- All Exams Instant Download
The intent of least privilege is to enforce the most restrictive user rights required
The intent of least privilege is to enforce the most restrictive user rights requiredA . To execute system processes.B . By their job description.C . To execute authorized tasks.D . By their security role.View AnswerAnswer: C
To ensure least privilege requires that __________ is identified.
To ensure least privilege requires that __________ is identified.A . what the users privilege ownsB . what the users job isC . what the users cost isD . what the users group isView AnswerAnswer: B
What are the three fundamental principles of security?
What are the three fundamental principles of security?A . Accountability, confidentiality, and integrityB . Confidentiality, integrity, and availabilityC . Integrity, availability, and accountabilityD . Availability, accountability, and confidentialityView AnswerAnswer: B
The primary service provided by Kerberos is which of the following?
The primary service provided by Kerberos is which of the following?A . non-repudiationB . confidentialityC . authenticationD . authorizationView AnswerAnswer: C Explanation: non-repudiation. Since Kerberos deals primarily with symmetric cryptography, it does not help with non-repudiation. confidentiality. Once the client is authenticated by Kerberos and obtains its session key and...
An application developer is deciding on the amount of idle session time that the application allows before a timeout. The BEST reason for determining the session timeout requirement is
An application developer is deciding on the amount of idle session time that the application allows before a timeout. The BEST reason for determining the session timeout requirement isA . organization policy.B . industry best practices.C . industry laws and regulations.D . management feedback.View AnswerAnswer: A
Which of the following mobile code security models relies only on trust?
Which of the following mobile code security models relies only on trust?A . Code signingB . Class authenticationC . SandboxingD . Type safetyView AnswerAnswer: A Section: Security Architecture and Engineering Explanation Explanation: Reference: https://csrc.nist.gov/csrc/media/publications/conference-paper/1999/10/21/proceedings-of-the22nd-nissc-1999/documents/papers/t09.pdf (11)
At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?
At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?A . Link layerB . Physical layerC . Session layerD . Application layerView AnswerAnswer: D
What is the main objective of proper separation of duties?
What is the main objective of proper separation of duties?A . To prevent employees from disclosing sensitive informationB . To ensure access controls are in placeC . To ensure that no single individual can compromise a systemD . To ensure that audit trails are not tampered withView AnswerAnswer: C
What does the Maximum Tolerable Downtime (MTD) determine?
What does the Maximum Tolerable Downtime (MTD) determine?A . The estimated period of time a business critical database can remain down before customers are affected.B . The fixed length of time a company can endure a disaster without any Disaster Recovery (DR) planningC . The estimated period of time a...
Which one of the following affects the classification of data?
Which one of the following affects the classification of data?A . Assigned security labelB . Multilevel Security (MLS) architectureC . Minimum query sizeD . Passage of timeView AnswerAnswer: D
