Using a TACACS+server.B Installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall.C Setting modem ring count to at least 5.D Only attaching modems to non-network
7、ed hosts,B,9 Organizations should consider which of the following first before connecting their LANs to the Internet?A plan for implementing workstation locking mechanismsB plan for protecting the modem poolC plan for providing the user with his account usage informationD plan for considering all au
8、thentication options,D,10 Which of the following is required in order to provide accountability?A Authentication B Integrity C Confidentiality D Audit trails,A,11 Which of the following does not apply to system-generated passwords?A Passwords are harder to remember for users.B If the password-genera
9、ting algorithm gets to be known,the entire system is in jeopardy.C Passwords are more vulnerable to brute force and dictionary attacks.D Passwords are harder to guess for attackers,C,12 Which of the following control pairing places emphasis on soft mechanisms that support the access control objectiv
10、es?A Preventive/Technical Pairing B Preventive/Administrative Pairing C Preventive/Physical Pairing D Detective/Administrative Pairing,B,13 Which of the following is true of biometrics?A It is used for identification in physical controls and it is not used in logical controls.B It is used for authen
11、tication in physical controls and for identification in logical controls.C It is used for identification in physical controls and for authentication in logical controls.D Biometrics has not role in logical controls,C,14 In biometrics,one-to-many search against database of stored biometric images is
12、done in:A Authentication B Identification C Identities D Identity-based access control,B,15 Which of the following statements pertaining to Kerberos is true?A Kerberos uses public key cryptography.B Kerberos uses X.509 certificates.C Kerberos is a credential-based authentication system.D Kerberos wa
13、s developed by Microsoft,C,16 What is called a key pad which has only a small number of keys that can be selected by the user?A IBM keypads B 84 key Keypad C Limited Keypads D 101 keys Keypads,C,17 Which of the following biometrics devices has the highest Crossover Error Rate(CER)?A Iris scan B Hand
14、 geometry C Voice pattern D Fingerprints,C,18 Which of the following biometric parameters are better suited for authentication use over a long period of time?A Iris pattern B Voice pattern C Signature dynamics D Retina pattern,A,19 Which of the following is used by RADIUS for communication between c
15、lients and servers?A TCP B SSL C UDP D SSH,C,20 Why should batch files and scripts be stored in a protected area?A Because of the least privilege concept.B Because they cannot be accessed by operators.C Because they may contain credentials.D Because of the need-to-know concept,C,21 A potential probl
16、em with an iris pattern biometric system is:A concern that the laser beam may cause eye damage.B the iris pattern changes as a person grows older.C there is a relatively high rate of false accepts.D the optical unit must be positioned so that the sun does not shine into the aperture,A,22 In biometri
17、c identification systems,false accept rate is associated with:A Type 2 errors B type 1 and type 2 errors C type 3 errors D type 1 errors,A,23 Ensuring least privilege does not require:A Identifying what the users job is.B Ensuring that the user alone does not have sufficient rights to subvert an imp
18、ortant process.C Determining the minimum set of privileges required for a user to perform their duties.D Restricting the user to required privileges and nothing more,B,24 Which of the following is not a complement to an Intrusion Detection System(IDS)?A Honey pots B Firewalls C Padded cells D File i
19、ntegrity checkers,B,The throughput rate is the rate at which individuals,once enrolled,can be processed and identified or authenticated by a system.Acceptable throughput rates are in the range of:A 100 subjects per minute.B 25 subjects per minute.C 10 subjects per minute.D 50 subjects per minute,C,C
20、,26 What is the primary goal of setting up a honeypot?A To lure hackers into attacking unused systems B To entrap and track down possible hackers C To set up a sacrificial lamb on the network D To know when an attack is in progress and to learn about attack techniques so the network can be fortified
21、.,D,27 Which of the following is the least accepted biometric device?A Fingerprint B Iris scan C Retina scan D Voice verification,C,28 Which of the following usually provides reliable,real-time information without consuming network or host resources?A network-based IDS B host-based IDS C application
22、-based IDS D firewall-based IDS,A,29 Which of the following is a trusted,third party authentication protocol that was developed under Project Athena at MIT?A Kerberos B SESAME C KryptoKnight D NetSP,A,30 Which of following is not a service provided by AAA servers(Radius,TACACS and DIAMETER)?A Authen
23、tication B Administration C Accounting D Authorization,B,31 The Terminal Access Controller Access Control System(TACACS)employs which of the following?A a user ID and static password for network access.B a user ID and dynamic password for network access.C a user ID and symmetric password for network
24、 access.D a user ID and asymmetric password for network access,A,32 How are memory cards and smart cards different?A Memory cards normally hold more memory than smart cards B Smart cards provide a two-factor authentication whereas memory cards dont C Memory cards have no processing power D Only smar
25、t cards can be used for ATM cards,C,33 Which type of control would password management classify as?A Compensating control B Detective control C Preventive control D Technical control,C,34 Why would anomaly detection IDSs often generate a large number of false positives?A Because they can only identi
26、fy correctly attacks they already know about.B Because they are application-based are more subject to attacks.C Because they cant identify abnormal behavior.D Because normal patterns of user and system behavior can vary wildly.,D,35 Which of the following control pairing best describe logical controls or technical controls?A Preventive/Administrative B Preventive/Technical C Preventive/Physical D Detective/Administrative,B,36 A host-based IDS is resident on which of the following?A centralized hosts B decentralized hosts C certified hosts D bastion hosts,A,
